cp1
|
|
November 06, 2013, 04:03:40 PM |
|
But there's no security gain in a local 2-factor, it's only useful to secure an online resource! You can't use it as a seed for crypting the wallet, if this is what you mean.
This is true -- to use google authentication you have to store the secret on the same computer as your wallet. If someone can get your wallet, then they can get your secret. But it can be used with PAM to secure login to your computer, so that someone could only get your files by physically getting to your drive. I wonder if you can use google authenticator with an encrypted home directory.
|
|
|
|
superbit
|
|
November 06, 2013, 04:33:16 PM |
|
But there's no security gain in a local 2-factor, it's only useful to secure an online resource! You can't use it as a seed for crypting the wallet, if this is what you mean.
This is true -- to use google authentication you have to store the secret on the same computer as your wallet. If someone can get your wallet, then they can get your secret. But it can be used with PAM to secure login to your computer, so that someone could only get your files by physically getting to your drive. I wonder if you can use google authenticator with an encrypted home directory. Did you guys look at the keepass plugin. It works like this. Instead of being assigned a key, you type in your own secret key that is used to hash the one time passwords. I'm not sure how that number is stored or the OTP are calculated but I imagine someone in the crypto know could explain this. My guess is that it's not needed again since the OTP are count based not time based so it is not stored. Everyone on the keepass forums raves about this feature and it is just protecting a database stored locally. So either they all don't understand cryptography the same as the BTC community (very possible), or there is an extra layer of security here. You then take that same key you created and put it in google authenticator on your phone. Then you write this KEY down, just like any other 2FA key in case you lose your phone etc... Now if your wallet file was every stolen the attacker would not only have to know your password or brute force it, but also would have to somehow find out what key is being used to calculate your OTP.
|
|
|
|
runeks
Legendary
Offline
Activity: 980
Merit: 1008
|
|
November 06, 2013, 05:02:34 PM |
|
Did you guys look at the keepass plugin. It works like this. Instead of being assigned a key, you type in your own secret key that is used to hash the one time passwords. I'm not sure how that number is stored or the OTP are calculated but I imagine someone in the crypto know could explain this. My guess is that it's not needed again since the OTP are count based not time based so it is not stored. Everyone on the keepass forums raves about this feature and it is just protecting a database stored locally. So either they all don't understand cryptography the same as the BTC community (very possible), or there is an extra layer of security here.
You then take that same key you created and put it in google authenticator on your phone. Then you write this KEY down, just like any other 2FA key in case you lose your phone etc...
Now if your wallet file was every stolen the attacker would not only have to know your password or brute force it, but also would have to somehow find out what key is being used to calculate your OTP.
Here's an answer: https://bitbucket.org/devinmartin/keeotp/issue/15/totp-for-keepass-loginThe OTP's I know from Google Authenticator are six-digit codes, so they certainly can't be used if an attacker has access to your wallet, as he would only need to try one million combinations. The problem with OTPs are that they are only secure when an attacker can access neither of the two devices that know the secret code. With bitcoin exchanges, Amazon AWS, etc. the secret keys are stored on their servers and on your phone. Thus, an attacker can't know the next code unless he either compromises your phone or the servers. But what about a local wallet? The secret key has to be stored there, so traditional OTP can't work. The real solution for 2-FA is to have a wallet that requires two keys to spend from (ie. send your money to a 2-of-2 multisig Bitcoin address). One key is in your wallet itself, encrypted with your password, and the other key is on your phone. So you have to sign the transaction with each key to be able to spend from that wallet. I imagine this is somewhere on Alan's to-do list for Armory, but it's gonna take some time.
|
|
|
|
cp1
|
|
November 06, 2013, 05:29:06 PM |
|
The OTP's I know from Google Authenticator are six-digit codes, so they certainly can't be used if an attacker has access to your wallet, as he would only need to try one million combinations.
Hopefully it would be used along with your password, instead of stand alone which would be silly. But the main problem is they'd have access to your secret if they had access to your wallet.
|
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
November 06, 2013, 06:29:26 PM |
|
The problem with a local wallet is: No matter how well you protect it, be it 2FA or a DNA sample of the owner: Once you do a transaction, you have to unlock it, and that's exactly the moment the malware steals your coins. Well, we could go on and have individual 2FA keys for every address. Then you can only lose that address you just unlocked. Technically, this would be possible. But then, instead of having a second device for the 2FA, why not have a watching only wallet on your computer and the whole wallet on your second device, to begin with?
Ente
|
|
|
|
superbit
|
|
November 06, 2013, 06:34:41 PM |
|
Hmm fair enough, right now I have it enabled on top of my keepass database. If anything it provides some protection against key loggers as if my password is logged the hacker then only logs the OTP password I use on my database to open it which would do him no good.
|
|
|
|
maaku
Legendary
Offline
Activity: 905
Merit: 1012
|
|
November 06, 2013, 06:45:08 PM |
|
Ente, that's why we invented this thing called a trusted platform module which lets us do crypto operations in a boxed, temper resistant environment.
|
I'm an independent developer working on bitcoin-core, making my living off community donations. If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
|
|
|
etotheipi (OP)
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
November 06, 2013, 07:25:04 PM |
|
No matter how you look at it, Armory (and the decentralized Bitcoin concept) is that your computer holds the private keys. No matter what kind of toppings you put on it, at some point your system decrypts the private key and uses it to sign a transaction. Therefore, you can require as many devices as you want, in any complicated scheme you want, but unless there's a server somewhere holding they key, etc, it's not going to help. Your computer still holds all the data needed to decrypt the single key needed to move the funds. (this is also why removable-media DRM keeps failing -- at some point, your computer or DVD drive has to decrypt the data and send the unencrypted results to the TV/monitor -- that process cannot only be intercepted, but also run in a VM and analyzed to excrutiating detail to reverse engineer the algorithms)
However, when I finally implement multi-sig, you will have actual 2FA -- the network acts as the "server" which requires two signatures from two different keys to move the coins. And those keys can be be created completely separately, no located on the same device, thus requiring multiple devices to be compromised to get the signatures needed.
Until then, there really are no multi-factor solutions for a decentralized, run-locally app like Armory.
|
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
November 06, 2013, 11:05:54 PM |
|
Ente, that's why we invented this thing called a trusted platform module which lets us do crypto operations in a boxed, temper resistant environment.
Oh wow, here comes the next, even more polarizing topic! :-) Nah, I'm no friend of TPMs in their current state. Or, maybe, I lost track of the actual current state. Did "roll your own CA into your TPM" ever materialize? In fact, by now with the latest revelations I trust software much more than hardware. Be it a TPM or a PRNG. And even with software I am careful, I only use stuff Schneier was involved with for years now. Ente
|
|
|
|
runeks
Legendary
Offline
Activity: 980
Merit: 1008
|
|
November 07, 2013, 10:23:34 AM |
|
I'm running Armory 0.89.99-5-beta (7cd98b1a282438fc060ecc84305e20f5b0970142 on the "testing" branch) and the "Spendable/Maximum Funds" number doesn't include the coins in my offline wallet. It only counts the coins in my online "pocket change" wallet. If I double click the offline/watching-only wallet, I can see the correct amount for "Spendable/Maximum Funds", but they are not included in the main window. Here's the log: 2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: free -m 2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: ['cat', '/proc/cpuinfo'] 2013-11-07 11:06 (INFO) -- armoryengine.py:782 - 2013-11-07 11:06 (INFO) -- armoryengine.py:783 - 2013-11-07 11:06 (INFO) -- armoryengine.py:784 - 2013-11-07 11:06 (INFO) -- armoryengine.py:785 - ************************************************************ 2013-11-07 11:06 (INFO) -- armoryengine.py:786 - Invoked: /home/rune/Programming/BitcoinArmory/ArmoryQt.py 2013-11-07 11:06 (INFO) -- armoryengine.py:787 - ************************************************************ 2013-11-07 11:06 (INFO) -- armoryengine.py:788 - Loading Armory Engine: 2013-11-07 11:06 (INFO) -- armoryengine.py:789 - Armory Version : 0.89.99.5 2013-11-07 11:06 (INFO) -- armoryengine.py:790 - PyBtcWallet Version : 1.35 2013-11-07 11:06 (INFO) -- armoryengine.py:791 - Detected Operating system: Linux 2013-11-07 11:06 (INFO) -- armoryengine.py:792 - OS Variant : Ubuntu-13.04-raring 2013-11-07 11:06 (INFO) -- armoryengine.py:793 - User home-directory : /home/rune 2013-11-07 11:06 (INFO) -- armoryengine.py:794 - Satoshi BTC directory : /home/rune/.bitcoin/ 2013-11-07 11:06 (INFO) -- armoryengine.py:795 - Armory home dir : /home/rune/.armory/ 2013-11-07 11:06 (INFO) -- armoryengine.py:796 - Detected System Specs : 2013-11-07 11:06 (INFO) -- armoryengine.py:797 - Total Available RAM : 5.83 GB 2013-11-07 11:06 (INFO) -- armoryengine.py:798 - CPU ID string : Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz 2013-11-07 11:06 (INFO) -- armoryengine.py:799 - Number of CPU cores : 4 cores 2013-11-07 11:06 (INFO) -- armoryengine.py:800 - System is 64-bit : True 2013-11-07 11:06 (INFO) -- armoryengine.py:801 - Preferred Encoding : UTF-8 2013-11-07 11:06 (INFO) -- armoryengine.py:802 - 2013-11-07 11:06 (INFO) -- armoryengine.py:803 - Network Name: Main Network 2013-11-07 11:06 (INFO) -- armoryengine.py:804 - Satoshi Port: 8333 2013-11-07 11:06 (INFO) -- armoryengine.py:805 - Named options/arguments to armoryengine.py: 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - leveldbDir : DEFAULT 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - skipVerCheck : False 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - satoshiPort : DEFAULT 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - settingsPath : /home/rune/.armory/ArmorySettings.txt 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - logFile : /home/rune/.armory/ArmoryQt.py.log.txt 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - nettimeout : 2 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - rescan : False 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - doDebug : False 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - datadir : DEFAULT 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - netlog : False 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - keypool : 100 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - testnet : False 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - rpcport : DEFAULT 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - satoshiHome : DEFAULT 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - forceOnline : False 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - logDisable : False 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - offline : False 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - mtdebug : False 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - rebuild : False 2013-11-07 11:06 (INFO) -- armoryengine.py:807 - interport : 8223 2013-11-07 11:06 (INFO) -- armoryengine.py:808 - Other arguments: 2013-11-07 11:06 (INFO) -- armoryengine.py:811 - ************************************************************ 2013-11-07 11:06 (INFO) -- armoryengine.py:1017 - C++ block utilities loaded successfully 2013-11-07 11:06 (INFO) -- armoryengine.py:13324 - Using the asynchronous/multi-threaded BlockDataManager. 2013-11-07 11:06 (INFO) -- armoryengine.py:13325 - Blockchain operations will happen in the background. 2013-11-07 11:06 (INFO) -- armoryengine.py:13326 - Devs: check TheBDM.getBDMState() before asking for data. 2013-11-07 11:06 (INFO) -- armoryengine.py:13327 - Registering addresses during rescans will queue them for 2013-11-07 11:06 (INFO) -- armoryengine.py:13328 - inclusion after the current scan is completed. 2013-11-07 11:06 (INFO) -- armoryengine.py:11424 - Using settings file: /home/rune/.armory/ArmorySettings.txt 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1510 - loadWalletsAndSettings 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1557 - Loading wallets... 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1605 - Number of wallets read in: 2 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1610 - Wallet (6QZdwscT): "offline (Watch) " (No Encryption) 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1610 - Wallet (2uyc3aSdm): "new pocket change " (Encrypted) 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1188 - Setting up networking... 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1241 - Internet connection is Available: True 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1242 - Bitcoin-Qt/bitcoind is Available: 0 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1243 - The first blk*.dat was Available: True 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1244 - Online mode currently possible: 0 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1251 - startBitcoindIfNecessary 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1282 - setSatoshiPaths 2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: ['whereis', 'bitcoind'] 2013-11-07 11:06 (INFO) -- armoryengine.py:10944 - "whereis" returned: ['/usr/bin/bitcoind', '/usr/bin/X11/bitcoind'] 2013-11-07 11:06 (INFO) -- armoryengine.py:10834 - Found bitcoind in the following places: 2013-11-07 11:06 (INFO) -- armoryengine.py:10836 - /usr/bin/bitcoind 2013-11-07 11:06 (INFO) -- armoryengine.py:10836 - /usr/bin/bitcoind 2013-11-07 11:06 (INFO) -- armoryengine.py:10836 - /usr/bin/X11/bitcoind 2013-11-07 11:06 (INFO) -- armoryengine.py:10838 - Using: /usr/bin/bitcoind 2013-11-07 11:06 (INFO) -- armoryengine.py:10990 - Reading bitcoin.conf file 2013-11-07 11:06 (INFO) -- armoryengine.py:11016 - Setting permissions on bitcoin.conf 2013-11-07 11:06 (INFO) -- armoryengine.py:11071 - Called startBitcoind 2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: ['/usr/bin/bitcoind', '-datadir=/home/rune/.bitcoin/'] 2013-11-07 11:06 (INFO) -- armoryengine.py:11112 - PID of bitcoind: 16908 2013-11-07 11:06 (INFO) -- armoryengine.py:11113 - PID of armory: 16883 2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: ['python', '/home/rune/Programming/BitcoinArmory/guardian.py', '16883', '16908'] 2013-11-07 11:06 (INFO) -- ArmoryQt.py:775 - setupUriRegistration 2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: gconftool-2 --get /desktop/gnome/url-handlers/bitcoin/command 2013-11-07 11:06 (INFO) -- armoryengine.py:11274 - Creating proxy in SDM: host=127.0.0.1, port=8332 2013-11-07 11:06 (INFO) -- ArmoryQt.py:4218 - Dashboard switched to auto-InitSync 2013-11-07 11:06 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:InitializingLongTime 2013-11-07 11:06 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:NewUserInfo 2013-11-07 11:06 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Offline" 2013-11-07 11:06 (INFO) -- ArmoryQt.py:531 - Usermode: Advanced 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1021 - Changing usermode: 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1022 - From: Advanced 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1030 - To: Advanced 2013-11-07 11:06 (INFO) -- armoryengine.py:10747 - Signature on signed data block is GOOD! 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1160 - Latest versions: 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1161 - Satoshi: 0.8.1 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1162 - Armory: 0.88 2013-11-07 11:06 (INFO) -- ArmoryQt.py:1171 - You are running the latest version! 2013-11-07 11:06 (WARNING) -- armoryengine.py:11197 - Overriding not-available message. This should happen 0-5 times 2013-11-07 11:06 (WARNING) -- armoryengine.py:11197 - Overriding not-available message. This should happen 0-5 times 2013-11-07 11:06 (WARNING) -- armoryengine.py:11197 - Overriding not-available message. This should happen 0-5 times 2013-11-07 11:06 (INFO) -- ArmoryQt.py:4218 - Dashboard switched to auto-InitSync 2013-11-07 11:06 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:InitializingDoneSoon 2013-11-07 11:06 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:NewUserInfo 2013-11-07 11:06 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Offline" 2013-11-07 11:07 (INFO) -- ArmoryQt.py:4499 - Starting load blockchain 2013-11-07 11:07 (INFO) -- ArmoryQt.py:1305 - loadBlockchainIfNecessary 2013-11-07 11:07 (INFO) -- ArmoryQt.py:1351 - Setting netmode: 1 2013-11-07 11:07 (INFO) -- armoryengine.py:12343 - Setting online mode: True (wait=False) 2013-11-07 11:07 (INFO) -- armoryengine.py:13264 - Go online requested 2013-11-07 11:07 (INFO) -- armoryengine.py:12785 - Called __startLoadBlockchain() 2013-11-07 11:07 (INFO) -- ArmoryQt.py:4327 - Dashboard switched to "Scanning" mode 2013-11-07 11:07 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:ScanWithWallets 2013-11-07 11:07 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:NewUserInfo 2013-11-07 11:07 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Scanning" 2013-11-07 11:07 (INFO) -- armoryengine.py:10354 - Connection initiated. Start handshake 2013-11-07 11:07 (INFO) -- ArmoryQt.py:4327 - Dashboard switched to "Scanning" mode 2013-11-07 11:07 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:ScanWithWallets 2013-11-07 11:07 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:NewUserInfo 2013-11-07 11:07 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Scanning" 