Topic: Mycelium Bitcoin Wallet - page 120. (Read 586360 times)

I implemented BIP38 support a few weeks back, including unit tests, but it is not in the wallet. I am not that fond of BIP38.

The scrypt parameters of BIP38 are not final. From the spec: "n=16384, r=8, p=8, length=64 (n, r, p are provisional and subject to consensus)"
As far as I remember (from the forum, the wiki or where ever) the parameters were chosen so that the key stretching can be done on a computer in one or two seconds. This is IMO not a good practice when choosing parameters. I would rather base it on password strength and real-life brute-force attempt measurements, which I happened to find in this presentation from the author of scrypt.

The important thing is that you have to take the strength of your password into consideration when choosing parameters. I would much rather see a standard where the parameters are not set in stone (part of the output), OR even better a standard where the password has a guaranteed amount of entropy: password generated by the computer rather than a human. <-- this is important, humans are notoriously bad at creating secure passwords.

Running BIP38 with the suggested parameters on my android phone takes 388 seconds, or 6 minutes and 28 seconds, which is impractical. Instead I would like an implementation to provide guaranteed password entropy, and then stretch it with parameters that are practical to run within reasonable time while still making it take astronomical time to brute force. This is what I did, and it is part of the upcoming release of the Mycelium wallet. Whenever you make a backup a PDF is generated which for each private key has a QR code that contains an encrypted private key, where the password is 15 characters and generated by /dev/urandom (70 bits).

Here is a sample generated for testnet: https://www.dropbox.com/s/lme32phibry6kx9/mycelium-backup-10-24-13-4.16-PM.pdf


From our FAQ (not published yet):

YES.
We will support that, BUT be warned, BIP38 generation takes a huge amount of memory and cpu time. one spend can take as long as 5 minutes.

in order to make that more smooth, Jan developed a slightly relaxed scheme of encrypted wallet that will become the default export format (2-factor, with fixed-length)

for moer details, see our beta group on google+

Props to Mycelium author for being having of not-so-many Bitcoin wallets that support sending funds to P2SH (e.g. multisignature) addresses. It's a shame that most Android/iOS wallets don't support this feature.

Now that BitAddress supports BIP38 encrypted wallets, would you consider adding support for this in the cold storage spend feature?

Fixed

There Mycelium currently does not get market rates from Bitstamp.
Bitstamp did some kind of upgrade yesterday. We are working on it.

Cool. That solves my problem. Thanks.

Currently there is a limit of 10 simultaneously active keys. You can have as many archived keys as you want, and moving a key back and forth between active and archive is easily done in Key Management.
If you wish to see the balance or spend from an archived key you just select it and go into the balance view. This way you will only operate on this one key.
We have plans to change this going forward.

I have ten active (read-only) keys. Mycelium will not let me add an eleventh key. (The "+"button is dead.) Is there any setting where I can increase this limit?

we just started it and we are using it a lot for development. you can expect that we will not turn it off deliberately until further notice.

the uptime will be significantly worse and maybe even cut off backwards compatibility, because we sometimes try out things that turn out to be a bad idea. so you need to keep your installation of testnet really up to date and don't be confused if it does not work sometimes..

Will the testnet version be dropped at some time (like it happened with Bitcoin spinner, IIRC), or will be mantained along the production one (like Bitcoin Wallet)? I think it would be good idea to keep it, not only for testing purpose, but It could be useful to show peoples how bitcoin works without messing up with the real thing.

the question is what exactly do you want to hide.

if you want to hide the info what exactly you are joining, this is already provided by using SSL with hardcoded fingerprints.

if you want to obfuscate your IP when talking to the Mycelium server so we can no longer "connect the dots", yes then you need tor. we already have socks proxy support so you can install Orbot and run Mycelium over it. so this is mostly covered.

additionally the connection is SSL anyways, so not even an exit node can look into the data.
if you want to hide the fact that you are using Bitcoin/Mycelium - an exit node would have evidence that you are using Mycelium wallet. to make that more private, we would need to run a tor hidden service too, to provide the best possible privacy.

Exactly! If you are not the only one who controls your private keys then you don't have any bitcoins.

Now let me explain what caused the missing confirmations.

The short version:
One of our super nodes got stuck on block 265458 due to a bug in our software. It has been fixed and everything is working as expected.

The long version:
We have node that continuously runs against the Bitcoin TEST network, and some days ago we observed that it got stuck on a block (http://blockexplorer.com/testnet/b/119058) which encodes script chunks in a non-standard way that we did not anticipate. This is the first block on the test network that has this behavior, and at that time it had never occurred on the production network (>4 years long block chain). A fix was made and verified to work against the test network.

The fix was also applied to one of our nodes on the production network (wanted to verify that it worked as expected before applying it everywhere). Yesterday a block with a similar non-standard script chunk encoding appeared on the production network. Because of that the unpatched node got stuck while the patched node continued to hum away happily.
Because the Mycelium wallet chooses a random node whenever it is restarted some users observed that no blocks got confirmed while others saw everything work as expected.

There is a brief discussion about my observations here: https://bitcointalksearch.org/topic/testnet-script-which-does-not-follow-basic-chunking-rules-315509

Seems to be working fine now. Possibly a server glitch? No worries though; it's not like we don't have the private keys ourselves.

I don't think its lack of resources that is tripping you up. One of the core devs has talked about using a used sony phone for mycelium. You can see it in action in the play store video.

How much does Mycelium require in the way of phone resources?

I've just bought an older-model Huawei Glory smartphone (Android 4.0.4); I haven't loaded a lot on there, but apparently it typically hovers at about 150 MB of RAM free. Mycelium runs, I've sent a few bitcents to the address on the phone. The transaction has over 150 confirmations, but the app refuses to update the info, showing the app as "receiving" the coins and at 0 confirmations no matter how often I refresh.

I've run apps that I thought were more resource-hungry than Mycelium, and they work (if slowly). Will Mycelium just not work on such lightweight phones?

Aren't you guys already running Mycelium servers?

Btw, I didn't look into CoinJoin too closely (hadn't had time to run it myself yet), but doesn't it need Tor to be really anonymous?

i think it is an excellent idea. and the idea works even better if it is the default mode of operation. the question where to get the resources for implementing this.

I have a development suggestion. How about adding a CoinJoin mixing option to Mycelium wallet? That would be an excellent feature. Similar to what Blockchain.info is doing with their sharedcoin trustless mixing right now. What do you guys think about this idea? These sort of features are a must if we want to continue to protect the privacy of Bitcoin users.

Anyone know how long it would take an SPV client to do a query on 1000 Bitcoin addresses? I don't expect it to take more than a minute, but I may be way off. Also, I guess it would require Mycelium to at least partially do SPV mode.