Pages:
Author

Topic: [ANN] BitcoinSpinner - page 3. (Read 45089 times)

Jan
legendary
Activity: 1043
Merit: 1002
April 19, 2013, 01:21:29 PM
I've been using BitcoinSpinner for a while now and like it quite a bit. I think I've read through most of this thread, so I apologize if I missed the answer to this: What happens if the backend server goes away? Can I still retrieve my coins somehow?

If the answer is no, then the one feature I'd like to request is the ability to change the backend server that the app connects to (and if a special backend server is needed, can that software be open sourced?). In the event that you and/or your server go away, I would hate to loose access to whatever coins I have stored in my wallet. Would something like that even be possible?
Besides "backup wallet" option, there is the "export private key" under "advanced" settings. I have not tested the functionality myself, but if this is the actual private key, we should be able to import it into any client.
Niko is right. The ability to export your private key has been there from the first release. For one of my spending wallet I have exported the private key and imported it in a blockchain.info wallet. This way I can access the same funds from my BitcoinSpinner Android phone and blockchain.info iPhone app.
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
April 19, 2013, 12:50:32 PM
I've been using BitcoinSpinner for a while now and like it quite a bit. I think I've read through most of this thread, so I apologize if I missed the answer to this: What happens if the backend server goes away? Can I still retrieve my coins somehow?

If the answer is no, then the one feature I'd like to request is the ability to change the backend server that the app connects to (and if a special backend server is needed, can that software be open sourced?). In the event that you and/or your server go away, I would hate to loose access to whatever coins I have stored in my wallet. Would something like that even be possible?
Besides "backup wallet" option, there is the "export private key" under "advanced" settings. I have not tested the functionality myself, but if this is the actual private key, we should be able to import it into any client.
newbie
Activity: 17
Merit: 0
April 19, 2013, 12:17:41 PM
I've been using BitcoinSpinner for a while now and like it quite a bit. I think I've read through most of this thread, so I apologize if I missed the answer to this: What happens if the backend server goes away? Can I still retrieve my coins somehow?

If the answer is no, then the one feature I'd like to request is the ability to change the backend server that the app connects to (and if a special backend server is needed, can that software be open sourced?). In the event that you and/or your server go away, I would hate to loose access to whatever coins I have stored in my wallet. Would something like that even be possible?
hero member
Activity: 644
Merit: 504
March 26, 2013, 04:16:23 AM
Why the testnet version isn't working?
"server not responding"
The testnet server was used during initial development. It hasn't been running for a long time to reduce cost.

Ah, thanks.
So I can uninstall the app, now.
Jan
legendary
Activity: 1043
Merit: 1002
March 26, 2013, 12:26:18 AM
Why the testnet version isn't working?
"server not responding"
The testnet server was used during initial development. It hasn't been running for a long time to reduce cost.
hero member
Activity: 644
Merit: 504
March 25, 2013, 05:14:02 PM
Why the testnet version isn't working?
"server not responding"
legendary
Activity: 2576
Merit: 2267
1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
March 22, 2013, 10:15:12 PM

Thanx for the explanation. Now I only need some non public printer without hard drive to print some qr codes.

I have one. Email them to me and I'll print them for you. Smiley
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
March 22, 2013, 09:59:10 PM
Thank you for your suggestions.
You are absolutely right regarding the current PIN security. It is there to avoid someone from grabbing your phone and move your coins while you look the other way.

I have been thinking along the same lines regarding encrypting keys, and didn't do it for the following reasons:
 - Entering (secure) PIN/passwords on a smartphone is a real pain as it has to be long/complex
 - Doing "key-stretching" on a shorter/less complex PIN (for instance hash the PIN many many times) takes long time if you want it to be secure. Using a fixed time (say 10 seconds) is not equally secure on every device as they have different CPU power and all have to compete with for instance a fast desktop computer, or maybe even an Avalon

Instead I do something else. I have two paper backups: one for my savings, and one for my daily use.

Normally I only have the wallet for daily use on my phone. Whenever I need to recharge it I:
1) Restore the savings wallet on my phone (Click the options button->Settings-> Restore wallet and scan the QR-code for your savings wallet backup)
2) Send funds to my spending wallet (I have the address in the address book, so it is really easy)
3) Restore the spending wallet (Click the options button->Settings-> Restore wallet and scan the QR-code for your spending wallet backup)
The entire process takes less than a minute

The important thing is that after step 3 the private key for the savings wallet gas been deleted from my device.

You can make this even more secure if you (as you suggest) use a dedicated device with nothing else installed.

Thanx for the explanation. Now I only need some non public printer without hard drive to print some qr codes.
Jan
legendary
Activity: 1043
Merit: 1002
March 20, 2013, 12:56:25 AM
Thank you for your suggestions.
You are absolutely right regarding the current PIN security. It is there to avoid someone from grabbing your phone and move your coins while you look the other way.

I have been thinking along the same lines regarding encrypting keys, and didn't do it for the following reasons:
 - Entering (secure) PIN/passwords on a smartphone is a real pain as it has to be long/complex
 - Doing "key-stretching" on a shorter/less complex PIN (for instance hash the PIN many many times) takes long time if you want it to be secure. Using a fixed time (say 10 seconds) is not equally secure on every device as they have different CPU power and all have to compete with for instance a fast desktop computer, or maybe even an Avalon

Instead I do something else. I have two paper backups: one for my savings, and one for my daily use.

Normally I only have the wallet for daily use on my phone. Whenever I need to recharge it I:
1) Restore the savings wallet on my phone (Click the options button->Settings-> Restore wallet and scan the QR-code for your savings wallet backup)
2) Send funds to my spending wallet (I have the address in the address book, so it is really easy)
3) Restore the spending wallet (Click the options button->Settings-> Restore wallet and scan the QR-code for your spending wallet backup)
The entire process takes less than a minute

The important thing is that after step 3 the private key for the savings wallet gas been deleted from my device.

You can make this even more secure if you (as you suggest) use a dedicated device with nothing else installed.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
March 19, 2013, 10:49:59 PM
Ahhh! is this the right thread? Maybe lock and use only this?
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
March 19, 2013, 10:44:21 PM
TLDR: I want a dedicated secure Bitcoin Wallet with open source that I compiled myself.



The rest is kind of brain storming. I warned you:
As Bitcoins become more valuable, I spend more time on how to get them secured. BS looks like an amount of code I can review. bccapi maybe not but I assume, others do that. Generally it would be cool to have some project that collects signatures from people that did actually review code as I'm pretty sure it would be rather easy to abuse the users trust.

Anyway, I just bought the cheapest tablet I could get to run it as a dedicated bitcoin wallet with is either Schildbach or Spinner. Plan was to not install anything remotely related to bitcoin except for a wallet I compiled myself.

Schildbach and BS have the private key plain text on the device which is kind of unsafe.

I know that protecting against some unspecific attacks of "free chargers" copying all files from my device are maybe not really the main threat but still I guess this should be taken care of.

I just got started digging into the code and wonder if there would be an "easy" way to lock it down some more. My idea was to stick with the n digit password but to actually use it (For non-devs: Now it is only an interface-gimmick preventing friends from silently toying around with your money but don't protect you from malicious USB chargers or a phone-thief moving your money within minutes). You could for example determine the speed of the device and hash x times the 6-digit password to generate a decryption key with x roughly taking 10s on the device. For this to be still fun, you should only use the priv key when sending bitcoins (like bitcoin-qt but delayed 10s for hashing). An attacker that somehow just got the encrypted priv key and the plain text "SHA256 applied 12,184,276 times" would take significantly longer to actually get hold of the bitcoins than now. Also allowing longer passwords would then make sense. (some "the average Joe's bot net is 15,000,000 times faster than your phone and would brute force your password in 17.3h. Never put more money into your wallet than bot nets cost to run for that amount of time" might be miss-leading as other attacks might be cheaper.)

Sure, such hashing would also allow to safely use shorter passwords in bitcoin-qt but there a longer password is not such a pain to enter … maybe?


Pro-Tip for Android rooters: On a rooted Android with "USB debugging on", Spinner's and Schildbach's wallets are open books to any PC you charge your phone at.
hero member
Activity: 763
Merit: 500
February 12, 2013, 05:22:17 AM
Fixed.
great, thx. I can confirm that my 10+ btc show up as they should :-)
Jan
legendary
Activity: 1043
Merit: 1002
February 12, 2013, 02:40:06 AM
Jan, do you make available some compounded statistics?
It would be nice to see the total number of wallets over time, or number of transactions per day.
With the earlier backend implementation I could get precise statistics as it only tracked the transaction inputs/outputs of known BitcoinSpinner wallets. The new implementation, which has been in production for some months now, does not track BitcoinSpinner wallets in particular. It tracks all bitcoin addresses in existence, and does not 'remember' which ones have been queried for unspent outputs, transaction history etc. This allows it to be stateless in the sense that the only information it has is what is readily available in the Bitcoin network, which will allow me to have multiple totally redundant copies.

What I do know is how many active device installs there are according to Google Play. The current number is 2009 which is the number of devices where it was installed and not uninstalled. This number does not cover people who installed it from other sources.
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
February 11, 2013, 04:59:42 PM
Jan, do you make available some compounded statistics?
It would be nice to see the total number of wallets over time, or number of transactions per day.
Jan
legendary
Activity: 1043
Merit: 1002
February 11, 2013, 02:13:13 PM
i've just sent some coins from one spinner to another one. tells me since hours that "couins on their way to you: ..." but that's it. does this also happen to others or is it just my setup/account here?
Server running low on storage, working on a fix.
Fixed.
Jan
legendary
Activity: 1043
Merit: 1002
February 11, 2013, 01:59:59 PM
i've just sent some coins from one spinner to another one. tells me since hours that "couins on their way to you: ..." but that's it. does this also happen to others or is it just my setup/account here?
Server running low on storage, working on a fix.
hero member
Activity: 763
Merit: 500
February 11, 2013, 12:38:10 PM
i've just sent some coins from one spinner to another one. tells me since hours that "couins on their way to you: ..." but that's it. does this also happen to others or is it just my setup/account here?
legendary
Activity: 1708
Merit: 1020
February 02, 2013, 12:31:15 PM
Quick and easy question to save me some time trying..

Bitaddress.org can make an addy and a private key..  

How would I go about making a wallet from bitaddress.org and importing it into spinner ?

obviously I have some ideas on this.. but would like to know the surefire way..

Thanks

Short answer:

You can't. BitcoinSpinner's "wallet" isn't designed that way. The one key it gives is all you can have.


Would like to see that, too. Maybe it is possible to swipe the coins from the scanned key.
Jan
legendary
Activity: 1043
Merit: 1002
December 31, 2012, 08:38:52 AM
BitcoinSpinner v0.8.1b is out:
 - Fixed typo in German translation
 - Fixed a fee validation bug that occurs when sending a transaction with many small inputs. The effect has been observed to prevent you from sending your last funds when you have many small inputs. Thanks to Object 2212 for helping me test and debug it.

It might take an hour before you can update it from the Android Market.

Enjoy, and Happy New Year!
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
December 12, 2012, 09:09:49 AM
Thanks Jan for your great work on my absolute favorite Android Bitcoin Wallet.
Pages:
Jump to: