[XMR] Monero - A secure, private, untraceable cryptocurrency

[BitcoinForumator]

Can we simply import wallets and .keys from the old Monero client into Hydrogen Helix?

[1714924935]

1714924935

[1714924935]

1714924935

[1714924935]

1714924935

[Febo]

Can we simply import wallets and .keys from the old Monero client into Hydrogen Helix?

yes i copy/pasted them in Hydrogen Helix folder and when open with simple wallet just type refresh command and that is it.

[generalt]

Can we simply import wallets and .keys from the old Monero client into Hydrogen Helix?

yes i copy/pasted them in Hydrogen Helix folder and when open with simple wallet just type refresh command and that is it.

Thank you.

[saddambitcoin]

xpost from Cryptonic's thread: Now you can bind a Monero address to a physical XMR coin! Very cool.

Dear friends! Happy new year!

From now on Cryptonic physical Monero coins are little more than just collectibles.

Moneromooo has kindly added an optional user supplied entropy to his offline wallet generator. So now it's possible to use it with cryptonic coin IDs (and a password for more security) to create a cold storage associated with it.

https://github.com/moneromooo-monero/monero-wallet-generator/

https://moneroaddress.org/

There is a field Custom entropy. Just fill in your coin IDs and a password, for example:

Code:

1Fe58dA D7auQk6 your_password

...and click Generate wallet!

[aiwe]

Once I lost (luckily small amount of) Bitcoin from address generated by some paperwallet site using 'brain wallet' shit option - custom phrase entered. So, in seconds after change from transaction went to that address it was withdrawn bo some clever bastard owner of 1LdUHTEVxWJhrhKfy4H3VuYDnTHQVjsdBn.

Therefore my question: is it safe to use custom entropy?

I'm afraid, human brain is not good at providing uncrackable one.




Upd.: Shit it was not small, - I could bought ONE monero for those satoshies. And they were stolen..

[MoneroMooo]

Therefore my question: is it safe to use custom entropy?

That's a bit like getting in a plane cockpit in flight, and wondering: is it safe to disable the autopilot ?

For some, it will be. For most... it will be down to this:

I'm afraid, human brain is not good at providing uncrackable one.

[dEBRUYNE]

Once I lost (luckily small amount of) Bintoin from address generated by some paperwallet site using 'brain wallet' shit option - custom phrase entered. So, in seconds after change from transaction went to that address it was withdrawn bo some clever bastard owner of 1LdUHTEVxWJhrhKfy4H3VuYDnTHQVjsdBn.

Therefore my question: is it safe to use custom entropy?

I'm afraid, human brain is not good at providing uncrackable one.




Upd.: Shit it was not small, - I could bought ONE monero for those satoshies. And they were stolen..

Generally not, just use the normal one. Custom entropies are risky and should only be used if you know what you are doing.

[medusa13]

hi guys, still haveing some troubles with 0.9.

after deleting .bin, the balance shown in simplewallet is now correct.

but if i try to send funds, i get :

Code:

2016-Jan-03 23:26:54.722493 [RPC1]transaction with hash aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd not found in db
2016-Jan-03 23:26:54.722493 [RPC1]Transaction with id= <aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd> used already spent key images
2016-Jan-03 23:26:54.722493 [RPC1]Transaction verification failed: <aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd>

dont know what it is..is a trx of mine stuck in mempool?

[oblox]

hi guys, still haveing some troubles with 0.9.

after deleting .bin, the balance shown in simplewallet is now correct.

but if i try to send funds, i get :

Code:

2016-Jan-03 23:26:54.722493 [RPC1]transaction with hash aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd not found in db
2016-Jan-03 23:26:54.722493 [RPC1]Transaction with id= <aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd> used already spent key images
2016-Jan-03 23:26:54.722493 [RPC1]Transaction verification failed: <aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd>

dont know what it is..is a trx of mine stuck in mempool?

Doesn't appear to be in a block yet:

http://moneroblocks.eu/search/aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd

[smooth]

Once I lost (luckily small amount of) Bitcoin from address generated by some paperwallet site using 'brain wallet' shit option - custom phrase entered. So, in seconds after change from transaction went to that address it was withdrawn bo some clever bastard owner of 1LdUHTEVxWJhrhKfy4H3VuYDnTHQVjsdBn.

Therefore my question: is it safe to use custom entropy?

Given the stated use case above it should be safe, assuming you trust the manufacturer of the coin and the coin itself has been kept secure from disclosure of the coin ID.

A "strong" password helps a bit but most of the security comes from the coin ID itself.

Although....I'd suggest using slow hash for key stretching as the simplewallet password does. That all but precludes any useful brute forcing of passwords. I thought that was in the standard for physical coin keys, but maybe not.

[binaryFate]

A "strong" password helps a bit but most of the security comes from the coin ID itself.

If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.

[smooth]

A "strong" password helps a bit but most of the security comes from the coin ID itself.

If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.

If you're going to do that, you might as well just use a paper wallet (which I personally recommend). There is no way you will ever have a strong password that doesn't need to be written down. Brain wallets don't work.

[binaryFate]

A "strong" password helps a bit but most of the security comes from the coin ID itself.

If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.

If you're going to do that, you might as well just use a paper wallet (which I personally recommend). There is no way you will ever have a strong password that doesn't need to be written down. Brain wallets don't work.

Plain brain wallets don't, and I agree to discourage anyone to use them.

However you can produce secure brain wallets with for instance a mechanism involving a large number of different hashing functions.
Simple example, assuming my brain wallet is 12MD516SHAparmiggianoIsMySalt. (This is easy to remember if you read that word by word).
I would probably still remember, even after some years, that I have to find the secret key by applying 12 times MD5, 16 times SHA256, to that very password itself.

Code:

p="12RIPEMD16SHAparmiggianoIsMySalt" ; for i in `seq 1 12`; do for j in `seq 1 16`; do p=`echo $p | md5sum` ; done; p=`echo $p | sha256sum`; done ; echo "sk = $p" | cut -d ' ' -f 1-3

Ok, maybe I won't remember that I have to use nested loops, but since I created the scheme to start with, I wouldn't give up and keep fiddling around, testing few stuff and would eventually find my secret key with coins on it.

Not that I encourage anyone to use this, this is simply an example showing that brainwallets can include more entropy than the sole characters they contain. They can include additional entropy due to a particular semantic you attach to them. The idea is to use a semantic that is obvious to you once you read (ie, remember) the word, but hard enough that nobody can enumerate over it easily. Ideally you create your very own semantic for a handfull of critical brain wallets (or for those you create in 2015, or...), and don't disclose your logic to anyone.

[Johnny Mnemonic]

A "strong" password helps a bit but most of the security comes from the coin ID itself.

If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.

If you're going to do that, you might as well just use a paper wallet (which I personally recommend). There is no way you will ever have a strong password that doesn't need to be written down. Brain wallets don't work.

False - it's possible, most people just don't do it.

And the ones who do occasionally forget their passwords, because they go so long without needing to recall it. It's possible but hardly practical.

[smooth]

However you can produce secure brain wallets with for instance a mechanism involving a large number of different hashing functions.

I doubt it. If enough people start doing that, password brute forcers will do it too, the same way they use combinations of words, phrases, common transformations, etc. All you are doing with these sorts of combinations is adding a relatively small number of entropy bits for the various ways that hash functions can be combined.

Key stretching does work but that relies on the hash function being slow, which is somewhat fragile long term.

[binaryFate]

However you can produce secure brain wallets with for instance a mechanism involving a large number of different hashing functions.

I doubt it. If enough people start doing that, password brute forcers will do it too, the same way they use combinations of words, phrases, common transformations, etc. All you are doing with these sorts of combinations are adding a relatively small number of entropy bits for the various ways that hash functions can be combined.

Key stretching does work but that relies on the hash function being slow, which is somewhat fragile long term.

Right, but this is just one example. The point is to have some semantic to apply to your password, that you never disclose. For me a mini computer program could do the trick but for somebody else it could be something else.
But this is not practical or advisable for the masses, I agree.

EDIT: in the example scheme of having N repetitions of hashing functions, it also has the additional personal advantage that I can choose roughly how much time I'll need to get my secret key. (Assuming I don't put my hand on ASICS for all hashing functions involved). So for an important brain wallet I can make it roughly 24h on a typical computer, and be sure I wouldn't spend it drunk.

[birr]

Everybody's different, but I don't trust myself to remember 100 bits or more of information.  Recording a mnemonic effects a massive reduction in the information I need to retain.

[iCEBREAKER]

A "strong" password helps a bit but most of the security comes from the coin ID itself.

If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.

If you don't use it at the very beginning or end, a compromised coin ID is still useful to salt/stretch something human-memorable, especially if you tweak it a bit.

http://rumkin.com/tools/password/passchk.php

Apparently generating strong pass-phrases is within my skill set.   

But (IIRC) brainwallet.org did something silly, which reduced the entropy of even the strongest phrases to a weak maximum?

Oh bother, I really should move those coins to the Trezor....if they are still there.   

in the example scheme of having N repetitions of hashing functions, it also has the additional personal advantage that I can choose roughly how much time I'll need to get my secret key. (Assuming I don't put my hand on ASICS for all hashing functions involved). So for an important brain wallet I can make it roughly 24h on a typical computer, and be sure I wouldn't spend it drunk.

Out-of-band OP_HODL.  Now that is sweet!   

[medusa13]

hi guys, still haveing some troubles with 0.9.

after deleting .bin, the balance shown in simplewallet is now correct.

but if i try to send funds, i get :

Code:

2016-Jan-03 23:26:54.722493 [RPC1]transaction with hash aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd not found in db
2016-Jan-03 23:26:54.722493 [RPC1]Transaction with id= <aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd> used already spent key images
2016-Jan-03 23:26:54.722493 [RPC1]Transaction verification failed: <aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd>

dont know what it is..is a trx of mine stuck in mempool?

Doesn't appear to be in a block yet:

http://moneroblocks.eu/search/aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd

the trxid is just an example..

the problem is it says that its allready used..but its not. i want to empty this wallet but i can not make any transactions.

sometimes i have success making small trx, but the big part is not moveable because of this.

any ideas?

[dEBRUYNE]

hi guys, still haveing some troubles with 0.9.

after deleting .bin, the balance shown in simplewallet is now correct.

but if i try to send funds, i get :

Code:

2016-Jan-03 23:26:54.722493 [RPC1]transaction with hash aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd not found in db
2016-Jan-03 23:26:54.722493 [RPC1]Transaction with id= <aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd> used already spent key images
2016-Jan-03 23:26:54.722493 [RPC1]Transaction verification failed: <aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd>

dont know what it is..is a trx of mine stuck in mempool?

Doesn't appear to be in a block yet:

http://moneroblocks.eu/search/aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd

the trxid is just an example..

the problem is it says that its allready used..but its not. i want to empty this wallet but i can not make any transactions.

sometimes i have success making small trx, but the big part is not moveable because of this.

any ideas?

I suggest contacting MoneroMooo or one of the other core-team members on IRC (#monero at freenode), they will probably be able to help you faster.