Pages:
Author

Topic: Moneychanger (Windows Builds) - Out of Date! - page 8. (Read 59483 times)

legendary
Activity: 1222
Merit: 1016
Live and Let Live
Updated Windows Builds!  Shocked Shocked Shocked Shocked

Now Compiling with Unicode; also updated to latest ChaiScript and ZeroMQ versions.
legendary
Activity: 1222
Merit: 1016
Live and Let Live
My Branch of Open Transactions now has Automake support!

https://github.com/da2ce7/Open-Transactions/blob/master/Makefile.am
legendary
Activity: 1222
Merit: 1016
Live and Let Live
The builds are out of date... Will be uploading new ones soon!


Updated Builds... Hope they work better this time!
legendary
Activity: 1222
Merit: 1016
Live and Let Live
The builds are out of date... Will be uploading new ones soon!
legendary
Activity: 1222
Merit: 1016
Live and Let Live
(da2ce7, FYI, this is why the picture path is stored in OT settings instead of generic Java settings...)

Yes... The Java Generic Settings only stores IF a password image has been set... not what image it is.
sr. member
Activity: 440
Merit: 251
A hacker trying to impersonate your passphrase dialog will be very unlikely to guess the exact goat picture that you chose for yours, and thus will be unable to trick you into entering your passphrase into an imposter dialog. Without this security precaution, the hacker could make a fake dialog that would look correct to thousands of people.  But WITH this security precaution, the hacker would have to guess the individual password image used by each and every one of those thousands of people (and it's extremely unlikely that he could do that...) When his fake dialog pops up, any near-victim would immediately see that it's the wrong dialog, since it does not feature the unique password image that person chose when he first installed OT.

I hope that clears it up.  I'm sure da2ce7 will contact you soon to help figure out the issue you are having.

What's stopping the hacker's software from reading your settings file for OT and finding out what password picture it uses?

I've seen this technique on yahoo mail before, where the attacker has to put up a fairly generic webpage and doesn't have access to your password picture.  But if the hacker already planted software on your system, I would think it has access to everything it needs to impersonate the dialog.

The OT settings file isn't encrypted yet, but I'm storing the picture file location inside the settings file, so that when the day comes that the settings ARE encrypted, the location will be safe in there as well.

(da2ce7, FYI, this is why the picture path is stored in OT settings instead of generic Java settings...)

As for a compromised system, I agree there's not much you can do about that, except try to practice better security.

I do, however, believe that as a result of that, things are going to have to move towards smart cards.

-FT
legendary
Activity: 1428
Merit: 1093
Core Armory Developer
A hacker trying to impersonate your passphrase dialog will be very unlikely to guess the exact goat picture that you chose for yours, and thus will be unable to trick you into entering your passphrase into an imposter dialog. Without this security precaution, the hacker could make a fake dialog that would look correct to thousands of people.  But WITH this security precaution, the hacker would have to guess the individual password image used by each and every one of those thousands of people (and it's extremely unlikely that he could do that...) When his fake dialog pops up, any near-victim would immediately see that it's the wrong dialog, since it does not feature the unique password image that person chose when he first installed OT.

I hope that clears it up.  I'm sure da2ce7 will contact you soon to help figure out the issue you are having.

What's stopping the hacker's software from reading your settings file for OT and finding out what password picture it uses?

I've seen this technique on yahoo mail before, where the attacker has to put up a fairly generic webpage and doesn't have access to your password picture.  But if the hacker already planted software on your system, I would think it has access to everything it needs to impersonate the dialog.
newbie
Activity: 25
Merit: 0
That's pretty clever, I just wish I could actually run this thing.
OT server seems to run fine, but MoneyChanger doesn't yet.
sr. member
Activity: 440
Merit: 251
Ok I had everything right except for the password image file i think that one just didn't and still doesn't make much sense to me.

Imagine that you are performing a financial transaction.

For example, perhaps you are sending 100,000 grams of gold to Alice.

When you initiate such a transaction, a PASSWORD DIALOG will pop up on your screen. It might say, "Are you SURE you want to send 100,000 grams of gold to Alice? If so, enter your passphrase: "

NOW: How do you know FOR SURE that this is really your password dialog? How do you know it's not some FAKE DIALOG that a HACKER created, so he could TRICK you into entering your passphrase?

Because eventually when OT has a real install process, part of that process will force you to choose a PASSWORD IMAGE -- one of your own choosing. Perhaps you selected a picture of a goat that was dear to you in your childhood. Every time the passphrase dialog pops up, for you to enter your passphrase, that goat picture will appear on the dialog.

A hacker trying to impersonate your passphrase dialog will be very unlikely to guess the exact goat picture that you chose for yours, and thus will be unable to trick you into entering your passphrase into an imposter dialog. Without this security precaution, the hacker could make a fake dialog that would look correct to thousands of people.  But WITH this security precaution, the hacker would have to guess the individual password image used by each and every one of those thousands of people (and it's extremely unlikely that he could do that...) When his fake dialog pops up, any near-victim would immediately see that it's the wrong dialog, since it does not feature the unique password image that person chose when he first installed OT.

