Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Pages:
Author

Topic: Electrum: the blockchain is the cloud - page 3. (Read 15925 times)

jtimon
legendary
Activity: 1372
Merit: 1002
Re: Electrum: the blockchain is the cloud
December 14, 2011, 06:42:16 AM
#22
Quote from: ?? on ??
Quote from: miscreanity on December 06, 2011, 10:08:51 PM
Thinking out loud here: it would probably be more appropriate currently to offer facial recognition at the device or application level for unlocking access to a pre-generated seed.

To generate a seed you want it to be deterministic.  Every single time the same value comes out.

I think he gets your point and that's why he said the application would give you access to the seed instead of generating it.
I think he wants to use facial recognition but he wants to store the seed within the app (so you can still lose it).
amincd
hero member
Activity: 772
Merit: 501
Re: Electrum: the blockchain is the cloud
December 07, 2011, 06:18:21 AM
#21
Quote from: miscreanity
Would it be possible to generate the seed from camera input, perhaps using facial recognition data?

Someone could always take your picture and steal your key as your face isn't private. It could be used as the salt though.

miscreanity
legendary
Activity: 1316
Merit: 1005
Re: Electrum: the blockchain is the cloud
December 06, 2011, 10:08:51 PM
#20
Yes, that's what I thought. I've been looking for methods of collapsing the complexity after acquisition, but so far the only solutions result in a decrease of data quality/resolution.

Thinking out loud here: it would probably be more appropriate currently to offer facial recognition at the device or application level for unlocking access to a pre-generated seed.

Thanks to both for your input!
slush
legendary
Activity: 1386
Merit: 1097
Re: Electrum: the blockchain is the cloud
December 05, 2011, 07:50:08 AM
#19
Teoretically it's possible (OpenCV library provides face detection algorithms with python binding).

But I cannot imagine it will work in reality. I mean - to be secure enough to generate the same seed for the same face (aging, beard, face injuries, ...) and generate enough entropy for different faces.
finway
hero member
Activity: 714
Merit: 500
Re: Electrum: the blockchain is the cloud
December 05, 2011, 06:42:30 AM
#18
Quote from: miscreanity on December 05, 2011, 05:35:01 AM
Would it be possible to generate the seed from camera input, perhaps using facial recognition data?
of course, but must make the original data solid, constant,

little difference will totally change the hash.
miscreanity
legendary
Activity: 1316
Merit: 1005
Re: Electrum: the blockchain is the cloud
December 05, 2011, 05:35:01 AM
#17
Would it be possible to generate the seed from camera input, perhaps using facial recognition data?
ThomasV
legendary
Activity: 1896
Merit: 1353
Re: Electrum: the blockchain is the cloud
November 30, 2011, 04:16:54 AM
#16
Quote from: grondilu on November 30, 2011, 03:52:52 AM
On the main page I read:
Code:
sudo easy_install ecdsa
sudo easy_install pycrypto
git clone git://gitorious.org/electrum/electrum.git
python ./electrum/client/electrum.py

On debian I see a python-pycryptopp package that should do the job for pycrypto I guess.

But what is the equivalent of ecdsa on debian?

pycrypto is no longer used.
see the announcement in the main thread: https://bitcointalksearch.org/topic/m.635247
grondilu
legendary
Activity: 1288
Merit: 1076
Re: Electrum: the blockchain is the cloud
November 30, 2011, 03:52:52 AM
#15
On the main page I read:
Code:
sudo easy_install ecdsa
sudo easy_install pycrypto
git clone git://gitorious.org/electrum/electrum.git
python ./electrum/client/electrum.py

On debian I see a python-pycryptopp package that should do the job for pycrypto I guess.

But what is the equivalent of ecdsa on debian?
netrin
sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
Re: Electrum: the blockchain is the cloud
November 29, 2011, 04:03:25 PM
#14
Thanks. I'm looking through the API to get an overview of the separation of concerns/tiers. It'd be nice to see a schema:

==============
Generic Servers:
blockchain instance
==============
Interface:
address balance check --> any server
signed transactions --> any server
==============
Client:
private seed,
cache of private keys
public address/transaction labels
==============
netrin
sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
Re: Electrum: the blockchain is the cloud
November 29, 2011, 03:01:41 PM
#13
Deterministic wallets are much more elegant as far as backup regimes. Personally, I'd prefer to have a two part seed = (random + memorized). But the only real show stopper the Satoshi/C++ client presents me is regarding bandwidth. I'm often in situations where even one MB is prohibitively expensive for bitcoin to be practical. Can Electrum quickly and cheaply discover a wallet balance and send and verify a transaction from cold startup?
Ean
full member
Activity: 199
Merit: 100
Re: Electrum: the blockchain is the cloud
November 29, 2011, 11:02:22 AM
#12
I don't seem to be able to make a second payment until the first is in the block chain ...
ALPHA.
newbie
Activity: 42
Merit: 0
Re: Electrum: the blockchain is the cloud
November 28, 2011, 05:45:28 PM
#11
I am going to say it right here and right now: This is the future.
MoonShadow
legendary
Activity: 1708
Merit: 1007
Re: Electrum: the blockchain is the cloud
November 28, 2011, 03:32:22 PM
#10
Quote from: ?? on ??
Quote from: MoonShadow on November 28, 2011, 02:22:19 AM
I see a potential problem with any phase based deterministic wallet.  It reduces the namespace of an attacker trying to force an address collision by searching for English phrases in the same way that a dictionary attack works against common passwords.  It's more than conceivable to have an accidental collision as well, if two fans of classical lit both choose "Call me Ishmael" or more than one Tolkien fan chooses the same quote from TLOTR.  Hell, an attacker who was just using the King James version of the Bible would get quite a few hits from Christians using their favorite verses.  It would be better to do it in reverse, by having the client generate a random number sequence and translating that into a set of English words that can be printed, saved as an encrypted file to be stored elsewhere, or memorized.

Electrum doesn't work that way it uses a predefined list of words based on a key but still even if the passphrase is freeform there are ways to overcome that.

The first is used of salt.  Including a non-secure semi-unique value in the key generation process like user's email address.  This doesn't need to be secure but it should be semi-unique.   This prevents using a pre-computation attack as each user's hash is unique even w/ same passphrase.


I was thinking more along these lines, and wondering if a passphrase plus a salt created by a standardized questionaire of usually secret personal info could be used, of the kind of questions that don't change.  For example, one such question could be "How old were you when you lost your virginity?" with multiple choice answers including each age from 12 to 24, and an option like "does not apply/refuse to answer" so that the multiple choice questionaire could take all such answers, as well as the numbers of the answers that users refuse to answer, and create a salt that could produce a unique.  The questions would have to be high in number, and of a standardized order so that a user could concievablely reproduce the wallet.dat while be unique enough that it won't produce wallets that could collide.  It would have a bias, as all such questionaires do, but it should a long enough of a questionaire that such a bias isn't predictable and of such personal info that users aren't going to answer such a questionaire outside of the context of the client.
MoonShadow
legendary
Activity: 1708
Merit: 1007
Re: Electrum: the blockchain is the cloud
November 28, 2011, 12:19:30 PM
#9
Quote from: ThomasV on November 28, 2011, 02:36:47 AM
Quote from: MoonShadow on November 28, 2011, 02:22:19 AM
I see a potential problem with any phase based deterministic wallet.  It reduces the namespace of an attacker trying to force an address collision by searching for English phrases in the same way that a dictionary attack works against common passwords.  It's more than conceivable to have an accidental collision as well, if two fans of classical lit both choose "Call me Ishmael" or more than one Tolkien fan chooses the same quote from TLOTR.  Hell, an attacker who was just using the King James version of the Bible would get quite a few hits from Christians using their favorite verses.  It would be better to do it in reverse, by having the client generate a random number sequence and translating that into a set of English words that can be printed, saved as an encrypted file to be stored elsewhere, or memorized.

the Electrum client generates a 128 bits random sequence and translates it into a set of English words...
see https://bitcointalksearch.org/topic/electrum-a-brainwallet-in-twelve-words-51397

Oh, sorry.
ThomasV
legendary
Activity: 1896
Merit: 1353
Re: Electrum: the blockchain is the cloud
November 28, 2011, 02:36:47 AM
#8
Quote from: MoonShadow on November 28, 2011, 02:22:19 AM
I see a potential problem with any phase based deterministic wallet.  It reduces the namespace of an attacker trying to force an address collision by searching for English phrases in the same way that a dictionary attack works against common passwords.  It's more than conceivable to have an accidental collision as well, if two fans of classical lit both choose "Call me Ishmael" or more than one Tolkien fan chooses the same quote from TLOTR.  Hell, an attacker who was just using the King James version of the Bible would get quite a few hits from Christians using their favorite verses.  It would be better to do it in reverse, by having the client generate a random number sequence and translating that into a set of English words that can be printed, saved as an encrypted file to be stored elsewhere, or memorized.

the Electrum client generates a 128 bits random sequence and translates it into a set of English words...
see https://bitcointalksearch.org/topic/electrum-a-brainwallet-in-twelve-words-51397
MoonShadow
legendary
Activity: 1708
Merit: 1007
Re: Electrum: the blockchain is the cloud
November 28, 2011, 02:22:19 AM
#7
I see a potential problem with any phase based deterministic wallet.  It reduces the namespace of an attacker trying to force an address collision by searching for English phrases in the same way that a dictionary attack works against common passwords.  It's more than conceivable to have an accidental collision as well, if two fans of classical lit both choose "Call me Ishmael" or more than one Tolkien fan chooses the same quote from TLOTR.  Hell, an attacker who was just using the King James version of the Bible would get quite a few hits from Christians using their favorite verses.  It would be better to do it in reverse, by having the client generate a random number sequence and translating that into a set of English words that can be printed, saved as an encrypted file to be stored elsewhere, or memorized.
ThomasV
legendary
Activity: 1896
Merit: 1353
Re: Electrum: the blockchain is the cloud
November 16, 2011, 09:26:12 PM
#6
Quote from: Maged on November 16, 2011, 09:17:29 PM
Yes: Use a different type of deterministic wallet - one that takes advantage of the properties of ECC keys:
https://bitcointalksearch.org/topic/deterministic-wallets-19137

In a nutshell: that allows you to determine a large number of future public keys by just using a master public key that is based off the master
private key. Yes, reading that made my head explode.
nice. thanks for that link
ThomasV
legendary
Activity: 1896
Merit: 1353
Re: Electrum: the blockchain is the cloud
November 16, 2011, 09:23:52 PM
#5
Quote from: Maged on November 16, 2011, 09:17:29 PM
Use copy and paste ONLY until this is resolved.
well, this was resolved before your post...
finway
hero member
Activity: 714
Merit: 500
Re: Electrum: the blockchain is the cloud
November 16, 2011, 09:21:49 PM
#4
I think deterministic wallet is a bad idea.

Think about online bank, do they use your passphrase to generate keys? of course not, that's stupid.

Keys are keys, and passphrase are passphrase,  your keys are stored in USB-keys, and protected by passphrase and the thrid-party ---BANK.

Maged
legendary
Activity: 1204
Merit: 1015
Re: Electrum: the blockchain is the cloud
November 16, 2011, 09:17:29 PM
#3
Quote from: ThomasV on November 16, 2011, 10:15:50 AM
The problem of synchronization between two wallets is the following: If bitcoins are received at one of the addresses that are at the end of the current sequence, then the client needs to extend that sequence, in order to know whether the next addresses have been involved in transactions. For this, the client needs to generate new private keys, and therefore it needs the user's password.

So, we are left with the following dilemma: should the client pre-generate the next 100 addresses of its sequence and store them, or should it occasionally ask the user for his password when the wallet receives some bitcoins? both solutions seem awkward to me. Is there a third solution?
Yes: Use a different type of deterministic wallet - one that takes advantage of the properties of ECC keys:
https://bitcointalksearch.org/topic/deterministic-wallets-19137

In a nutshell: that allows you to determine a large number of future public keys by just using a master public key that is based off the master
private key. Yes, reading that made my head explode.

Also....

WARNING: This Bitcoin client does not check that an address is valid before sending to it. Use copy and paste ONLY until this is resolved.

For more info:
https://bitcointalksearch.org/topic/m.621172
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: