Pages:
Author

Topic: Mycelium Bitcoin Wallet - page 50. (Read 586368 times)

sr. member
Activity: 288
Merit: 251
August 25, 2015, 04:18:45 AM
Two feature suggestions:

1. Some audible indication if you receive bitcoins. Andreas Schilbach's wallet has a very neat 'tinkling coins' sound. Just something subtle. Would be a great addition in the user experience, I think (sounds crazy, but often I've heard "damn I love that sound of incoming coins!")

2. If you install Mycelium on a phone with European regional settings, use EUR as the default currency, instead of USD (as source, Kraken or BitcoinAverage are fine). There's always a lot of confusion getting newbies to switch from USD to EUR, especially since not only do you have to find and check EUR, but also uncheck USD.

Thanks for your consideration.
hero member
Activity: 692
Merit: 500
August 21, 2015, 03:22:45 PM
Quote
Just uploaded a new version of the current 2.5.0 Beta, which now includes Ledger support - you can import accounts from Ledger Nano, HW.1 and (the not yet release) Ledger Unplugged (NFC card).

To test the new option, go to the Account-Tab, click the [add] Button and go to the [Advanced] section. Here youll find a new [Ledger] Button. Plug in your Ledger via an OTG-Cable and import an account.
legendary
Activity: 2940
Merit: 1333
August 21, 2015, 01:54:31 PM
For what it's worth, the latest Mycelium android beta 2.5.0 supports both Trezor and Ledger hardware wallets
I don't even have a trezor, I clicked on it to see what it was and after 2 seconds it told me that it found a trezor and was connecting to it when I didn't do anything. I don't even have a trezor.

Oh, same here.

I have no Trezor but Mycelium says it's "OK", and has been scanning it for 20 minutes so far:

hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
August 21, 2015, 12:46:44 PM
For what it's worth, the latest Mycelium android beta 2.5.0 supports both Trezor and Ledger hardware wallets
I don't even have a trezor, I clicked on it to see what it was and after 2 seconds it told me that it found a trezor and was connecting to it when I didn't do anything. I don't even have a trezor.
hero member
Activity: 980
Merit: 500
August 20, 2015, 05:55:31 AM
Is this better than the bither? Apology for a dumb question but i want to know whats best suites me
legendary
Activity: 2940
Merit: 1333
August 19, 2015, 05:20:36 PM
I don't see the point of encrypting a wallet.

It wouldn't be compulsory. If you don't want to encrypt your wallet then don't.

How strong is your encryption key (pass phrase) going to be?

It's going to have over 100 bits of entropy, making it impossible to brute-force. Hopefully the encryption will use something CPU-intensive like scrypt, making brute force attempts less likely to be successful for shorter passphrases too.

If your pass phrase is long enough to be secure, do you really want to type it in every time you need it?

Yes, that's exactly what I want. I want to be able to unlock my private keys for a specified amount of time by typing the passphrase. The same as Bitcoin Core does. I spend from Mycelium maybe once a month. I can handle typing my passphrase that often. I type it into Bitcoin Core more often than that, and it's not a problem at all.

You will have it written down on a piece of paper, because a long, random and rarely used secret is easy to forget.

I don't write my passwords on paper. That seems like a bad idea. I find that typing all my passwords at least once per month is enough to keep them in my memory.

Cold storage is simpler and more secure than encryption.

I've not tried using cold storage with Mycelium. I prefer to keep my cold storage keys completely offline. How does it handle coin selection and change addresses? That seems like it would be a pain, if it's even handled at all.
hero member
Activity: 519
Merit: 500
August 19, 2015, 07:26:35 AM
I don't see the point of encrypting a wallet.

How strong is your encryption key (pass phrase) going to be?

If it's short enough to be easy to enter every time you want to spend bitcoins (like a PIN), an attacker who's got your encrypted wallet data can brute force it in seconds on a home PC.  The strength of PIN-based protection is in the app, which restricts the frequency and number of PIN entry attempts in order to thwart brute force attacks.  As an encryption key, it is useless.

If your pass phrase is long enough to be secure, do you really want to type it in every time you need it?  You will have it written down on a piece of paper, because a long, random and rarely used secret is easy to forget.  Then someone will request a feature to scan the pass phrase from a QR code.  And then you will realise that something like that already exists in many wallets including Mycelium, and is called cold storage.

Cold storage is simpler and more secure than encryption.


To add to your point, mobile wallets aren't meant to be safe. The price for security is inconvenience and it's not what you want from a wallet like Mycelium.

There are several degrees of safety/convenience. Mycelium can be somewhat safe and very convenient at the same time.
legendary
Activity: 1680
Merit: 1035
August 19, 2015, 06:37:06 AM
And cheapest version of Ledger, the HW.1, is only something like $15.
hero member
Activity: 692
Merit: 500
August 19, 2015, 05:39:38 AM
For what it's worth, the latest Mycelium android beta 2.5.0 supports both Trezor and Ledger hardware wallets
legendary
Activity: 1078
Merit: 1024
August 18, 2015, 05:11:23 PM
I don't see the point of encrypting a wallet.

How strong is your encryption key (pass phrase) going to be?

If it's short enough to be easy to enter every time you want to spend bitcoins (like a PIN), an attacker who's got your encrypted wallet data can brute force it in seconds on a home PC.  The strength of PIN-based protection is in the app, which restricts the frequency and number of PIN entry attempts in order to thwart brute force attacks.  As an encryption key, it is useless.

If your pass phrase is long enough to be secure, do you really want to type it in every time you need it?  You will have it written down on a piece of paper, because a long, random and rarely used secret is easy to forget.  Then someone will request a feature to scan the pass phrase from a QR code.  And then you will realise that something like that already exists in many wallets including Mycelium, and is called cold storage.

Cold storage is simpler and more secure than encryption.


To add to your point, mobile wallets aren't meant to be safe. The price for security is inconvenience and it's not what you want from a wallet like Mycelium.
newbie
Activity: 22
Merit: 0
August 18, 2015, 04:57:32 PM
I don't see the point of encrypting a wallet.

How strong is your encryption key (pass phrase) going to be?

If it's short enough to be easy to enter every time you want to spend bitcoins (like a PIN), an attacker who's got your encrypted wallet data can brute force it in seconds on a home PC.  The strength of PIN-based protection is in the app, which restricts the frequency and number of PIN entry attempts in order to thwart brute force attacks.  As an encryption key, it is useless.

If your pass phrase is long enough to be secure, do you really want to type it in every time you need it?  You will have it written down on a piece of paper, because a long, random and rarely used secret is easy to forget.  Then someone will request a feature to scan the pass phrase from a QR code.  And then you will realise that something like that already exists in many wallets including Mycelium, and is called cold storage.

Cold storage is simpler and more secure than encryption.
full member
Activity: 206
Merit: 100
August 18, 2015, 02:36:46 PM
The only thing I've been able to think of is moving most of the coins out of Mycelium until this is patched.
That's a wise move in all situations. Even after a patch, you still have the possibility of your device being lost or stolen, and then it's just a matter of a brute force search against your PIN.

I treat my mobile wallet like my physical wallet: I keep about $100-$300 in it at a time, and replenish it when I need more. In the physical fiat case, I replenish it by visiting the ATM. In the Bitcoin case, I have paper wallets in my safe at home.
legendary
Activity: 2940
Merit: 1333
August 18, 2015, 12:13:17 PM
I think that Cyanogenmod patched this.

As I said, I heard that Google patched it too, but I don't know how to find their patch.

Encrypting secret is useless, as attacker can replace Mycelium with fake and just wait for user to enter PIN.

Not entirely useless. I would enter my PIN maybe once a month, and not at all after hearing about an exploit like this until it was patched.

As it stands I am vulnerable - I literally don't know where the master seed is stored or how to protect it from the malware threat. But I'm pretty sure it's sitting on my device in plain text just waiting to be stolen. The only thing I've been able to think of is moving most of the coins out of Mycelium until this is patched.
pm7
newbie
Activity: 34
Merit: 0
August 18, 2015, 10:32:34 AM
I think that Cyanogenmod patched this.
Encrypting secret is useless, as attacker can replace Mycelium with fake and just wait for user to enter PIN.
legendary
Activity: 2940
Merit: 1333
August 18, 2015, 01:26:51 AM
Are there any plans to offer secure encryption of private keys, such that a passphrase has to be entered before private keys can be decrypted? Something similar to what Bitcoin Core offers, where I can unlock my wallet for a specified time period. As I understand it the current 6 digit PIN code isn't an encryption key, and even if it was it is easily brute-force-able.

I read today about an exploit on Android which allows any unprivileged app to replace any other app and read its private storage:

  https://www.hackread.com/android-zero-day-vulnerability/
  https://www.usenix.org/conference/woot15/workshop-program/presentation/peles

This is another reason why it's important that Mycelium should allow the user to encrypt their secrets if it doesn't already.

I've been unable to find any information about whether a patch is available for end users to fix this problem. The news reports seem to indicate that Google will include it in their monthly updates, but I don't know if that has already happened or not.
sr. member
Activity: 336
Merit: 251
August 14, 2015, 03:39:46 AM
Not sure about other users but my MyCelium is acting up again.

The balances on my two HD accounts are showing up correct but the transaction list is missing a number of transactions.

This has been like this for the past three days now.

have you truied to reload all your hd accounts?
For me this works


No but guess I'll have to do that.

Its just funny that it picks up several transactions, from the first to the last but in the middle area there is 3 or 4 transactions that do not show up in the transaction history.

The balance on the account is correct, its just those couple of transactions that do not show up which is funny. If it was perhaps the oldest or the latest transactions I can maybe understand but transactions in the middle of the history?.....
sr. member
Activity: 294
Merit: 250
★YoBit.Net★ 200+ Coins Exchange & Dice
August 14, 2015, 03:28:04 AM
Not sure about other users but my MyCelium is acting up again.

The balances on my two HD accounts are showing up correct but the transaction list is missing a number of transactions.

This has been like this for the past three days now.

have you truied to reload all your hd accounts?
For me this works
sr. member
Activity: 336
Merit: 251
August 13, 2015, 04:30:06 AM
Not sure about other users but my MyCelium is acting up again.

The balances on my two HD accounts are showing up correct but the transaction list is missing a number of transactions.

This has been like this for the past three days now.
pm7
newbie
Activity: 34
Merit: 0
August 09, 2015, 04:29:23 AM
* Support for Cold Storage spending from masterseed keys
Very good. Would be better if one could type master seed in the cold storage spending instead of copying it from somewhere else Smiley
Ah yes, I use master seed QR codes, but we should (and will likely soon) add the ability to just type the seed.
I would like to remind about that. Also, could you add the possibility of sending to/from password protected version of stored (main) master seed?
I don't see why I should type/scan master seed when I want password version if it is stored by Mycelium anyway.
There is no (or I don't know one) easy way to send to password version of master seed. I have to initialize Mycelium, or use some special tool to generate address.
newbie
Activity: 14
Merit: 0
August 08, 2015, 03:53:42 PM
Here's a video showing the upcoming Ledger Unplugged Mycelium integration.

https://youtu.be/ndr4POhQntk

 Should make a good wallet even better.
Pages:
Jump to: