Bitcoin Forum
November 30, 2020, 11:42:59 AM *
News: Bitcointalk Community Awards
 
   Home   Help Search Login Register More  
Pages: « 1 ... 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 [209] 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 »
  Print  
Author Topic: Armory - Discussion Thread  (Read 521212 times)
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
October 04, 2014, 07:43:32 PM
 #4161

---

ok, got it.

but i have to say, this whole section on your website needs to be re-written and clarified if you want to stop getting these questions:

GPG-Verifying Armory Installers

Update: If you already have a verified copy of Armory version 0.91 or higher, you can use the new secure downloader feature to get upgrades and/or installers for other systems.  See the next section for more info.   If you don't have a verified copy of Armory yet, you should follow these instructions to verify the first Armory installer you download via GPG.

Armory is used by some of the most heavily-invested, and most paranoid Bitcoin enthusiasts for maximum privacy and security.  If you are in this category, it is recommended you verify that your Armory installers have not been altered in any way.  Armory Ubuntu/Debian packages (*.deb files) are signed directly using our Offline Signing Key (GPG) (0x98832223).  And each release comes with a signed file containing the SHA256 hashes of each installer.   Unfortunately, it is not easy to verify these signatures unless you have access to a Linux machine.  At the moment, the verification procedure on Windows is very difficult. To verify in Linux, “cd” to the directory containing the installer (usually Downloads), download and import the Armory signing key from the ubuntu key-server, install the signature verification program, and then use it verify the signatures on the *.deb files:

$ cd Downloads   # the directory containing the *.deb
$ gpg --recv-keys --keyserver keyserver.ubuntu.com 98832223
$ sudo apt-get install dpkg-sig
$ dpkg-sig --verify *.deb

If everything goes smoothly, you will see the following output:

$ gpg --recv-keys --keyserver keyserver.ubuntu.com 98832223
gpg: requesting key 98832223 from hkp server keyserver.ubuntu.com
gpg: key 98832223: public key "Alan C. Reiner (Offline Signing Key) <alan@bitcoinarmory.com>"

$ dpkg-sig --verify *.deb
Processing armory_0.85-beta_amd64.deb...
GOODSIG _gpgbuilder 821F122936BDD565366AC36A4AB16AEA98832223 1353699840

Notice the "98832223" at the end of the "GOODSIG" line. That is the key "Fingerprint" and if it does not match, do not use that installer! To be extra sure, you can check the last 16 characters, which should be "4AB16AEA 98832223".  The last set of digits (1353699840) is simply a timestamp indicating when the signature was made.  This will be different for every new and can safely be ignored.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1606736579
Hero Member
*
Offline Offline

Posts: 1606736579

View Profile Personal Message (Offline)

Ignore
1606736579
Reply with quote  #2

1606736579
Report to moderator
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1046


Core Armory Developer


View Profile WWW
October 04, 2014, 07:58:21 PM
 #4162

---

ok, got it.

but i have to say, this whole section on your website needs to be re-written and clarified if you want to stop getting these questions:

...

Yes, that should still work for the regular non-offline-bundle installers.  And it was supposed to work with the debs inside the bundle, but it seems that I make the bundles before I sign the .debs (so the bundle ends up with the non-signed version).  But the whole tar.gz gets signed anyway, so the dpkg-sig signature is redundant, and the fact that I screwed up the redundant sig is what threw you off.  It's better to use the hash anyway, since it covers all the files in the .tar.gz, not just the Armory installer itself.

I'd like to make this simpler, but there's just so many OSes, so many signature layers, and a complex web of operations performed to make sure everything is consistent (such as making sure that the installers are signed before making the hashes file, which needs to be signed, before creating the announce digest, that needs to be signed, so the secure downloader gets the right file with a valid signature.  I wish we could just use the secure downloader for everything, but the fact is that people have to somehow verify the first version of Armory that they get, which requires the GPG stuff. 

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
October 04, 2014, 08:15:04 PM
 #4163

---

ok, got it.

but i have to say, this whole section on your website needs to be re-written and clarified if you want to stop getting these questions:

...

Yes, that should still work for the regular non-offline-bundle installers.  And it was supposed to work with the debs inside the bundle, but it seems that I make the bundles before I sign the .debs (so the bundle ends up with the non-signed version).  But the whole tar.gz list gets signed anyway, so the dpkg-sig signature is redundant, and the fact that I screwed up the redundant sig is what threw you off.  It's better to use the hash list anyway, since it covers all the files in the .tar.gz, not just the Armory installer itself.

I'd like to make this simpler, but there's just so many OSes, so many signature layers, and a complex web of operations performed to make sure everything is consistent (such as making sure that the installers are signed before making the hashes file, which needs to be signed, before creating the announce digest, that needs to be signed, so the secure downloader gets the right file with a valid signature.  I wish we could just use the secure downloader for everything, but the fact is that people have to somehow verify the first version of Armory that they get, which requires the GPG stuff.  


no worries.  it's just that devs use a different language sometimes  Wink  for instance, i think adding these words to what you said would make it clearer:

"But the signed hashes list is better, since the hash list covers every file in the .tar.gz, not just the .deb."
redphlegm
Sr. Member
****
Offline Offline

Activity: 246
Merit: 250


My spoon is too big!


View Profile
October 06, 2014, 02:48:12 PM
 #4164

Not sure if I found a bug or not but it sure seems like something that shouldn't work the way it does. Here's my scenario:

I use an old, offline machine running linux just for the purposes of offline signing for a couple Armory wallets. All was fine and dandy until I forgot the encryption passphrase for one of them. Not to worry though, right? Because I have the paper backup. So with that encrypted wallet for which I couldn't remember the encryption passphrase still in the list, I "recovered" the same wallet using the root key paper backup. It then gave me 3 options: to cancel, merge, or overwrite (with the text for "merge" saying that it would create a new passphrase). I chose the merge option. It then proceeded to "calculate new addresses" which was pretty processor intensive and ran for about 5-7 minutes. I didn't figure this was an issue and that it was a one-time thing so I didn't think much of it. Then I tried to spend from the wallet. I generated the transaction on an online computer, saved the tx file, loaded the tx file for signing on the offline computer, and then it did the same long processing activity (probably about 5 minutes) and it was finally signed. Saved the signed tx file, went to online computer, broadcast, and it went on without a hitch.

I haven't tried again as I don't have any reason to spend / send again but I'm wondering if I will have to deal with the 5-minute processing every time because I have a "merged" wallet with the passphrase changed.

And now that I think about it, what is the difference, on an offline machine, between a "merged" wallet and an "overwritten" wallet with a new encryption? Seems a bit redundant since the addresses, amounts, and transaction history aren't tracked.

Whiskey Fund: (BTC) 1whiSKeYMRevsJMAQwU8NY1YhvPPMjTbM | (Ψ) ALcoHoLsKUfdmGfHVXEShtqrEkasihVyqW
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1046


Core Armory Developer


View Profile WWW
October 06, 2014, 02:59:02 PM
 #4165

Not sure if I found a bug or not but it sure seems like something that shouldn't work the way it does. Here's my scenario:

I use an old, offline machine running linux just for the purposes of offline signing for a couple Armory wallets. All was fine and dandy until I forgot the encryption passphrase for one of them. Not to worry though, right? Because I have the paper backup. So with that encrypted wallet for which I couldn't remember the encryption passphrase still in the list, I "recovered" the same wallet using the root key paper backup. It then gave me 3 options: to cancel, merge, or overwrite (with the text for "merge" saying that it would create a new passphrase). I chose the merge option. It then proceeded to "calculate new addresses" which was pretty processor intensive and ran for about 5-7 minutes. I didn't figure this was an issue and that it was a one-time thing so I didn't think much of it. Then I tried to spend from the wallet. I generated the transaction on an online computer, saved the tx file, loaded the tx file for signing on the offline computer, and then it did the same long processing activity (probably about 5 minutes) and it was finally signed. Saved the signed tx file, went to online computer, broadcast, and it went on without a hitch.

I haven't tried again as I don't have any reason to spend / send again but I'm wondering if I will have to deal with the 5-minute processing every time because I have a "merged" wallet with the passphrase changed.

And now that I think about it, what is the difference, on an offline machine, between a "merged" wallet and an "overwritten" wallet with a new encryption? Seems a bit redundant since the addresses, amounts, and transaction history aren't tracked.

In wallets that are encrypted (should be most of them) it sometimes generates all the addresses from the public keys when it doesn't have your password to generate the private keys with it.  In that case, it marks all the private keys to be calculated next time you unlock the wallet, which could be a lot of keys.  But once it is done, or won't need to do it again so each subsequent unlock should be much faster

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Moria843
Sr. Member
****
Offline Offline

Activity: 441
Merit: 250


Found Lost beach - quiet now


View Profile
October 06, 2014, 05:22:18 PM
 #4166

With the news on USB firmware hacks I was wondering if I should add a 3.5" floppy to my online computer to transfer from my cold storage old XP computer that already has a floppy. Would it be safer?

Hot time, summer in the city, back of my mine getting hot & gritty!!!
bitpop
Legendary
*
Offline Offline

Activity: 2674
Merit: 1048


https://keybase.io/bitpop


View Profile WWW
October 06, 2014, 08:05:31 PM
 #4167

With the news on USB firmware hacks I was wondering if I should add a 3.5" floppy to my online computer to transfer from my cold storage old XP computer that already has a floppy. Would it be safer?

Those have firmware too

2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1038



View Profile
October 06, 2014, 09:06:23 PM
 #4168

Those have firmware too
Floppy firmware Huh

The problem is paucity of computers that still have the floppy drive interfaces. Physical drives and disks are quite easy to get on the secondary market.

Obviously, using an USB-attached floppy drive will put you back in square one.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
bitpop
Legendary
*
Offline Offline

Activity: 2674
Merit: 1048


https://keybase.io/bitpop


View Profile WWW
October 06, 2014, 09:09:37 PM
 #4169

Those have firmware too
Floppy firmware Huh

The problem is paucity of computers that still have the floppy drive interfaces. Physical drives and disks are quite easy to get on the secondary market.

Obviously, using an USB-attached floppy drive will put you back in square one.


Oh internal floppy, do you even have a floppy header?

2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1038



View Profile
October 06, 2014, 09:27:59 PM
 #4170

Oh internal floppy, do you even have a floppy header?
Internal or external. It doesn't matter, lots of laptops had it as an option for "universal drive bay" or "expansion docking bay". On desktop motherboards it is nowadays available through the http://en.wikipedia.org/wiki/Low_Pin_Count bus instead of the historical "IBM PC-compatible" cable.


Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
Moria843
Sr. Member
****
Offline Offline

Activity: 441
Merit: 250


Found Lost beach - quiet now


View Profile
October 06, 2014, 09:40:50 PM
 #4171

Those have firmware too
Floppy firmware Huh

The problem is paucity of computers that still have the floppy drive interfaces. Physical drives and disks are quite easy to get on the secondary market.

Obviously, using an USB-attached floppy drive will put you back in square one.


Oh internal floppy, do you even have a floppy header?
Would be using old IDE/ATA interface, not USB. Sure floppy has firmware, but I doubt the BadUSB problem attacks IDE/ATA firmware or if the old firmware was even writeable.

My cold storage XP computer already has a floppy and I have a PCI to IDE controller card that will allow me to interface an old floppy (I have several sitting around) to my on-line computer. Floppies would be used to transfer signature files. Just wondering if the old technology might be less susceptible to hacks like BadUSB.

Hot time, summer in the city, back of my mine getting hot & gritty!!!
bitpop
Legendary
*
Offline Offline

Activity: 2674
Merit: 1048


https://keybase.io/bitpop


View Profile WWW
October 06, 2014, 09:45:57 PM
 #4172

Man that shit is old. Maybe sata to sd is a better option.

