Topic: BitcoinSpinner - page 34. (Read 55489 times)

hmmm, a few wks ago i was able to send 0.9995

Yes. It is the same problem, and i can reproduce it. There is currently a bug with sending amounts smaller than one BTC. The UI simply doesn't enable/disable the button right.
I'll see if i can get a fix out by monday.

seems like this is the exact same problem I have. Totally missed it.

i tried the amount 0.999500 and 0.40 -> same result
the address is copied through the clipboard, same result with qr scaning.

the button remains gray.

any idea ?

I had 0.1 btc of balance and tried to send 0.05. The fee is mandatory, as far as I can tell? I don't think I can change it anywhere. I went into the send bitcoins view (the right one), scanned the qr code of the address on another android phone (also using the new version of bitcoinspinner), wrote 0.05 in the amount box and pressed enter, but the button was still disabled.

I'm using android 2.2.2 (2.6.32.15) if that's relevant.

edit: as for the fee, under the amount box there's "A Bitcoin transaction fee of 0.0005 btc is automatically added to your transaction."

I need a bit more info.
I guess you are addressing the Send Bitcoins button on the Send page and not the main page.
Is your balance larger than zero?
Does the amount you send leave 0.0005 for a fee?
Is the address valid?
Did you scan a QR code or enter it by hand?

Tried sending some coins but the Send Bitcoins button is always disabled no matter what I do...

It sounds like you are doing everything right. Can you send a smaller amount, like 0.999?
Did you cut'n'paste the address or scan a QR code? Please try it the other way around. Let me know the results.
Thanks, Jan

hi jan,

nice job the work on the bitcoinspinner app.

i tried the app last night. quick response, easy handling, good looking, clever restore/save wallet functions!

1 BTC transfered from my bitcoin client and immediately the amount was on the app (about 60 sec)
and now i try to return the btc. but i can't do that.

the receivers address is valid, the amount 0.999500 is entered but the button send bitcoins remains gray.
do i make something wrong ?

greetings
pazor

Interesting idea.
However, with BitcoinSpinner I am trying to make a client that has the right cut of features to be usable by anyone not necessarily being tech savvy. Simplicity is key.
That being said, I think it is worthwhile to investigate whether this should be a separate client (ShadowSpinner ) or something for BitcoinSpinner Pro.

Another member of the forum has been working on an Android client based on a salt and passphrase on top of the BCCAPI. There is a prototype here. It calculates a seed from the passphrase and salt, which is used for deriving keys. The seed is then encrypted under a PIN and stored on the device. If it did not store the encrypted seed, but asked the user to enter the passphrase + salt when launched you would basically have what you want. However it is cumbersome to enter each time.
I wrote a short paper on a solution to this using QR codes and
 Shamir's Secret Sharing as an alternative to passphrases and salts. I do however not have the bandwidth to implement it right now. BitcoinSpinner is open source, and has all the bits needed to implement ShadowSpinner, knock yourself out 

I use this wallet and love it. I hope this is the forum to ask for desirable features.

I would love BitcoinSpinner to support "shadow wallets".


•   By clicking a “shadow” button, the client is instructed to put aside the main wallet and create a “shadow wallet” at any time.

•   The shadow wallet is opened by entering a salt and a password (or a printed QR code). This could be a new wallet if this is the first time this password was used.

•   The shadow wallet resides in RAM and is never put in permanent memory. It is actively cleared from memory when the user is done with it and the client switches back to the main wallet. Any tricks to keep shadow data off the swap files during memory management should be used. No evidence of the shadow wallet should remain in the client after it is closed.

The idea is you can go to any client you trust, maybe even a friend's phone, and open a wallet you keep in your head, spend some coin or copy a public key to receive coin, then close it.

Updated. My wallet still seems fine, and it hasn't crashed yet. Nice

Just before Christmas I joined the BitcoinSpinner dev team. Previously I was (just) making the BCCAPI, and during the holidays I gave BitcoinSpinner a major swing. This should greatly improve user experience with no or poor network connectivity.
Please upgrade to the latest version (0.4b) on the Android Market place. If you find any issues post them in this thread, and I'll respond as quickly as I can.

Major Changes in v0.4 beta:
Replaced Account with a clean asynchronous version. This means that

• whenever executing an API call we automatically re-login in case of session timeouts
• we no longer have background threads in the UI code.
• we properly cache balances
• we have improved error handling in case of API call failures
• we can start the client without network connectivity

Minor Changes in v0.4 beta:

• Transaction history now uses a different color for unconfirmed transactions
• Larger title for Transaction history
• Reversed sort order for transaction history
• Added titles to the various QR codes shown. This makes it easy to distinguish them once you have them on paper.
• General cleanup

All of the above, combined with the private key export feature ( Settings -> Advanced -> Export private key available in v3.1b) makes it possible for you to export your private even if the server side is not running. This is your guarantee that you will have a way out if the server side should ever get discontinued (god forbid).

Updated! Now with Danish translation and Transaction History!

The attack you are addressing is computationally >=  brute forcing a 256 bit EC key. If you are worried that this is feasible you better start looking for the Bitcoin exit signs. As soon as someone is able to do that everyone will panic, and at that time it is too late to exit.


The goal of the BCCAPI is to provide an API that allows you to make really light weight clients. Light weight measured in bandwidth, CPU power, storage and battery life. If I chose to make the client asks the server for transactions associated with a number of keys, then the client would have to download, process and store all the transactions, which defeats the purpose of being light weight. Furthermore, the server would be able to deduce the key relationship anyway, as the same device would query the same server.

Another aspect is that if you want a server where you can ask it for transactions related to any key then you need a much more powerful server side, which is able to determine transactions associated with ANY key in existence in real-time. With the BCCAPI the server side only needs to monitor the block chain for well-known public keys. This is a lot cheaper, and one of the reasons why I can keep this as a free service.

You are however right that you loose some of the anonymous properties by letting the server know which public keys a wallet comprises of. However, so far BitcoinSpinner only uses one address.


BCCAPI has a tool that allows you to export keys. The version out there now does it based on passphrases etc, so it just needs to be tailored a bit. However, it does output them in a format compatible with the Satoshi client patch:
http://code.google.com/p/bccapi/source/browse/trunk/src/com/bccapi/tool/WalletExporter.java
I'll ask the BitcoinSpinner if they can add an export function.

Ouch.  That sounds pretty bad.  32 bytes of randomness can't be used to create 64 bytes of randomness, merely because you seeded a random number generator.  It's good enough for video games, but since every private key is derived from those 32 bytes, the subsequent addresses aren't random enough for financially sensitive applications.

I appreciate that it's been done to solve a problem; but I'm not sure I like it.

I'm also not sure why the app needs to authenticate to the server at all.  The server holds no secret information; the balance on every bitcoin address is public knowledge anyway.  Surely the app can just generate N keys, and ask the server about each of the matching public keys in turn?  In fact, the grouping together is itself a security risk as it provides a way of associating separate addresses together.  All a BCCAPI server really needs to provide is a HTTP interface around transaction broadcasting (the app can create the transaction), and balance monitoring.


Quite so; there isn't an official format.  Whatever format is chosen though, it's going to be a way of representing 32 bytes.  Since that is the size of the ECDSA secret.  It might be that some checksumming and versioning bytes are added (just as for the public address), but those 32 bytes are all you really need.


Great.

Thanks.

Regarding backup/restore, this is as you also noted an artifact of the BCCAPI. Let me try and explain why it is so:
BCCAPI requires the app to manage N+1 key pairs. That is one key for authentication purposes, and N keys for your wallet (one for each Bitcoin address). Knowledge of the authentication private key allows the app to access the API (and add public keys), and the BCCAPI server side then knows which public keys are associated with the authentication public key.
How the app manages keys is entirely its own business, but the BCCAPI provides a number of ways to make this easy. BitcoinSpinner has chosen to have 1+1 keys (one bitcoin address) and a randomly generated seed that allows the app to generate the two keys as required. Going forward BitcoinSpinner could choose to support several Bitcoin addresses, and still be able to do simple backup/restore of the entire wallet using one QR-code.

This said, I think it would be a great feature if BitcoinSpinner provided a way to export the private key associated with its Bitcoin address in a standard plain format, but it should not be a replacement for Backup/Restore. Speaking of Bitcoin private key formats, I don't think that there is a formal specification. So far I have only seen an unofficial patch that you can apply to the Satoshi client.

As for the other nits I totally agree, and have forwarded them to the devs.

Very, very nice.

Close to being exactly what I want from a mobile wallet.

Minor nits:

• I've had a few force-closes when bringing a previously running instance to the foreground
• It would be nice if it coped better with intermittent network (i.e. I could see the last balance, and address even if not connected).  All network communication should be done in a different thread from the GUI.
• I don't like the backup/restore method.  Perhaps this is to do with BCCAPI rather than BitcoinSpinner.  A bitcoin private key is 32 bytes.  Give me them rather than this weird 32 byte random seed thing.  I don't want to have to do another conversion before I can import that private key into the desktop bitcoin client.
• A little bit of history would be pleasant to have.  A simple list, "Sent 10BTC to 1ywhwklk...", "Received 5BTC", and some timestamps would be sufficient.  Perhaps a pro version would allow annotation?
  

Spanish translation added. Keep em coming!

German translation added.