I hope that clears it up.  I'm sure da2ce7 will contact you soon to help figure out the issue you are having.
newbie
Activity: 25
Merit: 0
Ok I had everything right except for the password image file i think that one just didn't and still doesn't make much sense to me.
These are the errors I get:

com.moneychanger.ui.Load$LoadNativeDependenciesFailedException: java.lang.UnsatisfiedLinkError: C:\Users\psiborg\Downloads\Moneychanger-Win-24042012\moneychanger\Win32\Release\otlib.dll: The operating system cannot run %1
com.moneychanger.ui.Load$LoadFailedException: com.moneychanger.ui.Load$LoadNativeDependenciesFailedException: java.lang.UnsatisfiedLinkError: C:\Users\psiborg\Downloads\Moneychanger-Win-24042012\moneychanger\Win32\Release\otlib.dll: The operating system cannot run %1

Any ideas what's going on?
legendary
Activity: 1222
Merit: 1016
Live and Let Live
I've been fudging around with this, but i have no idea what i need to tall moneychanger. What paths does it want? what is a password image file?
This is definitely nothing like an installer-ready build.
Doesn't work for me jet.

In the 'Java Paths' field you need to select where Java is going to look for the native libraries that contain all of the OT functions.

On Windows 32bit you should select:  ./Win32/Release/
On Windows 64bit you should select:  ./x64/Release/


The 'Password Image File' is a .png or .jpg file that you want stored in your OT local storage for your password image.  A password image is a file that loads up, unique to you, so you don't supply a password to the wrong dialogue by mistake.
Just select any Image file that you wish.

You will also need to copy the '.ot' directory to:  ./AppData/Roaming/  in the root of your user directory... Normal: C:\Users\(username)\


You will need to install the 32bit and 64bit version of java:
http://www.java.com/en/download/manual.jsp


As well as the Microsoft Visual C++ 2010 SP1 Libaries:
Win32: http://www.microsoft.com/download/en/details.aspx?id=8328
x64: http://www.microsoft.com/download/en/details.aspx?id=13523
newbie
Activity: 25
Merit: 0
I've been fudging around with this, but i have no idea what i need to tall moneychanger. What paths does it want? what is a password image file?
This is definitely nothing like an installer-ready build.
Doesn't work for me jet.
sr. member
Activity: 440
Merit: 251

Have tried making a simple All-In-One package for those who want to just try-out moneychanger on windows:

https://github.com/downloads/da2ce7/Moneychanger/Moneychanger-Win-24042012.7z

Please give me your comments!

I just wanted to point out, this is the final step before having an actual Windows install program.

da2ce7's package doesn't actually install software, but it does come with all the necessary components pre-built, so you don't have to compile anything at all, just copy some DLLs and you are ready to run.

I understand this version comes with working builds of the OT localhost Server as well as the Moneychanger test GUI, meaning that you should be able to actually run the server right there on your Windows box, and then pop up the client, and play around with cheques, cash, etc.

It's a pretty momentous day! We're getting closer and closer to click-of-the-button installs. I hope that many of you are able to download the package and play around with it, so da2ce7 can get the feedback he needs to refine it.

-FT
legendary
Activity: 1222
Merit: 1016
Live and Let Live
New OT Build for Windows.  Both Win32 and x64 this time!


Updated the Moneychanger Build.


Have tried making a simple All-In-One package for those who want to just try-out moneychanger on windows:

https://github.com/downloads/da2ce7/Moneychanger/Moneychanger-Win-24042012.7z


Please give me your comments!
legendary
Activity: 1222
Merit: 1016
Live and Let Live
Updated the Moneychanger Build.

I've decided to include both the Old and New packages in one archive this time.
legendary
Activity: 1222
Merit: 1016
Live and Let Live
New OT Build for Windows.  Both Win32 and x64 this time!

I have included the OpenSSL DLL's this time to make things a bit easier.
Next build I'm going to be upgrading my OpenSSL packages to 1.0.1a Smiley

New Moneychanger Builds incoming soon also!
legendary
Activity: 3431
Merit: 1233
To sub or not to sub? That's the question.  Cheesy
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
Is Open Transactions really a topic for Bitcoin "Alternative clients"?  Though I can't think of a more appropriate forum and I suppose technically the OT server could be considered a Bitcoin client?

Actually it is the OT java test client, Moneychanger, that could be considered a lite-weight bitcoin client/wallet ...
sr. member
Activity: 440
Merit: 251
Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)
http://www.microsoft.com/download/en/details.aspx?id=8328
and
Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)
http://www.microsoft.com/download/en/details.aspx?id=13523

(I have no idea why microsoft dosn't ship them with windows, but anyway...)

3.  You needed to have OpenSSL installed... however, with my new builds I'll ship the OpenSSL DLL's with it.

On Windows, it's our responsibility to ship the redistributable package that our software is built for, the same way that you are planning to add OpenSSL DLLs to future builds.

At some point soon we will have a "RoboInstall" project (or similar tool) for creating the Windows install, and that project will have the OpenSSL DLLs, the Windows redistributables, etc. All of that will build into a single install .exe and when that time comes, there will probably be a lot more people "kicking the tires" so I'm happy if that comes together slowly because it's been giving us time to test, debug, and strengthen the software. The testers we already have, have definitely kept my hands full for the past couple of months.
legendary
Activity: 1222
Merit: 1016
Live and Let Live
New Builds. Smiley
Pages:
Jump to: