Bitcoin Forum
March 29, 2024, 01:46:25 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 [181] 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 »
  Print  
Author Topic: Armory - Discussion Thread  (Read 521671 times)
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
May 03, 2014, 01:39:55 PM
 #3601

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...

A virus can compromise your watch only copy to generate addresses that aren't yours. This completely bypasses all security.

You could generate it then glance at the cold storage copy to make sure it's in the list. You may have to generate extra ones to get the number of addresses the same.

Is that a malware, or a bug in Armory?

Malware, armory is solid.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
TierNolan
Legendary
*
Offline Offline

Activity: 1232
Merit: 1077


View Profile
May 03, 2014, 02:09:54 PM
 #3602

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Interesting, to say the least.

Is that being added to the next version or already in the current version?

1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
May 03, 2014, 02:11:57 PM
 #3603

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Interesting, to say the least.

Is that being added to the next version or already in the current version?

There's no new feature per se

jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1087


View Profile
May 03, 2014, 06:05:22 PM
 #3604

This also means new best practice is sending to offline wallet using an address created on there. Previously I got an address from the watch only copy.

Can you explain this a little further? AFAIK, the addresses generated on the offline wallet and the watch only copy are the same? Wouldn't be of much use otherwise...

A virus can compromise your watch only copy to generate addresses that aren't yours. This completely bypasses all security.

You could generate it then glance at the cold storage copy to make sure it's in the list. You may have to generate extra ones to get the number of addresses the same.

Is that a malware, or a bug in Armory?

Malware, armory is solid.

So there is not much the Armory team could do. Actually this doesn't only affect Armory. For example, a malware could replace Bitpay's address on the invoice. Even payment protocol won't help as the malware could bypass the signature check.

The lesson is no bitcoin address shown on an online computer is reliable. We need some simple solutions to verify bitcoin addresses and payment requests. Dedicated hardware wallet is the way to go.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
kentt
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
May 03, 2014, 09:39:20 PM
 #3605

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
May 03, 2014, 10:25:15 PM
 #3606

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

I don't think anyone was. I think a white hat tipped them off about it.

bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
May 03, 2014, 10:29:01 PM
 #3607

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

Do not get scared if they don't match at first! Look at the whole list and address number! They won't be synced.

kentt
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
May 03, 2014, 10:52:19 PM
 #3608

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

Do not get scared if they don't match at first! Look at the whole list and address number! They won't be synced.
Generating addresses on the cold rig matched all the generated addresses on the broadcast wallet so I guess I'm good.  Thanks for the heads up.

By "Do not get scared if they don't match at first!" do you just mean don't that I shouldn't be worried if I haven't generated the same addresses on the cold system as on the broadcast system?  Eg I've generated a few on the cold rig, but 50 on broadcast rig.  That is they should still be in generated in same order once generated.
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
May 03, 2014, 11:04:59 PM
 #3609

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

Do not get scared if they don't match at first! Look at the whole list and address number! They won't be synced.
Generating addresses on the cold rig matched all the generated addresses on the broadcast wallet so I guess I'm good.  Thanks for the heads up.

By "Do not get scared if they don't match at first!" do you just mean don't that I shouldn't be worried if I haven't generated the same addresses on the cold system as on the broadcast system?  Eg I've generated a few on the cold rig, but 50 on broadcast rig.  That is they should still be in generated in same order once generated.

Exactly

jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1087


View Profile
May 04, 2014, 03:39:53 AM
 #3610

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

If a computer is infected, it is completely hopeless

Let say you generated an address with the cold system, which is "1User". You send a withdrawal request to the exchange, asking them to send bitcoin to 1User. A sophisticated malware could secretly replace the address with "1Hacker" before sending the request the exchange.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
May 04, 2014, 11:38:21 AM
 #3611

One day we will be able to lock an exchange to a public key and they can make addresses guaranteed for us

bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
May 04, 2014, 12:25:33 PM
 #3612

One day we will be able to lock an exchange to a public key and they can make addresses guaranteed for us

I like that idea very much.

Could that be done without forcing the masses to learn PGP?

EDIT: or at least exchanges could make it an option for those who do wish to use PGP.

Actually no pgp, just a public seed

kentt
Member
**
Offline Offline

Activity: 103
Merit: 10


View Profile
May 05, 2014, 06:06:54 AM
 #3613

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

If a computer is infected, it is completely hopeless

Let say you generated an address with the cold system, which is "1User". You send a withdrawal request to the exchange, asking them to send bitcoin to 1User. A sophisticated malware could secretly replace the address with "1Hacker" before sending the request the exchange.

Extremely valid point.

Some users on Reddit have actually been having this problem caused by extensions on google chrome. Though it could be any sort of malware, google chrome extensions just seem to be the thing lately.

Always a good idea to send a small test transaction out of an exchange before sending the whole amount.
I should be able to avoid that by noticing that I'm signing the txn to 1User on the offline rig.
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1087


View Profile
May 05, 2014, 02:31:23 PM
 #3614

Regarding the virus, how would one double check that I was not victim to this attack.  **nervous**

Generate the new addresses on your cold system first, and then verify that the addresses you generate on the hot watch-only system match the addresses in the cold system.

If a computer is infected, it is completely hopeless

Let say you generated an address with the cold system, which is "1User". You send a withdrawal request to the exchange, asking them to send bitcoin to 1User. A sophisticated malware could secretly replace the address with "1Hacker" before sending the request the exchange.

Extremely valid point.

Some users on Reddit have actually been having this problem caused by extensions on google chrome. Though it could be any sort of malware, google chrome extensions just seem to be the thing lately.

Always a good idea to send a small test transaction out of an exchange before sending the whole amount.
I should be able to avoid that by noticing that I'm signing the txn to 1User on the offline rig.

No, it's not about signing, it's about sending a payment request

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1087


View Profile
May 05, 2014, 02:34:57 PM
 #3615

One day we will be able to lock an exchange to a public key and they can make addresses guaranteed for us

I like that idea very much.

Could that be done without forcing the masses to learn PGP?

EDIT: or at least exchanges could make it an option for those who do wish to use PGP.

Actually no pgp, just a public seed

Theoretically a malware could replace your public seed with the hacker's. The only bullet-proof way is to register an account with an offline pgp key (or with a bitcoin key), and sign any payment requests with the key.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
etotheipi (OP)
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
May 05, 2014, 05:02:59 PM
 #3616

Actually no pgp, just a public seed

Theoretically a malware could replace your public seed with the hacker's. The only bullet-proof way is to register an account with an offline pgp key (or with a bitcoin key), and sign any payment requests with the key.

Sorry guys, I've been out of town at the MIT Bitcoin Expo this past weekend and haven't even been looking at this thread.

I just want to mention that the "real" solution here is something I've talked about for a while, but no one else in the community seems to be taking it seriously, even though it's perfectly compatible with BIP 32.  You provide your BIP32 branch root public key (but not chaincode!), perhaps putting it on your business card.  So your business card contains the public key portion of M/i/j, then when you compute address M/i/j/k for someone to pay you, you do all the hashing and crypto, and save off the multiplier just before it is applied to M/i/j.  You send the recipient the receiving address and the multiplier.  They can apply the multiplier to the public key on your business card and see that it matches the address given, proving that it's actually part of your wallet.  Note that this is perfectly private because the chaincode is not the same as the multiplier, and cannot be computed from the multiplier.  It simply allows you to optionally prove that an address is related to your root public key without leaking any privacy or security information.

Stealth addresses are based on this idea, but don't require any interaction.  It lets the sender generate the multiplier for you using ECDH, and then encoding the DH information in an OP_RETURN output.  However, it comes at the expense of extra data in the blockchain, and the receiver must scan every transaction in the blockchain with expensive crypto ops to find transactions to his wallet.  This doesn't work with lite wallets, and the stealth address discussion has gone through many ideas of outsourcing that computation/search to trusted nodes with enough computing power.

Instead, using this rootkey+multiplier trick, you still have to provide a payment address to the sender, but they can prove to themselves that the address is yours as long as they have verified your root public key at any point in time.  This doesn't require any extra computation or embedded blockchain data like stealth addresses do.  It is a solid compromise between where we are and what stealth addresses attempt to accomplish.  

When I talked about "...and a whole lot more" in my foreshadowing of what the new wallet format will do, that is one of those things we will be supporting.  It would allow you to save BIP32 root public key information for various contacts in the wallet, and provide a new (optional) address encoding that proves your addresses are related.    In all cases, we are requiring the sender to verify the receiver's address under the assumption that maybe the receiver's own WO wallet has an error or is compromised.  

Until then, the best thing you can do is exchange watching-only wallets with parties you interact with frequently, and make sure that any payment addresses they send you appear in the WO wallet you have for them.  Armory already gives you a way to watch multiple wallets and mark who they belong to.  Out-of-band verification of payment addresses (such as phone call) would be recommended for exceptionally large transactions.



P.S. - This proposal does not have a compact extension into P2SH multisig, but it is still possible.  Your company would actually have, say, 5 public keys associated with the company address (because the company uses a 3-of-5).  The sender would receive 5 multipliers, apply the multipliers to verify each one, and then sort the resulting public keys and create the P2SH-multisig themselves.   There's no loss of privacy there, just a lot more data needing to be moved between parties to do the verification.

P.P.S - You would most likely include a much shorter hash on your business card, and then supply the root key(s), multiplier(s) and payment address all at once.  They would hash the root key(s) to make sure it matches your business card, then follow the process above.




Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1006



View Profile
May 05, 2014, 05:16:24 PM
 #3617

Until then, the best thing you can do is exchange watching-only wallets with parties you interact with frequently, and make sure that any payment addresses they send you appear in the WO wallet you have for them.  Armory already gives you a way to watch multiple wallets and mark who they belong to.  Out-of-band verification of payment addresses (such as phone call) would be recommended for exceptionally large transactions.
This is something Bitcoin companies should have been doing for years.

How many exchange balance thefts would have been avoided if exchanges let users upload a WO wallet and only processed withdrawals to addresses in it?
plethora
Member
**
Offline Offline

Activity: 113
Merit: 10



View Profile
May 05, 2014, 06:56:22 PM
 #3618

Caution: When copying and pasting the command line arguments from Troubleshooting Bitcoin Armory into your shortcut to launch Armory, the quotes are not actual characters recognized by Windows resulting in the path not being respected.
Quote
To move BOTH Bitcoin Core AND Armory home dir:

            Complete both steps above but instead, modify Armory Shortcut by adding: --satoshi-datadir=“F:\Bitcoin\new\home\dir” --datadir=“F:\Armory\new\home\dir”
Notice the “ and ” instead of ".
Roy Badami
Hero Member
*****
Offline Offline

Activity: 563
Merit: 500


View Profile
May 06, 2014, 10:37:59 PM
 #3619

I have a feature request, that's kind of a thought-in-progress...

The other day I fired up Armory on my laptop while I was at work because I needed to transfer a small quantity of coins from my online Armory wallet to my Bitcoin Core wallet.  (I normally use Bitcoin Core for day to day purchases, but by balance was a little low.)  But I was conscious that anyone who happened to walk past and see my screen (and knew what they were looking at) would also know exactly how much I had in cold storage.

I'm not sure what UI change I'm really asking for here - maybe a preference that hides balances when the client is launched (and allows an individual wallet balance to still be viewed by means of a UI action)?

It's true that my bank's Internet banking has the same problem - launching it would reveal the balance of my current account (checking account), credit card account, and savings account.   The difference, of course, is that I can make payments from the first two just by typing my debit or credit card number into a merchant's web site, so the privacy issue never arises in normal use...

Thoughts, anyone?



CircusPeanut
Full Member
***
Offline Offline

Activity: 123
Merit: 100


View Profile
May 06, 2014, 10:42:23 PM
 #3620

I have a feature request, that's kind of a thought-in-progress...
...

I'm not sure what UI change I'm really asking for here - maybe a preference that hides balances when the client is launched (and allows an individual wallet balance to still be viewed by means of a UI action)?
...
Thoughts, anyone?

You could drag the right edge of the Armory window to the left until the balance column is obscured.
Pages: « 1 ... 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 [181] 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!