Topic: Mycelium Bitcoin Wallet - page 113. (Read 586242 times)

There is still the private key export function in the menu of the keys view. Thus exported keys are not encrypted. There is also the reverse function, key import, activated by the new key icon.

So, now there is no way to see the private key in Mycellium? Although that might be good for security - it prevents using the same backup method used for non-mycellium generated keys.

How can I see the private key from the backup? Do I have to download some Mycellium code from GitHub and compile it on my offline computer?

Do you think CyanogenMod is trustworthy? Because I think too that is a good idea to keep a dedicated device to Bitcoin apps.
I have a second Galaxy S that I'd like to use just for this (maybe buy a cheaper smartphone later), and I'd like to install CyanogenMod mod on it.

Michael_S, I am fully with you. I have been thinking about how to do a totally offline app for a long time.. So many ideas, so little time :-)
The problem with using QR codes or even animated QR codes doesn't really work. To be 100% certain that you are not signing something wrong you need to transfer not only the unspent outputs to sign, but all the "supporting" transactions. By that I mean the entire transaction that every unspent output is part of.  This could easily be 100kb of data.

If you use Mycelium as it is, on a dedicated device with an open source OS with nothing else installed except a firewall that blocks anything but Mycelium, no SIM, only wifi. On top of that, only use cold-storage spending and keep the device in a safe along with your paper wallets... then I'd say you are pretty secure. Plus it is affordable, easy to set up, and easy to use.

Thanks.
I am always testing Mycelium on my old 2.2 devices. Someone (can't remember who) reported that it worked nicely on a brand new cheap low-res 40$ phone (can't remember the brand)... can't remember much these days it seems ;-)
Please have in mind that the device should have at least 24 MB memory to do BIP38 and encrypted PDF export/import, which is mandated by the scrypt parameters chosen.

Those cheap phones are ideal to use as a dedicated device, only running one app with the sole purpose of sending coins with cold storage spending. Personally I now use a Samsung GT-S5300, prior to that a Samsung GT-I5700 with cyanogen mod and no SIM.

Thanks.
Mycelium has been tested with BIP38 keys generated by bitaddress.org, and also verifies the BIP38 test vectors in our unit tests.

Mycelium does not export using BIP38. When doing encrypted PDF export we use another format which resembles BIP38 in several ways (which is described in detail on the last page of every exported document, please read). The way BIP38 works does not allow you to export more than one key without repeating the intensive key stretching for every key being exported. This is because the Bitcoin address is used as the salt for the key stretching. (The format we use uses has a separate salt field included in the QR-code).

Private keys are in app private storage. Another app can only get to them if the device is rooted.
While exporting the private key as a QR code shown on the display the app prevents other apps from taking a screenshot (Not supported for Gingerbread, also a few devices may not honor this).
In the end the private keys are stored in flash memory of your device. As far as I know flash storage drivers attempt to write key material in new places whenever a file is overwritten to prevent wearing out the cells. If you open up an android device and get to the flash chips you should be able to retrieve the private keys... maybe even if you have deleted them. Cold storage spending does not store your keys on flash, so this is suggested for larger amounts and enhanced security.

I fully agree. Mycelium is getting better every time, the developers really THINK and make CONCEPTS and REALIZE them. Awesome!

And a possibility to store keys in a 100% offline fashion (on a 100% offline smartphone) would be great - I proposed this here some time ago:
"https://bitcointalksearch.org/topic/use-old-out-of-service-smartphones-for-btc-offline-storagesigning-transactions-210261", which is exactly what you are suggesting here, I think.

I think and hope that the Mycelium app would be eligible for this in future versions. It has all the key management and backup features already built-in. What would be needed is to run Mycelium, optionally, in an "offline mode" (or make a new app that inherits Mycelium's today's key management functions) that has extra features like offline transaction signing. Communication (i.e. transfer of the (un)signed transaction strings) between the offline and online device should be done via QR codes (or animated QR codes for transfer of longer strings).
The offline device should also have built-in functionality of supervising offline status etc. and show enough nag screens etc. to "force" the user to operate his/her offline phone in a paranoidly secure way, and it should make sure that the device is (and was) offline all the time..., and e.g. should not start up at all if a SIM card is inserted or WiFi is enabled...

My vision is that, in some not so distant future, everyone (not only the tech-savvy) can use a really really secure solution for OFFLINE wallet handling with apps having an easy to understand and self-explanatory GUI that guides the user all the way and avoids that (s)he makes any mistakes. An Android phone is the optimum platform for obvious reasons: Cheaper then a PC or Netbook, smaller (does not take space), and many outdated phones are anyway idling around today although they would be perfectly suitable for use as offline wallets. So the hurdle for using this is much lower than for somebody who first has to buy an EeePC or Raspberry PI or Trezor device.

Too many taps? Scrolling need touch too, touch to shrink too...
Are you afraid to wear out your fingers? 
http://geekologie.com/2011/05/handsfree-nosebeak-touchscreen-stylus.php

While you are at it—…

Users can increase their security by using a separate phone with a minimized set of apps and minimized communications (no SIM card, Wi-Fi mostly off, etc.). Often they will use an old phone for this purpose that would otherwise gather dust.

If this is so, please try to make and keep Mycelium usable on such phones. The most obvious problem areas are:

• Weak hardware
• Older versions of Android
• Small screens

I am worrying particularly about those small screens. I have not actually tested Mycelium under such conditions and have no clue whether it already fulfills these wishes. If so, it may be a good idea to keep it that way during future development.

Of course, another interesting direction is to use a separate phone with very minimal communications, maybe only through QC codes, only for transaction signing. That might fulfill quite high security demands. I think this has been discussed a long time ago already. I'm only trying to refresh memories.

By the way, I think Mycelium has already gotten better and better. I really like it.

BIP38 works perfectly on my DROID BIONIC (Android 4.1.2) taking less than a minute.
Works as well on an older HTC INCREDIBLE (Android 2.3.4) taking about 3 minutes.
The BIP38 is compatible with BitAddress generated BIP38 keys. Does Mycelium generate BIP38 protected exports?

Thanks again for a great wallet.

Awesome awesome work Mycelium is basically perfect now!

I'd just like to ask if you can detail the measures Mycelium takes to protect from bad applications and forensic investigation reading the private keys stored on the phone?

Too many taps. Touch to shrink maybe. Now the scrollbar is there it's much clearer.

Hmm... "Touch to zoom" Interesting idea.

Or put a smaller QR code so that all the buttons below are always visible? And touch it to zoom. 

Version 1.1.x is out of beta. You should be able to get version 1.1.2 it in an hour or two

• translations to English, Deutsch, Español, Italiano, Português, Pyccкий язык, 简体字
• Bip38 support
• ability to change language in settings
• camera/scanner fixes
• number grouping for large numbers
• default unit mBtc
• bugfix when sharing PDF with Samsung Email App
• crash bug fixes for some of those rare devices
• minor UI tweaks and minor stuff

We are in particular fond of the Portuguese and Spanish translation as today the conference in Buenos Aires is launching tomorrow.
If you are going to the conference please spread the word. Unfortunately Andreas and I were not able to attend this time.

We are doing rolling updates for prodnet, right now it is at 20%, it should reach 100% later today.

Is there any reason I am not getting an update for mycelium wallet? My testnet version updated to 1.1.0 and again to 1.1.1 but not the main version. The play store shows the new version. Is something wrong? I tried restarting the phone too..

Several people have reported this. In the next update, if a scrollbar is necessary for your display, it will not fade away, but be shown continuously.

thanks for the reminder to fix landscape mode. this needs some love.