BitLox
Newbie
 Offline
Activity: 31
Merit: 0
|
 |
January 28, 2016, 05:43:29 PM |
|
Once again, it's videos from BitLox. Someone said I didn't have any videos of the Bitlox doing transactions, so I guess I'm overcompensating.  Here's one on doing transactions in the "expert" mode. I think this is cool, because you get to see and can verify all the raw hex that flows back and forth. Plus you can do your own verification before anything is sent to the network, or heck, you can turn off your network access once the transaction has been built, so that before it's signed, you're on an isolated system. Cut and paste the signed transaction then submit it any way you like after verifying. Anyways, here's the video: https://youtu.be/3qhFZmGsDosYou mention at the website that it is possible to set up hidden wallets on the BitLox. Is this done by using passphrases like Trezor? A hidden wallet is set up exactly like a normal wallet. You can create a PIN for your wallet on the device via the keypad (the host only initiates the creation of a wallet) up to 20 characters long 0-9 a-z A-Z. No sensitive data is EVER created on or transmitted from the host app. What differs is that this wallet is not enumerated when a wallet listing is done, it has no unencrypted part, so the wallet (if one were to examine the data block in which it sits) is indistinguishable from the random data that is used to initialize the wallet space (all 1s, all 0s, random, random, so every bit gets flipped at least once). When you create the wallet, you choose the index, a number between 51-100. The device only uses this to initialize the space, after that it has no knowledge if there is a wallet there or not. To access a hidden wallet, you must address it directly by index, such as "load the 67th wallet". If there is a wallet there, and the PIN is correct, it decrypts and is a usable wallet. If the PIN is incorrect OR there is no wallet there, it decrypts to gobbledygook. Same behavior for wallet there/bad PIN and no wallet actually there. Full deniability. bit Brute force attacks are stopped by having a "global" counter for wallet attempts. We can't keep track of what wallet numbers were successfully loaded or not, as that might imply the existence of hidden wallets (if they are there). So if _in aggregate_ 3/5/7 bad attempts are made to load a wallet (expert/advanced/standard setup) the device immediately resets and a 45/30/15 minute delay to re-enter is imposed. Further bad attempt cause the lockout time to grow exponentially [ edit - I just checked the code, sorry, it's the device and transaction PINs that go exponential.] (the wallet lockout times are deliberately harsh but not ridiculous, as they are reset by a correct device PIN entry). Lockout time is evaluated BEFORE the device PIN is evaluated, so you MUST wait. The only way around the delay is to wipe the entire device via the duress PIN "911" (which causes an immediate wipe of the wallet space) or to reflash the device. Thanks for the reply! I did manage to find the link to the BitLox user manual which is very good. I think you are the only bitcoin hardware wallet vendor other than Trezor who has taken the time to write up a comprehensive user manual. I had to navigate to http://bitlox.io/support to find the user manual, perhaps consider a direct link to the manual from the menu at your main site bitlox.com? iPhone users finally have a bitcoin hardware wallet that works with their phone. Good suggestion, I put the link up there so it's easy to find. I'll be uploading a video on hidden wallets in a bit, keep on the lookout! |
|
|
|
|
LiteCoinGuy (OP)
Legendary
Offline
Activity: 1148
Merit: 1014
In Satoshi I Trust
|
|
January 30, 2016, 02:45:07 PM |
|
|
|
|
|
n691309
Legendary
Offline
Activity: 1526
Merit: 1001
|
|
January 30, 2016, 08:01:10 PM |
|
Just read the whole Interview and i think that i knew most of the things before, I'm collecting to buy one as i think it is the most secured hardware wallet at the moment, but the cons is the high price. |
|
|
|
|
BitcoinNewsMagazine
Legendary
Offline
Activity: 1806
Merit: 1164
|
|
January 30, 2016, 09:34:27 PM |
|
Just read the whole Interview and i think that i knew most of the things before, I'm collecting to buy one as i think it is the most secured hardware wallet at the moment, but the cons is the high price. I have both KeepKey and Trezor and really do not use the KeepKey much. The Trezor works with my phone and Trezor lets you create passphrase protected hidden accounts. KeepKey does not. I do not feel you are gaining any security by using KeepKey over Trezor. If you just like the looks of the KeepKey you are getting a basic hardware wallet with PIN protection only that works very well with Multibit HD. Nothing wrong with that at all, but you lose some of the advanced functionality only Trezor and BitLox have at this time. Just take the time to make sure the hardware wallet you buy meets your needs. |
|
|
|
|
xleejohnx
|
|
January 31, 2016, 06:29:53 PM |
|
Would receiving mining payments sent to the trezor or ledger wallet be good or bad?
|
As I see a super coin as the super highway and alt coins as taxis and trucks needed to move transactions. ~philipma1957
|
|
|
OROBTC
Legendary
Offline
Activity: 2926
Merit: 1863
|
|
January 31, 2016, 06:53:40 PM |
|
Would receiving mining payments sent to the trezor or ledger wallet be good or bad?
Receiving payments, especially regular payments, directly to a hardware wallet is better than to an online wallet IMO. Depending on what you have in mind (privacy?), you could have the BTC sent to a different wallet each time (burdensome)... OR You could just arrange to quickly send your payments (after receipt) off to a mixing service and then on to your hardware wallet. (I do not get mining payments, but I do get Sig Campaign payments, and the latter above is what I do) |
|
|
|
|
|
xleejohnx
|
|
January 31, 2016, 06:58:22 PM |
|
Would receiving mining payments sent to the trezor or ledger wallet be good or bad?
Receiving payments, especially regular payments, directly to a hardware wallet is better than to an online wallet IMO. Depending on what you have in mind (privacy?), you could have the BTC sent to a different wallet each time (burdensome)... OR You could just arrange to quickly send your payments (after receipt) off to a mixing service and then on to your hardware wallet. (I do not get mining payments, but I do get Sig Campaign payments, and the latter above is what I do) What I wanna do is move away from coinbase I'm looking at multibit hd using either trezor or ledger for my mining payments to be directly deposited into.. Just making sure it would work like I want it too and I'm not sure which one is best to use |
As I see a super coin as the super highway and alt coins as taxis and trucks needed to move transactions. ~philipma1957
|
|
|
BitcoinNewsMagazine
Legendary
Offline
Activity: 1806
Merit: 1164
|
|
January 31, 2016, 08:37:31 PM |
|
Would receiving mining payments sent to the trezor or ledger wallet be good or bad?
Receiving payments, especially regular payments, directly to a hardware wallet is better than to an online wallet IMO. Depending on what you have in mind (privacy?), you could have the BTC sent to a different wallet each time (burdensome)... OR You could just arrange to quickly send your payments (after receipt) off to a mixing service and then on to your hardware wallet. (I do not get mining payments, but I do get Sig Campaign payments, and the latter above is what I do) Depends on how many payments per day your Trezor is receiving to a single account. If you are receiving many payments per day you could develop a problem with Trezor synching see this post at reddit. How to fix: "The speed is limited by number of inputs you are spending. Trezor has to stream each input transaction into the device to check that the indicated amount of input is correct. This is security feature which prevents certain type of attacks, so it cannot be left out. In your case, you have hundreds of input. If you are receiving a lot of transactions on daily basis, it is good practice to send received bitcoin to another Trezor account when you collect around 50-100 transactions. This way you will defragment and collect the input and your coin will be ready to spend fast." |
|
|
|
|
btchip
|
|
January 31, 2016, 11:48:57 PM |
|
There are actually two problems : having a lot of small inputs, and having an input produced by a giant transaction. The first problem slows down the whole signature process (as the signature is fully re-hashed for all inputs), while the second one slows down the input recovery once (but that can be noticeable if many inputs have been produced by such transactions) Now the good news is the new signature mechanism associated to SegWit helps with both issues - you only need to process the full transaction once, and don't need to process the parent transaction to recover the value associated to the input. It's hard to say it'll be enough to make the mining use case bearable yet, but it'll definitely be much better. |
|
|
|
OROBTC
Legendary
Offline
Activity: 2926
Merit: 1863
|
|
February 01, 2016, 03:09:34 AM |
|
...
In more detail and more accurately, in my case BitcoinNewsMagazine and btchip, I receive regular payments to one wallet, my irregular payments (when I buy BTC) go to a different wallet each time I purchase (all of these wallets are online wallets for convenience).
Once the transactions are confirmed and once I "have enough" to mix, I then send BTC off to be mixed and then to either my Ledger Nano or my Trezor depending on my mood.
|
|
|
|
|
|
Bridgewater
|
|
February 01, 2016, 03:41:46 AM |
|
Just read the whole Interview and i think that i knew most of the things before, I'm collecting to buy one as i think it is the most secured hardware wallet at the moment, but the cons is the high price. The Trezor works with my phone and Trezor lets you create passphrase protected hidden accounts. KeepKey does not. I'm not sure this is accurate. Have you tried setting up KeepKey with Electrum? From https://www.keepkey.com/keepkey/faq/security/ "If someone finds my KeepKey recovery sentence backup, can they steal my bitcoins? If you use KeepKey’s advanced passphrase feature, even if a thief learns your recovery sentence, they will not be able to access your bitcoins without knowing the passphrase. You can also have multiple passphrases, making it even more difficult for thieves with your recovery sentence to gain access to your bitcoins." I do not feel you are gaining any security by using KeepKey over Trezor. If you just like the looks of the KeepKey you are getting a basic hardware wallet with PIN protection only that works very well with Multibit HD. Nothing wrong with that at all, but you lose some of the advanced functionality only Trezor and BitLox have at this time. Just take the time to make sure the hardware wallet you buy meets your needs. You're only talking about current lack of software support, right? Hardware/firmware wise, I thought the Keepkey retained every bit of the Trezor functionality, with added performance of the larger screen and faster operation, plus it has the additional feature of scrambled-word recovery that Trezor cannot do. I do not own a keepkey (yet) but I'm sure Aussiehash can confirm this. |
|
|
|
|
|
AussieHash
|
|
February 01, 2016, 06:13:33 AM |
|
Firmware wise, KK and Trezor are comparable.
Wallet wise, there are some differences, reflecting Trezor's longer time on the market.
The KeepKey Chrome extension wallet has fewer features then myTrezor's web wallet.
2 major omissions (from the KK Chrome ext wallet) are passphrase support and 24 word initialization (you can however restore a 24 word seed).
KeepKey Chrome also doesn't have the dropbox account names/transaction metadata that myTrezor does, but on the flip side, keepkey doesn't rely on the BoP backend and I am still unable to find OSX uninstall instructions for the myTrezor daemon which continues to fill my console logs with non stop errors.
Electrum 2.x offers 24 word seeds and passphrase support for both Trezor and KeepKey.
KeepKey is not currently supported by Android Mycelium, but Darrin has suggested elsewhere that a mobile solution is about 2 months from release.
|
|
|
|
|
|
japerry
|
|
February 01, 2016, 12:22:32 PM |
|
Would receiving mining payments sent to the trezor or ledger wallet be good or bad?
Receiving payments, especially regular payments, directly to a hardware wallet is better than to an online wallet IMO. Depending on what you have in mind (privacy?), you could have the BTC sent to a different wallet each time (burdensome)... OR You could just arrange to quickly send your payments (after receipt) off to a mixing service and then on to your hardware wallet. (I do not get mining payments, but I do get Sig Campaign payments, and the latter above is what I do) What I wanna do is move away from coinbase I'm looking at multibit hd using either trezor or ledger for my mining payments to be directly deposited into.. Just making sure it would work like I want it too and I'm not sure which one is best to use You may want to consider Copay. That's what I use and I like it.. I use it in conjunction with my Ledger. |
|
|
|
BitcoinNewsMagazine
Legendary
Offline
Activity: 1806
Merit: 1164
|
|
February 01, 2016, 01:47:14 PM
Last edit: February 01, 2016, 04:16:33 PM by BitcoinNewsMagazine |
|
Just read the whole Interview and i think that i knew most of the things before, I'm collecting to buy one as i think it is the most secured hardware wallet at the moment, but the cons is the high price. The Trezor works with my phone and Trezor lets you create passphrase protected hidden accounts. KeepKey does not. I'm not sure this is accurate. Have you tried setting up KeepKey with Electrum? From https://www.keepkey.com/keepkey/faq/security/ "If someone finds my KeepKey recovery sentence backup, can they steal my bitcoins? If you use KeepKey’s advanced passphrase feature, even if a thief learns your recovery sentence, they will not be able to access your bitcoins without knowing the passphrase. You can also have multiple passphrases, making it even more difficult for thieves with your recovery sentence to gain access to your bitcoins." I do not feel you are gaining any security by using KeepKey over Trezor. If you just like the looks of the KeepKey you are getting a basic hardware wallet with PIN protection only that works very well with Multibit HD. Nothing wrong with that at all, but you lose some of the advanced functionality only Trezor and BitLox have at this time. Just take the time to make sure the hardware wallet you buy meets your needs. You're only talking about current lack of software support, right? Hardware/firmware wise, I thought the Keepkey retained every bit of the Trezor functionality, with added performance of the larger screen and faster operation, plus it has the additional feature of scrambled-word recovery that Trezor cannot do. I do not own a keepkey (yet) but I'm sure Aussiehash can confirm this. I have a KeepKey of course, and have been in contact with the company. KeepKey does not support passphrase protected accounts using the Chrome extension. They mentioned to me they need to change the website to reflect that. They may add passphrase support in a future release. Sorry to report that KeepKey can not create passphrase protected accounts in Electrum-2.5.4. I was able to get KeepKey working with Electrum with some help from support and they agreed with me there is no way to add passphrase protection in Electrum. Took a couple of days of sending emails back and forth to confirm that. It is also a pain to have to run Electrum from a command prompt. KeepKey definitely does not have the advanced features of Trezor. |
|
|
|
GeertBerkers
Full Member
Offline
Activity: 173
Merit: 100
Love Primedice!
|
|
February 01, 2016, 05:33:51 PM |
|
Looks nice, but I think I prefer online wallet. Just as simple
|
|
|
|
LiteCoinGuy (OP)
Legendary
Offline
Activity: 1148
Merit: 1014
In Satoshi I Trust
|
|
February 12, 2016, 08:24:41 AM |
|
Looks nice, but I think I prefer online wallet. Just as simple
good luck buddy |
|
|
|
|
xqus
|
|
February 12, 2016, 05:20:27 PM |
|
Looks nice, but I think I prefer online wallet. Just as simple
Yes, just as simple. But totally insecure if you compare it to a proper hardware wallet. If you have $50 in bitcoin, online wallet = no problem. |
|
|
|
|
japerry
|
|
February 13, 2016, 04:53:27 AM |
|
Looks nice, but I think I prefer online wallet. Just as simple
good luck buddy Yeah... Let us know when you get " 404 - Page Not Found" or an email that says "We've been hacked. Sorry about that. Your coins are gone and we're shutting down." |
|
|
|
LiteCoinGuy (OP)
Legendary
Offline
Activity: 1148
Merit: 1014
In Satoshi I Trust
|
|
February 13, 2016, 10:32:18 AM |
|
Looks nice, but I think I prefer online wallet. Just as simple
good luck buddy Yeah... Let us know when you get " 404 - Page Not Found" or an email that says "We've been hacked. Sorry about that. Your coins are gone and we're shutting down." that will never happen  |
|
|
|
LiteCoinGuy (OP)
Legendary
Offline
Activity: 1148
Merit: 1014
In Satoshi I Trust
|
|
February 13, 2016, 10:32:47 AM |
|
|
|
|
|
|
