Pages:
Author

Topic: Armory - Discussion Thread - page 24. (Read 521901 times)

legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
October 02, 2014, 10:59:37 AM
What about antimalware/antiviruses programs like Norton,kaspersky,avira.Mc affee?
Could they detect those malicious software,when they are widespread and known ?
No.

USB firmware exploits happen outside the control of the CPU and any software that may be running on it.

For now, you should probably use CD-Rs to move unsigned transactions across the air gap discard them after each use.

There might not be any exploitable CD drive firmware vulnerabilities that can be triggered by malicious data on a disc. Maybe.

There's audio too, easier on the planet: https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111
hero member
Activity: 602
Merit: 500
October 02, 2014, 10:43:04 AM
What about antimalware/antiviruses programs like Norton,kaspersky,avira.Mc affee?
Could they detect those malicious software,when they are widespread and known ?
No.

USB firmware exploits happen outside the control of the CPU and any software that may be running on it.

For now, you should probably use CD-Rs to move unsigned transactions across the air gap discard them after each use.

There might not be any exploitable CD drive firmware vulnerabilities that can be triggered by malicious data on a disc. Maybe.
thanks,justusranvier
full member
Activity: 226
Merit: 100
October 02, 2014, 10:13:49 AM
I don't know somebody wrote to here or not.
But i think the Armory and other programs could have a potential vulnerability.

For example what if your computer with installed Armory (watch-only wallet mode) is infected and trojan/virus which modifies a receiving address in Armory's interface? How can i trust to my online watch-only computer that all generated addresses are my addresses? What if trojan/virus modifies installed DLLs/Shared libraries of Armory and substitute watch-only generated addresses or seed to hacker things? If i will send to money to generated address how can i sure that this address is my address for private key at offline computer? :-/

What do developers think about this?

I jsut double check the address before broadcasting. That's more or less all I can do. Of course you could take appart the unsigned and signed transaction before broadcasting. However, as long as I don't hear anything else I consider it safe enough...
legendary
Activity: 1400
Merit: 1013
October 02, 2014, 10:11:35 AM
What about antimalware/antiviruses programs like Norton,kaspersky,avira.Mc affee?
Could they detect those malicious software,when they are widespread and known ?
No.

USB firmware exploits happen outside the control of the CPU and any software that may be running on it.

For now, you should probably use CD-Rs to move unsigned transactions across the air gap discard them after each use.

There might not be any exploitable CD drive firmware vulnerabilities that can be triggered by malicious data on a disc. Maybe.
hero member
Activity: 602
Merit: 500
October 02, 2014, 09:58:29 AM
are only USB sticks right from the factory affected or old used ones as well?
As I understand it,USB Sitcks in use cannot get compromised

Nope, the whole reason why this is such a bad exploit is that most USB devices (not just flash drives) can have their firmware reprogrammed via software.
that is indeed a bad exploit.
What about antimalware/antiviruses programs like Norton,kaspersky,avira.Mc affee?
Could they detect those malicious software,when they are widespread and known ?
full member
Activity: 162
Merit: 109
October 02, 2014, 09:17:50 AM
I don't know somebody wrote to here or not.
But i think the Armory and other programs could have a potential vulnerability.

For example what if your computer with installed Armory (watch-only wallet mode) is infected and trojan/virus which modifies a receiving address in Armory's interface? How can i trust to my online watch-only computer that all generated addresses are my addresses? What if trojan/virus modifies installed DLLs/Shared libraries of Armory and substitute watch-only generated addresses or seed to hacker things? If i will send to money to generated address how can i sure that this address is my address for private key at offline computer? :-/

What do developers think about this?
hero member
Activity: 496
Merit: 500
October 02, 2014, 08:29:04 AM
are only USB sticks right from the factory affected or old used ones as well?
As I understand it,USB Sitcks in use cannot get compromised

