Bitcoin Forum
August 20, 2017, 10:07:52 AM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 [182] 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 »
  Print  
Author Topic: Armory - Discussion Thread  (Read 508560 times)
flipperfish
Sr. Member
****
Offline Offline

Activity: 334


Dolphie Selfie


View Profile
May 03, 2014, 11:05:25 AM
 #3621

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...
1503223672
Hero Member
*
Offline Offline

Posts: 1503223672

View Profile Personal Message (Offline)

Ignore
1503223672
Reply with quote  #2

1503223672
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1503223672
Hero Member
*
Offline Offline

Posts: 1503223672

View Profile Personal Message (Offline)

Ignore
1503223672
Reply with quote  #2

1503223672
Report to moderator
1503223672
Hero Member
*
Offline Offline

Posts: 1503223672

View Profile Personal Message (Offline)

Ignore
1503223672
Reply with quote  #2

1503223672
Report to moderator
bitpop
Legendary
*
Offline Offline

Activity: 2100


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 11:12:39 AM
 #3622

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...

A virus can compromise your watch only copy to generate addresses that aren't yours. This completely bypasses all security.

You could generate it then glance at the cold storage copy to make sure it's in the list. You may have to generate extra ones to get the number of addresses the same.

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
jl2012
Legendary
*
Offline Offline

Activity: 1652


View Profile
May 03, 2014, 01:38:44 PM
 #3623

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...

A virus can compromise your watch only copy to generate addresses that aren't yours. This completely bypasses all security.

You could generate it then glance at the cold storage copy to make sure it's in the list. You may have to generate extra ones to get the number of addresses the same.

Is that a malware, or a bug in Armory?

Donation address: 1GdBAuFihJVxypysnkF7jKwcKAoAn8dbvg
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
bitpop
Legendary
*
Offline Offline

Activity: 2100


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 01:39:55 PM
 #3624

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...

A virus can compromise your watch only copy to generate addresses that aren't yours. This completely bypasses all security.

You could generate it then glance at the cold storage copy to make sure it's in the list. You may have to generate extra ones to get the number of addresses the same.

Is that a malware, or a bug in Armory?

Malware, armory is solid.

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
TierNolan
Legendary
*
Offline Offline

Activity: 1120


View Profile
May 03, 2014, 02:09:54 PM
 #3625

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Interesting, to say the least.

Is that being added to the next version or already in the current version?

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
bitpop
Legendary
*
Offline Offline

Activity: 2100


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 02:11:57 PM
 #3626

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Interesting, to say the least.

Is that being added to the next version or already in the current version?

There's no new feature per se

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
jl2012
Legendary
*
Offline Offline

Activity: 1652


View Profile
May 03, 2014, 06:05:22 PM
 #3627

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...

A virus can compromise your watch only copy to generate addresses that aren't yours. This completely bypasses all security.

You could generate it then glance at the cold storage copy to make sure it's in the list. You may have to generate extra ones to get the number of addresses the same.

Is that a malware, or a bug in Armory?

Malware, armory is solid.

So there is not much the Armory team could do. Actually this doesn't only affect Armory. For example, a malware could replace Bitpay's address on the invoice. Even payment protocol won't help as the malware could bypass the signature check.

The lesson is no bitcoin address shown on an online computer is reliable. We need some simple solutions to verify bitcoin addresses and payment requests. Dedicated hardware wallet is the way to go.

Donation address: 1GdBAuFihJVxypysnkF7jKwcKAoAn8dbvg
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
kentt
Member
**
Offline Offline

Activity: 103


View Profile
May 03, 2014, 09:39:20 PM
 #3628

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**
bitpop
Legendary
*
Offline Offline

Activity: 2100


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 10:25:15 PM
 #3629

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

I don't think anyone was. I think a white hat tipped them off about it.

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
bitpop
Legendary
*
Offline Offline

Activity: 2100


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 10:29:01 PM
 #3630

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

Do not get scared if they don't match at first! Look at the whole list and address number! They won't be synced.

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
kentt
Member
**
Offline Offline

Activity: 103


View Profile
May 03, 2014, 10:52:19 PM
 #3631

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

Do not get scared if they don't match at first! Look at the whole list and address number! They won't be synced.
Generating addresses on the cold rig matched all the generated addresses on the broadcast wallet so I guess I'm good.  Thanks for the heads up.

By "Do not get scared if they don't match at first!" do you just mean don't that I shouldn't be worried if I haven't generated the same addresses on the cold system as on the broadcast system?  Eg I've generated a few on the cold rig, but 50 on broadcast rig.  That is they should still be in generated in same order once generated.
bitpop
Legendary
*
Offline Offline

Activity: 2100


https://keybase.io/bitpop


View Profile WWW
May 03, 2014, 11:04:59 PM
 #3632

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

Do not get scared if they don't match at first! Look at the whole list and address number! They won't be synced.
Generating addresses on the cold rig matched all the generated addresses on the broadcast wallet so I guess I'm good.  Thanks for the heads up.

By "Do not get scared if they don't match at first!" do you just mean don't that I shouldn't be worried if I haven't generated the same addresses on the cold system as on the broadcast system?  Eg I've generated a few on the cold rig, but 50 on broadcast rig.  That is they should still be in generated in same order once generated.

Exactly

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
jl2012
Legendary
*
Offline Offline

Activity: 1652


View Profile
May 04, 2014, 03:39:53 AM
 #3633

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

If a computer is infected, it is completely hopeless

Let say you generated an address with the cold system, which is "1User". You send a withdrawal request to the exchange, asking them to send bitcoin to 1User. A sophisticated malware could secretly replace the address with "1Hacker" before sending the request the exchange.

Donation address: 1GdBAuFihJVxypysnkF7jKwcKAoAn8dbvg
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
bitpop
Legendary
*
Offline Offline

Activity: 2100


https://keybase.io/bitpop


View Profile WWW
May 04, 2014, 11:38:21 AM
 #3634

One day we will be able to lock an exchange to a public key and they can make addresses guaranteed for us

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
bitpop
Legendary
*
Offline Offline

Activity: 2100


https://keybase.io/bitpop


View Profile WWW
May 04, 2014, 12:25:33 PM
 #3635

One day we will be able to lock an exchange to a public key and they can make addresses guaranteed for us

I like that idea very much.

Could that be done without forcing the masses to learn PGP?

EDIT: or at least exchanges could make it an option for those who do wish to use PGP.

Actually no pgp, just a public seed

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
kentt
Member
**
Offline Offline

Activity: 103


View Profile
May 05, 2014, 06:06:54 AM
 #3636

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

If a computer is infected, it is completely hopeless

Let say you generated an address with the cold system, which is "1User". You send a withdrawal request to the exchange, asking them to send bitcoin to 1User. A sophisticated malware could secretly replace the address with "1Hacker" before sending the request the exchange.

Extremely valid point.

Some users on Reddit have actually been having this problem caused by extensions on google chrome. Though it could be any sort of malware, google chrome extensions just seem to be the thing lately.

Always a good idea to send a small test transaction out of an exchange before sending the whole amount.
I should be able to avoid that by noticing that I'm signing the txn to 1User on the offline rig.
jl2012
Legendary
*
Offline Offline

Activity: 1652


View Profile
May 05, 2014, 02:31:23 PM
 #3637

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

If a computer is infected, it is completely hopeless

Let say you generated an address with the cold system, which is "1User". You send a withdrawal request to the exchange, asking them to send bitcoin to 1User. A sophisticated malware could secretly replace the address with "1Hacker" before sending the request the exchange.

Extremely valid point.

Some users on Reddit have actually been having this problem caused by extensions on google chrome. Though it could be any sort of malware, google chrome extensions just seem to be the thing lately.

Always a good idea to send a small test transaction out of an exchange before sending the whole amount.
I should be able to avoid that by noticing that I'm signing the txn to 1User on the offline rig.

No, it's not about signing, it's about sending a payment request

Donation address: 1GdBAuFihJVxypysnkF7jKwcKAoAn8dbvg
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
jl2012
Legendary
*
Offline Offline

Activity: 1652


View Profile
May 05, 2014, 02:34:57 PM
 #3638

One day we will be able to lock an exchange to a public key and they can make addresses guaranteed for us

I like that idea very much.

Could that be done without forcing the masses to learn PGP?

EDIT: or at least exchanges could make it an option for those who do wish to use PGP.

Actually no pgp, just a public seed

Theoretically a malware could replace your public seed with the hacker's. The only bullet-proof way is to register an account with an offline pgp key (or with a bitcoin key), and sign any payment requests with the key.

Donation address: 1GdBAuFihJVxypysnkF7jKwcKAoAn8dbvg
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
May 05, 2014, 05:02:59 PM
 #3639

Actually no pgp, just a public seed

Theoretically a malware could replace your public seed with the hacker's. The only bullet-proof way is to register an account with an offline pgp key (or with a bitcoin key), and sign any payment requests with the key.

Sorry guys, I've been out of town at the MIT Bitcoin Expo this past weekend and haven't even been looking at this thread.

I just want to mention that the "real" solution here is something I've talked about for a while, but no one else in the community seems to be taking it seriously, even though it's perfectly compatible with BIP 32.  You provide your BIP32 branch root public key (but not chaincode!), perhaps putting it on your business card.  So your business card contains the public key portion of M/i/j, then when you compute address M/i/j/k for someone to pay you, you do all the hashing and crypto, and save off the multiplier just before it is applied to M/i/j.  You send the recipient the receiving address and the multiplier.  They can apply the multiplier to the public key on your business card and see that it matches the address given, proving that it's actually part of your wallet.  Note that this is perfectly private because the chaincode is not the same as the multiplier, and cannot be computed from the multiplier.  It simply allows you to optionally prove that an address is related to your root public key without leaking any privacy or security information.

Stealth addresses are based on this idea, but don't require any interaction.  It lets the sender generate the multiplier for you using ECDH, and then encoding the DH information in an OP_RETURN output.  However, it comes at the expense of extra data in the blockchain, and the receiver must scan every transaction in the blockchain with expensive crypto ops to find transactions to his wallet.  This doesn't work with lite wallets, and the stealth address discussion has gone through many ideas of outsourcing that computation/search to trusted nodes with enough computing power.

Instead, using this rootkey+multiplier trick, you still have to provide a payment address to the sender, but they can prove to themselves that the address is yours as long as they have verified your root public key at any point in time.  This doesn't require any extra computation or embedded blockchain data like stealth addresses do.  It is a solid compromise between where we are and what stealth addresses attempt to accomplish.  

When I talked about "...and a whole lot more" in my foreshadowing of what the new wallet format will do, that is one of those things we will be supporting.  It would allow you to save BIP32 root public key information for various contacts in the wallet, and provide a new (optional) address encoding that proves your addresses are related.    In all cases, we are requiring the sender to verify the receiver's address under the assumption that maybe the receiver's own WO wallet has an error or is compromised.  

Until then, the best thing you can do is exchange watching-only wallets with parties you interact with frequently, and make sure that any payment addresses they send you appear in the WO wallet you have for them.  Armory already gives you a way to watch multiple wallets and mark who they belong to.  Out-of-band verification of payment addresses (such as phone call) would be recommended for exceptionally large transactions.



P.S. - This proposal does not have a compact extension into P2SH multisig, but it is still possible.  Your company would actually have, say, 5 public keys associated with the company address (because the company uses a 3-of-5).  The sender would receive 5 multipliers, apply the multipliers to verify each one, and then sort the resulting public keys and create the P2SH-multisig themselves.   There's no loss of privacy there, just a lot more data needing to be moved between parties to do the verification.

P.P.S - You would most likely include a much shorter hash on your business card, and then supply the root key(s), multiplier(s) and payment address all at once.  They would hash the root key(s) to make sure it matches your business card, then follow the process above.




Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
May 05, 2014, 05:16:24 PM
 #3640

Until then, the best thing you can do is exchange watching-only wallets with parties you interact with frequently, and make sure that any payment addresses they send you appear in the WO wallet you have for them.  Armory already gives you a way to watch multiple wallets and mark who they belong to.  Out-of-band verification of payment addresses (such as phone call) would be recommended for exceptionally large transactions.
This is something Bitcoin companies should have been doing for years.

How many exchange balance thefts would have been avoided if exchanges let users upload a WO wallet and only processed withdrawals to addresses in it?
Pages: « 1 ... 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 [182] 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!