2013-11-07 11:07 (INFO) -- armoryengine.py:10443 - Received version message from peer: 2013-11-07 11:07 (INFO) -- armoryengine.py:10444 - Version: 70001 2013-11-07 11:07 (INFO) -- armoryengine.py:10445 - SubVersion: /Satoshi:0.8.5/ 2013-11-07 11:07 (INFO) -- armoryengine.py:10446 - TimeStamp: 1383818871 2013-11-07 11:07 (INFO) -- armoryengine.py:10447 - StartHeight: 268386 2013-11-07 11:07 (INFO) -- armoryengine.py:10625 - Handshake finished, connection open! 2013-11-07 11:07 (INFO) -- armoryengine.py:10747 - Signature on signed data block is GOOD! 2013-11-07 11:07 (INFO) -- ArmoryQt.py:1160 - Latest versions: 2013-11-07 11:07 (INFO) -- ArmoryQt.py:1161 - Satoshi: 0.8.1 2013-11-07 11:07 (INFO) -- ArmoryQt.py:1162 - Armory: 0.88 2013-11-07 11:07 (INFO) -- ArmoryQt.py:1171 - You are running the latest version! 2013-11-07 11:07 (INFO) -- ArmoryQt.py:4419 - Satoshi Version: Curr: 805000, Latest: 801000 2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 1.3 2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 3.1 2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 5.6 2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 11.3 2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 18.0 2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 26.1 2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 32.3 2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 40.0 2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 46.4 2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 52.8 2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 62.1 2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 67.4 2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 76.3 2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 85.2 2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 89.4 2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 7.4 2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 18.9 2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 34.8 2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 49.2 2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 63.6 2013-11-07 11:10 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 79.2 2013-11-07 11:10 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 95.0 2013-11-07 11:10 (INFO) -- ArmoryQt.py:4317 - Dashboard switched to fully-online mode 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull1 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Online" 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull2 2013-11-07 11:10 (INFO) -- ArmoryQt.py:4317 - Dashboard switched to fully-online mode 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull1 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Online" 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull2 2013-11-07 11:10 (INFO) -- ArmoryQt.py:1777 - Syncing wallet: 6QZdwscT 2013-11-07 11:10 (INFO) -- ArmoryQt.py:1777 - Syncing wallet: 2uyc3aSdm 2013-11-07 11:10 (INFO) -- ArmoryQt.py:1789 - Current block number: 268386 2013-11-07 11:10 (INFO) -- ArmoryQt.py:4317 - Dashboard switched to fully-online mode 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull1 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Online" 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull2 2013-11-07 11:10 (INFO) -- ArmoryQt.py:4317 - Dashboard switched to fully-online mode 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull1 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Online" 2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull2 2013-11-07 11:11 (INFO) -- ArmoryQt.py:4633 - New Block! : 268387 2013-11-07 11:11 (INFO) -- ArmoryQt.py:4657 - Current block number: 268387 2013-11-07 11:15 (INFO) -- armoryengine.py:10747 - Signature on signed data block is GOOD! 2013-11-07 11:15 (INFO) -- ArmoryQt.py:1171 - You are running the latest version! 2013-11-07 11:15 (INFO) -- ArmoryQt.py:4419 - Satoshi Version: Curr: 805000, Latest: 801000
|
|
|
|
jojo69
Legendary
Online
Activity: 3304
Merit: 4535
diamond-handed zealot
|
|
November 07, 2013, 11:44:37 PM |
|
want to make sure I got this straight
created an encrypted wallet on an offline machine
made a backup of it on a USB stick
is it safe now to use that stick for other stuff, plug into internet connected machines, because it is encrypted right?
|
This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable. Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
|
|
|
cp1
|
|
November 08, 2013, 01:02:45 AM |
|
want to make sure I got this straight
created an encrypted wallet on an offline machine
made a backup of it on a USB stick
is it safe now to use that stick for other stuff, plug into internet connected machines, because it is encrypted right?
I wouldn't, it's not worth the risk. Just spend a few bucks and get a dedicated USB key for your wallet. There's no point in making a wallet on an offline machine and then sticking it into your online machine.
|
|
|
|
jojo69
Legendary
Online
Activity: 3304
Merit: 4535
diamond-handed zealot
|
|
November 08, 2013, 01:20:31 AM |
|
ok, but it is encrypted right? as long as I never enter my password on a possibly keylogged box nobody can use it
|
This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable. Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
|
|
|
etotheipi (OP)
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
November 08, 2013, 01:25:36 AM Last edit: November 08, 2013, 03:31:03 AM by etotheipi |
|
ok, but it is encrypted right? as long as I never enter my password on a possibly keylogged box nobody can use it
That's like putting on your new bullet-proof vest then walking upright into an open field in a warzone. You risk getting shot, and if you do you might survive, but if your vest (password) isn't high quality or the person happens to be using something like an anti-tank weapon (a lot of computing power to break your password), you might get screwed despite your nifty vest. Why even risk it?
|
|
|
|
cp1
|
|
November 08, 2013, 02:40:36 AM |
|
If you're going to go through all the trouble of setting up an offline computer it's just silly to put your wallet into an online computer.
|
|
|
|
jojo69
Legendary
Online
Activity: 3304
Merit: 4535
diamond-handed zealot
|
|
November 08, 2013, 03:06:01 AM |
|
very good, thank you
|
This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable. Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
November 08, 2013, 12:26:43 PM Last edit: December 02, 2013, 08:17:28 AM by Ente |
|
Nah, I don't know, guys.. The point of an offline wallet is that the privkeys nor the wallet password is never present on the online computer. Sure, you can encrypt the wallet once again with truecrypt, ssl or rar. But then, would you send someone to the battlefield with two bullet-proof vests? Should he use two different passwords? So he has a greater risk of mixing them up or forgetting one? Or shall he use the same password twice, so the "outer" encryption is the only one needed to break? So, the internal wallet-encryption is either secure enough, or it is not. And with the encryption set to need lots of ram (against GPU-bruteforcing), and knowing Alans level of quality-of-work, I lean out of the window to say that shall be enough. BUT, don't forget you add other risks by having a plain (encrypted) wallet visible: People see it's a wallet (filename and contents), and they even see the public keys. This might, in a worst case scenario, lead to attacks (computational or physical) which wouldn't happen if the wallet was encrypted in "diary.rar". ############### Alan, any thoughts on that? Ente
|
|
|
|
Rampion
Legendary
Offline
Activity: 1148
Merit: 1018
|
|
November 08, 2013, 03:50:51 PM |
|
If you're going to go through all the trouble of setting up an offline computer it's just silly to put your wallet into an online computer.
Exactly. For the money you use often you should already have an encrypted "hot" wallet in an online computer - the question is: how much are you willing to risk online? Is like having an X amount of cash in your pockets while you take a walk at night - how dangerous or safe is that walk (or how dangerous or safe is your neighborhood) depends on how security conscious you are with your computer, but the risk by being online, bigger or smaller, ALWAYS exists. The only purpose of an offline wallet is precisely to reduce to the minimum the risk of having your cash in your pocket while you take a walk, if you bring that wallet online you are just defeating its primary purpose.
|
|
|
|
Swimmer63
Legendary
Offline
Activity: 1593
Merit: 1004
|
|
November 08, 2013, 07:46:01 PM |
|
Nah, I don't know, guys.. The point of an offline wallet is that the privkeys nor the wallet password is never present on the online computer. Sure, you can encrypt the wallet once again with truecrypt, ssl or rar. But then, would you send someone to the battlefield with two bullet-proof vests? Should he use two different passwords? So he has a greater risk of mixing them up or forgetting one? Or shall he use the same password twice, so the "outer" encryption is the only one needed to break? So, the internal wallet-encryption is either secure enough, or it is not. And with the encryption set to need lots of ram (against GPU-bruteforcing), and knowing Alans level of quality-of-work, I lean out of the window to say that shall be enough. BUT, don't forget you add other risks by having a plain (encrypted) wallet visible: People see it's a wallet (filename and contents), and they even see the public keys. This might, in a worst case scenario, lead to attacks (computational or physical) which wouldn't happen if the wallet was encrypted in "diary.rar". ############### Alan, any thoughts on that? I have a general wallet question, which is partly about BIP32, and partly how Armory will implement it.
1) As I understand it, a seed creates a tree, where each branch itself may form a new branch or whole tree, so to speak. With that, will Armory allow to create multiple "wallets" from one single seed? Right now I use several wallets, for bookkeeping and not mixing up inputs/outputs of different categories. So it would be important that change addresses and inputs only mix within one "wallet" or "wallettree" or whatever it would be called.
With security in mind: 2) From knowing the "public key seed" (or similar) and one single private key, all private keys may be reconstructed. I guess from the "public key seed" and one public address all public addresses may be reconstructed as well then. Is there anything I have to take care of in reality? As long as I only use regular Armory functions (sending and receiving) and don't export stuff and don't share my wallet file, nothing evil should happen? Is there anything to extract from the wallet file without knowing the encryption password? 3) I.e., is the "public key seed" encrypted too?
And, finally: 4) In case I can haz several "wallets" in one file, from one seed: Can I have several, different passwords for each "wallet"?
To make sense of all this: Imagine I now have three wallets. One is my unencrypted playmoney, one is my regular funds, one is my long-term savings (with watch-only wallet), one is funds I manage for mom and grandpa. I don't want to lose all of those in case a keylogger steals my one password. I don't want my long-term savings on my online computer altogether. Will I be able to have all this from one seed, with the new wallet format?
This would be a huge selling point for me, and differentiate Armory even more as a pro wallet, focusing on security and advanced features.
Ente
Ente Not to be a d$%k but you said "So, the internal wallet-encryption is either secure enough, or it is not." That really does not make sense to me. A lot of people like to say your data is "secure" but really it's only secure because no one has found a way around it YET. Then one day we hear on the news that all our credit card numbers are stolen. At that point it went from "secure enough" to "not." And it changed in a flash. I would not want to be the mark of someone far smarter and depraved than me when they obsolete the word secure for my thumb drive.
|
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
November 08, 2013, 11:07:30 PM |
|
Not to be a d$%k but you said "So, the internal wallet-encryption is either secure enough, or it is not." That really does not make sense to me. A lot of people like to say your data is "secure" but really it's only secure because no one has found a way around it YET. Then one day we hear on the news that all our credit card numbers are stolen. At that point it went from "secure enough" to "not." And it changed in a flash. I would not want to be the mark of someone far smarter and depraved than me when they obsolete the word secure for my thumb drive.
Well, that's two different kinds of "security": 1) is "low level, algorithm security". Like, if the keys in the wallet file are encrypted via AES, ECDSA or similar, with xy bits and z rounds, I consider it secure. 2) is, totally independent, "high level, operation security". No matter how good 1) is, once I use "asdf" as password, or my supersecure password is stolen via keylogger or rubberhose attack, my funds are gone. You are talking about 2). In the case you mention, most often servers are hacked (which is an entirely different attack vector than the walletstuff) and the data is stolen right out of the ram, or unencrypted active partition, or similar. 1) isn't even active in that case. I talk about 1). I want (and am sure) the parameters and algorithms which encrypt the sensitive parts of the wallet to be sound, and to be resistant against brute-force attacks of a large scale attacker for many years. That's all 1) has to do. And it's most definitely not the solution against other, higher-level attacks. And, as a note: I have long passphrase(s) or real random passwords for my wallets, have the long-term wallet rar-password-encrypted, and finally all wallets or the rar file in a password manager, encrypted with a long masterpassword. With that, I feel reasonably secure in the means of 1) to spread that file for backup. Against 2), I use different passwords, for example. So when one password and its wallet are cleared out, I wouldn't lose all of my wallets. ..and then let's get 3) in the mix: Backup all of that mess securely, but redeemable in case something happens to me :-) Ente Ente
|
|
|
|
|