Author

Topic: How can I send an Armory transaction without first downloading whole blockchain? (Read 1990 times)

jr. member
Activity: 140
Merit: 1
To me, it kind of sounds like you're better off with a Trezor?...
staff
Activity: 3458
Merit: 6793
Just writing some code
Quote
Quote
Since Trezor's firmware is open source, people can audit that ...
The point is, I can't.  How can I know that the firmware on the device is the same as on github. 

Exactly.

This is why I compile Armory from source. (It's quite easy, so why not just do it?)

Armory seems to be the only really solid thing out there for bitcoin security. Nothing else comes even close. The way I see it: If Armory dies, Bitcoin dies. I applaud goatpig for committing to maintain the FOSS if the company abandons it. Someone said somewhere that goatpig is the king. I agree.
The same goes for the trezor firmware. You can compile it from source and flash it to the trezor yourself.
pf
full member
Activity: 176
Merit: 105
Quote
Quote
Since Trezor's firmware is open source, people can audit that ...
The point is, I can't.  How can I know that the firmware on the device is the same as on github. 

Exactly.

This is why I compile Armory from source. (It's quite easy, so why not just do it?)

Armory seems to be the only really solid thing out there for bitcoin security. Nothing else comes even close. The way I see it: If Armory dies, Bitcoin dies. I applaud goatpig for committing to maintain the FOSS if the company abandons it. Someone said somewhere that goatpig is the king. I agree.
hero member
Activity: 547
Merit: 500
Decor in numeris
I agree that this may be unduely paranoid...
I don't see how you're being unduly paranoid.

Maybe I'm not.  But perhaps I am being inconsistently paranoid, since I am willing to run a precompiled Armory - anything could be sneaked into it, in principle. 
Quote
Since Trezor's firmware is open source, people can audit that ...
The point is, I can't.  How can I know that the firmware on the device is the same as on github. 
staff
Activity: 3458
Merit: 6793
Just writing some code
I agree that this may be unduely paranoid...
I don't see how you're being unduly paranoid. It's a hardware device and you don't really know what's inside of it. Unless you open up the hardware and look into it (which 99% of the users who claim its trustworthy never do), you are trusting the manufacturer that built this thing.

Worse, you connect this hardware to your online computer via USB! The risks of USB are widely known and have been discussed on this Armory forum before. Again, they say this is fine because the thing inside the hardware that stores the private key is supposed to be isolated. But again, unless you open the hardware (which nobody does in practice), you are trusting the manufacturer.

I still can't understand why people trust this thing. I just don't get it. What am I missing?
In computers, firmware is required to make hardware actually function. While the hardware does whatever it needs to do, it needs firmware in order to actually perform instructions. Since Trezor's firmware is open source, people can audit that to determine that there is no hardware or any part of the software that can compromise their keys (besides bad hardware and hardware based attacks). Even if such hardware was inside a Trezor which could reveal your private keys to SatoshiLabs, the firmware for it would not exist on the device so that hardware does nothing.

Another things is that the people in the company are known and trusted (e.g. slush). The company is registered so if there is a problem with them stealing keys from Trezor's, then users can sue the company and bring about legal action against them.

Disclaimer: I neither trust nor distrust Trezors or hardware wallets. I don't use commercial ones, or any at all. I plan on rolling my own with a raspberry pi at some point.
pf
full member
Activity: 176
Merit: 105
I agree that this may be unduely paranoid...
I don't see how you're being unduly paranoid. It's a hardware device and you don't really know what's inside of it. Unless you open up the hardware and look into it (which 99% of the users who claim its trustworthy never do), you are trusting the manufacturer that built this thing.

Worse, you connect this hardware to your online computer via USB! The risks of USB are widely known and have been discussed on this Armory forum before. Again, they say this is fine because the thing inside the hardware that stores the private key is supposed to be isolated. But again, unless you open the hardware (which nobody does in practice), you are trusting the manufacturer.

I still can't understand why people trust this thing. I just don't get it. What am I missing?
hero member
Activity: 547
Merit: 500
Decor in numeris
I am aware of the code signing.  But if somebody at Satoshilabs sneaks in such a line, it is pretty impossible to detect.

I agree that this may be unduely paranoid, and presumably, they have QA procedures that makes it impossible to do in practise.
And I am seriously considering buying a Trezor.  It is, in my opinion, a very good idea to offload the signing to specialized hardware. The really paranoid can probably make it part of a 2-of-2 multisig wallet.  Smiley


legendary
Activity: 1806
Merit: 1164
Trezor is also open source. All Trezor does is keep your private keys offline and sign transactions. Both Electrum and Multibit HD are lite wallets. Electrum has the option of cold storage using two computers like Armory, or you can use Trezor or Ledger with Electrum to sign.

Indeed.  But how do I know for sure that nobody modified the firmware on the trezor.  For example somthing like this:
Code:
privkey = SHA256(privkey & 0x000FFFFFFFFF);  // Leave only 36 bits of entropy
that will be exceedingly difficult to detect, but the culprit could harvest all Trezor wallets a year later.

Yes, I know, the same could be done in the precompiled binary of a wallet.  At least in Armory, I could generate the keys by shuffling a deck of cards.

But I am probably being unduly paranoid.


Read the FAQ or user manual:

Quote
Official TREZOR firmware is signed by the SatoshiLabs master key. Installing unofficial firmware on the TREZOR is possible, but doing so will wipe the device storage and TREZOR will show a warning every time it starts. Reprogramming the bootloader is impossible, because all TREZORs ship with their secure programming fuse blown.

If you have a specific question not answered in the manual slush is usually pretty quick to respond to posts on the Trezor subreddit.
hero member
Activity: 547
Merit: 500
Decor in numeris
Trezor is also open source. All Trezor does is keep your private keys offline and sign transactions. Both Electrum and Multibit HD are lite wallets. Electrum has the option of cold storage using two computers like Armory, or you can use Trezor or Ledger with Electrum to sign.

Indeed.  But how do I know for sure that nobody modified the firmware on the trezor.  For example somthing like this:
Code:
privkey = SHA256(privkey & 0x000FFFFFFFFF);  // Leave only 36 bits of entropy
that will be exceedingly difficult to detect, but the culprit could harvest all Trezor wallets a year later.

Yes, I know, the same could be done in the precompiled binary of a wallet.  At least in Armory, I could generate the keys by shuffling a deck of cards.

But I am probably being unduly paranoid.
legendary
Activity: 1806
Merit: 1164
Trezor does not work on iPhone. They refuse to pay licensing fees to Apple I think. I would never keep private keys for more than a few bitcoin on an insecure device like a phone. You could just use Trezor with your laptop while on vacation. Trezor works with OS X 10.8 or better just not on iPhone.
I'm just wondering why I should trust a Trezor, as I trust Armory. With Armory, it's software on GitHub that I compile. With Trezor, it's hardware and I have no idea what they put into the hardware and I don't know much about hardware. So I'm kind of scared of it.

Are there any software alternatives to Armory that use SPV (so I don't have to carry the blockchain with me) but also have determinstic wallets (for one backup only)?

Trezor is also open source. All Trezor does is keep your private keys offline and sign transactions. Both Electrum and Multibit HD are lite wallets. Electrum has the option of cold storage using two computers like Armory, or you can use Trezor or Ledger with Electrum to sign.
hero member
Activity: 547
Merit: 500
Decor in numeris
I'm just wondering why I should trust a Trezor, as I trust Armory. With Armory, it's software on GitHub that I compile. With Trezor, it's hardware and I have no idea what they put into the hardware and I don't know much about hardware. So I'm kind of scared of it.
I share your feeling. I suspect that we are wrong, but I feel the same way Smiley
Quote
Are there any software alternatives to Armory that use SPV (so I don't have to carry the blockchain with me) but also have determinstic wallets (for one backup only)?
Electrum.  It even has offline storage like Armory, but is badly missing n-of-m backups, and probably several other Armory features.

hero member
Activity: 547
Merit: 500
Decor in numeris
What I would do would be to make a secondary wallet somewhere, e.g. an SPV wallet, an Electrum wallet or something like that.  Bring that wallet with you on your trip (or encrypt it and drop it in dropbox - that is not good security, but odds are that you will never use the wallet).  Make and sign a transaction moving money from Armory to the new wallet, but do not broadcast it.  You can even sign multiple transactions of different sizes, although you may not be able to use more than one of them if they use the same inputs.  Encrypt the transactions, leave them on dropbox.   Write down the first address of the Electrum wallet, and an empty address of your Armory wallet. 

If you need to access your BTC on your trip, download the Electrum wallet.  Check that the bitcoin address is as expected.  Decrypt the selected armory transaction and broadcast it using blockchain.info or another such online tool.  When your money appears in the Electrum wallet, spend the part that needs spending, and return the rest to the Armory address you brought along.

Important:  Before leaving, try this out at least once.  Mistakes can potentially be expensive Smiley
pf
full member
Activity: 176
Merit: 105
Trezor does not work on iPhone. They refuse to pay licensing fees to Apple I think. I would never keep private keys for more than a few bitcoin on an insecure device like a phone. You could just use Trezor with your laptop while on vacation. Trezor works with OS X 10.8 or better just not on iPhone.
I'm just wondering why I should trust a Trezor, as I trust Armory. With Armory, it's software on GitHub that I compile. With Trezor, it's hardware and I have no idea what they put into the hardware and I don't know much about hardware. So I'm kind of scared of it.

Are there any software alternatives to Armory that use SPV (so I don't have to carry the blockchain with me) but also have determinstic wallets (for one backup only)?
legendary
Activity: 1806
Merit: 1164
I'm going to South America soon on a vacation without access to fast internet and I'll only take my smartphone with me.

If, in the unlikely scenario that the bitcoin price rallies to $10k or $20k, I want to be able to do this:

  • Run to a store, buy two laptops. One offline and one online. Open up the offline computer, remove the wifi chip.
  • On the online laptop, download my encrypted Armory wallet from DropBox. Burn the encrypted wallet, as well as Armory, on a CD and bring it to the offline computer.
  • Using the normal Armory methodology, broadcast a transaction to send some of my bitcoins to my exchange account so I can sell them, without having to download the whole blockchain on the online computer (because that could take months on the slow internet).

Does Armory allow me to do this somehow?

Why are you going to this hassle for a low probability event? Get a Trezor and set up with online myTrezor.com and transfer bitcoin sufficient for your vacation to your Trezor. If you have a late model Android phone with OTG ability you can download Mycelium on your phone and use Trezor to sign transactions. Armory cold storage is not the only secure way to store and spend bitcoin, just the most private right now. If you choose DHL shipping when you order a Trezor you will have it in two or three days.

What about this:

  • Create a new Breadwallet wallet on my iPhone.
  • Put the recovery seed (12 words) on Dropbox, in a file encrypted with a password.
  • Transfer the bitcoins I'd want to sell onto this wallet.
  • Reset the Breadwallet app and go to South America.
  • If that unlikely event occurs, just reset the Breadwallet with the seed on Dropbox, transfer them to the exchange and sell them.

How does this method compare with yours, in your opinion? (I'm just trying to avoid buying extra devices. Already have an iPhone. Update: I just realized my original method involved buying two laptops LOL. Anyway. I'm kinda liking my Breadwallet idea now. Looking forward to critiques.)

Trezor does not work on iPhone. They refuse to pay licensing fees to Apple I think. I would never keep private keys for more than a few bitcoin on an insecure device like a phone. You could just use Trezor with your laptop while on vacation. Trezor works with OS X 10.8 or better just not on iPhone.
legendary
Activity: 1806
Merit: 1164
I'm going to South America soon on a vacation without access to fast internet and I'll only take my smartphone with me.

If, in the unlikely scenario that the bitcoin price rallies to $10k or $20k, I want to be able to do this:

  • Run to a store, buy two laptops. One offline and one online. Open up the offline computer, remove the wifi chip.
  • On the online laptop, download my encrypted Armory wallet from DropBox. Burn the encrypted wallet, as well as Armory, on a CD and bring it to the offline computer.
  • Using the normal Armory methodology, broadcast a transaction to send some of my bitcoins to my exchange account so I can sell them, without having to download the whole blockchain on the online computer (because that could take months on the slow internet).

Does Armory allow me to do this somehow?

Why are you going to this hassle for a low probability event? Get a Trezor and set up with online myTrezor.com and transfer bitcoin sufficient for your vacation to your Trezor. If you have a late model Android phone with OTG ability you can download Mycelium on your phone and use Trezor to sign transactions. Armory cold storage is not the only secure way to store and spend bitcoin, just the most private right now. If you choose DHL shipping when you order a Trezor you will have it in two or three days.
legendary
Activity: 3738
Merit: 1360
Armory Developer
Yeah exactly. But I'm curious, even if I had 1of1 on Dropbox and I had a good password plus aggressive 128 MB memory use, would I really have to worry about brute force attacks?

No you wouldn't but it still is bad practice. Too few people understand what a "good" password is.

Don't forget that expect people besides you to read this answer. It is important to always point out proper practice when possible.

Quote
Can you elaborate on this? Not sure what you mean.

Say you have outputs A, B, C. You go in an area with low connectivity, so you can't afford to update your blockchain. You will have to spend blind. You know A, B and C are valid, and choose to spend A. You create the tx, sign and broadcast, but Armory won't know those coins where spent unless it sees the ZC. It will thus let you spend A again, but the network will reject new transaction, since it will be a double spend.

It will be upon you to keep track of which outputs are still valid, and keep in mind you won't be able to spend the change (unless you somehow manage to update your blockchain). Maybe you'd want to break down some of your holdings into smaller outputs for the sake of avoiding change lockups.

One thing you can try is to broadcast the tx from Armory as well. It should send it to Core and back, and Armory would know of the ZC, which would let you spend change if your tx was not messed with by malleability bots.

I suggest you test this stuff before traveling, so that you are prepared.
pf
full member
Activity: 176
Merit: 105
Quote from: goatpig
I hope you don't keep a 1 of 1 on DropBox... You should carry a fragment with you and keep a fragment on the cloud, that's a lot safer.
Yeah exactly. But I'm curious, even if I had 1of1 on Dropbox and I had a good password plus aggressive 128 MB memory use, would I really have to worry about brute force attacks? Doesn't seem to be worth it for anyone if the wallet contains even as much as 1 million dollars.

Quote from: goatpig
If you know which of your outputs are not spent, you don't actually need to update your blockchain copy, just spend blindly...
Can you elaborate on this? Not sure what you mean.
legendary
Activity: 3738
Merit: 1360
Armory Developer
Quote
On the online laptop, download my encrypted Armory wallet from DropBox

I hope you don't keep a 1 of 1 on DropBox... You should carry a fragment with you and keep a fragment on the cloud, that's a lot safer.

Quote
without having to download the whole blockchain on the online computer (because that could take months on the slow internet).

Carry what you got of the blockchain with you. Essentially make a copy of your blockchain + ArmoryDB folder on an external drive. If you know which of your outputs are not spent, you don't actually need to update your blockchain copy, just spend blindly (start Core with no connectivity, start Armory, it won't know the better). The rest should be straight forward.
pf
full member
Activity: 176
Merit: 105
I'm going to South America soon on a vacation without access to fast internet and I'll only take my smartphone with me.

If, in the unlikely scenario that the bitcoin price rallies to $10k or $20k, I want to be able to do this:

  • Run to a store, buy two laptops. One offline and one online. Open up the offline computer, remove the wifi chip.
  • On the online laptop, download my encrypted Armory wallet from DropBox. Burn the encrypted wallet, as well as Armory, on a CD and bring it to the offline computer.
  • Using the normal Armory methodology, broadcast a transaction to send some of my bitcoins to my exchange account so I can sell them, without having to download the whole blockchain on the online computer (because that could take months on the slow internet).

Does Armory allow me to do this somehow?
Jump to: