Armory - Discussion Thread

[13Charlie]

The M-of-N feature is pretty awesome.
It has been in the works for a while now.

Thanks Alan.

[1713556176]

1713556176

[1713556176]

1713556176

[1713556176]

1713556176

[1713556176]

1713556176

[1713556176]

1713556176

[TierNolan]

This is definitely a Bitcoin problem, not an Armory problem.  Armory is bound to the transaction fee "guidelines" built into the default Bitcoin-Qt/bitcoind apps.  I can let Armory try to send a zero-fee tx, but Bitcoin-Qt/bitcoind may not like it and the tx will be DOA -- it will never make it to the network, because it didn't have enough fee to even be relayed by Bitcoin-Qt/bitcoind.

You could have Armory have a system where it can connect to a given IP address for sending.  The user could enter a miner's IP directly.

[etotheipi]

The M-of-N feature is pretty awesome.
It has been in the works for a while now.

Thanks Alan.

Yeah, the logic has been in the code for a while, and I had all these great ideas for wrapping a GUI around it, but no time to do it.  The conference was the perfect excuse to get it done.   We want to showcase the advanced security features of Armory to people going by.  Of course, we have to warn them "This beta only works if you are on a 64-bit OS with 5+ GB of RAM".  Still, it should whet their appetite and give them the impression that Armory is the Cadillac of Bitcoin wallets.  Then when the resource issues are resolved, they'll be excited they can finally use it

[etotheipi]

This is definitely a Bitcoin problem, not an Armory problem.  Armory is bound to the transaction fee "guidelines" built into the default Bitcoin-Qt/bitcoind apps.  I can let Armory try to send a zero-fee tx, but Bitcoin-Qt/bitcoind may not like it and the tx will be DOA -- it will never make it to the network, because it didn't have enough fee to even be relayed by Bitcoin-Qt/bitcoind.

You could have Armory have a system where it can connect to a given IP address for sending.  The user could enter a miner's IP directly.

Yeah, but I don't know how many people would ever figure out how to use that feature.  There would be some, but it would be an underwhelming minority

However, the new auto-bitcoind feature has Armory connecting via RPC, so the sendrawtransaction command will fix this problem.  Bitcoin-Qt/bitcoind will broadcast the tx regardless of what it personally thinks about it.

[OpenYourEyes]

Real nice work, I'll give this a test in the next day or so.

Just out of interest, is it possible to implement some form of two factor authentication into Armory before a transaction is sent?

I do not have much understanding of the technical side of Bitcoin, but say a private key/wallet is encrypted with a bunch on "one-time passwords" that require the use of a phone running gAuth to complete the transaction.

[etotheipi]

Real nice work, I'll give this a test in the next day or so.

Just out of interest, is it possible to implement some form of two factor authentication into Armory before a transaction is sent?

I do not have much understanding of the technical side of Bitcoin, but say a private key/wallet is encrypted with a bunch on "one-time passwords" that require the use of a phone running gAuth to complete the transaction.

That kind of 2-factor auth requires a centralized server. Anything that I implement using, say, google-auth, would be purely security theatre.  It would add 2-factor auth for you using Armory, but someone who steals your wallet file wouldn't need it.  It's because the network doesn't care about google-auth.

However, if I ever get back to the new wallets, I will be implementing two-factor auth using multi-sig network scripts.   Then your phone would also have a bitcoin wallet, and the network would expect to see a signature from both.

I absolutely will be doing this, at some point, but I have a lot of priorities.  Not to mention, I need an Android app .  I have someone helping with Android stuff, but it's still a ways off.  This is exactly what you want.

[OpenYourEyes]

Great!

I absolutely will be doing this, at some point, but I have a lot of priorities.  Not to mention, I need an Android app .  I have someone helping with Android stuff, but it's still a ways off.  This is exactly what you want.

Android No Meego love?   (Nokia N9 here).

Runs Qt and Python.

I'd give you a measly $150 for that.

Edit: One another thing, I know I've asked a lot already.

Is it possible for Amory to just watch an address? The reason I ask is I use a few paper backups, and send coins on occasion to them, so it would be nice to see the total balance/transactions of them.

[chrisrico]

Android No Meego love?  (Nokia N9 here).

What sort of user base does Meego have? It probably wouldn't make sense for etotheipi to spend a lot of resources on developing a client for a platform very few (relatively) people use. Given that Armory is open source though, you could develop one or pay to have one developed yourself.

Is it possible for Amory to just watch an address? The reason I ask is I use a few paper backups, and send coins on occasion to them, so it would be nice to see the total balance/transactions of them.

This is not possible with Armory currently. In the past he has expressed opposition to this idea based on the threat model that someone could insert a watching only public key into your wallet and you would have no way of telling it was not yours. Then, someone sends funds to it, making it look like you've been paid, but you have no way to spend those funds.

[OpenYourEyes]

Android No Meego love?  (Nokia N9 here).

What sort of user base does Meego have? It probably wouldn't make sense for etotheipi to spend a lot of resources on developing a client for a platform very few (relatively) people use. Given that Armory is open source though, you could develop one or pay to have one developed yourself.

Is it possible for Amory to just watch an address? The reason I ask is I use a few paper backups, and send coins on occasion to them, so it would be nice to see the total balance/transactions of them.

This is not possible with Armory currently. In the past he has expressed opposition to this idea based on the threat model that someone could insert a watching only public key into your wallet and you would have no way of telling it was not yours. Then, someone sends funds to it, making it look like you've been paid, but you have no way to spend those funds.

The user base for Meego is quite low, but I think having (the only) wallet software available would be great.

Hmm. I see your point with the watching only. Perhaps the balance could be shown separate to the total balance, and displayed in red with a warning saying you don't own these funds.
Or maybe, the balance doesn't show at all until you click a "View watching only" button and then you are presented with a warning dialog before being presented with a new window show the watching balances.

[CanadianGuy]

was running .87 (i think?)  and started getting a runtime error.  Just updated to .88 and now armory won't open at all!! (I click on it and nothing happens.  Nothing.)
 

[etotheipi]

was running .87 (i think?)  and started getting a runtime error.  Just updated to .88 and now armory won't open at all!! (I click on it and nothing happens.  Nothing.)
 

Do you have any non-ASCII characters in your username?  Like an "é"?  That became a problem in 0.88. 

If so, you might have to stick with 0.87.2 but switch to 64-bit version.  The 32-bit version has stopped working until the next release (with revamped engine). 
http://bitcoinarmory.googlecode.com/files/armory_0.87.2-testing_win64.msi


If you don't have any non-ASCII characters, your problem may simply be that you need to completely uninstall the previous version before installing the new version.  Try that first, then go back to 0.87.2 (64-bit) if it still doesn't work.  In all cases, you're going to have to uninstall the old version, and your wallets will be completely safe through the reinstallation cycle.

[CanadianGuy]

made a false assumption that 0.88 would automatically uninstall previous version.  Two versions were on my computer so removed them both and reinstalled 0.88. 

its doing its several hour update right now, but I doubt I have enough RAM anymore (you mentioned somewhere that 6mb is minimum).

quick question... what advantage does armory have over Electrum?  I'm considering switching..

[etotheipi]

made a false assumption that 0.88 would automatically uninstall previous version.  Two versions were on my computer so removed them both and reinstalled 0.88. 

its doing its several hour update right now, but I doubt I have enough RAM anymore (you mentioned somewhere that 6mb is minimum).

quick question... what advantage does armory have over Electrum?  I'm considering switching..

Obviously multi-hour starting is not supposed to happen.  It's a couple minutes if you have the RAM, and will be very fast/instantaneous after the next upgrade.

Electrum is obviously designed to be fast and easy to get into.  But you're sacrificing privacy, and a little bit of security, by connecting to these centralized servers.  These servers know exactly how much you have in your wallet and all the transactions you execute.  Similarly, any kind of attack that works on isolating a node, works on Electrum.

For a casual user, it's not all that important.  For someone with a lot of BTC, the privacy implications are concerning, and the security issues are not terrible, but they'd prefer to just remove all doubt.

Armory also just has more/better features than anything else.  It's the cadillac of desktop wallets.  If you have the system resources and yo uget it running, it'll treat you better than anything else, you support the network by running a full node, and you've optimized your security and privacy by going through a full node you control, instead of trusting others.

Right now, Armory is really suffering in the usability dept.  I hope that's resolved in the next couple weeks and then people won't have to ask that question again!  (well, it will still require the same effort as Bitcoin-Qt, but not much worse than that).

[LvM]

@etotheipi:
Why not include the fast Electrum approach as an option into Armory?
I normally would use it, ignoring all warnings.
Sure, I have no idea wether there might arise problems using all the other nice and informative features of Armory.

How much Bitcoind is stealing of my bandwidth enlightens the fact, that my always without problems running internet RadioSwissClassic is interrupted again and again while Bitcoind/Armory is working in the background. And my CPU needs cooling also..

[LvM]

@Admin:
Missing the "all" button here. Thread too long.
Better we fix and close it and start a second.

[Lavender]

Hi all Just tested the best way of using offline part of Amory I can think of.

1. Download Tails. This is Debian LiveCD/LiveUSB system. Why Tails? Because it is well-known system designed with max security in mind (to leave system and disks untouched in particular), has a lot of users and testers and supported by Tor project. These ones are enough for me to trust it.

2. Boot it in custom way: pass 'truecrypt' parameter to kernel and set up root password in welcome screen.

3. Go to online computer and download needed packages from Debian repositories or from here, we need these:

Code:

python-twisted-conch_10.1.0-1_all.deb  
python-twisted-runner_10.1.0-2_i386.deb
python-twisted-core_10.1.0-3_all.deb   
python-twisted-web_10.1.0-1_all.deb
python-crypto_2.1.0-2+squeeze1_i386.deb  
python-twisted-lore_10.1.0-1_all.deb   
python-twisted-words_10.1.0-1_all.deb
python-openssl_0.10-1_i386.deb           
python-twisted-mail_10.1.0-1_all.deb   
python-twisted_10.1.0-3_all.deb
python-pyasn1_0.0.11a-1_all.deb          
python-twisted-names_10.1.0-1_all.deb
python-twisted-bin_10.1.0-3_i386.deb     
python-twisted-news_10.1.0-1_all.deb

Don`t forget to check hashes and signatures!
Also download latest Armory .deb file from Armory website.

4. Make Truecrypt container in USB drive, put all debs to folder, say, 'armory' in this tc-container.

5. Plug in USB drive to computer booted with Tails as said above. Mount tc-container, run

Code:

dpkg -i /media/truecrypt1/armory/*.deb

6. We got an secure offline environment: if it is unencrypted, it disappears when you shutdown computer. Total geek  

Did I miss something? Maybe we should ask etotheipi to include offline bundle for Tails as it is already made for Ubuntu?

Added comments from my trials:

Step 3: I tried downloading the newer v12 packages, but they were not compatible with the version of python in Tails 0.17.2, so I went back to the v10 packages that you suggested.

Also, the Terminal informed me that armory_0.88.1-beta_i386.deb also required python-psutil_0.1.3-1_all.deb

Here are the links to all of the files needed:

http://packages.debian.org/stable/python/python-crypto
http://packages.debian.org/stable/python/python-openssl
http://packages.debian.org/stable/python/python-psutil
http://packages.debian.org/stable/python/python-pyasn1
http://packages.debian.org/stable/python/python-twisted
http://packages.debian.org/stable/python/python-twisted-bin
http://packages.debian.org/stable/python/python-twisted-conch
http://packages.debian.org/stable/python/python-twisted-core
http://packages.debian.org/stable/python/python-twisted-lore
http://packages.debian.org/stable/python/python-twisted-mail
http://packages.debian.org/stable/python/python-twisted-names
http://packages.debian.org/stable/python/python-twisted-news
http://packages.debian.org/stable/python/python-twisted-runner
http://packages.debian.org/stable/python/python-twisted-web
http://packages.debian.org/stable/python/python-twisted-words

The first step after opening one of those links is to click on the "squeeze" link at the top-right section of the page. That is a codeword for "the second-most recent stable release version". Wheezy is code for "the most recent stable release version". "Jessie", "sid", and "experimental" are all for non-stable releases.