Moria843
Sr. Member
****
Offline Offline

Activity: 441
Merit: 250


Found Lost beach - quiet now


View Profile
October 06, 2014, 09:55:43 PM
 #4173

It is old. But it's spare parts I have laying around. Saw a 60 Minutes where they're still using 8" floppies in ICBM launch bunkers. Why - because they're controllers cannot be be hacked. That's what made me wonder about this option.

Hot time, summer in the city, back of my mine getting hot & gritty!!!
2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1038



View Profile
October 06, 2014, 10:35:31 PM
 #4174

Would be using old IDE/ATA interface, not USB. Sure floppy has firmware, but I doubt the BadUSB problem attacks IDE/ATA firmware or if the old firmware was even writeable.

My cold storage XP computer already has a floppy and I have a PCI to IDE controller card that will allow me to interface an old floppy (I have several sitting around) to my on-line computer. Floppies would be used to transfer signature files. Just wondering if the old technology might be less susceptible to hacks like BadUSB.
You seem to be confused. Floppies have no firmware neither in the drive nor in the controller. It is all hard-wired logic sequencers. Moreover normal floppies never used IDE/ATA interface or anything similar, those were for hard drives. Fortunately the connectors won't fit, so there's no possibility of damage. Lots of even fairly modern motherboards will support floppy connected via the LPC as a last-resort recovery from a locked-out administrator access to the IPMI, AMT or similar pre-boot low-level interfaces. It is frequently not even described in the regular documentation.

There are some extremely rare IDE-attached floppy-like drives like:
http://en.wikipedia.org/wiki/Floptical
http://en.wikipedia.org/wiki/SuperDisk
http://en.wikipedia.org/wiki/Zip_drive
http://en.wikipedia.org/wiki/Sony_HiFD
http://en.wikipedia.org/wiki/Caleb_UHD144
but those aren't real floppies and do have firmware. Although they are so rare, that one can probably assume that nobody would bother to hack them.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
Adrian-x
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000



View Profile
October 06, 2014, 10:58:28 PM
 #4175

Every time I updated Armory (windows 64 bit version) my antivirus software quarantines “guardian.exe”  I wasn’t able to find a satisfactory explanation as to its function.

can anyone shed some light on the following questions:

What does it do? Why does Armory need it?
My Armory seems to functions just fine without it, is there anything I should know or be concerned about? 
Is it safe to ask my antivirus to ignore this file?

Thanks,

Thank me in Bits 12MwnzxtprG2mHm3rKdgi7NmJKCypsMMQw
Moria843
Sr. Member
****
Offline Offline

Activity: 441
Merit: 250


Found Lost beach - quiet now


View Profile
October 06, 2014, 11:28:30 PM
 #4176

Would be using old IDE/ATA interface, not USB. Sure floppy has firmware, but I doubt the BadUSB problem attacks IDE/ATA firmware or if the old firmware was even writeable.

My cold storage XP computer already has a floppy and I have a PCI to IDE controller card that will allow me to interface an old floppy (I have several sitting around) to my on-line computer. Floppies would be used to transfer signature files. Just wondering if the old technology might be less susceptible to hacks like BadUSB.
You seem to be confused. Floppies have no firmware neither in the drive nor in the controller. It is all hard-wired logic sequencers. Moreover normal floppies never used IDE/ATA interface or anything similar, those were for hard drives. Fortunately the connectors won't fit, so there's no possibility of damage. Lots of even fairly modern motherboards will support floppy connected via the LPC as a last-resort recovery from a locked-out administrator access to the IPMI, AMT or similar pre-boot low-level interfaces. It is frequently not even described in the regular documentation.

There are some extremely rare IDE-attached floppy-like drives like:
http://en.wikipedia.org/wiki/Floptical
http://en.wikipedia.org/wiki/SuperDisk
http://en.wikipedia.org/wiki/Zip_drive
http://en.wikipedia.org/wiki/Sony_HiFD
http://en.wikipedia.org/wiki/Caleb_UHD144
but those aren't real floppies and do have firmware. Although they are so rare, that one can probably assume that nobody would bother to hack them.

You're right. I was looking at my old "Super I/O" card that states it "contains a Floppy Disk Controller" and thought this was an IDE/ATA interface but guess that's different.
It states:
» Supports two 360K / 720K / 1.2M / 1.44M / 2.88M floppy disk drives
» Enhanced digital data separator
» 3-Mode drives supported
But, it's definitely not USB since it has the old parallel ribbon cable connectors that connect to the old 3.5" floppy drives.

Hot time, summer in the city, back of my mine getting hot & gritty!!!
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 2702
Merit: 1177

Armory Developer


View Profile
October 06, 2014, 11:47:10 PM
 #4177

Every time I updated Armory (windows 64 bit version) my antivirus software quarantines “guardian.exe”  I wasn’t able to find a satisfactory explanation as to its function.

can anyone shed some light on the following questions:

What does it do? Why does Armory need it?
My Armory seems to functions just fine without it, is there anything I should know or be concerned about? 
Is it safe to ask my antivirus to ignore this file?

Thanks,


If you use auto managed bitcoind, it will be ran monitor the bitcoind instance spawned by Armory. If Armory was to crash, it will kill that bitcoind instance and exit.

etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1046


Core Armory Developer


View Profile WWW
October 07, 2014, 12:50:09 AM
 #4178

Every time I updated Armory (windows 64 bit version) my antivirus software quarantines “guardian.exe”  I wasn’t able to find a satisfactory explanation as to its function.

can anyone shed some light on the following questions:

What does it do? Why does Armory need it?
My Armory seems to functions just fine without it, is there anything I should know or be concerned about? 
Is it safe to ask my antivirus to ignore this file?

Thanks,


If you use auto managed bitcoind, it will be ran monitor the bitcoind instance spawned by Armory. If Armory was to crash, it will kill that bitcoind instance and exit.

More specifically, if Armory runs Bitcoin Core for you in the background, sometimes it will leave Bitcoin Core running in the background if Armory crashes.  guardian.exe is a very short program with the sole purpose of killing Bitcoin Core if Armory fails to close it.  It was especially important on Windows where Armory would mysteriously fail to close Core even on a clean shutdown. 

If you quarantine guardian.exe and don't allow it to run, you'll be fine.  But you might occasionally start Armory and it will tell you Core is already running, even though you never started it.  You'll have to go into the task manager and kill it manually.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Adrian-x
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000



View Profile
October 07, 2014, 12:55:32 AM
 #4179

thanks etotheipi and goatpig,

Occasionally I feel armory didn’t close properly as Armory has to re index the internal database on reboot. Not sure as this hasn’t happened with 0.92.3 yet but would that be related?

Thank me in Bits 12MwnzxtprG2mHm3rKdgi7NmJKCypsMMQw
2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1038



View Profile
October 07, 2014, 01:12:42 AM
Last edit: October 07, 2014, 04:03:14 AM by 2112
 #4180

You're right. I was looking at my old "Super I/O" card that states it "contains a Floppy Disk Controller" and thought this was an IDE/ATA interface but guess that's different.
It states:
» Supports two 360K / 720K / 1.2M / 1.44M / 2.88M floppy disk drives
» Enhanced digital data separator
» 3-Mode drives supported
But, it's definitely not USB since it has the old parallel ribbon cable connectors that connect to the old 3.5" floppy drives.
Yep, you are good to go and as safe as the US ICBM operators. Although if I remember correctly the ICBM operators are required to sit on their chairs (with rails instead of rollers) and wear seat-belts (chairbelts?) when swapping floppies.

Important edit for the beginners:

1) Do not allow any of the computers to boot off of the floppy or CD-ROM. Always remember to immediately remove the floppy or CD-RW used to exchange the data between the computers, lest you forget and reboot the machine accidentally.

2) Do not install any additional drivers that might have came with the PCI board or the laptop expansion bay. The added device should be recognized by the OS itself. If the device isn't auto-recognized then it also isn't really safe. There were well-know vendors who inadvertently distributed viruses/trojans/bad OS patches on their pressed driver CD-ROMs.

I apologize for not putting this disclaimer when writing the original message.



Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
Pages: « 1 ... 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 [209] 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!