Nope, the whole reason why this is such a bad exploit is that most USB devices (not just flash drives) can have their firmware reprogrammed via software.
hero member
Activity: 602
Merit: 500
October 02, 2014, 07:24:26 AM
are only USB sticks right from the factory affected or old used ones as well?
As I understand it,USB Sitcks in use cannot get compromised
hero member
Activity: 602
Merit: 500
October 02, 2014, 07:17:00 AM
when will 0.92.2 be out of testing?
I ask this question again
Hope I and cypherdoc get an answer

I don't think there's bugs so it doesn't really matter. Armory just likes to call everything testing.
Thanks,hope you are right
legendary
Activity: 2912
Merit: 1060
October 02, 2014, 06:06:21 AM
when will 0.92.2 be out of testing?
I ask this question again
Hope I and cypherdoc get an answer

I don't think there's bugs so it doesn't really matter. Armory just likes to call everything testing.
hero member
Activity: 602
Merit: 500
October 02, 2014, 06:02:55 AM
when will 0.92.2 be out of testing?
I ask this question again
Hope I and cypherdoc get an answer
hero member
Activity: 980
Merit: 507
October 01, 2014, 04:45:02 PM
Stupid (maybe not) question.

I want to update Armory, should I update Bitcoin Core as well?

You don't have to but latest core is more critical than latest armory

Thanks Smiley
legendary
Activity: 2912
Merit: 1060
October 01, 2014, 04:20:33 PM
Stupid (maybe not) question.

I want to update Armory, should I update Bitcoin Core as well?

You don't have to but latest core is more critical than latest armory
hero member
Activity: 980
Merit: 507
October 01, 2014, 04:07:05 PM
Stupid (maybe not) question.

I want to update Armory, should I update Bitcoin Core as well?
legendary
Activity: 1400
Merit: 1013
October 01, 2014, 02:40:15 PM
I managed to create a situation where Armory 0.92.1 will perform a full blockchain scan every time the program is loaded.

I run bitcoind on a different (virtual) machine than Armory.

When I use NFS to share the blockchain directory, everything works.

Since both the bitcoind VM and the Armory VM are running on the same host, I tried moving the blockchain directory to the host and sharing it with both via 9pfs. The bitcoind VM gets read-write access, and the Armory VM gets read-only access.

Armory will perform a successful scan of the blockchain.

When I close it and open it up again, I get a

"Block file is in the wrong network!  MagicBytes: 00000000" error and it starts over from the beginning.
full member
Activity: 226
Merit: 100
October 01, 2014, 06:21:47 AM
Hello, I am here tonight to see if you can help with a thought I have. I want to download Armory but I have worries that it will require me to download the blockchain again. I remember the 60 hours I spent waiting to download blockchain before with the qt client I think  it is called.

My question is this:

If I download the Armory wallet and synch it, will it take more than...20 minutes?
Electrum looks good because it does not require a full download of the blockchain

Thank you

If you already have a Bitcoin core installtion, Armory will go on top of it. For me armory takes about 5 min untill the DB is built and the wallet is online once the Blockchain has finished catching up. So yes it does require a full blckchain downlad, but you can use the one you have already.
member
Activity: 162
Merit: 10
October 01, 2014, 02:21:33 AM
Hello, I am here tonight to see if you can help with a thought I have. I want to download Armory but I have worries that it will require me to download the blockchain again. I remember the 60 hours I spent waiting to download blockchain before with the qt client I think  it is called.

My question is this:

If I download the Armory wallet and synch it, will it take more than...20 minutes?
Electrum looks good because it does not require a full download of the blockchain

Thank you
legendary
Activity: 1764
Merit: 1002
September 30, 2014, 03:19:48 PM
when will 0.92.2 be out of testing?
sr. member
Activity: 350
Merit: 251
Dolphie Selfie
September 30, 2014, 03:10:27 PM

You can update your online computer without touching the offline computer if you install 0.91.2 online. 

is 0.91.2 typo?
should it not be 0.92 + ??

v0.91.2 is the last version, that supports the old format for offline signing (the .unsigned.tx and .signed.tx files). Newer versions create unsigned transactions in a new format. If the offline computer is not updated to a version newer (or equal) than 0.92, it does not understand the new format.
Pages:
Jump to: