Blockchain.info - Bitcoin Block explorer & Currency Statistics - page 55.

centove

full member

Activity: 194

Merit: 100

Quote from: molecular on May 06, 2013, 12:54:14 AM

hello,

I'm investigating building an escrow service using multisig.

Building the multisig address requires users of the escrow to supply the pubkey of their addresses.

I can't seem to find this feature in blockchain.info wallet.

piuk, are there plans to enable users to retrieve the pubkeys of addresses in their wallets?

Unless I'm missing something, isn't the public key the address you send to people to have them send you coins?

IE:
19t6JWGtHv2xmPV2KcXwTEpH2XtSb3PF57

molecular

donator

Activity: 2772

Merit: 1019

hello,

I'm investigating building an escrow service using multisig.

Building the multisig address requires users of the escrow to supply the pubkey of their addresses.

I can't seem to find this feature in blockchain.info wallet.

piuk, are there plans to enable users to retrieve the pubkeys of addresses in their wallets?

hazek

legendary

Activity: 1078

Merit: 1003

Quote from: piuk on May 02, 2013, 11:02:46 AM

New Android Version

- New Send types (Quick, Custom & Shared)
- Better transaction summary dialog
- Transaction notes
- Currency set in the web interface will now change the android app and visa versa
- Ability to scan a private key and view the balance + optionally sweep.
- Fix support for scanning watch only private keys
- Compressed private key support
- Better exchange rates view
- Toggle between local currency and BTC by tapping account balance
- Ability to generate a shared address in the request coins view
- Ability to backup the wallet to external storage.
- Ability to pair manually if the QR code is not working.

https://blockchain.info/wallet/android-app

Quote from: hazek on April 28, 2013, 08:39:54 AM

Great job piuk.

Thanks hazek.

Man oh man, you are one hell of a dev, awesome job yet again!

piuk

hero member

Activity: 910

Merit: 1005

New Android Version

- New Send types (Quick, Custom & Shared)
- Better transaction summary dialog
- Transaction notes
- Currency set in the web interface will now change the android app and visa versa
- Ability to scan a private key and view the balance + optionally sweep.
- Fix support for scanning watch only private keys
- Compressed private key support
- Better exchange rates view
- Toggle between local currency and BTC by tapping account balance
- Ability to generate a shared address in the request coins view
- Ability to backup the wallet to external storage.
- Ability to pair manually if the QR code is not working.

https://blockchain.info/wallet/android-app

Quote from: hazek on April 28, 2013, 08:39:54 AM

Great job piuk.

Thanks hazek.

Quote from: willphase on April 28, 2013, 08:49:10 AM

can you explain this new permission?

Was suggested here http://stackoverflow.com/questions/4414171/how-to-detect-when-an-android-app-goes-to-the-background-and-come-back-to-the-fo as a method to detect if the app is running in the background on older devices. Was not needed in the end though.

Quote from: picobit on April 29, 2013, 01:19:11 PM

Quote from: ErebusBat on April 29, 2013, 10:32:24 AM

Any plans to port this to the iOS version?

+1

I would really like to see the PIN and the fee policy being honored.

Yep, the iphone app will be getting an update very soon.

picobit

hero member

Activity: 547

Merit: 500

Decor in numeris

Quote from: ErebusBat on April 29, 2013, 10:32:24 AM

Any plans to port this to the iOS version?

+1

I would really like to see the PIN and the fee policy being honored.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: piuk on April 28, 2013, 08:25:15 AM

New Version of Android App

PIN Protection
Improved Fee Handling - The Fee policy set in the web interface will now be honoured in the android app
Second Password will be cleared after a transaction is sent
Fix Pairing Issues

Any plans to port this to the iOS version?

ingrownpocket

legendary

Activity: 952

Merit: 1000

Down? Cannot access my wallet.

willphase

hero member

Activity: 767

Merit: 500

Hey Piuk - good job on the new version. I looked briefly through the changes, but couldn't determine why the new version requires the new

can you explain this new permission?

EDIT 15:41Z: I see this has now been removed. Cheers!

Will

hazek

legendary

Activity: 1078

Merit: 1003

Great job piuk.

piuk

hero member

Activity: 910

Merit: 1005

New Version of Android App

https://play.google.com/store/apps/details?id=piuk.blockchain.android&feature=nav_result#?t=W251bGwsMSwyLDNd

PIN Protection
Improved Fee Handling - The Fee policy set in the web interface will now be honoured in the android app
Second Password will be cleared after a transaction is sent
Fix Pairing Issues

How PIN protection works

1) When the PIN is created a unique secret is generated and stored on the server.
2) The users password is then encrypted with the new secret and saved on the device.
3) When restoring the wallet if the correct PIN is provided the server responds with the secret allowing the device to decrypt the password.
4) If the PIN is entered incorrectly 4 times the key is removed from the server and the main password will need to be re-entered.

Prevents malicious app on rooted devices from reading the password directly from app data however more sophisticated malware that reads the app memory or keyloggers will still be possible.

John (John K.)

legendary

Activity: 1288

Merit: 1227

Away on an extended break

Quote from: TheButterZone on April 27, 2013, 06:20:12 PM

Is anybody else not getting SMS notifications on their watched addresses?

I'm not getting email notifications on my watched addresses - strange.

Newar

legendary

Activity: 1358

Merit: 1001

https://gliph.me/hUF

Quote from: BurtW on April 27, 2013, 09:09:08 AM

Quote from: Newar on April 27, 2013, 09:01:29 AM

From what I understand the problem is with rooted phones.

His most recent post on the subject says otherwise:

https://bitcointalksearch.org/topic/m.1954147

Thanks for that link.

Could it be two different attacks? The OP on reddit mentioned he had 2FA enabled and the app installed, whereas I don't see any mention of 2FA in the thread you linked to.

TheButterZone

legendary

Activity: 3038

Merit: 1032

RIP Mommy

Is anybody else not getting SMS notifications on their watched addresses?

ETA: Just got one at 0820 UTC 4-28-13, yay.

JonSnow

member

Activity: 112

Merit: 10

Quote from: piuk on April 26, 2013, 10:12:07 AM

Quote from: jamesg on April 26, 2013, 09:34:09 AM

HELP!!!

Everytime I go to my wallet page I get notified that an illegal imbedded object has been found and the popup states that I should not continue!!

WTF is going on with blockchain.info?

Apologies this was a problem cause by me. The error should be fixed now if you reload the page a few times.

Also please remove the verifier and use one of the packaged browser extensions http://blockchain.info/wallet/chrome-extension

I had to reinstall my OS and everything from scratch, and when I set up my wallet as before using the firefox extension, it asks for my identifier, but when given then results in the page reloading, the identifier being blank, and an email sent to me. I click the link in the email, as instructed, but for whatever reason the firefox extension never seems to work or remember the identifier even after I've "allowed" the login attempt.

jubalix

legendary

Activity: 2660

Merit: 1023

Quote from: zebedee on April 27, 2013, 04:10:44 AM

Quote from: shibaji on April 27, 2013, 01:36:11 AM

In the light of recent mysterious stealing of coins despite having 2FA and double password, will it be possible to offer any more protection against withdrawal ? Few suggestions in addition to the existing ones (of course the user will have to enable these, and not default):

1. A email reconfirmation (with hotlink to be clicked) before withdrawal. No reconfirmation, no withdrawal processed.
2. Option to completely disable withdrawal with a radio button / option, for which enabling withdrawal is email hot link confirmation dependent (like #1)
3. A picture + phrase verification while logging in with (alike Bank of America etc.)

Any other suggestions welcome.

I doubt these help, as the attacker doesn't seem to be using blockchain.info software to attack. They seem to get the private keys somehow.

must be cracking hashes, or injecting .js

jubalix

legendary

Activity: 2660

Merit: 1023

Quote from: piuk on April 24, 2013, 07:03:26 AM

Changes to Alias Resolving

When a wallet is accessed using an alias if the browser does not already have the wallet identifier saved or have an authorised login session email authorisation will now be required.

If the browser is perviously recognised by blockchain no authorisation is required. Wallets can still be accessed directly by identifier, which provides 128 bits of entropy and should always be kept secret.

For example if you visit my personal wallet: https://blockchain.info/wallet/piuk if will appear as if no wallet exists however I will receive an authorisation email.

A number of users have reported their wallet being compromised to me, the exact cause is unknown (I suspect malware) however in pretty much all cases the user has set a wallet alias which is the same as their bitcointalk username (and used on other sites). This is common practice, however it much more secure if the wallet identifier and alias are kept secret. The above changes are meant to address this problem.

I will respond to the above posts shortly, apologies for the delay.

so the question is why did this change all of a sudden...why are browsers that were reconised, now not, and identifiers not put in?? as they were before....this is how they are attacking you something here...

BurtW

legendary

Activity: 2646

Merit: 1138

All paid signature campaigns should be banned.

Quote from: Newar on April 27, 2013, 09:01:29 AM

From what I understand the problem is with rooted phones.

His most recent post on the subject says otherwise:

https://bitcointalksearch.org/topic/m.1954147

Newar

legendary

Activity: 1358

Merit: 1001

https://gliph.me/hUF

Quote from: shibaji on April 27, 2013, 04:14:24 AM

Quote from: zebedee on April 27, 2013, 04:10:44 AM

I doubt these help, as the attacker doesn't seem to be using blockchain.info software to attack. They seem to get the private keys somehow.

That's scary! Shocked

May be piuk can say something - if this has any truth - any withdraw must get suspended until things are resolved. At least piuk should advise people to pull out coins till things get resolved Sad

From what I understand the problem is with rooted phones. For me, I have uninstalled the app completely and setup another watch-only wallet on BCI. Installed the app again and will handle transactions from bitcoin-qt, I never had a lot in the BCI wallet to begin with, but a theft would be painful anyway, more so, if the reason is known.

2_Thumbs_Up

sr. member

Activity: 323

Merit: 251

I tried to add a tag for donations to http://www.gimp.org/

However, blockchain said that it can't find the adress in question at the website. You are not looking hard enough. It's in the bitcoin: URI format. Blockchain.info should preferably notice this.

shibaji

full member

Activity: 308

Merit: 102

Quote from: zebedee on April 27, 2013, 04:10:44 AM

I doubt these help, as the attacker doesn't seem to be using blockchain.info software to attack. They seem to get the private keys somehow.

That's scary! Shocked

May be piuk can say something - if this has any truth - any withdraw must get suspended until things are resolved. At least piuk should advise people to pull out coins till things get resolved Sad

Topic: Blockchain.info - Bitcoin Block explorer & Currency Statistics - page 55. (Read 482699 times)