Pages:
Author

Topic: Mycelium Bitcoin Wallet - page 101. (Read 586368 times)

Jan
legendary
Activity: 1043
Merit: 1002
March 03, 2014, 11:30:35 AM
That's good, I never considered how much security 15 Alphabetic characters could give. Thanks for testing that.
Nore that  this is not a generic result that can be applied anywhere. It requires that the password is random (read not human generated) and scrypt (or something similar) is applied.
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
March 03, 2014, 11:26:05 AM
That's good, I never considered how much security 15 Alphabetic characters could give. Thanks for testing that.
hero member
Activity: 668
Merit: 501
March 03, 2014, 11:17:18 AM
Security question here: I store my backup online, but the 15 character password locally. If someone were to get ahold of my encrypted backup, how quickly could they bruteforce it? With 26 characters to choose from, there is 26^15 possibilities, but how long does it take to test each one?

I just measured it using this program:
Code:
@Test
   @Ignore
   public void testSpeed() throws InterruptedException {
      long start = System.currentTimeMillis();
      int tries = 1000;
      for (int i = 0; i < tries; i++) {
         KdfParameters params = new KdfParameters("123" + i, TEST_SALT_1, MrdExport.V1.DEFAULT_SCRYPT_N, MrdExport.V1.DEFAULT_SCRYPT_R, MrdExport.V1.DEFAULT_SCRYPT_P);
         EncryptionParameters.generate(params);
      }

      double duration = (System.currentTimeMillis() - start)/1000.0;
      System.out.println("duration:" + duration+" s");
      double speed = (double) tries / duration;
      double secondperTry = 1/speed;

      System.out.println("secondperTry "+ secondperTry+" / s ");
   }

output:
Code:
duration:104.771 s
secondperTry 0.10477099999999999 / s

i ran it with -server VM in sun JDK

so it does about 10 tries/second under near-optimal conditions on a fast CPU. (i7 4770K) in single-thread mode, with JIT compiler.

this means a single core takes 390 times the age of the universe to crack a single backup. when you speed that up to graphics cards, asics if becomes shorter but still outside human lifespans.
Jan
legendary
Activity: 1043
Merit: 1002
March 03, 2014, 10:55:41 AM
Security question here: I store my backup online, but the 15 character password locally. If someone were to get ahold of my encrypted backup, how quickly could they bruteforce it? With 26 characters to choose from, there is 26^15 possibilities, but how long does it take to test each one?
About 1 million years if they use 1 million of today's desktop computers to brute force it.
More info here:
http://www.mycelium.com/wallet/FAQ.html#q020
http://www.mycelium.com/wallet/FAQ.html#q021
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
March 03, 2014, 10:27:31 AM
Security question here: I store my backup online, but the 15 character password locally. If someone were to get ahold of my encrypted backup, how quickly could they bruteforce it? With 26 characters to choose from, there is 26^15 possibilities, but how long does it take to test each one?
newbie
Activity: 42
Merit: 0
March 02, 2014, 05:34:47 PM
Has anyone managed to fork Mycelium for another alt coin yet.  I am looking at a SHA256 coin similar characteristics to Bitcoin just faster confirmation rate and larger block size. I need Bip38 support to import coins so MyCelium looked like a good place to start.  If anyone has some experience in doing this and knows whats required I would appreciate it. 
ffe
sr. member
Activity: 308
Merit: 250
March 02, 2014, 03:31:33 PM
at worst can break and make your wallet stop working

Well, to play devil's advocate, at WORST it can be maliciously made to misreport balances.  That's where the trust comes in, that the blockchain reporting to mycelium is the same blockchain everyone else is working with.



Yes of course, but in the same breath you should mention that the moment you suspect something you can check your public keys on https://blockchain.info and get a correct balance from them. In no way can the Mycelium server modify your balance on the block chain.

The real trust is that the code on your phone is honest since that holds your private keys and momentarily sees your paper wallet keys. That, however is verifiable since the code is published.
hero member
Activity: 742
Merit: 500
March 02, 2014, 11:37:20 AM
at worst can break and make your wallet stop working

Well, to play devil's advocate, at WORST it can be maliciously made to misreport balances.  That's where the trust comes in, that the blockchain reporting to mycelium is the same blockchain everyone else is working with.

legendary
Activity: 1680
Merit: 1035
March 02, 2014, 01:27:02 AM
why does the bitcoin wallet page saying using mycellium relies on the trust of a third party?

aren't the private keys controlled locally on the app? i.e. no trust in a third party involved

Yes, the keys are controlled by the wallet locally on the app. The third party here is the Mycelium servers that store the blockchain these wallets rely on. The only thing our "third party" does is fetch your wallet's balances, broadcasts your wallet's transactions, and some other minor administrative stuff. It doesn't control your keys in any way, and at worst can break and make your wallet stop working, in which case you would just move your keys to a different wallet.
newbie
Activity: 48
Merit: 0
March 02, 2014, 01:19:26 AM
why does the bitcoin wallet page saying using mycellium relies on the trust of a third party?

aren't the private keys controlled locally on the app? i.e. no trust in a third party involved
legendary
Activity: 1680
Merit: 1035
March 01, 2014, 02:09:22 PM
Another week, another feature description. This time one of our newest features: Message Signing!



First, make sure that Expert Mode is enabled in Advanced Settings.

Swipe to the left for a list of your addresses, select the address you wish to sign with, which will change the top bar to blue, click the dropdown menu, and select Sign Message.




Type in the message you wish to sign, and press the Sign Message button.



Your text will be signed, and you will get two options, Copy Signature to Clipboard and Share Text + Signature



The first option copies just the signature into your clipboard. You can use this if you just need to submit the signature by itself to a text challenge screen, such as to register on #bitcoin-otc channel.

The second option will share the text, address, and signature all bundled together in a format similar to PGP. For instance, in the example above, the shared result will look like this:

Quote
-----BEGIN BITCOIN SIGNED MESSAGE-----
Hello world!
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: 1Rassahgt3XSxKVJ62oSrQJxtH3wk4MKX

G50n39XFHXTYb4NRlzORTiKmsznIidz/s1gFZpXi8w/vEYapVLYbiTFloObeWHcslRedioAXVHB6Ckihs/p4Nns=
-----END BITCOIN SIGNATURE-----



As for updates, besides the new version 1.1.10 just being rolled out, our developers (Jan and Andreas) are still working hard on Local Trader. We plan on getting the Testnet version out by Wednesday of this week, just in time for the Bitcoin Conference in Austin, TX. I'll be there, so feel free to grab me for a demo. The thing we're working on now is push notifications for the trader, which will alert you when you have a pending or accepted trade even while Mycelium is not running. I know some of you have asked for notifications for when you receive payments (because it's always great to hear the Ka-Ching! of incoming money Grin), and this will be the first step towards implementing that. Or rather will make adding that feature much easier.
hero member
Activity: 668
Merit: 501
March 01, 2014, 01:18:10 PM
I would like to make a simple feature request, if it's not already available (I was not able to find it): give the possibility to copy to the clipboard a public key in the address book or in the wallet.

Use case is when I'm chatting with someone or browsing a site requesting an address to make a payment I would be able to choose one of my addresses and give it to them.

Keep up the excellent work!
When you press receive you can copy your address to clipboard
hero member
Activity: 731
Merit: 503
Libertas a calumnia
March 01, 2014, 12:18:21 PM
I would like to make a simple feature request, if it's not already available (I was not able to find it): give the possibility to copy to the clipboard a public key in the address book or in the wallet.

Use case is when I'm chatting with someone or browsing a site requesting an address to make a payment I would be able to choose one of my addresses and give it to them.

Keep up the excellent work!
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
March 01, 2014, 06:34:00 AM
I see the latest version dropped the "Avg." pricing info. Would it be a big thing to bring it back?
Jan
legendary
Activity: 1043
Merit: 1002
March 01, 2014, 04:46:47 AM
Can someone walk me through message signing? The website says 'go to keys tab' which I have done, but don't see anything there about signing a message. I'd like to update the Just-Dice ticket system with this option for signing.

Thanks in advance,
Deb

It appears I don't have the latest version though it says there are no updates available. I will keep trying to update and hope that it is simple to work out once I do.



The update check does not work properly right now. We'll fix it next week.
You can get the latest version from Google Play or mycelium.com
member
Activity: 61
Merit: 10
February 28, 2014, 05:20:15 PM
Tap one of the Bitcoin keys, and then hit the menu key.
member
Activity: 102
Merit: 10
February 28, 2014, 05:11:20 PM
Can someone walk me through message signing? The website says 'go to keys tab' which I have done, but don't see anything there about signing a message. I'd like to update the Just-Dice ticket system with this option for signing.

Thanks in advance,
Deb

It appears I don't have the latest version though it says there are no updates available. I will keep trying to update and hope that it is simple to work out once I do.

hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
February 28, 2014, 04:34:13 PM
rollout is 100%
Sweet! Great job on message signing BTW.
Jan
legendary
Activity: 1043
Merit: 1002
February 28, 2014, 11:10:29 AM
rollout is 100%
member
Activity: 98
Merit: 10
February 28, 2014, 05:59:23 AM

v1.1.10  published.

(changes from 1.1.6)
*) message signing (go to Keys tab)
*) Hebrew, French, Korean, Polish translation
*) canonical S-values in signatures.
*) improved handing of exchange rates
*) remove Mtgox
*) added Kraken, Bitpay, Coinbase
*) new high-res launcher icons



Published to github or to google play store?  When I go to Settings -> Check for Update  it says I'm up to date on v1.1.6.  Do we have to independently compile and install to get these updates?  When will they be released to Google Play?

The rollout is staged. For now it is 5% and if everything goes well (and it should as we have tested extensively) it will be 100% tomorrow. On top of that it always takes one or two hours from when you publish something on Google Play until it is available.
If you are eager you can join the Google+ group Mycelium Beta Testers. New features are available to testers early on.


Thanks a lot! I couldn't found it by myself! Luckily I was not the only one who couldn't found it   Smiley
Pages:
Jump to: