[XMR] Monero - A secure, private, untraceable cryptocurrency

[GingerAle]

Will we ever see an official GUI wallet for Monero? How do you expect non-tech savvy people to use this coin without an easy wallet? Is it really too hard to make a wallet for 1.5 years?

I agree with the other posters. The engine is more important than the body. This is not to say that the body (GUI wallet) is not important. It's been said that it's coming, although technically there are GUIs now. The one that seems most easy to use is:

https://mymonero.com/#/

Since it's web-based, it can be used virtually anywhere and only you know your private keys.

It is great if someone can explain why "only you know your private keys." is true and how mymonero.com can check balance and send transactions on behalf of user without exposing his private key to mymonero.com owner. I think that it would be a FAQ.

The spend key (and therefore one-time private key for each output on the chain) are derived by Javascript in the browser when you type in your login key. It is not sent to the server. Any transactions you send are likewise created and signed in the browser before being sent to the server.

What is sent to the server is your view key which the server uses to identify your incoming transactions. That key alone does not allow spending.

"It is not sent to the server"

For the sake of the Monero community I think I have to point out here that this is actually a lie that is told repeatedly by Fluffypony & Smooth and other core members.

As I showed back in June, and Smooth is fully aware of, MyMonero.com had code specifically inserted to send private keys to the server, and was doing so successfully (and as far as I know, still is) https://bitcointalk.org/index.php?topic=1077775.msg11529538#msg11529538

Fluffypony provided an explanation that it was used for 'testing' on that thread, but as far as I know, the Monero community was never told about it officially, apart from my post in the alt section.

So if you have used MyMonero, it's likely your private keys *have* been sent to the server, and also stored in clear text on your own HD in a cookie.

I never saw an announcement that this as fixed, or that the vulnerability exists - if it's fixed and you still want to use MyMonero, the safe thing to do is move your funds from any old addresses to new addresses, as the old ones are potentially compromised.

Fluffy's original response

This is 100% correct, but it is also old (as in it predates MyMonero's official launch). Why you're seeing a very old version of the main page is beyond me, but that version of account.js hasn't been around for many, many months. I've confirmed on multiple systems that index.html is passing the correct account.js, and that account.js does not contain that old code. Additionally, you're passing ?2, which is a cachebuster value that we use to ensure nobody is receiving a cached version. Whilst this doesn't match the cachebuster value right now (?4) it still shouldn't have served up such a very, very old file. This could very well be an issue introduced when we were deploying a Phonegap-based QR code scanner on Tuesday morning, but that was rolled back after an hour as it caused endless issues in its detection of mobile devices. To make doubly-sure that this isn't occurring anymore I've cleared every possible server-side cache that could have been serving it.

In order to confirm that this functionality was indeed accidental (in that it was poorly thought through) and also removed ages ago I checked archive.org. The most recent capture of MyMonero is from May 13th, 2015 (https://web.archive.org/web/20150513233042/https://mymonero.com/#/) and has the following account.js: https://web.archive.org/web/20150513233042/https://mymonero.com/js/services/account.js?1 - you can confirm in that, and older versions, that there is no cookie-storage code.

It is important to note JavaScript-based wallets are never going to be really safe, and MyMonero is no exception. I've said before that MyMonero is merely a stopgap solution until we have libraryise completed (so that third-party GUI developers can better hook into core functions) and/or we've found an SPV-style solution (our current work is on using a bloom filter for viewkeys instead of passing the raw viewkey) for lightweight wallets. In fact, the website even says quite clearly: "The clients below are ideal if you are using Monero for the first time".

from his multi page response: https://bitcointalk.org/index.php?topic=1077775.msg11531304#msg11531304

[smooth]

Will we ever see an official GUI wallet for Monero? How do you expect non-tech savvy people to use this coin without an easy wallet? Is it really too hard to make a wallet for 1.5 years?

I agree with the other posters. The engine is more important than the body. This is not to say that the body (GUI wallet) is not important. It's been said that it's coming, although technically there are GUIs now. The one that seems most easy to use is:

https://mymonero.com/#/

Since it's web-based, it can be used virtually anywhere and only you know your private keys.