The second step in those links is to scroll all the way to the bottom and select the proper architecture. If the only selection is "all", then you choose "all". If there are multiple architectures listed, then for 99% of use cases, only two matter:
i386 = 32-bit systems (regardless of CPU manufacturer)
amd64 = 64-bit systems (regardless of CPU manufacturer)

This selection should match your Armory file, which is either armory_0.88.1-beta_amd64.deb or armory_0.88.1-beta_i386.deb. Keep in mind that 32-bit programs still run just fine on 64-bit CPUs, so if you're having any problems with 64-bit builds, you can move to 32-bit builds. I have an Intel Core 2 Duo and since I only need 1 program to work correctly on it (Armory off-line), I didn't care about 32 vs 64, so I went the conservative route and chose Armory_i386 along with i386 Debian packages.

On this final page, choose a mirror to download the file from. If you want to verify the checksums, they are at the very bottom of this page. Here is a tutorial on an easy way to verify checksums in Mozilla Firefox.

Step 5: Be sure to enter this in "Root Terminal", not regular "Terminal", as "Root Terminal" gives the needed root access to initiate this command. Not difficult to figure out, but good info for a newbie.

--------------------------------------------------------------------------------

Thank you very much for sharing this, N.Z. I've been spending days learning how to use Bitcoin, Linux, Armory, TrueCrypt, LiveCD creation, working out a dedicated offline PC purchase, and sorting through various methods of combining those variables into a workable solution. Your proposal best satisfies my security/ease-of-use balance.

EDIT: I drafted all of this into a single hyperlinked word document for first-time readers.

[picobit]

i386 = 32-bit systems (alternately, anything that is not a 64-bit AMD system. I have an intel 64-bit CPU and I use this i386)
amd64 = only for 64-bit AMD systems

To be honest, I do not know how debian does it, but in most other Linux distributions amd64 means 64-bit AMD or Intel.  AMD were first with the 64 bit extensions to the i686 architecture, hence the name.  Intel wisely chose to be compatible, but by then the name amd64 had stuck for that architecture, although some chose to change the name to x86_64.

[Lavender]

i386 = 32-bit systems (alternately, anything that is not a 64-bit AMD system. I have an intel 64-bit CPU and I use this i386)
amd64 = only for 64-bit AMD systems

To be honest, I do not know how debian does it, but in most other Linux distributions amd64 means 64-bit AMD or Intel.  AMD were first with the 64 bit extensions to the i686 architecture, hence the name.  Intel wisely chose to be compatible, but by then the name amd64 had stuck for that architecture, although some chose to change the name to x86_64.

Thank you for sharing. I do not know either, my post was an estimation. This was my source:

Ubuntu 12.10 (Quantal Quetzal)
http://releases.ubuntu.com/quantal/

PC (Intel x86) desktop image
For almost all PCs. This includes most machines with Intel/AMD/etc type processors and almost all computers that run Microsoft Windows, as well as newer Apple Macintosh systems based on Intel processors. Choose this if you are at all unsure.

64-bit PC (AMD64) desktop image
Choose this to take full advantage of computers based on the AMD64 or EM64T architecture (e.g., Athlon64, Opteron, EM64T Xeon, Core 2). If you have a non-64-bit processor made by AMD, or if you need full support for 32-bit code, use the Intel x86 images instead.

EDIT: I see now upon re-reading that "Core 2" Duo was included on the list for the AMD64 build, so you are correct. I have updated my post to clarify that i386 is for 32-bit builds and AMD64 is for 64-bit builds, regardless of CPU manufacturer.

[picobit]

AMD64 = AMDs 64-bit processors
EM64T = Intels 64-bit processors

[Daily Anarchist]

Never done this before so I may be missing something, but I'm getting this error:

seth@LockBox:~$ git tag -v v0.88.1-beta
fatal: Not a git repository (or any of the parent directories): .git
seth@LockBox:~$

Even after successfully importing your public key:

seth@LockBox:~$ gpg --recv-keys --keyserver keyserver.ubuntu.com 98832223
gpg: requesting key 98832223 from hkp server keyserver.ubuntu.com
gpg: key 98832223: public key "Alan C. Reiner (Offline Signing Key) <alan@bitcoinarmory.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
seth@LockBox:~$