justusranvier
Legendary
 Offline
Activity: 1400
Merit: 1006
|
 |
October 01, 2014, 07:40:15 PM |
|
I managed to create a situation where Armory 0.92.1 will perform a full blockchain scan every time the program is loaded.
I run bitcoind on a different (virtual) machine than Armory.
When I use NFS to share the blockchain directory, everything works.
Since both the bitcoind VM and the Armory VM are running on the same host, I tried moving the blockchain directory to the host and sharing it with both via 9pfs. The bitcoind VM gets read-write access, and the Armory VM gets read-only access.
Armory will perform a successful scan of the blockchain.
When I close it and open it up again, I get a
"Block file is in the wrong network! MagicBytes: 00000000" error and it starts over from the beginning.
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
|
|
|
|
|
|
|
|
pitiflin
|
|
October 01, 2014, 09:07:05 PM |
|
Stupid (maybe not) question.
I want to update Armory, should I update Bitcoin Core as well?
|
|
|
|
bitpop
Legendary
Offline
Activity: 2548
Merit: 1045
https://keybase.io/bitpop
|
|
October 01, 2014, 09:20:33 PM |
|
Stupid (maybe not) question.
I want to update Armory, should I update Bitcoin Core as well?
You don't have to but latest core is more critical than latest armory |
|
|
|
|
pitiflin
|
|
October 01, 2014, 09:45:02 PM |
|
Stupid (maybe not) question.
I want to update Armory, should I update Bitcoin Core as well?
You don't have to but latest core is more critical than latest armory Thanks  |
|
|
|
|
segeln
|
|
October 02, 2014, 11:02:55 AM |
|
when will 0.92.2 be out of testing?
I ask this question again Hope I and cypherdoc get an answer |
|
|
|
|
bitpop
Legendary
Offline
Activity: 2548
Merit: 1045
https://keybase.io/bitpop
|
|
October 02, 2014, 11:06:21 AM |
|
when will 0.92.2 be out of testing?
I ask this question again Hope I and cypherdoc get an answer I don't think there's bugs so it doesn't really matter. Armory just likes to call everything testing. |
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1006
|
|
October 02, 2014, 12:14:45 PM |
|
|
|
|
|
|
|
segeln
|
|
October 02, 2014, 12:17:00 PM |
|
when will 0.92.2 be out of testing?
I ask this question again Hope I and cypherdoc get an answer I don't think there's bugs so it doesn't really matter. Armory just likes to call everything testing. Thanks,hope you are right |
|
|
|
|
|
segeln
|
|
October 02, 2014, 12:24:26 PM |
|
are only USB sticks right from the factory affected or old used ones as well? As I understand it,USB Sitcks in use cannot get compromised |
|
|
|
|
|
chrisrico
|
|
October 02, 2014, 01:29:04 PM |
|
are only USB sticks right from the factory affected or old used ones as well?
As I understand it,USB Sitcks in use cannot get compromised
Nope, the whole reason why this is such a bad exploit is that most USB devices (not just flash drives) can have their firmware reprogrammed via software. |
|
|
|
|
|
Perlover
|
|
October 02, 2014, 02:17:50 PM |
|
I don't know somebody wrote to here or not.
But i think the Armory and other programs could have a potential vulnerability.
For example what if your computer with installed Armory (watch-only wallet mode) is infected and trojan/virus which modifies a receiving address in Armory's interface? How can i trust to my online watch-only computer that all generated addresses are my addresses? What if trojan/virus modifies installed DLLs/Shared libraries of Armory and substitute watch-only generated addresses or seed to hacker things? If i will send to money to generated address how can i sure that this address is my address for private key at offline computer? :-/
What do developers think about this?
|
|
|
|
|
|
segeln
|
|
October 02, 2014, 02:58:29 PM |
|
are only USB sticks right from the factory affected or old used ones as well?
As I understand it,USB Sitcks in use cannot get compromised
Nope, the whole reason why this is such a bad exploit is that most USB devices (not just flash drives) can have their firmware reprogrammed via software. that is indeed a bad exploit. What about antimalware/antiviruses programs like Norton,kaspersky,avira.Mc affee? Could they detect those malicious software,when they are widespread and known ? |
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1006
|
|
October 02, 2014, 03:11:35 PM |
|
What about antimalware/antiviruses programs like Norton,kaspersky,avira.Mc affee?
Could they detect those malicious software,when they are widespread and known ?
No. USB firmware exploits happen outside the control of the CPU and any software that may be running on it. For now, you should probably use CD-Rs to move unsigned transactions across the air gap discard them after each use. There might not be any exploitable CD drive firmware vulnerabilities that can be triggered by malicious data on a disc. Maybe. |
|
|
|
|
|
SimonBelmond
|
|
October 02, 2014, 03:13:49 PM |
|
I don't know somebody wrote to here or not.
But i think the Armory and other programs could have a potential vulnerability.
For example what if your computer with installed Armory (watch-only wallet mode) is infected and trojan/virus which modifies a receiving address in Armory's interface? How can i trust to my online watch-only computer that all generated addresses are my addresses? What if trojan/virus modifies installed DLLs/Shared libraries of Armory and substitute watch-only generated addresses or seed to hacker things? If i will send to money to generated address how can i sure that this address is my address for private key at offline computer? :-/
What do developers think about this?
I jsut double check the address before broadcasting. That's more or less all I can do. Of course you could take appart the unsigned and signed transaction before broadcasting. However, as long as I don't hear anything else I consider it safe enough... |
|
|
|
|
|
segeln
|
|
October 02, 2014, 03:43:04 PM |
|
What about antimalware/antiviruses programs like Norton,kaspersky,avira.Mc affee?
Could they detect those malicious software,when they are widespread and known ?
No. USB firmware exploits happen outside the control of the CPU and any software that may be running on it. For now, you should probably use CD-Rs to move unsigned transactions across the air gap discard them after each use. There might not be any exploitable CD drive firmware vulnerabilities that can be triggered by malicious data on a disc. Maybe. thanks,justusranvier |
|
|
|
|
Newar
Legendary
Offline
Activity: 1358
Merit: 1000
https://gliph.me/hUF
|
|
October 02, 2014, 03:59:37 PM |
|
What about antimalware/antiviruses programs like Norton,kaspersky,avira.Mc affee?
Could they detect those malicious software,when they are widespread and known ?
No. USB firmware exploits happen outside the control of the CPU and any software that may be running on it. For now, you should probably use CD-Rs to move unsigned transactions across the air gap discard them after each use. There might not be any exploitable CD drive firmware vulnerabilities that can be triggered by malicious data on a disc. Maybe. There's audio too, easier on the planet: https://bitcointalk.org/index.php?topic=735111.0 |
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
October 02, 2014, 04:01:24 PM |
|
Stupid (maybe not) question.
I want to update Armory, should I update Bitcoin Core as well?
You don't have to but latest core is more critical than latest armory so latest Bitcoin Core is compatible with ARmory 0.92.1? |
|
|
|
|
bitpop
Legendary
Offline
Activity: 2548
Merit: 1045
https://keybase.io/bitpop
|
|
October 02, 2014, 04:39:19 PM |
|
Stupid (maybe not) question.
I want to update Armory, should I update Bitcoin Core as well?
You don't have to but latest core is more critical than latest armory so latest Bitcoin Core is compatible with ARmory 0.92.1? Yeah the bitcoin rpc i dont think ever had deprecation |
|
|
|
|
Perlover
|
|
October 03, 2014, 04:10:20 PM |
|
I jsut double check the address before broadcasting. That's more or less all I can do. Of course you could take appart the unsigned and signed transaction before broadcasting. However, as long as I don't hear anything else I consider it safe enough...
I am about getting from Armory the address for receiving bitcoins. It's not neeeded for broadcasting... As i think you about a sending of bitcoins... |
|
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
October 03, 2014, 08:42:43 PM |
|
I don't know somebody wrote to here or not.
But i think the Armory and other programs could have a potential vulnerability.
For example what if your computer with installed Armory (watch-only wallet mode) is infected and trojan/virus which modifies a receiving address in Armory's interface? How can i trust to my online watch-only computer that all generated addresses are my addresses? What if trojan/virus modifies installed DLLs/Shared libraries of Armory and substitute watch-only generated addresses or seed to hacker things? If i will send to money to generated address how can i sure that this address is my address for private key at offline computer? :-/
What do developers think about this?
I totally agree on that. So, I try to pay a bitcoin to my landlord. How do I get his adress? Via his website, or mail, or I noted it down in my Armory adressbook. All of these can be easily replaced, without noticing, by malware. Malware might also change stuff so the change adress isn't mine, but his. Not sure about that though. That is no Armory-specific or even Bitcoin-specific problem. Same problem arises with regular bank account transfer, if I don't know the account details by heart. The only thing Armory can secure, and does so well, is that you only lose that one transaction. As soon as your landlord kicks your butt, you know something is wrong with your computer. All other coins should still be safe on the offline computer. Please, someone tell me what I overlooked here? Ente |
|
|
|
|
|