It is great if someone can explain why "only you know your private keys." is true and how mymonero.com can check balance and send transactions on behalf of user without exposing his private key to mymonero.com owner. I think that it would be a FAQ.

The spend key (and therefore one-time private key for each output on the chain) are derived by Javascript in the browser when you type in your login key. It is not sent to the server. Any transactions you send are likewise created and signed in the browser before being sent to the server.

What is sent to the server is your view key which the server uses to identify your incoming transactions. That key alone does not allow spending.

"It is not sent to the server"

To make them more strictly correct, add "by design" to my comments. I will be more careful to note that in the future.

I don't know anything about the current status of the implementation or any security bugs that may exist, or may have been fixed, as I have nothing to do with operating the site, nor did I have anything to do with development it. You will have to take those up with fluffypony.

[fluffypony]

"It is not sent to the server"

For the sake of the Monero community I think I have to point out here that this is actually a lie that is told repeatedly by Fluffypony & Smooth and other core members.

As I showed back in June, and Smooth is fully aware of, MyMonero.com had code specifically inserted to send private keys to the server, and was doing so successfully (and as far as I know, still is) https://bitcointalk.org/index.php?topic=1077775.msg11529538#msg11529538

Fluffypony provided an explanation that it was used for 'testing' on that thread, but as far as I know, the Monero community was never told about it officially, apart from my post in the alt section.

So if you have used MyMonero, it's likely your private keys *have* been sent to the server, and also stored in clear text on your own HD in a cookie.

I never saw an announcement that this as fixed, or that the vulnerability exists - if it's fixed and you still want to use MyMonero, the safe thing to do is move your funds from any old addresses to new addresses, as the old ones are potentially compromised.

I'm going to hazard that you're not BlockaFett, as he and I had a good chat about this months ago and all was resolved. He seemed a reasonable, logical person who understood the situation and was content with the resolution.

He's also perfectly capable of following up on his own research, you seem to lack the technical chops to do so. Pity, one always hopes that trolls will be a little less "talk" and a little more "action".

Nonetheless, it's probably not a bad idea for you to exit stage right and let BlockaFett talk on this matter if he so desires.

[blobafett2]

"It is not sent to the server"

For the sake of the Monero community I think I have to point out here that this is actually a lie that is told repeatedly by Fluffypony & Smooth and other core members.

As I showed back in June, and Smooth is fully aware of, MyMonero.com had code specifically inserted to send private keys to the server, and was doing so successfully (and as far as I know, still is) https://bitcointalk.org/index.php?topic=1077775.msg11529538#msg11529538

Fluffypony provided an explanation that it was used for 'testing' on that thread, but as far as I know, the Monero community was never told about it officially, apart from my post in the alt section.

So if you have used MyMonero, it's likely your private keys *have* been sent to the server, and also stored in clear text on your own HD in a cookie.

I never saw an announcement that this as fixed, or that the vulnerability exists - if it's fixed and you still want to use MyMonero, the safe thing to do is move your funds from any old addresses to new addresses, as the old ones are potentially compromised.

I'm going to hazard that you're not BlockaFett, as he and I had a good chat about this months ago and all was resolved. He seemed a reasonable, logical person who understood the situation and was content with the resolution.

He's also perfectly capable of following up on his own research, you seem to lack the technical chops to do so. Pity, one always hopes that trolls will be a little less "talk" and a little more "action".

Nonetheless, it's probably not a bad idea for you to exit stage right and let BlockaFett talk on this matter if he so desires.

Hi Fluffy.  No it is me, Blockafett.  I can confirm that if you want but I would have to recover the account details as I scrambled the password - the reason is I didn't like how BCT was taking up all my time trying to argue with the dozens of posts a day attacking the main coin I am interested in coming from a minority of users here who get a kick out of bullying people and generally make life hell for anyone interested in that coin, now I just use the official forum and hardly look at BCT and life is much better.  I made this second account when I came back temporarily.

Please don't get me wrong, I am not saying that I think that this was done deliberately to hurt Monero users, because I don't - if it was, it wouldn't be intermittent - it's more likely to be a CloudFlare cache issue / test code as we discussed, I explained this in that thread.  

The reason I posted the above, is because I don't think it's fair for users to hear that private keys are never sent to the server, because they were (are?) being, for whatever reason.

You can be 100% honest but this can still undermine user's security - priv keys are stored on their local HD in clear text, and also sent up the wire to your server, so there are many ways these can be collected / intercepted / cached.

I don't think it's unfair for me to point this out - if I was a MyMonero user (i'm not, but I have invested in Monero before) I would want to know this.  So with Smooth here now saying priv keys are never sent, when 5 months ago I showed they were being, for whatever reason, is just not true, and he knows that very well because we spoke about it there.

A lot of users here care about security, I think it's fair to point this out, and users have a right to know this vulnerability existed so they can take corrective action.

And I'm not trolling, I never mentioned this issue on this thread once before, just on a separate thread in the alt section, I would have expected some official announcement here - maybe this happened already, and this issue is fixed.  I don't know.  

If this happened on the other coin I mentioned, I think we all know there would be like 20 posts a day from Icebreaker and crew accusing the dev of being a "scammer!!!" in gigantic red posts as usual and generally trying to make people's lives there a misery for their own agenda - I haven't done that, but I don't like that it seems like users don't have this information when it's 6 months old already, which is why I posted it.  And I do have issues with Smooth as I have stated before but that is not something I want to comment on here, but is the reason I felt I should post today.

So to clarify, this is not a "Scam" accusation in any way, just I think users have the right to know their keys might have been compromised by anyone with access to their PC all the way up to MyMonero ISP / servers.  

What is the situation then, has this vulnerability been fixed or is CloudFlare still serving the code that sends the private keys?  Apologies if this was announced already, but I didn't see it and I did a quick search on the thread earlier too.

[smooth]

What I'd like to know is, does the vulnerability still exist or not?

It's certainly good to point out with a clear disclosure that it did exist, but if has in fact been fixed then I'm not going to include a footnote about a former vulnerability every time someone asks a question about how MyMonero works. That's silly -- you would have to include such a disclosure about every site or piece of software that has ever had a vulnerability, which is pretty much all of them.

[fluffypony]

The reason I posted the above, is because I don't think it's fair for users to hear that private keys are never sent to the server, because they were (are?) being, for whatever reason.

That's fair enough, and I apologise for misreading your comment as trolling.

Two things, then. First up, it hasn't occurred (at all) since that thread, and at the time I could not reproduce it by regular access even from different machines around the globe. I also couldn't reproduce finding the errant code (as it would appear by default, ie. without fudging JS versioning) either via archive.org or in Bing / Google's cache. Since then I have checked periodically to see if it is appearing, but have not seen the session-to-cookie snippet pop up. The snippet has not existed on the server in any way, shape, or form for many, many months, and so I can only assume it was isolated and unexpected. Needless to say that if it *is* ever reproducible by me then I will be able to tackle the exact cause and fix it from there.

Which leads me to the second thing I wanted to mention: I made it clear in that original thread, and it behoves repeating, web-based wallets are not "safe". Where a local wallet has a set of security risks (eg. a deviant local process can hijack your transactions as they are being built and redirect the funds) web wallets open up an additional class of security risks: trusting code that is delivered live, and passes through multiple points on the Internet. Using MyMonero involves trusting your ISP, trusting CloudFlare, trusting the CA, trusting MyMonero, and trusting the various data providers en-route, each and every time you use the web wallet. That having been said, MyMonero represents a smaller attack surface than a Bitcoin / altcoin-based web wallet where the keys are held on the server, as MyMonero is unable to spend funds independently of the user. Thus this attack would involve serving up compromised JavaScript, which would be noticed were it done on any sort of scale.

To that end, I'd like to reiterate my original comment from our previous discussion on the security of MyMonero:

It is important to note JavaScript-based wallets are never going to be really safe, and MyMonero is no exception. I've said before that MyMonero is merely a stopgap solution until we have libraryise completed (so that third-party GUI developers can better hook into core functions) and/or we've found an SPV-style solution (our current work is on using a bloom filter for viewkeys instead of passing the raw viewkey) for lightweight wallets. In fact, the website even says quite clearly: "The clients below are ideal if you are using Monero for the first time".

