Bitcoin Forum
December 05, 2016, 08:39:59 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 [140] 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 ... 232 »
  Print  
Author Topic: Armory - Discussion Thread  (Read 481832 times)
runeks
Legendary
*
Offline Offline

Activity: 924



View Profile WWW
November 04, 2013, 06:34:33 PM
 #2781

I'm confused with all this entropy randomness stuff?  Can't I just use armory and encrypt my wallet?

Actually, you can. The discussion is about the case, where the random number of which the private key is derived at the time the wallet is created is not so random as it should be. For example, if there is no input of random external events to the linux-kernel's /dev/random, it will spit out 00000... as random number. But fortunately on a usual desktop computer, there are external random events. Every movement of mouse, every keypress on the keyboard, every ethernet-package and the current time are considered. However there are ways to improve the randomness even further. For example one could use the audiorecording of the environment. Or a video of you jumping randomly in front of the camera.

In my opinion, these advanced measures are only needed, if there is demand for a high throughput of random numbers, which is not the case for the wallet creation. But on webservers for example, where there is a lot of ssl-traffic, the pool of randomness may deplete (of course this is also exacerbated by the fact, that usually there are no mouse or keyboard events on a server).
I thought the whole purpose of /dev/random was to not output anything, ie. block, when there isn't sufficient entropy available. urandom will always output something, which is why it shouldn't be used for sensitive stuff.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480927199
Hero Member
*
Offline Offline

Posts: 1480927199

View Profile Personal Message (Offline)

Ignore
1480927199
Reply with quote  #2

1480927199
Report to moderator
1480927199
Hero Member
*
Offline Offline

Posts: 1480927199

View Profile Personal Message (Offline)

Ignore
1480927199
Reply with quote  #2

1480927199
Report to moderator
flipperfish
Sr. Member
****
Offline Offline

Activity: 312


Dolphie Selfie


View Profile
November 04, 2013, 06:39:08 PM
 #2782

I'm confused with all this entropy randomness stuff?  Can't I just use armory and encrypt my wallet?

Actually, you can. The discussion is about the case, where the random number of which the private key is derived at the time the wallet is created is not so random as it should be. For example, if there is no input of random external events to the linux-kernel's /dev/random, it will spit out 00000... as random number. But fortunately on a usual desktop computer, there are external random events. Every movement of mouse, every keypress on the keyboard, every ethernet-package and the current time are considered. However there are ways to improve the randomness even further. For example one could use the audiorecording of the environment. Or a video of you jumping randomly in front of the camera.

In my opinion, these advanced measures are only needed, if there is demand for a high throughput of random numbers, which is not the case for the wallet creation. But on webservers for example, where there is a lot of ssl-traffic, the pool of randomness may deplete (of course this is also exacerbated by the fact, that usually there are no mouse or keyboard events on a server).
I thought the whole purpose of /dev/random was to not output anything, ie. block, when there isn't sufficient entropy available. urandom will always output something, which is why it shouldn't be used for sensitive stuff.

Yep, I think that's correct. My explanation was a bit simplified.
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
November 04, 2013, 06:40:26 PM
 #2783

And neither random or urandom will spit out 0000, that's crazy.

0000 is just as likely as any other 4 digit number Smiley

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
runeks
Legendary
*
Offline Offline

Activity: 924



View Profile WWW
November 04, 2013, 06:52:32 PM
 #2784

Personally, if you want to do this right without worrying too much, I would simply get a bunch of dice and collect 100-150 D6 rolls (that's 256-384 bits of entropy, if it was all perfect).  Make the process of ordering the dice rolls as deterministic as possible, to limit the amount of "human influence" on the results.  Just type them into a a python shell string hash256() the result.  Use that as your private key/seed. 

[...]
Is there an interface in Armory that I can enter the hash256() result into (or the result of the dice throws), so I can generate a deterministic Armory wallet from a series of dice throws? Or is there some hackish way of doing it (I'm fine without a GUI).

And if there isn't an interface in Armory, would you accept patches that implements one?
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
November 04, 2013, 06:58:38 PM
 #2785

Is there an interface in Armory that I can enter the hash256() result into (or the result of the dice throws), so I can generate a deterministic Armory wallet from a series of dice throws? Or is there some hackish way of doing it (I'm fine without a GUI).

If you have all the dependencies installed and can "from armoryengine import *" in a python shell without errors, then yes.  You can take your entropy source, run it through the hash256() function, and then run the result through the "makeSixteenBytesEasy()" method, which will add a checksum and convert it to "easyType16" format for a paper backup. (do 16 bytes at a time).

And if there isn't an interface in Armory, would you accept patches that implements one?

Kind of... it's a long story.  But those motivated enough will be able to figure it out from the instructions above...

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
RoadStress
Legendary
*
Offline Offline

Activity: 1470


View Profile
November 04, 2013, 11:32:30 PM
 #2786

And neither random or urandom will spit out 0000, that's crazy.

0000 is just as likely as any other 4 digit number Smiley



Maybe we should use something like this:
Quote
"It fires photons at a small mirror, and the direction of those photons reflecting off the mirror is actually what decides what cards the player gets.

From http://www.pokerstarsblog.com/ukipt/2013/in-the-belly-of-the-beast-the-pokerstars-143107.html

iCEBREAKER is a troll! He and cypherdoc helped HashFast scam 50 Million $ from its customers !
H/w Hosting Directory & Reputation - https://bitcointalk.org/index.php?topic=622998.0
the joint
Legendary
*
Offline Offline

Activity: 1792



View Profile
November 05, 2013, 03:14:48 AM
 #2787

For offline transactions, is there any problem with creating and signing a transaction but delaying the broadcast for a while (e.g. months)?

How about creating but not signing?

etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
November 05, 2013, 04:06:07 AM
 #2788

For offline transactions, is there any problem with creating and signing a transaction but delaying the broadcast for a while (e.g. months)?

How about creating but not signing?

There's no problem as long as you don't execute any more transactions between the time that the transaction was created and when it is broadcast.  Technically, it might work, but I wouldn't count on it.  For simplicity reasons, Armory doesn't "lock" any of your inputs to prevent them from being spent in further transactions, unless a signed transaction spending those inputs hits the network.  Therefore, if you create, sign and broadcast another transaction before broadcasting the first one, you are likely to spend some of its outputs which will make the first tx invalid.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
superbit
Hero Member
*****
Offline Offline

Activity: 693



View Profile
November 05, 2013, 04:40:24 AM
 #2789

What if I change my encryption password on my armory wallet file.  If there is an old wallet file on a usb key somewhere I assume that version of the wallet file would unlock with the older encryption password and not the new one?

https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
November 05, 2013, 05:36:42 PM
 #2790

What if I change my encryption password on my armory wallet file.  If there is an old wallet file on a usb key somewhere I assume that version of the wallet file would unlock with the older encryption password and not the new one?

Paper backups don't have this problem.  You make a backup once, and it doesn't depend at all on your password (which is part of the point of them... to help people recover their wallet when they forget the password).

Digital backups (in 0.88.1 and earlier) will be encrypted with the same passphrase that is used at the time the backup was made.  In order to use that digital backup, you'll have to know that earlier password, regardless of what you do with the active wallet you use.

The next version has a "make unencrypted digital backup" button which is intended for USB keys, etc.  This will make a digital backup with the same properties as the paper backup, besides the risk of device failure.  Until then... use paper!


Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
superbit
Hero Member
*****
Offline Offline

Activity: 693



View Profile
November 05, 2013, 05:48:12 PM
 #2791

What if I change my encryption password on my armory wallet file.  If there is an old wallet file on a usb key somewhere I assume that version of the wallet file would unlock with the older encryption password and not the new one?

Paper backups don't have this problem.  You make a backup once, and it doesn't depend at all on your password (which is part of the point of them... to help people recover their wallet when they forget the password).

Digital backups (in 0.88.1 and earlier) will be encrypted with the same passphrase that is used at the time the backup was made.  In order to use that digital backup, you'll have to know that earlier password, regardless of what you do with the active wallet you use.

The next version has a "make unencrypted digital backup" button which is intended for USB keys, etc.  This will make a digital backup with the same properties as the paper backup, besides the risk of device failure.  Until then... use paper!



I was asking more for the sake if I should start a new wallet, just wondering if I have any old electronic copies of my wallet floating around with a encryption key no where near as strong as it is now.

https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
November 05, 2013, 06:28:17 PM
 #2792

Completely random side-note: I think this is one of my new favorite python patterns (I just learned about decorators recently).  There's a few places to use it in Armory, but mostly excited about for other applications.


Code:
class PyBackgroundThread(threading.Thread):
   """
   Wraps a function in a threading.Thread object which will run
   that function in a separate thread.  Calling self.start() will
   return immediately, but will start running that function in
   separate thread.  You can check its progress later by using
   self.isRunning() or self.isFinished().  If the function returns
   a value, use self.getOutput().  Use self.getElapsedSeconds()
   to find out how long it took.
   """
  
   def __init__(self, *args, **kwargs):
      threading.Thread.__init__(self)

      self.output     = None
      self.startedAt  = UNINITIALIZED
      self.finishedAt = UNINITIALIZED

      if len(args)==0:
         self.func  = lambda: ()
      else:
         if not hasattr(args[0], '__call__'):
            raise TypeError, ('PyBkgdThread constructor first arg '
                              '(if any) must be a function')
         else:
            self.setThreadFunction(args[0], *args[1:], **kwargs)

   def setThreadFunction(self, thefunc, *args, **kwargs):
      def funcPartial():
         return thefunc(*args, **kwargs)
      self.func = funcPartial

   def isFinished(self):
      return not (self.finishedAt==UNINITIALIZED)

   def isStarted(self):
      return not (self.startedAt==UNINITIALIZED)

   def isRunning(self):
      return (self.isStarted() and not self.isFinished())

   def getElapsedSeconds(self):
      if not self.isFinished():
         LOGERROR('Thread is not finished yet!')
         return None
      else:
         return self.finishedAt - self.startedAt

   def getOutput(self):
      if not self.isFinished():
         if self.isRunning():
            LOGERROR('Cannot get output while thread is running')
         else:
            LOGERROR('Thread was never .start()ed')
         return None

      return self.output


   def start(self):
      # The prefunc is blocking.  Probably preparing something
      # that needs to be in place before we start the thread
      self.startedAt = RightNow()
      super(PyBackgroundThread, self).start()

   def run(self):
      # This should not be called manually.  Only call start()
      self.output     = self.func()
      self.finishedAt = RightNow()


# Define a decorator that allows the function to be called asynchronously
def AllowAsync(func):
   def wrappedFunc(*args, **kwargs):

      if not 'async' in kwargs or not kwargs['async']==True:
         # Run the function normally
         if 'async' in kwargs:
            del kwargs['async']
         return func(*args, **kwargs)
      else:
         # Run the function as a background thread
         del kwargs['async']
         thr = PyBackgroundThread(func, *args, **kwargs)
         thr.start()
         return thr

   return wrappedFunc

Simply take any function that you would normally define,

Code:
def myFunc(...):
   doSomething()

And add:

Code:
@AllowAsync
def myFunc(...):
   doSomething()

You can now call myFunc(..., async=True) to have it run in the background instead of in the main thread (control will go to the next line of code immediately without wainting for myFunc to finish).  If you want to keep track of it, you can instead do:

Code:
thr = myFunc(..., async=True)

while not thr.isFinished():
   doOtherStuff()

# It must be finished to have gotten here
data = thr.getOutput()
print "myFunc took %f seconds" % thr.getElapsedSeconds()

If you have functions that do a lot of I/O, but aren't needed for the subsequent operations, you can simply do the following to parallelize:

Code:
thr = myFunc(..., async=True)

doOtherStuffInParallel()

thr.join()  # will wait for it to finish

Very cool!   Just keep in mind that you don't get a computational advantage using python threads, but if you are doing things that are I/O limited, networking, UI-related, etc... it works wonderfully.

Okay, now back to this orphan chain bug...

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
superbit
Hero Member
*****
Offline Offline

Activity: 693



View Profile
November 06, 2013, 12:40:55 AM
 #2793

I brought this up and I think someone suggested it wouldn't work, but why don't you add Google 2FA to the database that would be required to unlock it along with the pass phrase.  It seems as though everyone's greatest fear is someone getting a hold of the database and running a brute force attack on it.  Especially since inevitably there are definitely some dictionary passwords out there.

I know this is possible with a keepass database using this plugin:

http://keepass.info/plugins.html#otpkeyprov

It just seems like it would be a great option to be able to enable.

https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
chrisrico
Hero Member
*****
Offline Offline

Activity: 496


View Profile
November 06, 2013, 06:08:21 AM
 #2794

I brought this up and I think someone suggested it wouldn't work, but why don't you add Google 2FA to the database that would be required to unlock it along with the pass phrase.  It seems as though everyone's greatest fear is someone getting a hold of the database and running a brute force attack on it.  Especially since inevitably there are definitely some dictionary passwords out there.

I know this is possible with a keepass database using this plugin:

http://keepass.info/plugins.html#otpkeyprov

It just seems like it would be a great option to be able to enable.

Armory runs on your own computer, there is no server on which to do 2 factor authentication.
superbit
Hero Member
*****
Offline Offline

Activity: 693



View Profile
November 06, 2013, 06:24:26 AM
 #2795

I brought this up and I think someone suggested it wouldn't work, but why don't you add Google 2FA to the database that would be required to unlock it along with the pass phrase.  It seems as though everyone's greatest fear is someone getting a hold of the database and running a brute force attack on it.  Especially since inevitably there are definitely some dictionary passwords out there.

I know this is possible with a keepass database using this plugin:

http://keepass.info/plugins.html#otpkeyprov

It just seems like it would be a great option to be able to enable.

Armory runs on your own computer, there is no server on which to do 2 factor authentication.

Check out the link that I sent above.  It is the exact same premise but instead of time stamped OTP it is counter based.

https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
November 06, 2013, 06:33:40 AM
 #2796

I brought this up and I think someone suggested it wouldn't work, but why don't you add Google 2FA to the database that would be required to unlock it along with the pass phrase.  It seems as though everyone's greatest fear is someone getting a hold of the database and running a brute force attack on it.  Especially since inevitably there are definitely some dictionary passwords out there.

I know this is possible with a keepass database using this plugin:

http://keepass.info/plugins.html#otpkeyprov

It just seems like it would be a great option to be able to enable.

Armory runs on your own computer, there is no server on which to do 2 factor authentication.

You don't need a server for 2 factor auth, it can be done inside an application.

http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
dsattler
Hero Member
*****
Offline Offline

Activity: 826


View Profile
November 06, 2013, 07:05:06 AM
 #2797

I brought this up and I think someone suggested it wouldn't work, but why don't you add Google 2FA to the database that would be required to unlock it along with the pass phrase.  It seems as though everyone's greatest fear is someone getting a hold of the database and running a brute force attack on it.  Especially since inevitably there are definitely some dictionary passwords out there.

I know this is possible with a keepass database using this plugin:

http://keepass.info/plugins.html#otpkeyprov

It just seems like it would be a great option to be able to enable.

Armory runs on your own computer, there is no server on which to do 2 factor authentication.

You don't need a server for 2 factor auth, it can be done inside an application.

http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

But there's no security gain in a local 2-factor, it's only useful to secure an online resource! You can't use it as a seed for crypting the wallet, if this is what you mean.

Bitcointalk member since 2013! Smiley
My auctions on bitify (with 30 days buyer protection):
https://bitify.com
Ente
Legendary
*
Offline Offline

Activity: 1834



View Profile
November 06, 2013, 10:06:43 AM
 #2798

edit:
moved to https://bitcointalk.org/index.php?topic=354667.0

Ente
Swimmer63
Legendary
*
Offline Offline

Activity: 1204



View Profile
November 06, 2013, 03:48:50 PM
 #2799

Total Noob question.  I love armory but I'm no IT pro.  It takes forever to start up Scanning Transactions.  Why does it go through so much work every time?  Even if I have it closed for an hour or so.  Do I have a setting wrong?
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
November 06, 2013, 04:03:40 PM
 #2800

But there's no security gain in a local 2-factor, it's only useful to secure an online resource! You can't use it as a seed for crypting the wallet, if this is what you mean.

This is true -- to use google authentication you have to store the secret on the same computer as your wallet.  If someone can get your wallet, then they can get your secret.  But it can be used with PAM to secure login to your computer, so that someone could only get your files by physically getting to your drive.  I wonder if you can use google authenticator with an encrypted home directory.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
Pages: « 1 ... 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 [140] 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 ... 232 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!