Topic: [ANN][XCP] Counterparty - Pioneering Peer-to-Peer Finance - Official Thread - page 282. (Read 1276936 times)

COUNTERWALLET MOVES TO BITCORE
(repost from https://forums.counterparty.co/index.php?topic=321 ...specific questions are best left there)

If you have a wallet at counterwallet.co, this will affect you. Please read.

We have just released a new version of Counterwallet (1.1.5) that moves from bitcoinjs-lib to Bitpay’s bitcore library for the underlying Bitcoin-related functionality. This move was largely due to the earlier security issue we had earlier with bitcoinjs-lib, as well as the current state of rapid change that library is in. At this time at least, we feel that bitcore is the more mature library, and has more support and unit tests. Furthermore, we have had the bitcore development team review and okay our bitcore integration, and currently have a security professional performing testing on Counterwallet.

Updating to New Wallet Generation
On top of the security issue we experienced with the library, there was also a change to the underlying Crypto library in use by bitcoinjs-lib. This update silently did not support the specific way we were supplying the passphrase to the library's wallet generation code, but still appeared to work fine (due to the absence of assertion checking in the library). This had the unfortunate side effect of reducing the entropy (randomness) of the wallet keys generated by Counterwallet, from the full 128 bits down to ~100-108 bits of entropy. While this is still too high for any kind of effective brute-forcing attacks (i.e. existing wallets are still very much safe), we are requiring our users to migrate to a new wallet within the next 2 months (i.e. before July 15, 2014), just to be sure. The bitcore code uses standard input formats, has tests around it, as well as necessary type checking.

Accessing Your Existing Wallet
If you created your wallet before May 8th, please prepend your passphrase with “old " to access your funds. For example, if your existing passphrase was "acid doubt danger hum dinner action final point demand inhale bedroom ocean", your new passphrase would be "old acid doubt danger hum dinner action final point demand inhale bedroom ocean".

Once logged into your existing wallet, it should continue to work as before. Remember: you should migrate your funds to a new wallet as soon as possible, and definitely by July 15. Read on for instructions on how to do that.

Sweeping your old funds
Setting up a new wallet and sweeping your existing funds into it is a very easy process, with our autosweep functionality. To get started, simply log into Counterwallet using your existing passphrase (without the “old “ prefix). Once in, click on the Import Funds button, and then choose From Old Wallet. Follow the instructions on that dialog, which will allow you to directly import all old wallet funds into the new wallet. Using your existing passphrase for this process is safe, and will enable the full 128 bits of entropy for your new wallet.

Note that if you do not have sufficient BTC balance to handle the fees to transfer the assets at a given address in your old wallet, the dialog will give you the chance to specify a private key to another address with the BTC to use for the fees.

Conclusion
To be honest, our experience with bitcoinjs-lib has been frustrating, and we apologize for the inconvenience this has caused our users. We have tried to make this process as smooth as possible this time, and these kinds of issues should hopefully be a thing of the past with our move to bitcore.

The Counterparty Team

Can someone please send me the Counterpartyd database file?

Will this eliminate the time to build the database?

Any details on the specifics of the security bug in bitcoinjs-lib? thx

In days ;-)

It's not fast.
But if your goal is to buy XCP quickly and now, go to BTer or Poloniex and buy.

Devs can you give any information when betting system is coming to dex? In weeks or in months?

Counterwallet has very little volume at this time. If you are looking to buy XCP quickly, I'd suggest using BTER.com.

Hey, I was just wondering how long does it normally take for someone to buy some XCP? I placed an order and it is taking forever. I tried staying logged in and it is still just sitting, none of my bitcoins are XCP. Any help would be wonderful!

I was hoping you'd create something like this pretty damn interesting stuff!

Great! A write on why/how to use this would be really useful.

+1! great works.

this is decentralized contracts for difference - if that works: KUDOS

do we get a video how that works - it looks really really promising

This is even better: http://xcpfeeds.info/address/1FwFY4tJWpu5LzFqbQEJ5gSRxzXyWA7Vt1/

We Approve! Nice work!
http://xcpfeeds.info/search/?q=gold

It works now, at least as far as finding feeds and making a raw bet transaction, which I thought people might like to have until Counterwallet betting is implemented.

The plan is probably to do whatever will help make Counterparty bets/CFD's more fluent and user friendly - so any suggestions would be welcome, I'll post a topic for it.

+1
what are the plans for this project? is it / will it be open?

A very simple interface for Broadcasts / Bets: http://xcpfeeds.info/

Do devs have strings file of counterwallet available? we can begin some localizations to make the app accessible for non native english speakers

is there some good news？

not true.  there could be a re-org resulting from an orphaned chain.