That's good, I never considered how much security 15 Alphabetic characters could give. Thanks for testing that.
Nore that this is not a generic result that can be applied anywhere. It requires that the password is random (read not human generated) and scrypt (or something similar) is applied. 
Topic: Mycelium Bitcoin Wallet - page 101. (Read 586242 times)
That's good, I never considered how much security 15 Alphabetic characters could give. Thanks for testing that.
Security question here: I store my backup online, but the 15 character password locally. If someone were to get ahold of my encrypted backup, how quickly could they bruteforce it? With 26 characters to choose from, there is 26^15 possibilities, but how long does it take to test each one?
I just measured it using this program:
Code:
@Test
@Ignore
public void testSpeed() throws InterruptedException {
long start = System.currentTimeMillis();
int tries = 1000;
for (int i = 0; i < tries; i++) {
KdfParameters params = new KdfParameters("123" + i, TEST_SALT_1, MrdExport.V1.DEFAULT_SCRYPT_N, MrdExport.V1.DEFAULT_SCRYPT_R, MrdExport.V1.DEFAULT_SCRYPT_P);
EncryptionParameters.generate(params);
}
double duration = (System.currentTimeMillis() - start)/1000.0;
System.out.println("duration:" + duration+" s");
double speed = (double) tries / duration;
double secondperTry = 1/speed;
System.out.println("secondperTry "+ secondperTry+" / s ");
}
output:
Code:
duration:104.771 s
secondperTry 0.10477099999999999 / s
i ran it with -server VM in sun JDK
so it does about 10 tries/second under near-optimal conditions on a fast CPU. (i7 4770K) in single-thread mode, with JIT compiler.
this means a single core takes 390 times the age of the universe to crack a single backup. when you speed that up to graphics cards, asics if becomes shorter but still outside human lifespans.
Security question here: I store my backup online, but the 15 character password locally. If someone were to get ahold of my encrypted backup, how quickly could they bruteforce it? With 26 characters to choose from, there is 26^15 possibilities, but how long does it take to test each one?
About 1 million years if they use 1 million of today's desktop computers to brute force it.More info here:
http://www.mycelium.com/wallet/FAQ.html#q020
http://www.mycelium.com/wallet/FAQ.html#q021
Security question here: I store my backup online, but the 15 character password locally. If someone were to get ahold of my encrypted backup, how quickly could they bruteforce it? With 26 characters to choose from, there is 26^15 possibilities, but how long does it take to test each one?
Has anyone managed to fork Mycelium for another alt coin yet. I am looking at a SHA256 coin similar characteristics to Bitcoin just faster confirmation rate and larger block size. I need Bip38 support to import coins so MyCelium looked like a good place to start. If anyone has some experience in doing this and knows whats required I would appreciate it.
at worst can break and make your wallet stop working
Well, to play devil's advocate, at WORST it can be maliciously made to misreport balances. That's where the trust comes in, that the blockchain reporting to mycelium is the same blockchain everyone else is working with.
Yes of course, but in the same breath you should mention that the moment you suspect something you can check your public keys on https://blockchain.info and get a correct balance from them. In no way can the Mycelium server modify your balance on the block chain.
The real trust is that the code on your phone is honest since that holds your private keys and momentarily sees your paper wallet keys. That, however is verifiable since the code is published.
at worst can break and make your wallet stop working
Well, to play devil's advocate, at WORST it can be maliciously made to misreport balances. That's where the trust comes in, that the blockchain reporting to mycelium is the same blockchain everyone else is working with.
why does the bitcoin wallet page saying using mycellium relies on the trust of a third party?
aren't the private keys controlled locally on the app? i.e. no trust in a third party involved
aren't the private keys controlled locally on the app? i.e. no trust in a third party involved
Yes, the keys are controlled by the wallet locally on the app. The third party here is the Mycelium servers that store the blockchain these wallets rely on. The only thing our "third party" does is fetch your wallet's balances, broadcasts your wallet's transactions, and some other minor administrative stuff. It doesn't control your keys in any way, and at worst can break and make your wallet stop working, in which case you would just move your keys to a different wallet.
why does the bitcoin wallet page saying using mycellium relies on the trust of a third party?
aren't the private keys controlled locally on the app? i.e. no trust in a third party involved
aren't the private keys controlled locally on the app? i.e. no trust in a third party involved
Another week, another feature description. This time one of our newest features: Message Signing!
First, make sure that Expert Mode is enabled in Advanced Settings.
Swipe to the left for a list of your addresses, select the address you wish to sign with, which will change the top bar to blue, click the dropdown menu, and select Sign Message.
Type in the message you wish to sign, and press the Sign Message button.
Your text will be signed, and you will get two options, Copy Signature to Clipboard and Share Text + Signature
The first option copies just the signature into your clipboard. You can use this if you just need to submit the signature by itself to a text challenge screen, such as to register on #bitcoin-otc channel.
The second option will share the text, address, and signature all bundled together in a format similar to PGP. For instance, in the example above, the shared result will look like this:
As for updates, besides the new version 1.1.10 just being rolled out, our developers (Jan and Andreas) are still working hard on Local Trader. We plan on getting the Testnet version out by Wednesday of this week, just in time for the Bitcoin Conference in Austin, TX. I'll be there, so feel free to grab me for a demo. The thing we're working on now is push notifications for the trader, which will alert you when you have a pending or accepted trade even while Mycelium is not running. I know some of you have asked for notifications for when you receive payments (because it's always great to hear the Ka-Ching! of incoming money
), and this will be the first step towards implementing that. Or rather will make adding that feature much easier.
First, make sure that Expert Mode is enabled in Advanced Settings.
Swipe to the left for a list of your addresses, select the address you wish to sign with, which will change the top bar to blue, click the dropdown menu, and select Sign Message.
Type in the message you wish to sign, and press the Sign Message button.
Your text will be signed, and you will get two options, Copy Signature to Clipboard and Share Text + Signature
The first option copies just the signature into your clipboard. You can use this if you just need to submit the signature by itself to a text challenge screen, such as to register on #bitcoin-otc channel.
The second option will share the text, address, and signature all bundled together in a format similar to PGP. For instance, in the example above, the shared result will look like this:
Quote
-----BEGIN BITCOIN SIGNED MESSAGE-----
Hello world!
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: 1Rassahgt3XSxKVJ62oSrQJxtH3wk4MKX
G50n39XFHXTYb4NRlzORTiKmsznIidz/s1gFZpXi8w/vEYapVLYbiTFloObeWHcslRedioAXVHB6Ckihs/p4Nns=
-----END BITCOIN SIGNATURE-----
Hello world!
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: 1Rassahgt3XSxKVJ62oSrQJxtH3wk4MKX
G50n39XFHXTYb4NRlzORTiKmsznIidz/s1gFZpXi8w/vEYapVLYbiTFloObeWHcslRedioAXVHB6Ckihs/p4Nns=
-----END BITCOIN SIGNATURE-----
As for updates, besides the new version 1.1.10 just being rolled out, our developers (Jan and Andreas) are still working hard on Local Trader. We plan on getting the Testnet version out by Wednesday of this week, just in time for the Bitcoin Conference in Austin, TX. I'll be there, so feel free to grab me for a demo. The thing we're working on now is push notifications for the trader, which will alert you when you have a pending or accepted trade even while Mycelium is not running. I know some of you have asked for notifications for when you receive payments (because it's always great to hear the Ka-Ching! of incoming money
), and this will be the first step towards implementing that. Or rather will make adding that feature much easier. I would like to make a simple feature request, if it's not already available (I was not able to find it): give the possibility to copy to the clipboard a public key in the address book or in the wallet.
Use case is when I'm chatting with someone or browsing a site requesting an address to make a payment I would be able to choose one of my addresses and give it to them.
Keep up the excellent work!
When you press receive you can copy your address to clipboard Use case is when I'm chatting with someone or browsing a site requesting an address to make a payment I would be able to choose one of my addresses and give it to them.
Keep up the excellent work!
I would like to make a simple feature request, if it's not already available (I was not able to find it): give the possibility to copy to the clipboard a public key in the address book or in the wallet.
Use case is when I'm chatting with someone or browsing a site requesting an address to make a payment I would be able to choose one of my addresses and give it to them.
Keep up the excellent work!
Use case is when I'm chatting with someone or browsing a site requesting an address to make a payment I would be able to choose one of my addresses and give it to them.
Keep up the excellent work!
I see the latest version dropped the "Avg." pricing info. Would it be a big thing to bring it back?
Can someone walk me through message signing? The website says 'go to keys tab' which I have done, but don't see anything there about signing a message. I'd like to update the Just-Dice ticket system with this option for signing.
Thanks in advance,
Deb
It appears I don't have the latest version though it says there are no updates available. I will keep trying to update and hope that it is simple to work out once I do.
Thanks in advance,
Deb
It appears I don't have the latest version though it says there are no updates available. I will keep trying to update and hope that it is simple to work out once I do.
The update check does not work properly right now. We'll fix it next week.
You can get the latest version from Google Play or mycelium.com
Tap one of the Bitcoin keys, and then hit the menu key.
Can someone walk me through message signing? The website says 'go to keys tab' which I have done, but don't see anything there about signing a message. I'd like to update the Just-Dice ticket system with this option for signing.
Thanks in advance,
Deb
It appears I don't have the latest version though it says there are no updates available. I will keep trying to update and hope that it is simple to work out once I do.
Thanks in advance,
Deb
It appears I don't have the latest version though it says there are no updates available. I will keep trying to update and hope that it is simple to work out once I do.
rollout is 100%
Sweet! Great job on message signing BTW.
rollout is 100%
v1.1.10 published.
(changes from 1.1.6)
*) message signing (go to Keys tab)
*) Hebrew, French, Korean, Polish translation
*) canonical S-values in signatures.
*) improved handing of exchange rates
*) remove Mtgox
*) added Kraken, Bitpay, Coinbase
*) new high-res launcher icons
Published to github or to google play store? When I go to Settings -> Check for Update it says I'm up to date on v1.1.6. Do we have to independently compile and install to get these updates? When will they be released to Google Play?
The rollout is staged. For now it is 5% and if everything goes well (and it should as we have tested extensively) it will be 100% tomorrow. On top of that it always takes one or two hours from when you publish something on Google Play until it is available.
If you are eager you can join the Google+ group Mycelium Beta Testers. New features are available to testers early on.
Thanks a lot! I couldn't found it by myself! Luckily I was not the only one who couldn't found it
Jump to: