Gold collapsing. Bitcoin UP.

[iCEBREAKER]

Citizen Four Wins!

It's a great movie and deserved to win.  Snowden is the baddest boy on the planet.  All the women want him and all the men want to be him.

He shit all over Barack "He's no hero" Obama's lying/spying face.  No wonder the poor butthurt DailyKos libtards call him "white boy."  Aww boo-hoo, their magic unicorn turned out to be Bush On Steroids, exactly as predicted.

My favorite parts are when Ed uses the phrase "pro tip" to tell Glen not to leave (radioactive) SD cards in his laptop, and when he describes (1:07) how uber-1337 his privileged access "PrivAc" level was.  D00D!!!1! 

Ha ha you Stasi ratfucks, the Ron Paul Army's cyberwar division completely rooted your box!   

[1714135997]

1714135997

[1714135997]

1714135997

[1714135997]

1714135997

[1714135997]

1714135997

[1714135997]

1714135997

[_mr_e]

http://cointelegraph.com/news/113537/german-bank-unveils-insured-express-bitcoin-buying-moves-into-us-market

[uki]

-snip-

http://cointelegraph.com/news/113537/german-bank-unveils-insured-express-bitcoin-buying-moves-into-us-market

that is indeed very good news! Glad, I am using bitcoin.de, despite their relatively high fees (1% shared between buyer and seller).
I am fine paying a bit more higher fees, provided there can be some kind of guarantee on the funds held at the exchange (statutory German 100k€).

[rocks]

can the Trezor ppl see our balances and tx's while the Trezor is logged into myTrezor.com?

Out of curiosity, how do you guys plan on using your Trezor? I looked into them, like the idea and would like to get one, but couldn't see how a Trezor would fit into how I currently manage my BTC.

In my case I use Armory offline wallets for primary BTC storage, with secure HD seed backups so I'm confident I can always restore the wallets. For day to day usage I keep a small amount in Mycelium, and use this for buying pizza, etc. To fund Mycelium, in Armory I create spending addresses with a small amount of BTC and export the private key to Mycelium. The advantage to this is if I lose my phone, the BTC are recoverable in Armory or HD seed backups. The worse case is if someone steals and breaks my phone, I can only lose the amount on the phone (similar to cash in a real wallet). I like this method because: 1)  I can store and use BTC on my phone without worrying about losing the coins because they are simultaneously in Armory (which is an awesome property of Bitcoin) and 2) Only a small amount are ever "at risk", with the majority secure in Armory.

Because of this I can't see how a Trezor would fit. So how do you guys use it?

[cypherdoc]

can the Trezor ppl see our balances and tx's while the Trezor is logged into myTrezor.com?

Out of curiosity, how do you guys plan on using your Trezor? I looked into them, like the idea and would like to get one, but couldn't see how a Trezor would fit into how I currently manage my BTC.

In my case I use Armory offline wallets for primary BTC storage, with secure HD seed backups so I'm confident I can always restore the wallets. For day to day usage I keep a small amount in Mycelium, and use this for buying pizza, etc. To fund Mycelium, in Armory I create spending addresses with a small amount of BTC and export the private key to Mycelium. The advantage to this is if I lose my phone, the BTC are recoverable in Armory or HD seed backups. The worse case is if someone steals and breaks my phone, I can only lose the amount on the phone (similar to cash in a real wallet). I like this method because: 1)  I can store and use BTC on my phone without worrying about losing the coins because they are simultaneously in Armory (which is an awesome property of Bitcoin) and 2) Only a small amount are ever "at risk", with the majority secure in Armory.

Because of this I can't see how a Trezor would fit. So how do you guys use it?

i foresee the Trezor replacing the offline wallet and its pc and being more secure since the offline wallets can be susceptible to a USB malware attack.  as far as i know, there is no way to get privkeys off a Trezor so in that sense it is safer.  i would hope you could just plug it into your online pc to sign tx's from the online Armory watching only wallets.  we'll have to see what Armory comes up with.

i don't understand how or why you are using HD seeds since Armory currently only generates linear deterministic keypairs, not hierarchical.  i also wouldn't bother exporting privkeys from the offline Armory wallet since you can just make a HD seed backup of your Mycelium wallet that can be restored in case of theft or loss while avoiding excessive and unnecessary exposure to USB attacks from accessing the offline wallet.

[cypherdoc]

can the Trezor ppl see our balances and tx's while the Trezor is logged into myTrezor.com?

Out of curiosity, how do you guys plan on using your Trezor? I looked into them, like the idea and would like to get one, but couldn't see how a Trezor would fit into how I currently manage my BTC.

In my case I use Armory offline wallets for primary BTC storage, with secure HD seed backups so I'm confident I can always restore the wallets. For day to day usage I keep a small amount in Mycelium, and use this for buying pizza, etc. To fund Mycelium, in Armory I create spending addresses with a small amount of BTC and export the private key to Mycelium. The advantage to this is if I lose my phone, the BTC are recoverable in Armory or HD seed backups. The worse case is if someone steals and breaks my phone, I can only lose the amount on the phone (similar to cash in a real wallet). I like this method because: 1)  I can store and use BTC on my phone without worrying about losing the coins because they are simultaneously in Armory (which is an awesome property of Bitcoin) and 2) Only a small amount are ever "at risk", with the majority secure in Armory.

Because of this I can't see how a Trezor would fit. So how do you guys use it?

i foresee the Trezor replacing the offline wallet and its pc and being more secure since the offline wallets can be susceptible to a USB malware attack.  as far as i know, there is no way to get privkeys off a Trezor so in that sense it is safer.  i would hope you could just plug it into your online pc to sign tx's from the online Armory watching only wallets.  we'll have to see what Armory comes up with.

i don't understand how or why you are using HD seeds since Armory currently only generates linear deterministic keypairs, not hierarchical.  i also wouldn't bother exporting privkeys from the offline Armory wallet since you can just make a HD seed backup of your Mycelium wallet that can be restored in case of theft or loss while avoiding excessive and unnecessary exposure to USB attacks from accessing the offline wallet.

i wonder if another reason to avoid exporting Armory linear deterministic privkeys is if you reveal that privkey on your phone along with perhaps the master public key, can ALL your privkeys be determined similar to how it can be done with an xpub+childprivkey in HD wallets? 

molecular would probably know.

[Odalv]

can the Trezor ppl see our balances and tx's while the Trezor is logged into myTrezor.com?

Out of curiosity, how do you guys plan on using your Trezor? I looked into them, like the idea and would like to get one, but couldn't see how a Trezor would fit into how I currently manage my BTC.

In my case I use Armory offline wallets for primary BTC storage, with secure HD seed backups so I'm confident I can always restore the wallets. For day to day usage I keep a small amount in Mycelium, and use this for buying pizza, etc. To fund Mycelium, in Armory I create spending addresses with a small amount of BTC and export the private key to Mycelium. The advantage to this is if I lose my phone, the BTC are recoverable in Armory or HD seed backups. The worse case is if someone steals and breaks my phone, I can only lose the amount on the phone (similar to cash in a real wallet). I like this method because: 1)  I can store and use BTC on my phone without worrying about losing the coins because they are simultaneously in Armory (which is an awesome property of Bitcoin) and 2) Only a small amount are ever "at risk", with the majority secure in Armory.

Because of this I can't see how a Trezor would fit. So how do you guys use it?

i foresee the Trezor replacing the offline wallet and its pc and being more secure since the offline wallets can be susceptible to a USB malware attack.  as far as i know, there is no way to get privkeys off a Trezor so in that sense it is safer.  i would hope you could just plug it into your online pc to sign tx's from the online Armory watching only wallets.  we'll have to see what Armory comes up with.

i don't understand how or why you are using HD seeds since Armory currently only generates linear deterministic keypairs, not hierarchical.  i also wouldn't bother exporting privkeys from the offline Armory wallet since you can just make a HD seed backup of your Mycelium wallet that can be restored in case of theft or loss while avoiding excessive and unnecessary exposure to USB attacks from accessing the offline wallet.

i wonder if another reason to avoid exporting Armory linear deterministic privkeys is if you reveal that privkey on your phone along with perhaps the master public key, can ALL your privkeys be determined similar to how it can be done with an xpub+childprivkey in HD wallets? 

molecular would probably know.

if SINGLE privkey is compromised from linear chain then ALL privkeys can be computed in same chain.

[rocks]

i foresee the Trezor replacing the offline wallet and its pc and being more secure since the offline wallets can be susceptible to a USB malware attack.  as far as i know, there is no way to get privkeys off a Trezor so in that sense it is safer.  i would hope you could just plug it into your online pc to sign tx's from the online Armory watching only wallets.  we'll have to see what Armory comes up with.

OK thanks. So you are using the Trezor as a full replacement for the offline secure storage. And with the planned Armory support will continue to use online Armory watching only wallets as your wallet, but use the Trezor for signing.

That is neat. You keep the Armory front-end, while using a different back-end security platform for signing.

Personally for me I get worried about using any form of hardware that you have to plug into an online compute as the signing mechanism, it's just my preference but I prefer open-source code in machines that have never touched a network.

i don't understand how or why you are using HD seeds since Armory currently only generates linear deterministic keypairs, not hierarchical.  i also wouldn't bother exporting privkeys from the offline Armory wallet since you can just make a HD seed backup of your Mycelium wallet that can be restored in case of theft or loss while avoiding excessive and unnecessary exposure to USB attacks from accessing the offline wallet.

Using standard Armory backups. HD seed is just a general term for any wallet where a single seed can be used to recover any number of addresses. Armory before has advertised itself as being the first "Hierarchical Deterministic Wallet", that is all I was referring too. Understand Armory uses a different type than BIP0032 today.

i wonder if another reason to avoid exporting Armory linear deterministic privkeys is if you reveal that privkey on your phone along with perhaps the master public key, can ALL your privkeys be determined similar to how it can be done with an xpub+childprivkey in HD wallets?  

molecular would probably know.

I do not believe that in any deterministic wallet knowing the private key of any one address provides knowledge of other addresses. When I last looked into this a couple years ago that was my takeaway. If this is not true then that method is broken IMHO. But either way in my case I'd be fine since I use a separate wallet chain for those addresses, only one is nominally funded at a time, so have at it.

molecular, are there issues here?

[molecular]

i wonder if another reason to avoid exporting Armory linear deterministic privkeys is if you reveal that privkey on your phone along with perhaps the master public key, can ALL your privkeys be determined similar to how it can be done with an xpub+childprivkey in HD wallets? 

molecular would probably know.

I have no experience with the armory linear scheme in particular, but I would assume all type 2 deterministic schemes suffer from this problem. I can say it for sure for the classic electrum 'linear' scheme.

My solution: don't ever export private (sub)keys (my trezor nicely keeps me from doing that even when I'm drunk or whatever).

[rocks]

i wonder if another reason to avoid exporting Armory linear deterministic privkeys is if you reveal that privkey on your phone along with perhaps the master public key, can ALL your privkeys be determined similar to how it can be done with an xpub+childprivkey in HD wallets?  

molecular would probably know.

if SINGLE privkey is compromised from linear chain then ALL privkeys can be computed in same chain.

Are you sure? A type 1 wallet is the simplest and weakest, and even in this one knowing the private key of one address provides zero knowledge of other addresses, that is unless SHA256 is broken.

https://en.bitcoin.it/wiki/Deterministic_wallet

In this simple type you take (string + n) and then put that through SHA256 to get a priv key. Then increment n for each additional key. Knowing the priv key of one address provides zero knowledge of either the root string or increment n, these are the pieces of information needed to generate new keys.  And this is for a Type 1, Type 2 which both BIP0032 and Armory are a form of is more secure.

The linear aspect does not mean a sequential set of priv key values. Instead the linear aspect is run through a non-reversible algorithm to generate the priv key, which protects the seed.

I think the advantage of type 2 HD wallets is you can generate a chain of both private and public keys. This enables you to create watching only wallets (which aren't possible with type 1). Here you can take "HD seed" -> generate "public seed" -> then generate "chain of public addresses", this has obvious benefits.

[cypherdoc]

can the Trezor ppl see our balances and tx's while the Trezor is logged into myTrezor.com?

Out of curiosity, how do you guys plan on using your Trezor? I looked into them, like the idea and would like to get one, but couldn't see how a Trezor would fit into how I currently manage my BTC.

In my case I use Armory offline wallets for primary BTC storage, with secure HD seed backups so I'm confident I can always restore the wallets. For day to day usage I keep a small amount in Mycelium, and use this for buying pizza, etc. To fund Mycelium, in Armory I create spending addresses with a small amount of BTC and export the private key to Mycelium. The advantage to this is if I lose my phone, the BTC are recoverable in Armory or HD seed backups. The worse case is if someone steals and breaks my phone, I can only lose the amount on the phone (similar to cash in a real wallet). I like this method because: 1)  I can store and use BTC on my phone without worrying about losing the coins because they are simultaneously in Armory (which is an awesome property of Bitcoin) and 2) Only a small amount are ever "at risk", with the majority secure in Armory.

Because of this I can't see how a Trezor would fit. So how do you guys use it?

i foresee the Trezor replacing the offline wallet and its pc and being more secure since the offline wallets can be susceptible to a USB malware attack.  as far as i know, there is no way to get privkeys off a Trezor so in that sense it is safer.  i would hope you could just plug it into your online pc to sign tx's from the online Armory watching only wallets.  we'll have to see what Armory comes up with.

i don't understand how or why you are using HD seeds since Armory currently only generates linear deterministic keypairs, not hierarchical.  i also wouldn't bother exporting privkeys from the offline Armory wallet since you can just make a HD seed backup of your Mycelium wallet that can be restored in case of theft or loss while avoiding excessive and unnecessary exposure to USB attacks from accessing the offline wallet.

i wonder if another reason to avoid exporting Armory linear deterministic privkeys is if you reveal that privkey on your phone along with perhaps the master public key, can ALL your privkeys be determined similar to how it can be done with an xpub+childprivkey in HD wallets? 

molecular would probably know.

if SINGLE privkey is compromised from linear chain then ALL privkeys can be computed in same chain.

that's not right.  you'd need more information, like the chain code if it's even possible, than just a single privkey from the chain.

[molecular]

can the Trezor ppl see our balances and tx's while the Trezor is logged into myTrezor.com?

Out of curiosity, how do you guys plan on using your Trezor? I looked into them, like the idea and would like to get one, but couldn't see how a Trezor would fit into how I currently manage my BTC.

In my case I use Armory offline wallets for primary BTC storage, with secure HD seed backups so I'm confident I can always restore the wallets. For day to day usage I keep a small amount in Mycelium, and use this for buying pizza, etc. To fund Mycelium, in Armory I create spending addresses with a small amount of BTC and export the private key to Mycelium. The advantage to this is if I lose my phone, the BTC are recoverable in Armory or HD seed backups. The worse case is if someone steals and breaks my phone, I can only lose the amount on the phone (similar to cash in a real wallet). I like this method because: 1)  I can store and use BTC on my phone without worrying about losing the coins because they are simultaneously in Armory (which is an awesome property of Bitcoin) and 2) Only a small amount are ever "at risk", with the majority secure in Armory.

Because of this I can't see how a Trezor would fit. So how do you guys use it?

I use the trezor for both secure long-term storage and also for day-to-day spending. I actually think it's at least as secure a any armory (or other solution running on multipurpose hardware)-based solution. It's the nice thing about trezor: it combines ease of use with extreme security. In conjunction with electrum (as an example) I can also use address-based coin control for increasing privacy.

Of course, for ordering pizza or making the odd donation I use mycelium. It's just way faster (I make a habit of unplugging the trezor after use) and scanning qr-codes from the screen and seeing the payment arrive a second later has something very special to it.

[cypherdoc]

i wonder if another reason to avoid exporting Armory linear deterministic privkeys is if you reveal that privkey on your phone along with perhaps the master public key, can ALL your privkeys be determined similar to how it can be done with an xpub+childprivkey in HD wallets? 

molecular would probably know.

I have no experience with the armory linear scheme in particular, but I would assume all type 2 deterministic schemes suffer from this problem. I can say it for sure for the classic electrum 'linear' scheme.

My solution: don't ever export private (sub)keys (my trezor nicely keeps me from doing that even when I'm drunk or whatever).

i think that is right.

[cypherdoc]

can the Trezor ppl see our balances and tx's while the Trezor is logged into myTrezor.com?

Out of curiosity, how do you guys plan on using your Trezor? I looked into them, like the idea and would like to get one, but couldn't see how a Trezor would fit into how I currently manage my BTC.

In my case I use Armory offline wallets for primary BTC storage, with secure HD seed backups so I'm confident I can always restore the wallets. For day to day usage I keep a small amount in Mycelium, and use this for buying pizza, etc. To fund Mycelium, in Armory I create spending addresses with a small amount of BTC and export the private key to Mycelium. The advantage to this is if I lose my phone, the BTC are recoverable in Armory or HD seed backups. The worse case is if someone steals and breaks my phone, I can only lose the amount on the phone (similar to cash in a real wallet). I like this method because: 1)  I can store and use BTC on my phone without worrying about losing the coins because they are simultaneously in Armory (which is an awesome property of Bitcoin) and 2) Only a small amount are ever "at risk", with the majority secure in Armory.

Because of this I can't see how a Trezor would fit. So how do you guys use it?

I use the trezor for both secure long-term storage and also for day-to-day spending. I actually think it's at least as secure a any armory (or other solution running on multipurpose hardware)-based solution. It's the nice thing about trezor: it combines ease of use with extreme security. In conjunction with electrum (as an example) I can also use address-based coin control for increasing privacy.

Of course, for ordering pizza or making the odd donation I use mycelium. It's just way faster (I make a habit of unplugging the trezor after use) and scanning qr-codes from the screen and seeing the payment arrive a second later has something very special to it.

now i believe that is not right.  i assume you have just one Trezor.  why carry around your long term storage for daily spending?  i assume it has a sizeable balance.  think rubber hosing...

[cypherdoc]

OK thanks. So you are using the Trezor as a full replacement for the offline secure storage. And with the planned Armory support will continue to use online Armory watching only wallets as your wallet, but use the Trezor for signing.

no.  Trezor isn't ready yet to replace offline Armory storage.  it can't communicate yet with the online watching wallet.

[cypherdoc]

HD seed is just a general term for any wallet where a single seed can be used to recover any number of addresses. Armory before has advertised itself as being the first "Hierarchical Deterministic Wallet", that is all I was referring too. Understand Armory uses a different type than BIP0032 today.

are you sure about this?  HD is a very specific term to BIP32 afaik.

[Odalv]

i wonder if another reason to avoid exporting Armory linear deterministic privkeys is if you reveal that privkey on your phone along with perhaps the master public key, can ALL your privkeys be determined similar to how it can be done with an xpub+childprivkey in HD wallets?  

molecular would probably know.

if SINGLE privkey is compromised from linear chain then ALL privkeys can be computed in same chain.

Are you sure? A type 1 wallet is the simplest and weakest, and even in this one knowing the private key of one address provides zero knowledge of other addresses, that is unless SHA256 is broken.

https://en.bitcoin.it/wiki/Deterministic_wallet

In this simple type you take (string + n) and then put that through SHA256 to get a priv key. Then increment n for each additional key. Knowing the priv key of one address provides zero knowledge of either the root string or increment n, these are the pieces of information needed to generate new keys.  And this is for a Type 1, Type 2 which both BIP0032 and Armory are a form of is more secure.

The linear aspect does not mean a sequential set of priv key values. Instead the linear aspect is run through a non-reversible algorithm to generate the priv key, which protects the seed.

I think the advantage of type 2 HD wallets is you can generate a chain of both private and public keys. This enables you to create watching only wallets (which aren't possible with type 1). Here you can take "HD seed" -> generate "public seed" -> then generate "chain of public addresses", this has obvious benefits.

Ok, you are right.  => If I can generate watching only wallets(I know all public keys) and I know 1 private key in this chain then I think I can compute all privkeys in this chain.

edit: or maybe I'm wrong.

[rocks]

OK thanks. So you are using the Trezor as a full replacement for the offline secure storage. And with the planned Armory support will continue to use online Armory watching only wallets as your wallet, but use the Trezor for signing.

no.  Trezor isn't ready yet to replace offline Armory storage.  it can't communicate yet with the online watching wallet.

I got that, the Armory dev team still needs to make the changes.

But I thought in your prior note you said this was how you planned to use Trezor once that functionality was ready, or maybe I misread.

[molecular]

if SINGLE privkey is compromised from linear chain then ALL privkeys can be computed in same chain.

that's not right.  you'd need more information, like the chain code if it's even possible, than just a single privkey from the chain.

you need the master seed and one privkey if I understand correctly. Not sure what kind of other information would be sufficient, but a single private key isn't.

shown here by Vitalik: https://bitcoinmagazine.com/8396/deterministic-wallets-advantages-flaw/

[molecular]

can the Trezor ppl see our balances and tx's while the Trezor is logged into myTrezor.com?

Out of curiosity, how do you guys plan on using your Trezor? I looked into them, like the idea and would like to get one, but couldn't see how a Trezor would fit into how I currently manage my BTC.

In my case I use Armory offline wallets for primary BTC storage, with secure HD seed backups so I'm confident I can always restore the wallets. For day to day usage I keep a small amount in Mycelium, and use this for buying pizza, etc. To fund Mycelium, in Armory I create spending addresses with a small amount of BTC and export the private key to Mycelium. The advantage to this is if I lose my phone, the BTC are recoverable in Armory or HD seed backups. The worse case is if someone steals and breaks my phone, I can only lose the amount on the phone (similar to cash in a real wallet). I like this method because: 1)  I can store and use BTC on my phone without worrying about losing the coins because they are simultaneously in Armory (which is an awesome property of Bitcoin) and 2) Only a small amount are ever "at risk", with the majority secure in Armory.

Because of this I can't see how a Trezor would fit. So how do you guys use it?

I use the trezor for both secure long-term storage and also for day-to-day spending. I actually think it's at least as secure a any armory (or other solution running on multipurpose hardware)-based solution. It's the nice thing about trezor: it combines ease of use with extreme security. In conjunction with electrum (as an example) I can also use address-based coin control for increasing privacy.

Of course, for ordering pizza or making the odd donation I use mycelium. It's just way faster (I make a habit of unplugging the trezor after use) and scanning qr-codes from the screen and seeing the payment arrive a second later has something very special to it.

now i believe that is not right.  i assume you have just one Trezor.  why carry around your long term storage for daily spending?  i assume it has a sizeable balance.  think rubber hosing...

I admit I have multiple trezors.