can anyone clarify how secure is Multibit HD actually ?

Cereberus

legendary

Activity: 910

Merit: 1000

Quote from: shorena on November 09, 2016, 10:09:20 AM

Quote from: Cereberus on November 09, 2016, 09:33:40 AM

It was electrum actually that cause the breach of privacy

. Thanks for letting me know, but as you said yourself, Multibit Classic can create as many single wallet addresses as a user want and it does not link them in the blocktrail or walletexplorer.

For the moment I know that Multibit HD just like Electrum is bad for privacy. I am not still convinced yet.

Show me a proof where Multibit Classic wallets of same program are linked in walletexplorer and I will be convinced.

It's ok even if you don't edit, that is clear from long time now

The point is not the number of addresses that can be created. That is the same for both wallets (classic and HD as well as electrum). The point is that when you spend bitcoin, classic sends the change (which almost always is created) to the same address every time, while HD (and electrum) use new addresses. Thus there is a single address that likely will be linked to all your other addresses over time.

If you dont take special precautions this linking happens with all wallets. If you only have 10 inputs of 0.1 BTC each received on 10 different addresses and want to spend 1 BTC (lets ignore fee for simplicity) these coins have to come from somewhere. Some walets allow you to pick the inputs. Electrum with the "send from" feature, bitcoin core with "coin control". Im not aware of a feature like this in either Multibit wallet.

Quote from: CoinCidental on November 09, 2016, 10:03:10 AM

-snip-
There is some links between my mb HD addresses in the blockchain but I don't see why this is anything to worry about...?

Unless someone else has a good reason why not to use mb hd

Privacy may be important. In this sense Multibit HD is an improvement over classic.

Now is all crystal clear, thanks a lot. I will install only Multibit HD.

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: Cereberus on November 09, 2016, 09:33:40 AM

It was electrum actually that cause the breach of privacy

. Thanks for letting me know, but as you said yourself, Multibit Classic can create as many single wallet addresses as a user want and it does not link them in the blocktrail or walletexplorer.

For the moment I know that Multibit HD just like Electrum is bad for privacy. I am not still convinced yet.

Show me a proof where Multibit Classic wallets of same program are linked in walletexplorer and I will be convinced.

It's ok even if you don't edit, that is clear from long time now

The point is not the number of addresses that can be created. That is the same for both wallets (classic and HD as well as electrum). The point is that when you spend bitcoin, classic sends the change (which almost always is created) to the same address every time, while HD (and electrum) use new addresses. Thus there is a single address that likely will be linked to all your other addresses over time.

If you dont take special precautions this linking happens with all wallets. If you only have 10 inputs of 0.1 BTC each received on 10 different addresses and want to spend 1 BTC (lets ignore fee for simplicity) these coins have to come from somewhere. Some walets allow you to pick the inputs. Electrum with the "send from" feature, bitcoin core with "coin control". Im not aware of a feature like this in either Multibit wallet.

Quote from: CoinCidental on November 09, 2016, 10:03:10 AM

-snip-
There is some links between my mb HD addresses in the blockchain but I don't see why this is anything to worry about...?

Unless someone else has a good reason why not to use mb hd

Privacy may be important. In this sense Multibit HD is an improvement over classic.

CoinCidental

legendary

Activity: 1316

Merit: 1000

Si vis pacem, para bellum

Quote from: Cereberus on November 09, 2016, 09:33:40 AM

It was electrum actually that cause the breach of privacy

. Thanks for letting me know, but as you said yourself, Multibit Classic can create as many single wallet addresses as a user want and it does not link them in the blocktrail or walletexplorer.

For the moment I know that Multibit HD just like Electrum is bad for privacy. I am not still convinced yet.

Show me a proof where Multibit Classic wallets of same program are linked in walletexplorer and I will be convinced.

It's ok even if you don't edit, that is clear from long time now

There is some links between my mb HD addresses in the blockchain but I don't see why this is anything to worry about...?

Unless someone else has a good reason why not to use mb hd

Cereberus

legendary

Activity: 910

Merit: 1000

It was electrum actually that cause the breach of privacy

. Thanks for letting me know, but as you said yourself, Multibit Classic can create as many single wallet addresses as a user want and it does not link them in the blocktrail or walletexplorer.

For the moment I know that Multibit HD just like Electrum is bad for privacy. I am not still convinced yet.

Show me a proof where Multibit Classic wallets of same program are linked in walletexplorer and I will be convinced.

It's ok even if you don't edit, that is clear from long time now

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: Cereberus on November 08, 2016, 03:52:16 PM

Serious answer.

Glad to here it. Sorry if I implied earlier that you were trolling, but you're definitely mistaken.

Quote from: Cereberus on November 08, 2016, 03:52:16 PM

If you want to prove me wrong, prove me with proofs and I will retire from such sayings.

To simplify a bit, creating a child key from a parent key involves two steps as per BIP32:

(for non-hardened keys) The second step looks more or less the same for both public keys and private keys:

Code:

For private keys: privkey_parent + privkey_temp = privkey_child  (privkeys are 32-byte long integers)
For public keys:  pubkey_parent  + pubkey_temp  = pubkey_child   (pubkeys are points on the EC)

...and the first step is to create the "temp" keys, which involves taking an HMAC_SHA512:

Code:

    For private keys:
privkey_temp = HMAC_SHA512(key=chaincode_parent, data= PrivkeyToPubkey(privkey_parent) | index)  ("|" means concatenate)

    For public keys:
privkey_temp = HMAC_SHA512(key=chaincode_parent, data= pubkey_parent                   | index)  (both privkey_temps are equal)
pubkey_temp  = PrivkeyToPubkey(privkey_temp)  (note we need pubkey_temp for that second public key step above, privkey_temp is of no use)

where "index" is the child key number which increments for each new key.

The important part here is that we use HMAC_SHA512 to create the temp keys. This means that the temp keys look completely random and unrelated to one another, as do the resulting child keys. The only way to relate child keys with one another is to reverse the HMAC_SHA512, which is infeasible as long as SHA512 remains unbroken.

Of course if you have the parent key and chaincode, you can derive the children, but the parent key and chaincode never appear in the blockchain. They're stored in the MultiBit HD's encrypted wallet file.

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: Cereberus on November 08, 2016, 03:52:16 PM

-snip-
Serious answer. What I already said is the undeniable truth. Or if you think I am ignorant let's play a little game. I will post one address from my Multibit Classic with transactions and the walletexplorer.com will show only that as my address where in reality I will have lots of addresses there. If I put an address from Multibit HD with transactions in it in walletexplorer.com it will show all of my wallet addresses there differently from Multibit Classic.

If you want to prove me wrong, prove me with proofs and I will retire from such sayings. No troll , I think I have given my real contribute to the alternative clients and I also got all the help needed.

Alright, lets get serious. Your argument is bullshit, because not only is it anecdotal it is also plain wrong. Multibit Classic per default uses a single always repeating change address[1]. This will link most of your addresses over time. Multibit HD per default uses a new change address every time. It is certainly possible to avoid these problems, originating from a wallet design before HD was a thing. That is however not a feature of the wallet which is the topic at hand, not the way you personally handle it.

Now, lets play your game.

-redacted-

Cereberus

legendary

Activity: 910

Merit: 1000

Quote from: btchris on October 09, 2016, 06:16:39 PM

Quote from: Cereberus on October 09, 2016, 11:51:43 AM

Maybe Multibit HD is better as a wallet but in terms of privacy it cannot compare with Multibit Classic.

Reason why:
Multibit HD is a HD(Hierarchical Deterministic) and all it's addresses are derived from a set of words which is known as SEED. This is better for security but not for privacy.
Once an address is used in Multibit HD, after 2-3 hours if you put that address into walletexplorer.com website it can show you all addresses of this wallet of yours.

Serious question: are you a troll, or innocently misinformed/ignorant?

In any case, what "Cereberus" has said in regards to privacy here is false. Please ignore him/her.

Serious answer. What I already said is the undeniable truth. Or if you think I am ignorant let's play a little game. I will post one address from my Multibit Classic with transactions and the walletexplorer.com will show only that as my address where in reality I will have lots of addresses there. If I put an address from Multibit HD with transactions in it in walletexplorer.com it will show all of my wallet addresses there differently from Multibit Classic.

If you want to prove me wrong, prove me with proofs and I will retire from such sayings. No troll , I think I have given my real contribute to the alternative clients and I also got all the help needed.

Goms

sr. member

Activity: 350

Merit: 250

Have you tried checking your Multibit HD wallet on wallet explorer? I don't use Multibit so I can't confirm, thinking of using multibit though.

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: Cereberus on October 09, 2016, 11:51:43 AM

Maybe Multibit HD is better as a wallet but in terms of privacy it cannot compare with Multibit Classic.

Reason why:
Multibit HD is a HD(Hierarchical Deterministic) and all it's addresses are derived from a set of words which is known as SEED. This is better for security but not for privacy.
Once an address is used in Multibit HD, after 2-3 hours if you put that address into walletexplorer.com website it can show you all addresses of this wallet of yours.

Serious question: are you a troll, or innocently misinformed/ignorant?

In any case, what "Cereberus" has said in regards to privacy here is false. Please ignore him/her.

Cereberus

legendary

Activity: 910

Merit: 1000

Maybe Multibit HD is better as a wallet but in terms of privacy it cannot compare with Multibit Classic.

Reason why:
Multibit HD is a HD(Hierarchical Deterministic) and all it's addresses are derived from a set of words which is known as SEED. This is better for security but not for privacy.
Once an address is used in Multibit HD, after 2-3 hours if you put that address into walletexplorer.com website it can show you all addresses of this wallet of yours.

Multibit Classic creates wallets independently and they are not linked to each other. This means is better for privacy as they cannot connect different addresses to the same wallet because Multibit Classic create many wallets with single address that have no connection to each other.

So for security is Multibit HD but for privacy there's no other desktop wallet like Multibit Classic.

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: CoinCidental on October 06, 2016, 01:46:39 PM

i have moved to it myself and after getting used to the new interface ,i like it !
just wondering ,are the seed words compatible with other HD wallet's or only multibit ?

It's mostly compatible with Bither, breadwallet, Coinomi, Hive (defunct), Mycelium (Android and iOS), myTREZOR, and Wallet32 for Android, but there are various "gotchas".

It is incompatible with Armory, Bitcoin Core, Bitcoin Wallet (for Android), and Electrum.

If you have a specific wallet in mind, I can describe the minor incompatibilities, or you can look at this spreadsheet here for the gory details.

CoinCidental

legendary

Activity: 1316

Merit: 1000

Si vis pacem, para bellum

Quote from: Abdussamad on October 06, 2016, 09:22:14 AM

Quote from: CoinCidental on September 28, 2016, 02:12:34 PM

i have been told that MB HD is less secure for large amounts than MB classic
due to the way the developers fees are extracted and also privacy can be compromised more easily ......

is there any truth in this ?

is there any danger of theft or could the developers take more than the agreed amount etc ?

(i have kept cold storage in mb classic for years and found the security and convenience to be excellent btw )

no, you've been misled. none of what you said is correct. multibit HD is better than classic.

i have moved to it myself and after getting used to the new interface ,i like it !
just wondering ,are the seed words compatible with other HD wallet's or only multibit ?

Abdussamad

legendary

Activity: 3682

Merit: 1580

Quote from: CoinCidental on September 28, 2016, 02:12:34 PM

i have been told that MB HD is less secure for large amounts than MB classic
due to the way the developers fees are extracted and also privacy can be compromised more easily ......

is there any truth in this ?

is there any danger of theft or could the developers take more than the agreed amount etc ?

(i have kept cold storage in mb classic for years and found the security and convenience to be excellent btw )

no, you've been misled. none of what you said is correct. multibit HD is better than classic.

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: CoinCidental on September 28, 2016, 05:35:37 PM

if there is no mandatory fee are the guys not getting paid anymore ?

https://www.reddit.com/r/btc/comments/4kzrp0/multibit_is_being_sold_to_keepkey_llc/

Also, I should probably revise what I said earlier... the original MultiBit devs (who released version 0.3.0) certainly have my trust, but I don't know anything (good or bad) about the KeepKey folk. It certainly seems like they have a vested interest in keeping up with MultiBit's good reputation, though.

CoinCidental

legendary

Activity: 1316

Merit: 1000

Si vis pacem, para bellum

Quote from: btchris on September 28, 2016, 03:37:07 PM

Quote from: CoinCidental on September 28, 2016, 02:12:34 PM

due to the way the developers fees are extracted

Mandatory developers' fees were removed in version 0.3.0 (and even before then, the devs did their best to maintain user privacy with their BRIT donation scheme).

Quote from: CoinCidental on September 28, 2016, 02:12:34 PM

and also privacy can be compromised more easily ......

Quote from: CoinCidental on September 28, 2016, 03:02:13 PM

Are the developers able to see how many btc is in your balance?

No. Privacy is perhaps a bit better than many other desktop wallets because you need a password to simply view your current balance (many other wallets only require a password to initiate a transaction; addresses and balances for those are available w/o a password).

MultiBit HD also uses a significantly better (if perhaps imperfect) wallet encryption scheme; in particular its key stretching makes brute-forcing much more time consuming than MultiBit Classic's.

Quote from: CoinCidental on September 28, 2016, 03:02:13 PM

Can they adjust their donation fee higher if they want to?

As you already noted, they certainly can via new releases (but not remotely). The old fee code was removed from MultiBit HD, and they have committed to not reintroducing it in the future. That doesn't mean they're technically incapable of doing so.

Given how long they've been involved in the Bitcoin community, I think it's safe to say they are among the most trustworthy of wallet developers IMHO, and I wouldn't worry about this possibility.

thanks for the feedback gentlemen

sounds like a worthy upgrade from the classic
if there is no mandatory fee are the guys not getting paid anymore ?

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: CoinCidental on September 28, 2016, 02:12:34 PM

due to the way the developers fees are extracted

Mandatory developers' fees were removed in version 0.3.0 (and even before then, the devs did their best to maintain user privacy with their BRIT donation scheme).

Quote from: CoinCidental on September 28, 2016, 02:12:34 PM

and also privacy can be compromised more easily ......

Quote from: CoinCidental on September 28, 2016, 03:02:13 PM

Are the developers able to see how many btc is in your balance?

No. Privacy is perhaps a bit better than many other desktop wallets because you need a password to simply view your current balance (many other wallets only require a password to initiate a transaction; addresses and balances for those are available w/o a password).

MultiBit HD also uses a significantly better (if perhaps imperfect) wallet encryption scheme; in particular its key stretching makes brute-forcing much more time consuming than MultiBit Classic's.

Quote from: CoinCidental on September 28, 2016, 03:02:13 PM

Can they adjust their donation fee higher if they want to?

As you already noted, they certainly can via new releases (but not remotely). The old fee code was removed from MultiBit HD, and they have committed to not reintroducing it in the future. That doesn't mean they're technically incapable of doing so.

Given how long they've been involved in the Bitcoin community, I think it's safe to say they are among the most trustworthy of wallet developers IMHO, and I wouldn't worry about this possibility.

CoinCidental

legendary

Activity: 1316

Merit: 1000

Si vis pacem, para bellum

That's what I thought about it also... But I have a friend who argues that the developers can take your any amount of your bitcoins if they want to.... (or a hacker could use that method to steal your entire balance etc)

Just wanted to clarify it with some members who have more experience with the HD wallet

Anyone else use it for large amounts?
Are the developers able to see how many btc is in your balance?
Can they adjust their donation fee higher if they want to?

From what I can see, As long as common sense security is adhered to, the HD wallet should be as secure as any other spv wallet...

OmegaStarScream

staff

Activity: 3500

Merit: 6152

That's wrong. In fact , Multibit HD should be considered as a more secure wallet then Multibit Classic as It uses https://en.bitcoin.it/wiki/Deterministic_wallet , Each time you want to receive bitcoins , the wallet generates a new address which should keep you anonymous and make it harder for people to track your identity.
Furthermore , Multibit HD has a seed which should allow you to recover your wallet in case of a computer failure or something. Overall , as long as you don't download random stuff , and you have a strong password in your wallet and you keep your seed safe in a piece of paper , you should be just fine.

CoinCidental

legendary

Activity: 1316

Merit: 1000

Si vis pacem, para bellum

i have been told that MB HD is less secure for large amounts than MB classic
due to the way the developers fees are extracted and also privacy can be compromised more easily ......

is there any truth in this ?

is there any danger of theft or could the developers take more than the agreed amount etc ?

(i have kept cold storage in mb classic for years and found the security and convenience to be excellent btw )

Topic: can anyone clarify how secure is Multibit HD actually ? (Read 1485 times)