Moneychanger (Windows Builds) - Out of Date!

[psiborg]

That's pretty clever, I just wish I could actually run this thing.
OT server seems to run fine, but MoneyChanger doesn't yet.

[etotheipi]

A hacker trying to impersonate your passphrase dialog will be very unlikely to guess the exact goat picture that you chose for yours, and thus will be unable to trick you into entering your passphrase into an imposter dialog. Without this security precaution, the hacker could make a fake dialog that would look correct to thousands of people.  But WITH this security precaution, the hacker would have to guess the individual password image used by each and every one of those thousands of people (and it's extremely unlikely that he could do that...) When his fake dialog pops up, any near-victim would immediately see that it's the wrong dialog, since it does not feature the unique password image that person chose when he first installed OT.

I hope that clears it up.  I'm sure da2ce7 will contact you soon to help figure out the issue you are having.

What's stopping the hacker's software from reading your settings file for OT and finding out what password picture it uses?

I've seen this technique on yahoo mail before, where the attacker has to put up a fairly generic webpage and doesn't have access to your password picture.  But if the hacker already planted software on your system, I would think it has access to everything it needs to impersonate the dialog.

[fellowtraveler]

A hacker trying to impersonate your passphrase dialog will be very unlikely to guess the exact goat picture that you chose for yours, and thus will be unable to trick you into entering your passphrase into an imposter dialog. Without this security precaution, the hacker could make a fake dialog that would look correct to thousands of people.  But WITH this security precaution, the hacker would have to guess the individual password image used by each and every one of those thousands of people (and it's extremely unlikely that he could do that...) When his fake dialog pops up, any near-victim would immediately see that it's the wrong dialog, since it does not feature the unique password image that person chose when he first installed OT.

I hope that clears it up.  I'm sure da2ce7 will contact you soon to help figure out the issue you are having.

What's stopping the hacker's software from reading your settings file for OT and finding out what password picture it uses?

I've seen this technique on yahoo mail before, where the attacker has to put up a fairly generic webpage and doesn't have access to your password picture.  But if the hacker already planted software on your system, I would think it has access to everything it needs to impersonate the dialog.

The OT settings file isn't encrypted yet, but I'm storing the picture file location inside the settings file, so that when the day comes that the settings ARE encrypted, the location will be safe in there as well.

(da2ce7, FYI, this is why the picture path is stored in OT settings instead of generic Java settings...)

As for a compromised system, I agree there's not much you can do about that, except try to practice better security.

I do, however, believe that as a result of that, things are going to have to move towards smart cards.

-FT

[da2ce7]

(da2ce7, FYI, this is why the picture path is stored in OT settings instead of generic Java settings...)

Yes... The Java Generic Settings only stores IF a password image has been set... not what image it is.

[da2ce7]

The builds are out of date... Will be uploading new ones soon!

[da2ce7]

The builds are out of date... Will be uploading new ones soon!

Updated Builds... Hope they work better this time!

[da2ce7]

My Branch of Open Transactions now has Automake support!

https://github.com/da2ce7/Open-Transactions/blob/master/Makefile.am

[da2ce7]

Updated Windows Builds! 

Now Compiling with Unicode; also updated to latest ChaiScript and ZeroMQ versions.

[da2ce7]

Updated Windows Builds! 

Now Compiling with Unicode; also updated to latest ChaiScript and ZeroMQ versions.

Also Fixed some bugs that made it not run properly on Windows XP. 

[da2ce7]

Big Update!         

1.  Cash now works on windows!  (don't ask me how many bugs had to be squashed to get this working!!!)...

2.  Configuration Files are auto-generated (you still need to copy over the user-data... however that now only includes the wallet and contract files).

3.  Heaps of bug-fixes and work on scripting.... ot prompt is now included in this package.

4.  Heaps of Upstream work from FellowTraveler!   My branch has been rebased against FT's master. 


Overall, please test.... I think that we have got to the stage where it can almost be used for demonstration purposes!

[da2ce7]

Oh yeah... Now everything is built with Unicode support!  

*we there were a few bugs with zmq and OpenSSL.

[da2ce7]

Fixed some visual issues with Moneychanger...  Now it will be usable on lower resolution screens.     and Have made some pictures of Moneychanger in action!

Settings Screen:


Password with Image:


Moneychanger Loaded:


Exporting Cash:


Depositing The Cash again:




Well there we are!     Moneychanger is REALLY working on Windows!

[da2ce7]

Fixed a bug in the User Data... https://github.com/downloads/da2ce7/Open-Transactions/Open-Transactions_916224f_UserData_and_Scripts.7z

[da2ce7]

Updated Version of Moneychanger... This update is mainly visual changes. 

https://github.com/downloads/da2ce7/Moneychanger/Moneychanger-47447f5.jar

[HostFat]

otserver.exe crashes.
Is this usefull to you?
https://i.imgur.com/6C0sw.jpg

[da2ce7]

otserver.exe crashes.
Is this usefull to you?
https://i.imgur.com/6C0sw.jpg

You didn't copy over the user data.  See the OP.  It needs to be copied into the AppData/Roaming folder.

[da2ce7]

You didn't copy over the user data.  See the OP.  It needs to be copied into the AppData/Roaming folder.

see: inside the user_data folder... There is a "server_data" folder... Copy that folder into the root of /roaming/OpenTransactions

Hmm.... I really need to make a pictured install guide...

[HostFat]

Windows XP doesn't have the roaming folder.
%appdata% redirect to "C:\Documents and Settings\[username]\Application Data"

The "Bitcoin" config folder is here:

%appdata%\bitcoin

"C:\Documents and Settings\[username]\Application Data\Bitcoin"

[da2ce7]

In that case:

C:\Documents and Settings\[username]\Application Data\OpenTransactions\client_data\

You will need to get the new version of the User Data in my OP.  As I found a bug in the old version.

[HostFat]

Ok I did it.
Now I have "client_data" and "server_data" here:
C:\Documents and Settings\[username]\Application Data\OpenTransactions

I run otserver and I get this:

Code:

Loading Open Transactions server. File version: 2.0
 Last Issued Transaction Number: 580
 ServerID:
tBy5mL14qSQXCJK7Uz3WlTOKRP9M0JZksA3Eg7EnnQ1

Loading masterKey:
CkwAAQCAAAD//wAAAAhF55ttRJnIAgAAABAJe1kC7/qatp+gp1CW7DOVAAAAIJoT
vDjkRsl+LgKYCyf2kZPUxdZFeKJXYHFdzuk/m+uJ

PLEASE SIGN YOUR PASSPHRASE, for: "OTAsymmetricKey::LoadPrivateKeyFromCertString
 is calling PEM_read_bio_PrivateKey..."
(OT) passphrase:

If I write something and than press [enter], it crashes again.