One final bootnote: the view key is sent to the MyMonero server every single time, so we don't state that "no keys" are sent to the server, merely that the spend key is not. That is a factually correct statement, barring any number of circumstances outside of our control, such as a user's ISP being compromised. I hope it is unnecessary for me to qualify that statement every time I make it:)

[blobafett2]

The reason I posted the above, is because I don't think it's fair for users to hear that private keys are never sent to the server, because they were (are?) being, for whatever reason.

That's fair enough, and I apologise for misreading your comment as trolling.

Two things, then. First up, it hasn't occurred (at all) since that thread, and at the time I could not reproduce it by regular access even from different machines around the globe. I also couldn't reproduce finding the errant code (as it would appear by default, ie. without fudging JS versioning) either via archive.org or in Bing / Google's cache. Since then I have checked periodically to see if it is appearing, but have not seen the session-to-cookie snippet pop up. The snippet has not existed on the server in any way, shape, or form for many, many months, and so I can only assume it was isolated and unexpected. Needless to say that if it *is* ever reproducible by me then I will be able to tackle the exact cause and fix it from there.

Which leads me to the second thing I wanted to mention: I made it clear in that original thread, and it behoves repeating, web-based wallets are not "safe". Where a local wallet has a set of security risks (eg. a deviant local process can hijack your transactions as they are being built and redirect the funds) web wallets open up an additional class of security risks: trusting code that is delivered live, and passes through multiple points on the Internet. Using MyMonero involves trusting your ISP, trusting CloudFlare, trusting the CA, trusting MyMonero, and trusting the various data providers en-route, each and every time you use the web wallet. That having been said, MyMonero represents a smaller attack surface than a Bitcoin / altcoin-based web wallet where the keys are held on the server, as MyMonero is unable to spend funds independently of the user. Thus this attack would involve serving up compromised JavaScript, which would be noticed were it done on any sort of scale.

To that end, I'd like to reiterate my original comment from our previous discussion on the security of MyMonero:

It is important to note JavaScript-based wallets are never going to be really safe, and MyMonero is no exception. I've said before that MyMonero is merely a stopgap solution until we have libraryise completed (so that third-party GUI developers can better hook into core functions) and/or we've found an SPV-style solution (our current work is on using a bloom filter for viewkeys instead of passing the raw viewkey) for lightweight wallets. In fact, the website even says quite clearly: "The clients below are ideal if you are using Monero for the first time".

One final bootnote: the view key is sent to the MyMonero server every single time, so we don't state that "no keys" are sent to the server, merely that the spend key is not. That is a factually correct statement, barring any number of circumstances outside of our control, such as a user's ISP being compromised. I hope it is unnecessary for me to qualify that statement every time I make it:)

Thanks for clarifying Fluffy, and it's true I have seen you say several times that MyMonero is more for convenience but if you want the best security then use SimpleWallet.

I wish I hadn't posted now, I will sign off.  Good luck with your upcoming DB release.

BF

[opennux]

Hi Fluffy.  No it is me, Blockafett.  I can confirm that if you want but I would have to recover the account details as I scrambled the password - the reason is I didn't like how BCT was taking up all my time trying to argue with the dozens of posts a day attacking the main coin I am interested in coming from a minority of users here who get a kick out of bullying people and generally make life hell for anyone interested in that coin, now I just use the official forum and hardly look at BCT and life is much better.  I made this second account when I came back temporarily.

That's funny, because BlockaFett was online today at Today at 10:52:40 AM : https://bitcointalk.org/index.php?action=profile;u=340495 and you post is from Today at 12:30:06 PM. 

   

[dEBRUYNE]

UPDATE: Funding required for an open source AMD miner (done by Wolf0) currently at 5,031.33/5,750.00 (87.50%) -> https://forum.getmonero.org/8/funding-required/2400/open-source-amd-miner-by-wolf0

[d0om]

UPDATE: Funding required for an open source AMD miner (done by Wolf0) currently at 5,031.33/5,750.00 (87.50%) -> https://forum.getmonero.org/8/funding-required/2400/open-source-amd-miner-by-wolf0

That's nice, I would like to see Wolf not hold back on this project. I've read that his previous code was only "partly optimized'. Impress us!

