Bitcoin Forum
December 06, 2019, 10:37:34 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 [181] 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 »
  Print  
Author Topic: Armory - Discussion Thread  (Read 520954 times)
RoadStress
Legendary
*
Offline Offline

Activity: 1862
Merit: 1002


View Profile
May 02, 2014, 12:19:42 AM
 #3601

Quote
It is not necessary to upgrade any offline computers just to check wallet consistency.

How do we do that from the Armory menus? Or just restart Armory?

I have upgraded to 0.91.1 and it checked for my wallet consistency when i started it. Guess i don't have to do anything else.

Notice it says not necessary Smiley  If all your hot wallets and watching-only wallets have been loaded on 0.91 or 0.91.1 before, and no notification popped up, no further action is required.  I would guess that 99%+ users will pass this check without issue.  And of those cases with consistency issues, the recovery tool can fix most of them.

Will post more information about this soon.   Working on getting an announcement page up and distributing notifications to older versions.

Somehow I understood that an upgrade isn't necessary, but we still needed to check the wallet consistency. I got it now. Thank you.

H/w Hosting Directory & Reputation - https://bitcointalk.org/index.php?topic=622998.0
1575671854
Hero Member
*
Offline Offline

Posts: 1575671854

View Profile Personal Message (Offline)

Ignore
1575671854
Reply with quote  #2

1575671854
Report to moderator
1575671854
Hero Member
*
Offline Offline

Posts: 1575671854

View Profile Personal Message (Offline)

Ignore
1575671854
Reply with quote  #2

1575671854
Report to moderator
1575671854
Hero Member
*
Offline Offline

Posts: 1575671854

View Profile Personal Message (Offline)

Ignore
1575671854
Reply with quote  #2

1575671854
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1575671854
Hero Member
*
Offline Offline

Posts: 1575671854

View Profile Personal Message (Offline)

Ignore
1575671854
Reply with quote  #2

1575671854
Report to moderator
1575671854
Hero Member
*
Offline Offline

Posts: 1575671854

View Profile Personal Message (Offline)

Ignore
1575671854
Reply with quote  #2

1575671854
Report to moderator
bitpop
Legendary
*
Offline Offline

Activity: 2548
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
May 02, 2014, 01:11:22 AM
 #3602

Basically there's an attack they can't talk about yet, just get updated. The attack makes armory generate addresses from the virus.

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
superbit
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500



View Profile
May 02, 2014, 06:12:47 AM
 #3603

What am I doing wrong to verify the file?

It looks like the key file is right?


https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 2380
Merit: 1133

Armory Developer


View Profile
May 02, 2014, 08:15:36 PM
 #3604

Which key are you verifying against? You should have Alan's offline signing public key in your key ring before doing this.

superbit
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500



View Profile
May 02, 2014, 08:19:54 PM
 #3605

Which key are you verifying against? You should have Alan's offline signing public key in your key ring before doing this.

The one hosted at MIT?  I do and it is marked as trusted.

https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 2380
Merit: 1133

Armory Developer


View Profile
May 02, 2014, 09:17:39 PM
 #3606

He has 2 of these. One that is "online", used for email signing and encryption, one marked as "offline" used for release signing. Also you could try to verify the bitcoin signature.

marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3024
Merit: 1181



View Profile
May 03, 2014, 05:17:28 AM
 #3607

Basically there's an attack they can't talk about yet, just get updated. The attack makes armory generate addresses from the virus.

 Shocked

superbit
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500



View Profile
May 03, 2014, 05:21:00 AM
 #3608

He has 2 of these. One that is "online", used for email signing and encryption, one marked as "offline" used for release signing. Also you could try to verify the bitcoin signature.

How would I get an "offline" key?

https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
bitpop
Legendary
*
Offline Offline

Activity: 2548
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 05:59:50 AM
 #3609

Basically there's an attack they can't talk about yet, just get updated. The attack makes armory generate addresses from the virus.

 Shocked

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
bitpop
Legendary
*
Offline Offline

Activity: 2548
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 06:00:06 AM
 #3610

He has 2 of these. One that is "online", used for email signing and encryption, one marked as "offline" used for release signing. Also you could try to verify the bitcoin signature.

How would I get an "offline" key?

http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x4AB16AEA98832223


Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
flipperfish
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251


Dolphie Selfie


View Profile
May 03, 2014, 11:05:25 AM
 #3611

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...
bitpop
Legendary
*
Offline Offline

Activity: 2548
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 11:12:39 AM
 #3612

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...

A virus can compromise your watch only copy to generate addresses that aren't yours. This completely bypasses all security.

You could generate it then glance at the cold storage copy to make sure it's in the list. You may have to generate extra ones to get the number of addresses the same.

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1010


View Profile
May 03, 2014, 01:38:44 PM
 #3613

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...

A virus can compromise your watch only copy to generate addresses that aren't yours. This completely bypasses all security.

You could generate it then glance at the cold storage copy to make sure it's in the list. You may have to generate extra ones to get the number of addresses the same.

Is that a malware, or a bug in Armory?

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
bitpop
Legendary
*
Offline Offline

Activity: 2548
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 01:39:55 PM
 #3614

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...

A virus can compromise your watch only copy to generate addresses that aren't yours. This completely bypasses all security.

You could generate it then glance at the cold storage copy to make sure it's in the list. You may have to generate extra ones to get the number of addresses the same.

Is that a malware, or a bug in Armory?

Malware, armory is solid.

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
TierNolan
Legendary
*
Offline Offline

Activity: 1232
Merit: 1002


View Profile
May 03, 2014, 02:09:54 PM
 #3615

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Interesting, to say the least.

Is that being added to the next version or already in the current version?

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
bitpop
Legendary
*
Offline Offline

Activity: 2548
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 02:11:57 PM
 #3616

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Interesting, to say the least.

Is that being added to the next version or already in the current version?

There's no new feature per se

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1010


View Profile
May 03, 2014, 06:05:22 PM
 #3617

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...

A virus can compromise your watch only copy to generate addresses that aren't yours. This completely bypasses all security.

You could generate it then glance at the cold storage copy to make sure it's in the list. You may have to generate extra ones to get the number of addresses the same.

Is that a malware, or a bug in Armory?

Malware, armory is solid.

So there is not much the Armory team could do. Actually this doesn't only affect Armory. For example, a malware could replace Bitpay's address on the invoice. Even payment protocol won't help as the malware could bypass the signature check.

The lesson is no bitcoin address shown on an online computer is reliable. We need some simple solutions to verify bitcoin addresses and payment requests. Dedicated hardware wallet is the way to go.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
kentt
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
May 03, 2014, 09:39:20 PM
 #3618

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**
bitpop
Legendary
*
Offline Offline

Activity: 2548
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 10:25:15 PM
 #3619

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

I don't think anyone was. I think a white hat tipped them off about it.

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
bitpop
Legendary
*
Offline Offline

Activity: 2548
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 10:29:01 PM
 #3620

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

Do not get scared if they don't match at first! Look at the whole list and address number! They won't be synced.

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Pages: « 1 ... 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 [181] 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!