Bitcoin Forum
March 19, 2024, 08:06:20 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 [140] 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 ... 231 »
  Print  
Author Topic: Armory - Discussion Thread  (Read 521670 times)
cp1
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Stop using branwallets


View Profile
November 06, 2013, 04:03:40 PM
 #2781

But there's no security gain in a local 2-factor, it's only useful to secure an online resource! You can't use it as a seed for crypting the wallet, if this is what you mean.

This is true -- to use google authentication you have to store the secret on the same computer as your wallet.  If someone can get your wallet, then they can get your secret.  But it can be used with PAM to secure login to your computer, so that someone could only get your files by physically getting to your drive.  I wonder if you can use google authenticator with an encrypted home directory.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
1710835580
Hero Member
*
Offline Offline

Posts: 1710835580

View Profile Personal Message (Offline)

Ignore
1710835580
Reply with quote  #2

1710835580
Report to moderator
"In a nutshell, the network works like a distributed timestamp server, stamping the first transaction to spend a coin. It takes advantage of the nature of information being easy to spread but hard to stifle." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710835580
Hero Member
*
Offline Offline

Posts: 1710835580

View Profile Personal Message (Offline)

Ignore
1710835580
Reply with quote  #2

1710835580
Report to moderator
superbit
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500



View Profile
November 06, 2013, 04:33:16 PM
 #2782

But there's no security gain in a local 2-factor, it's only useful to secure an online resource! You can't use it as a seed for crypting the wallet, if this is what you mean.

This is true -- to use google authentication you have to store the secret on the same computer as your wallet.  If someone can get your wallet, then they can get your secret.  But it can be used with PAM to secure login to your computer, so that someone could only get your files by physically getting to your drive.  I wonder if you can use google authenticator with an encrypted home directory.

Did you guys look at the keepass plugin.  It works like this.  Instead of being assigned a key, you type in your own secret key that is used to hash the one time passwords.  I'm not sure how that number is stored or the OTP are calculated but I imagine someone in the crypto know could explain this.  My guess is that it's not needed again since the OTP are count based not time based so it is not stored.  Everyone on the keepass forums raves about this feature and it is just protecting a database stored locally.  So either they all don't understand cryptography the same as the BTC community (very possible), or there is an extra layer of security here. 

You then take that same key you created and put it in google authenticator on your phone.  Then you write this KEY down, just like any other 2FA key in case you lose your phone etc...

Now if your wallet file was every stolen the attacker would not only have to know your password or brute force it, but also would have to somehow find out what key is being used to calculate your OTP.

https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
runeks
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
November 06, 2013, 05:02:34 PM
 #2783

Did you guys look at the keepass plugin.  It works like this.  Instead of being assigned a key, you type in your own secret key that is used to hash the one time passwords.  I'm not sure how that number is stored or the OTP are calculated but I imagine someone in the crypto know could explain this.  My guess is that it's not needed again since the OTP are count based not time based so it is not stored.  Everyone on the keepass forums raves about this feature and it is just protecting a database stored locally.  So either they all don't understand cryptography the same as the BTC community (very possible), or there is an extra layer of security here. 

You then take that same key you created and put it in google authenticator on your phone.  Then you write this KEY down, just like any other 2FA key in case you lose your phone etc...

Now if your wallet file was every stolen the attacker would not only have to know your password or brute force it, but also would have to somehow find out what key is being used to calculate your OTP.
Here's an answer: https://bitbucket.org/devinmartin/keeotp/issue/15/totp-for-keepass-login

The OTP's I know from Google Authenticator are six-digit codes, so they certainly can't be used if an attacker has access to your wallet, as he would only need to try one million combinations.

The problem with OTPs are that they are only secure when an attacker can access neither of the two devices that know the secret code.

With bitcoin exchanges, Amazon AWS, etc. the secret keys are stored on their servers and on your phone. Thus, an attacker can't know the next code unless he either compromises your phone or the servers. But what about a local wallet? The secret key has to be stored there, so traditional OTP can't work.

The real solution for 2-FA is to have a wallet that requires two keys to spend from (ie. send your money to a 2-of-2 multisig Bitcoin address). One key is in your wallet itself, encrypted with your password, and the other key is on your phone. So you have to sign the transaction with each key to be able to spend from that wallet. I imagine this is somewhere on Alan's to-do list for Armory, but it's gonna take some time.
cp1
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Stop using branwallets


View Profile
November 06, 2013, 05:29:06 PM
 #2784

The OTP's I know from Google Authenticator are six-digit codes, so they certainly can't be used if an attacker has access to your wallet, as he would only need to try one million combinations.

Hopefully it would be used along with your password, instead of stand alone which would be silly.  But the main problem is they'd have access to your secret if they had access to your wallet.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
Ente
Legendary
*
Offline Offline

Activity: 2126
Merit: 1001



View Profile
November 06, 2013, 06:29:26 PM
 #2785

The problem with a local wallet is: No matter how well you protect it, be it 2FA or a DNA sample of the owner: Once you do a transaction, you have to unlock it, and that's exactly the moment the malware steals your coins.
Well, we could go on and have individual 2FA keys for every address. Then you can only lose that address you just unlocked. Technically, this would be possible. But then, instead of having a second device for the 2FA, why not have a watching only wallet on your computer and the whole wallet on your second device, to begin with?

Ente
superbit
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500



View Profile
November 06, 2013, 06:34:41 PM
 #2786

Hmm fair enough, right now I have it enabled on top of my keepass database.  If anything it provides some protection against key loggers as if my password is logged the hacker then only logs the OTP password I use on my database to open it which would do him no good.

https://bitfinex.com/?refcode=UInJLQ5KpA <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with the refcode
My feedback thread: Forum thread
maaku
Legendary
*
Offline Offline

Activity: 905
Merit: 1011


View Profile
November 06, 2013, 06:45:08 PM
 #2787

Ente, that's why we invented this thing called a trusted platform module which lets us do crypto operations in a boxed, temper resistant environment.

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
etotheipi (OP)
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
November 06, 2013, 07:25:04 PM
 #2788

No matter how you look at it, Armory (and the decentralized Bitcoin concept) is that your computer holds the private keys.  No matter what kind of toppings you put on it, at some point your system decrypts the private key and uses it to sign a transaction.  Therefore, you can require as many devices as you want, in any complicated scheme you want, but unless there's a server somewhere holding they key, etc, it's not going to help.  Your computer still holds all the data needed to decrypt the single key needed to move the funds. (this is also why removable-media DRM keeps failing -- at some point, your computer or DVD drive has to decrypt the data and send the unencrypted results to the TV/monitor -- that process cannot only be intercepted, but also run in a VM and analyzed to excrutiating detail to reverse engineer the algorithms)

However, when I finally implement multi-sig, you will have actual 2FA -- the network acts as the "server" which requires two signatures from two different keys to move the coins.  And those keys can be be created completely separately, no located on the same device, thus requiring multiple devices to be compromised to get the signatures needed.

Until then, there really are no multi-factor solutions for a decentralized, run-locally app like Armory.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Ente
Legendary
*
Offline Offline

Activity: 2126
Merit: 1001



View Profile
November 06, 2013, 11:05:54 PM
 #2789

Ente, that's why we invented this thing called a trusted platform module which lets us do crypto operations in a boxed, temper resistant environment.

Oh wow, here comes the next, even more polarizing topic! :-)
Nah, I'm no friend of TPMs in their current state. Or, maybe, I lost track of the actual current state. Did "roll your own CA into your TPM" ever materialize?
In fact, by now with the latest revelations I trust software much more than hardware. Be it a TPM or a PRNG. And even with software I am careful, I only use stuff Schneier was involved with for years now.

Ente
runeks
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
November 07, 2013, 10:23:34 AM
 #2790

I'm running Armory 0.89.99-5-beta (7cd98b1a282438fc060ecc84305e20f5b0970142 on the "testing" branch) and the "Spendable/Maximum Funds" number doesn't include the coins in my offline wallet. It only counts the coins in my online "pocket change" wallet. If I double click the offline/watching-only wallet, I can see the correct amount for "Spendable/Maximum Funds", but they are not included in the main window.

Here's the log:

Code:
2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: free -m
2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: ['cat', '/proc/cpuinfo']
2013-11-07 11:06 (INFO) -- armoryengine.py:782 -
2013-11-07 11:06 (INFO) -- armoryengine.py:783 -
2013-11-07 11:06 (INFO) -- armoryengine.py:784 -
2013-11-07 11:06 (INFO) -- armoryengine.py:785 - ************************************************************
2013-11-07 11:06 (INFO) -- armoryengine.py:786 - Invoked: /home/rune/Programming/BitcoinArmory/ArmoryQt.py
2013-11-07 11:06 (INFO) -- armoryengine.py:787 - ************************************************************
2013-11-07 11:06 (INFO) -- armoryengine.py:788 - Loading Armory Engine:
2013-11-07 11:06 (INFO) -- armoryengine.py:789 -    Armory Version        : 0.89.99.5
2013-11-07 11:06 (INFO) -- armoryengine.py:790 -    PyBtcWallet  Version  : 1.35
2013-11-07 11:06 (INFO) -- armoryengine.py:791 - Detected Operating system: Linux
2013-11-07 11:06 (INFO) -- armoryengine.py:792 -    OS Variant            : Ubuntu-13.04-raring
2013-11-07 11:06 (INFO) -- armoryengine.py:793 -    User home-directory   : /home/rune
2013-11-07 11:06 (INFO) -- armoryengine.py:794 -    Satoshi BTC directory : /home/rune/.bitcoin/
2013-11-07 11:06 (INFO) -- armoryengine.py:795 -    Armory home dir       : /home/rune/.armory/
2013-11-07 11:06 (INFO) -- armoryengine.py:796 - Detected System Specs    :
2013-11-07 11:06 (INFO) -- armoryengine.py:797 -    Total Available RAM   : 5.83 GB
2013-11-07 11:06 (INFO) -- armoryengine.py:798 -    CPU ID string         : Intel(R) Core(TM)2 Quad  CPU   Q9550  @ 2.83GHz
2013-11-07 11:06 (INFO) -- armoryengine.py:799 -    Number of CPU cores   : 4 cores
2013-11-07 11:06 (INFO) -- armoryengine.py:800 -    System is 64-bit      : True
2013-11-07 11:06 (INFO) -- armoryengine.py:801 -    Preferred Encoding    : UTF-8
2013-11-07 11:06 (INFO) -- armoryengine.py:802 -
2013-11-07 11:06 (INFO) -- armoryengine.py:803 - Network Name: Main Network
2013-11-07 11:06 (INFO) -- armoryengine.py:804 - Satoshi Port: 8333
2013-11-07 11:06 (INFO) -- armoryengine.py:805 - Named options/arguments to armoryengine.py:
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     leveldbDir      : DEFAULT
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     skipVerCheck    : False
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     satoshiPort     : DEFAULT
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     settingsPath    : /home/rune/.armory/ArmorySettings.txt
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     logFile         : /home/rune/.armory/ArmoryQt.py.log.txt
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     nettimeout      : 2
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     rescan          : False
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     doDebug         : False
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     datadir         : DEFAULT
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     netlog          : False
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     keypool         : 100
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     testnet         : False
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     rpcport         : DEFAULT
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     satoshiHome     : DEFAULT
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     forceOnline     : False
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     logDisable      : False
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     offline         : False
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     mtdebug         : False
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     rebuild         : False
2013-11-07 11:06 (INFO) -- armoryengine.py:807 -     interport       : 8223
2013-11-07 11:06 (INFO) -- armoryengine.py:808 - Other arguments:
2013-11-07 11:06 (INFO) -- armoryengine.py:811 - ************************************************************
2013-11-07 11:06 (INFO) -- armoryengine.py:1017 - C++ block utilities loaded successfully
2013-11-07 11:06 (INFO) -- armoryengine.py:13324 - Using the asynchronous/multi-threaded BlockDataManager.
2013-11-07 11:06 (INFO) -- armoryengine.py:13325 - Blockchain operations will happen in the background. 
2013-11-07 11:06 (INFO) -- armoryengine.py:13326 - Devs: check TheBDM.getBDMState() before asking for data.
2013-11-07 11:06 (INFO) -- armoryengine.py:13327 - Registering addresses during rescans will queue them for
2013-11-07 11:06 (INFO) -- armoryengine.py:13328 - inclusion after the current scan is completed.
2013-11-07 11:06 (INFO) -- armoryengine.py:11424 - Using settings file: /home/rune/.armory/ArmorySettings.txt
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1510 - loadWalletsAndSettings
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1557 - Loading wallets...
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1605 - Number of wallets read in: 2
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1610 -    Wallet (6QZdwscT):    "offline (Watch)                 "   (No Encryption)
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1610 -    Wallet (2uyc3aSdm):   "new pocket change               "   (Encrypted)
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1188 - Setting up networking...
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1241 - Internet connection is Available: True
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1242 - Bitcoin-Qt/bitcoind is Available: 0
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1243 - The first blk*.dat was Available: True
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1244 - Online mode currently possible:   0
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1251 - startBitcoindIfNecessary
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1282 - setSatoshiPaths
2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: ['whereis', 'bitcoind']
2013-11-07 11:06 (INFO) -- armoryengine.py:10944 - "whereis" returned: ['/usr/bin/bitcoind', '/usr/bin/X11/bitcoind']
2013-11-07 11:06 (INFO) -- armoryengine.py:10834 - Found bitcoind in the following places:
2013-11-07 11:06 (INFO) -- armoryengine.py:10836 -    /usr/bin/bitcoind
2013-11-07 11:06 (INFO) -- armoryengine.py:10836 -    /usr/bin/bitcoind
2013-11-07 11:06 (INFO) -- armoryengine.py:10836 -    /usr/bin/X11/bitcoind
2013-11-07 11:06 (INFO) -- armoryengine.py:10838 - Using: /usr/bin/bitcoind
2013-11-07 11:06 (INFO) -- armoryengine.py:10990 - Reading bitcoin.conf file
2013-11-07 11:06 (INFO) -- armoryengine.py:11016 - Setting permissions on bitcoin.conf
2013-11-07 11:06 (INFO) -- armoryengine.py:11071 - Called startBitcoind
2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: ['/usr/bin/bitcoind', '-datadir=/home/rune/.bitcoin/']
2013-11-07 11:06 (INFO) -- armoryengine.py:11112 - PID of bitcoind: 16908
2013-11-07 11:06 (INFO) -- armoryengine.py:11113 - PID of armory:   16883
2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: ['python', '/home/rune/Programming/BitcoinArmory/guardian.py', '16883', '16908']
2013-11-07 11:06 (INFO) -- ArmoryQt.py:775 - setupUriRegistration
2013-11-07 11:06 (INFO) -- armoryengine.py:602 - Executing popen: gconftool-2 --get /desktop/gnome/url-handlers/bitcoin/command
2013-11-07 11:06 (INFO) -- armoryengine.py:11274 - Creating proxy in SDM: host=127.0.0.1, port=8332
2013-11-07 11:06 (INFO) -- ArmoryQt.py:4218 - Dashboard switched to auto-InitSync
2013-11-07 11:06 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:InitializingLongTime
2013-11-07 11:06 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:NewUserInfo
2013-11-07 11:06 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Offline"
2013-11-07 11:06 (INFO) -- ArmoryQt.py:531 - Usermode: Advanced
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1021 - Changing usermode:
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1022 -    From: Advanced
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1030 -      To: Advanced
2013-11-07 11:06 (INFO) -- armoryengine.py:10747 - Signature on signed data block is GOOD!
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1160 - Latest versions:
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1161 -    Satoshi: 0.8.1
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1162 -     Armory: 0.88
2013-11-07 11:06 (INFO) -- ArmoryQt.py:1171 - You are running the latest version!
2013-11-07 11:06 (WARNING) -- armoryengine.py:11197 - Overriding not-available message. This should happen 0-5 times
2013-11-07 11:06 (WARNING) -- armoryengine.py:11197 - Overriding not-available message. This should happen 0-5 times
2013-11-07 11:06 (WARNING) -- armoryengine.py:11197 - Overriding not-available message. This should happen 0-5 times
2013-11-07 11:06 (INFO) -- ArmoryQt.py:4218 - Dashboard switched to auto-InitSync
2013-11-07 11:06 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:InitializingDoneSoon
2013-11-07 11:06 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:NewUserInfo
2013-11-07 11:06 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Offline"
2013-11-07 11:07 (INFO) -- ArmoryQt.py:4499 - Starting load blockchain
2013-11-07 11:07 (INFO) -- ArmoryQt.py:1305 - loadBlockchainIfNecessary
2013-11-07 11:07 (INFO) -- ArmoryQt.py:1351 - Setting netmode: 1
2013-11-07 11:07 (INFO) -- armoryengine.py:12343 - Setting online mode: True (wait=False)
2013-11-07 11:07 (INFO) -- armoryengine.py:13264 - Go online requested
2013-11-07 11:07 (INFO) -- armoryengine.py:12785 - Called __startLoadBlockchain()
2013-11-07 11:07 (INFO) -- ArmoryQt.py:4327 - Dashboard switched to "Scanning" mode
2013-11-07 11:07 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:ScanWithWallets
2013-11-07 11:07 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:NewUserInfo
2013-11-07 11:07 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Scanning"
2013-11-07 11:07 (INFO) -- armoryengine.py:10354 - Connection initiated.  Start handshake
2013-11-07 11:07 (INFO) -- ArmoryQt.py:4327 - Dashboard switched to "Scanning" mode
2013-11-07 11:07 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:ScanWithWallets
2013-11-07 11:07 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:Auto, State:NewUserInfo
2013-11-07 11:07 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Scanning"
2013-11-07 11:07 (INFO) -- armoryengine.py:10443 - Received version message from peer:
2013-11-07 11:07 (INFO) -- armoryengine.py:10444 -    Version:     70001
2013-11-07 11:07 (INFO) -- armoryengine.py:10445 -    SubVersion:  /Satoshi:0.8.5/
2013-11-07 11:07 (INFO) -- armoryengine.py:10446 -    TimeStamp:   1383818871
2013-11-07 11:07 (INFO) -- armoryengine.py:10447 -    StartHeight: 268386
2013-11-07 11:07 (INFO) -- armoryengine.py:10625 - Handshake finished, connection open!
2013-11-07 11:07 (INFO) -- armoryengine.py:10747 - Signature on signed data block is GOOD!
2013-11-07 11:07 (INFO) -- ArmoryQt.py:1160 - Latest versions:
2013-11-07 11:07 (INFO) -- ArmoryQt.py:1161 -    Satoshi: 0.8.1
2013-11-07 11:07 (INFO) -- ArmoryQt.py:1162 -     Armory: 0.88
2013-11-07 11:07 (INFO) -- ArmoryQt.py:1171 - You are running the latest version!
2013-11-07 11:07 (INFO) -- ArmoryQt.py:4419 - Satoshi Version: Curr: 805000, Latest: 801000
2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 1.3
2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 3.1
2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 5.6
2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 11.3
2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 18.0
2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 26.1
2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 32.3
2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 40.0
2013-11-07 11:08 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 46.4
2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 52.8
2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 62.1
2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 67.4
2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 76.3
2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 85.2
2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 89.4
2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 7.4
2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 18.9
2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 34.8
2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 49.2
2013-11-07 11:09 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 63.6
2013-11-07 11:10 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 79.2
2013-11-07 11:10 (INFO) -- armoryengine.py:12296 - Reading blockchain, pct complete: 95.0
2013-11-07 11:10 (INFO) -- ArmoryQt.py:4317 - Dashboard switched to fully-online mode
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull1
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Online"
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull2
2013-11-07 11:10 (INFO) -- ArmoryQt.py:4317 - Dashboard switched to fully-online mode
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull1
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Online"
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull2
2013-11-07 11:10 (INFO) -- ArmoryQt.py:1777 - Syncing wallet: 6QZdwscT
2013-11-07 11:10 (INFO) -- ArmoryQt.py:1777 - Syncing wallet: 2uyc3aSdm
2013-11-07 11:10 (INFO) -- ArmoryQt.py:1789 - Current block number: 268386
2013-11-07 11:10 (INFO) -- ArmoryQt.py:4317 - Dashboard switched to fully-online mode
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull1
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Online"
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull2
2013-11-07 11:10 (INFO) -- ArmoryQt.py:4317 - Dashboard switched to fully-online mode
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull1
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3633 - Switching Armory functional mode to "Online"
2013-11-07 11:10 (INFO) -- ArmoryQt.py:3691 - Switching Armory state text to Mgmt:User, State:OnlineFull2
2013-11-07 11:11 (INFO) -- ArmoryQt.py:4633 - New Block! : 268387
2013-11-07 11:11 (INFO) -- ArmoryQt.py:4657 - Current block number: 268387
2013-11-07 11:15 (INFO) -- armoryengine.py:10747 - Signature on signed data block is GOOD!
2013-11-07 11:15 (INFO) -- ArmoryQt.py:1171 - You are running the latest version!
2013-11-07 11:15 (INFO) -- ArmoryQt.py:4419 - Satoshi Version: Curr: 805000, Latest: 801000
jojo69
Legendary
*
Offline Offline

Activity: 3122
Merit: 4271


diamond-handed zealot


View Profile
November 07, 2013, 11:44:37 PM
 #2791

want to make sure I got this straight

created an encrypted wallet on an offline machine

made a backup of it on a USB stick

is it safe now to use that stick for other stuff, plug into internet connected machines, because it is encrypted right?

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
cp1
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Stop using branwallets


View Profile
November 08, 2013, 01:02:45 AM
 #2792

want to make sure I got this straight

created an encrypted wallet on an offline machine

made a backup of it on a USB stick

is it safe now to use that stick for other stuff, plug into internet connected machines, because it is encrypted right?

I wouldn't, it's not worth the risk.  Just spend a few bucks and get a dedicated USB key for your wallet.  There's no point in making a wallet on an offline machine and then sticking it into your online machine.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
jojo69
Legendary
*
Offline Offline

Activity: 3122
Merit: 4271


diamond-handed zealot


View Profile
November 08, 2013, 01:20:31 AM
 #2793

ok, but it is encrypted right?  as long as I never enter my password on a possibly keylogged box nobody can use it

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
etotheipi (OP)
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
November 08, 2013, 01:25:36 AM
Last edit: November 08, 2013, 03:31:03 AM by etotheipi
 #2794

ok, but it is encrypted right?  as long as I never enter my password on a possibly keylogged box nobody can use it

That's like putting on your new bullet-proof vest then walking upright into an open field in a warzone.  You risk getting shot, and if you do you might survive, but if your vest (password) isn't high quality or the person happens to be using something like an anti-tank weapon (a lot of computing power to break your password), you might get screwed despite your nifty vest.  Why even risk it?

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
cp1
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Stop using branwallets


View Profile
November 08, 2013, 02:40:36 AM
 #2795

If you're going to go through all the trouble of setting up an offline computer it's just silly to put your wallet into an online computer.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
jojo69
Legendary
*
Offline Offline

Activity: 3122
Merit: 4271


diamond-handed zealot


View Profile
November 08, 2013, 03:06:01 AM
 #2796

very good, thank you

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
Ente
Legendary
*
Offline Offline

Activity: 2126
Merit: 1001



View Profile
November 08, 2013, 12:26:43 PM
Last edit: December 02, 2013, 08:17:28 AM by Ente
 #2797

Nah, I don't know, guys.. The point of an offline wallet is that the privkeys nor the wallet password is never present on the online computer.
Sure, you can encrypt the wallet once again with truecrypt, ssl or rar. But then, would you send someone to the battlefield with two bullet-proof vests?
Should he use two different passwords? So he has a greater risk of mixing them up or forgetting one? Or shall he use the same password twice, so the "outer" encryption is the only one needed to break?

So, the internal wallet-encryption is either secure enough, or it is not. And with the encryption set to need lots of ram (against GPU-bruteforcing), and knowing Alans level of quality-of-work, I lean out of the window to say that shall be enough.
BUT, don't forget you add other risks by having a plain (encrypted) wallet visible: People see it's a wallet (filename and contents), and they even see the public keys. This might, in a worst case scenario, lead to attacks (computational or physical) which wouldn't happen if the wallet was encrypted in "diary.rar".

###############


Alan, any thoughts on that?


Ente
Rampion
Legendary
*
Offline Offline

Activity: 1148
Merit: 1017


View Profile
November 08, 2013, 03:50:51 PM
 #2798

If you're going to go through all the trouble of setting up an offline computer it's just silly to put your wallet into an online computer.

Exactly. For the money you use often you should already have an encrypted "hot" wallet in an online computer - the question is: how much are you willing to risk online? Is like having an X amount of cash in your pockets while you take a walk at night - how dangerous or safe is that walk (or how dangerous or safe is your neighborhood) depends on how security conscious you are with your computer, but the risk by being online, bigger or smaller, ALWAYS exists.

The only purpose of an offline wallet is precisely to reduce to the minimum the risk of having your cash in your pocket while you take a walk, if you bring that wallet online you are just defeating its primary purpose.

Swimmer63
Legendary
*
Offline Offline

Activity: 1593
Merit: 1004



View Profile
November 08, 2013, 07:46:01 PM
 #2799

Nah, I don't know, guys.. The point of an offline wallet is that the privkeys nor the wallet password is never present on the online computer.
Sure, you can encrypt the wallet once again with truecrypt, ssl or rar. But then, would you send someone to the battlefield with two bullet-proof vests?
Should he use two different passwords? So he has a greater risk of mixing them up or forgetting one? Or shall he use the same password twice, so the "outer" encryption is the only one needed to break?

So, the internal wallet-encryption is either secure enough, or it is not. And with the encryption set to need lots of ram (against GPU-bruteforcing), and knowing Alans level of quality-of-work, I lean out of the window to say that shall be enough.
BUT, don't forget you add other risks by having a plain (encrypted) wallet visible: People see it's a wallet (filename and contents), and they even see the public keys. This might, in a worst case scenario, lead to attacks (computational or physical) which wouldn't happen if the wallet was encrypted in "diary.rar".

###############


Alan, any thoughts on that?

I have a general wallet question, which is partly about BIP32, and partly how Armory will implement it.

1) As I understand it, a seed creates a tree, where each branch itself may form a new branch or whole tree, so to speak. With that, will Armory allow to create multiple "wallets" from one single seed?
Right now I use several wallets, for bookkeeping and not mixing up inputs/outputs of different categories. So it would be important that change addresses and inputs only mix within one "wallet" or "wallettree" or whatever it would be called.

With security in mind:
2) From knowing the "public key seed" (or similar) and one single private key, all private keys may be reconstructed. I guess from the "public key seed" and one public address all public addresses may be reconstructed as well then.
Is there anything I have to take care of in reality? As long as I only use regular Armory functions (sending and receiving) and don't export stuff and don't share my wallet file, nothing evil should happen? Is there anything to extract from the wallet file without knowing the encryption password?
3) I.e., is the "public key seed" encrypted too?

And, finally:
4) In case I can haz several "wallets" in one file, from one seed: Can I have several, different passwords for each "wallet"?

To make sense of all this:
Imagine I now have three wallets. One is my unencrypted playmoney, one is my regular funds, one is my long-term savings (with watch-only wallet), one is funds I manage for mom and grandpa. I don't want to lose all of those in case a keylogger steals my one password. I don't want my long-term savings on my online computer altogether.
Will I be able to have all this from one seed, with the new wallet format?

This would be a huge selling point for me, and differentiate Armory even more as a pro wallet, focusing on security and advanced features.

Ente

Ente

Not to be a d$%k but you said "So, the internal wallet-encryption is either secure enough, or it is not."  That really does not make sense to me.  A lot of people like to say your data is "secure" but really it's only secure because no one has found a way around it YET.  Then one day we hear on the news that all our credit card numbers are stolen.  At that point it went from "secure enough" to "not."  And it changed in a flash.
I would not want to be the mark of someone far smarter and depraved than me when they obsolete the word secure for my thumb drive.
Ente
Legendary
*
Offline Offline

Activity: 2126
Merit: 1001



View Profile
November 08, 2013, 11:07:30 PM
 #2800

Not to be a d$%k but you said "So, the internal wallet-encryption is either secure enough, or it is not."  That really does not make sense to me.  A lot of people like to say your data is "secure" but really it's only secure because no one has found a way around it YET.  Then one day we hear on the news that all our credit card numbers are stolen.  At that point it went from "secure enough" to "not."  And it changed in a flash.
I would not want to be the mark of someone far smarter and depraved than me when they obsolete the word secure for my thumb drive.

Well, that's two different kinds of "security":

1) is "low level, algorithm security". Like, if the keys in the wallet file are encrypted via AES, ECDSA or similar, with xy bits and z rounds, I consider it secure.

2) is, totally independent, "high level, operation security". No matter how good 1) is, once I use "asdf" as password, or my supersecure password is stolen via keylogger or rubberhose attack, my funds are gone.

You are talking about 2). In the case you mention, most often servers are hacked (which is an entirely different attack vector than the walletstuff) and the data is stolen right out of the ram, or unencrypted active partition, or similar. 1) isn't even active in that case.
I talk about 1). I want (and am sure) the parameters and algorithms which encrypt the sensitive parts of the wallet to be sound, and to be resistant against brute-force attacks of a large scale attacker for many years. That's all 1) has to do. And it's most definitely not the solution against other, higher-level attacks.

And, as a note: I have long passphrase(s) or real random passwords for my wallets, have the long-term wallet rar-password-encrypted, and finally all wallets or the rar file in a password manager, encrypted with a long masterpassword. With that, I feel reasonably secure in the means of 1) to spread that file for backup. Against 2), I use different passwords, for example. So when one password and its wallet are cleared out, I wouldn't lose all of my wallets.

..and then let's get 3) in the mix: Backup all of that mess securely, but redeemable in case something happens to me :-)

Ente

Ente
Pages: « 1 ... 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 [140] 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 ... 231 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!