[XMRpromotions]

UPDATE: Funding required for an open source AMD miner (done by Wolf0) currently at 5,031.33/5,750.00 (87.50%) -> https://forum.getmonero.org/8/funding-required/2400/open-source-amd-miner-by-wolf0

That's nice, I would like to see Wolf not hold back on this project. I've read that his previous code was only "partly optimized'. Impress us!

I am sure Wolf will do his best! Early optimization gains are easier than later ones. Eventually there is a point of diminishing returns.

[myagui]

Wolf0 will always do a good job, if nothing else, because he has a reputation to maintain! 

[ArticMine]

UPDATE: Funding required for an open source AMD miner (done by Wolf0) currently at 5,031.33/5,750.00 (87.50%) -> https://forum.getmonero.org/8/funding-required/2400/open-source-amd-miner-by-wolf0

This is now at 100%.

[dEBRUYNE]

UPDATE: Funding required for an open source AMD miner (done by Wolf0) currently at 5,031.33/5,750.00 (87.50%) -> https://forum.getmonero.org/8/funding-required/2400/open-source-amd-miner-by-wolf0

This is now at 100%.

Great :-)

EDIT: Oh, just saw it was you who funded the remainder. Great job and thanks!

[lulla.by]

Monero...still have some after all this time very good coin

[smooth]

Monero...still have some after all this time very good coin

Welcome back.

[Bassica]

UPDATE: Funding required for an open source AMD miner (done by Wolf0) currently at 5,031.33/5,750.00 (87.50%) -> https://forum.getmonero.org/8/funding-required/2400/open-source-amd-miner-by-wolf0

That's nice, I would like to see Wolf not hold back on this project. I've read that his previous code was only "partly optimized'. Impress us!

The only thing that won't be fully optimized are the finalization hashes in CryptoNight - simply because they don't matter for speed, and would require me to open source code that could be used in X algos and others.

What about you building in a 1% to devfund-fee instead of a 5% to claymore?

[GingerAle]

UPDATE: Funding required for an open source AMD miner (done by Wolf0) currently at 5,031.33/5,750.00 (87.50%) -> https://forum.getmonero.org/8/funding-required/2400/open-source-amd-miner-by-wolf0

That's nice, I would like to see Wolf not hold back on this project. I've read that his previous code was only "partly optimized'. Impress us!

The only thing that won't be fully optimized are the finalization hashes in CryptoNight - simply because they don't matter for speed, and would require me to open source code that could be used in X algos and others.

What about you building in a 1% to devfund-fee instead of a 5% to claymore?

Pointless work, as it'll be removed pretty soon, and then everyone will use the one without the fee. Even people who would have donated may not learn about the miner with the fee - for example, how many of you donate to Girino for the original darkcoin-mod?

i know of no such coin, nor do i mine anything besides monero

[smoothie]

UPDATE: Funding required for an open source AMD miner (done by Wolf0) currently at 5,031.33/5,750.00 (87.50%) -> https://forum.getmonero.org/8/funding-required/2400/open-source-amd-miner-by-wolf0

That's nice, I would like to see Wolf not hold back on this project. I've read that his previous code was only "partly optimized'. Impress us!

The only thing that won't be fully optimized are the finalization hashes in CryptoNight - simply because they don't matter for speed, and would require me to open source code that could be used in X algos and others.

What about you building in a 1% to devfund-fee instead of a 5% to claymore?

Pointless work, as it'll be removed pretty soon, and then everyone will use the one without the fee. Even people who would have donated may not learn about the miner with the fee - for example, how many of you donate to Girino for the original darkcoin-mod?

i know of no such coin, nor do i mine anything besides monero

Have you ever posted pix of your mining setup?

[bigj]

Pretty much done with the custom miner, iDunk on IRC is running a stability test.

EDIT: I should say milestone 2; the performance kinda sucks - needs more work.

Any details on performance? (And cpu load?)