I gather that regarding using QR codes as comms for offline tx signing (which the CIYAM Safe does) the author is not keen to implement this due to the fact that if you're offline device has no block chain then it cannot know the amount of fee that is being paid (something that could perhaps be added to the script implementation down the track if there is enough demand).
Personally I don't see this attack as being really that much of a concern especially if you *know* how much you have in each of your UTXOs (but for the average joe this is perhaps too much to ask).
Anyway - if someone is interested in working on adding this feature then I'd be happy to set up a task on CIYAM Open and donate some BTC towards getting it done.
Topic: Bitcoin Wallet for Android - page 6. (Read 121199 times)
I don't think this was answered above exactly but are there plans to allow turning an old phone into a cheap hardware wallet? Have some private keys exist on a phone (with some type of phrase to restore them in case the phone dies) that is disconnected from everything permanently and it just signs transactions using qr codes?
It already shows signed transactions with a QR code. The only thing missing is it being able to update address balances from a QR code.
This app is great.. An engineering wonder. Thank you Mr.Schildbach !
Anyway I forgot 2 btc in there and delete the app.. I think the application should backup in background for forgetful like me.
Anyway I forgot 2 btc in there and delete the app.. I think the application should backup in background for forgetful like me.
yeah, I second that. at least add another backup target (dropbox, MEGA, put.io, what have you)...
Trouble is that such a feature would create a gaping security hole.
The program could ask for a password, but then people would forget the password. It is difficult to protect people from their own mistakes.
I don't think this was answered above exactly but are there plans to allow turning an old phone into a cheap hardware wallet? Have some private keys exist on a phone (with some type of phrase to restore them in case the phone dies) that is disconnected from everything permanently and it just signs transactions using qr codes?
This app is great.. An engineering wonder. Thank you Mr.Schildbach !
Anyway I forgot 2 btc in there and delete the app.. I think the application should backup in background for forgetful like me.
Anyway I forgot 2 btc in there and delete the app.. I think the application should backup in background for forgetful like me.
yeah, I second that. at least add another backup target (dropbox, MEGA, put.io, what have you)...
This app is great.. An engineering wonder. Thank you Mr.Schildbach !
Anyway I forgot 2 btc in there and delete the app.. I think the application should backup in background for forgetful like me.
Anyway I forgot 2 btc in there and delete the app.. I think the application should backup in background for forgetful like me.
Question, can you create a transaction, or a series of transactions, without the prior transactions being confirmed yet? Just wondering about using a phone as cold storage options.
No, not with the current app.
I personally would prefer a data connection that is thinner than Bluetooth and one which the user can check. One possibility would be QR codes.
Hey, that would be neat, add the option to display the signed transaction as one, or a series, of QR codes, in case Bluetooth isn't an option. With used phones becoming so cheap, this might even give Armory and Trezzor some competition.
Sending payments via QR code was implemented a few years ago. Tap a transaction and then the QR button.
Wait, that's what the little QR thing up there is? HOLY CRAP!!!
Question, can you create a transaction, or a series of transactions, without the prior transactions being confirmed yet? Just wondering about using a phone as cold storage options.
I personally would prefer a data connection that is thinner than Bluetooth and one which the user can check. One possibility would be QR codes.
Hey, that would be neat, add the option to display the signed transaction as one, or a series, of QR codes, in case Bluetooth isn't an option. With used phones becoming so cheap, this might even give Armory and Trezzor some competition.
Sending payments via QR code was implemented a few years ago. Tap a transaction and then the QR button.
Just had a weird thought:
Since this wallet can sign and transmit transactions over Bluetooth, doesn't this mean that you can essentially use it as a very secure cold-storage wallet, by disabling all data and internet connection on a separate phone running it, and leaving only Bluetooth powered up?
Since this wallet can sign and transmit transactions over Bluetooth, doesn't this mean that you can essentially use it as a very secure cold-storage wallet, by disabling all data and internet connection on a separate phone running it, and leaving only Bluetooth powered up?
Not so weird, actually a good idea.
I personally would prefer a data connection that is thinner than Bluetooth and one which the user can check. One possibility would be QR codes.
But perhaps Bluetooth is secure enough. I cannot tell.
Hey, that would be neat, add the option to display the signed transaction as one, or a series, of QR codes, in case Bluetooth isn't an option. With used phones becoming so cheap, this might even give Armory and Trezzor some competition.
Just had a weird thought:
Since this wallet can sign and transmit transactions over Bluetooth, doesn't this mean that you can essentially use it as a very secure cold-storage wallet, by disabling all data and internet connection on a separate phone running it, and leaving only Bluetooth powered up?
Since this wallet can sign and transmit transactions over Bluetooth, doesn't this mean that you can essentially use it as a very secure cold-storage wallet, by disabling all data and internet connection on a separate phone running it, and leaving only Bluetooth powered up?
Not so weird, actually a good idea.
I personally would prefer a data connection that is thinner than Bluetooth and one which the user can check. One possibility would be QR codes.
But perhaps Bluetooth is secure enough. I cannot tell.
Just had a weird thought:
Since this wallet can sign and transmit transactions over Bluetooth, doesn't this mean that you can essentially use it as a very secure cold-storage wallet, by disabling all data and internet connection on a separate phone running it, and leaving only Bluetooth powered up?
Since this wallet can sign and transmit transactions over Bluetooth, doesn't this mean that you can essentially use it as a very secure cold-storage wallet, by disabling all data and internet connection on a separate phone running it, and leaving only Bluetooth powered up?
Well, syncing is much faster, basically instant, if you don't need to scan the blockchain. It would be nice if we could get that from P2P nodes, but since this is not possible we have to be pragmatic.
Well, you can get that from the p2p network. Use checkpoints and bloom filters. Both MultiBit and Bitcoin Wallet have proven that this allows for "basically instant" startup.
Quote
Also, the amount of possible error states is simpler. In our code, we can assume cooperating peers (so no half-open tcp connections, stalling connections, etc). Syncing once and closing the connection immediately afterwards is much friendlier to the battery than maintaining a background process.
Agreed. A single request/response is simpler than maintaining a node in a p2p network. However, that problem has been solved.
I believe if there is any significant difference in battery drain its mainly because Bitcoin Wallet can also receive coins (and notify you) in the background, while afaik Mycelium doesn't do that yet (why?).
Quote
That said, i think it is possible that we can achieve "best of both worlds" by implementing a P2P network where you can efficiently query an UTXO-set in near-constant time, with POW, as outlined here: https://bitcointalksearch.org/topic/ultimate-blockchain-compression-w-trust-free-lite-nodes-88208.
I agree. Improving the p2p protocol is exactly the path I'm striving for. See bloom filters, which were designed and implemented as a non-proprietary extension to the p2p protocol in early 2013.
And don't take me wrong. This is not a question of Mycelium vs. Bitcoin Wallet. This is a conflict between centralized and de-centralized. Bitcoin's main benefit is de-centralization, and I want to stick to this idea whereever possible. I agree with Jan that diversity is good for Bitcoin.
Requesting UTXOs from the P2P network would not require any complicated new protocols because it doesn't need to be authenticated. A remote node can already lie-through-omission due to the Bloom filtering and make you think an output is unspent when really it isn't. A simple query/response protocol would thus not have any different security to today. The complicated part is that not every node operator will want to provide this service, as it's expensive and not needed for normal operation, so we'd need addr handling/peer discovery to work better first.
so mycelium would, theoretically, be able to provide a simple "enter and swipe" import function for casascius coins?
It is already there. I would prefer not to clutter this thread with Mycelium stuff. You have to put the string into the clipboard for this to work. (This means trusting the other apps on your device) and then go to Cold Storage and click the "Clipboard" button, and so forth.
so mycelium would, theoretically, be able to provide a simple "enter and swipe" import function for casascius coins?
I just wanted to know the pros. I think the question isn't answered. What's the pro of relying on a centralized service for getting unspent outputs and transaction history?
This is your thread so i really hate to turn this into an advertisement for our software, but since you insist i cannot refuse 
Well, syncing is much faster, basically instant, if you don't need to scan the blockchain. It would be nice if we could get that from P2P nodes, but since this is not possible we have to be pragmatic.
Also, the amount of possible error states is simpler. In our code, we can assume cooperating peers (so no half-open tcp connections, stalling connections, etc). Syncing once and closing the connection immediately afterwards is much friendlier to the battery than maintaining a background process.
That said, i think it is possible that we can achieve "best of both worlds" by implementing a P2P network where you can efficiently query an UTXO-set in near-constant time, with POW, as outlined here: https://bitcointalksearch.org/topic/ultimate-blockchain-compression-w-trust-free-lite-nodes-88208. But since this is not implemented yet, it is not an option so far.
Andreas, I am really not trying to pick a fight here. But let me answer your questions.
I just wanted to know the pros. I think the question isn't answered. What's the pro of relying on a centralized service for getting unspent outputs and transaction history?
You're right about the exchange rates. To my knowledge, atm its not possible to get them in a decentralized way.
hmm.. I believe I wrote that in my last answer:
Both models have their pros and cons.
What's the pro of relying on a proprietary centralized service? The only pro I can think of is support for importing private keys, but that's a dangerous operation anyway.
Importing/exporting private keys is crucial for giving people the freedom to choose another wallet and doing backup/restore. Importing to memory is crucial for cold storage spending, which is quite handy for secure offline storage and swiping a paper slip from a Bitcoin ATM.
We are both relying on proprietary centralized servers to get exchange rates. Mycelium also relies on that to get unspent outputs and transaction history
So to rephrase:
1. Restoring your device and BAM, you are good to go
2. Cold storage spending from a paper backup.
3. Cold storage spending from a Bitcoin ATM paper slip.
Bitcoin Wallet for Android has other benefits, and I really really believe that we need as much diversity as we can get. One size does not fit all.
Andreas, I am really not trying to pick a fight here. But let me answer your questions.
I just wanted to know the pros. I think the question isn't answered. What's the pro of relying on a centralized service for getting unspent outputs and transaction history?
You're right about the exchange rates. To my knowledge, atm its not possible to get them in a decentralized way.
Both models have their pros and cons.
What's the pro of relying on a proprietary centralized service? The only pro I can think of is support for importing private keys, but that's a dangerous operation anyway.
Importing/exporting private keys is crucial for giving people the freedom to choose another wallet and doing backup/restore. Importing to memory is crucial for cold storage spending, which is quite handy for secure offline storage and swiping a paper slip from a Bitcoin ATM.
We are both relying on proprietary centralized servers to get exchange rates. Mycelium also relies on that to get unspent outputs and transaction history
Jump to: