Author

Topic: [SKY] Skycoin Launch Announcement - page 108. (Read 381579 times)

newbie
Activity: 21
Merit: 0
February 25, 2015, 06:25:57 AM
Sorry
Where i can download software for generate my adress skycoin?
i have Windows 8

windows executable: http://128.199.188.22:1337/

======
double click the "skycoin.exe" file and then visit http://127.0.0.1:6420

https://bitcointalksearch.org/topic/m.10325453
legendary
Activity: 1540
Merit: 1000
February 25, 2015, 06:22:14 AM
Sorry
Where i can download software for generate my adress skycoin?
i have Windows 8
newbie
Activity: 49
Merit: 0
February 25, 2015, 06:05:09 AM
The initial IPO price would put this coin to #10 on coinmarketcap.com

Looks a bit overpriced for magic out of thin air.

Nevertheless the technology sounds great.

Agree.

Too expensive. Not worth investing.

Too much risk for investors.


46000 BTC marketcap? Come on...

Asking for roughly the same amount Ethereum raised is not going to work. I was going to invest, but it's too expensive.
sr. member
Activity: 422
Merit: 250
February 25, 2015, 05:58:58 AM
The initial IPO price would put this coin to #10 on coinmarketcap.com

Looks a bit overpriced for magic out of thin air.

Nevertheless the technology sounds great.

Agree.

Too expensive. Not worth investing.

Too much risk for investors.


46000 BTC marketcap? Come on...

newbie
Activity: 21
Merit: 0
February 25, 2015, 05:50:29 AM
Hi all Skycoiners
where and when i can invest to skycoin plz?
Thanks

https://bitcointalksearch.org/topic/m.10555070
legendary
Activity: 1540
Merit: 1000
February 25, 2015, 05:46:46 AM
Hi all Skycoiners
where and when i can invest to skycoin plz?
Thanks
member
Activity: 86
Merit: 10
February 25, 2015, 05:24:10 AM

I could write a 200 page book about every way that Bitcoin has been lost or stolen. We have to make hundreds of small, incremental changes over time.


Skycoin doesn't do this at all, because it would mean unexpected behavior and people would lose coins. We made sure that the default behavior is exactly what users expect and that the defaults dont result in people losing coins.


that is so much important .. for the success of cryptocurrency
hero member
Activity: 498
Merit: 500
February 25, 2015, 02:50:47 AM
Is it alright or not? Can I use it for the IPO?

yes

Quote
Where do I get my personal key from?

C:\Users\"YOUR USER"\.skycoin\wallets

inside wallets folder you'll find all the wallets you have created through the browser (.wlt files)

you can open these files with notepad; they include the seed, address & pub/priv keys
only one address per seed generated in browser at this stage

note:  these .wlt files are not encrypted; make encrypted backups




Really? All this talking about security stuff: "Nothing is save, etc."
And now we create wallets with secret keys in plain text, unencrypted without a password?Huh??
Even if I delete them now or store them in TrueCrypt or USB-Stick, it could be already stolen.



Super tinfoil mode:

Generate a wallet using electrum seed words on a computer that's not connected to the internet, surrounded by signal absorbing material on an open-source operating system with open-source hardware. Write the words down, don't print them on a printer. Then, destroy the computer without removing it from the room w/ signal absorbing material, after writing down the receiving address first.

Then, do what you'd like with those words. Things can get pretty creative from there.

Also, not so good idea to use truecrypt anymore: WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

Not sure if skycoin is using any kind of mnemonic wallet generation. I'd be surprised if they aren't.


Very funny. I am not talking about securing it from Pentagon. I am talking about secret keys in plain text files without password protection!!!


You are quite right. The DEV is concerned about security vulnerabilities at hardware shack attack level and try address that (in technical terms correctly) by suggesting security devices that uses ARM TrustZone to make secure the solution at the lowest possible layer at hardware registers and firmware boot ... and then the keys are in a plain text file.

I have been the biggest fan of the DEV and this project for a long time, but right now, following that long discussion with iamback - which from 80% I couldn't understand a thing -  I am a bit confused what's happening.


Yes. We are also concerned about "Default Security". For average user.

Here is an example. Many people want "vanity addresses". Third party services generate the addresses, then you import the private key. They store the private key, wait until you have a bunch of coins and then steal some of them! Users think it was trojan or they dont even know how the coins were stolen. To protect against that, we have to make sure vanity address gen is client side and integrated into the skycoin wallet. We have to make sure that the default way is the easiest way and that it is secure, for every single action that can result in coins being stolen or lost.

Normally, when a vanity address theft happens, they only steal a fraction of the coins. The user wonder why they stole only a few and not every coin. If they had a trojan, why would someone steal a few coins when they could steal them all? The user is confused. It is because if they did transactions, then some of the coins are in the vanity address and some of the coins are in change addresses. The thief is the 3-rd party who generated the vanity address and they only have the private key for that address (which only has fraction of the keys in the wallet).

A theft of a few coins, but not whole wallet can also occur when private keys are generated with a weak random number generator. Bitcoin was using OpenSSL and we are finding many many bugs in OpenSSL and many system random number generators are being discovered to be weak. So we are not using OpenSSL and we made sure Skycoin salts the key generation wont be compromised even if the random number generator is faulty. We are improving that even further in future with using SHA3 to accumulate entropy every random number call.

I could write a 200 page book about every way that Bitcoin has been lost or stolen. We have to make hundreds of small, incremental changes over time.

We have multiple wallets in Skycoin, because we have seen people delete wallets with bitcoin in them, because we had to swap out wallets. Its easy to overwrite a wallet with coins in it and panic. So we tried to make it easy to have multiple wallets loaded in Skycoin and make it easy to backup the wallets (a simple seed or pass phrase).

We have deterministic wallets and only deterministic wallets as the default, because we have seen people lose coins unexpectedly by loading a wallet from backup after making transactions, because backups do not contain the newly generated change addresses! Bitcoind generates new change addresses after every transaction, which bitcoin are sent to. So if you restore a wallet from backup, you may be missing coins. This also means in Bitcoin, if you have two thumb drives with the same wallet on them and do transactions on each, they will end up with difference coin balances! Each wallet will have different change addresses after being used for a while!  

Skycoin doesn't do this at all, because it would mean unexpected behavior and people would lose coins. We made sure that the default behavior is exactly what users expect and that the defaults dont result in people losing coins.

There are so many ways to lose coins in Bitcoin, that addressing every situation is overwhelming. We need to hire contractors to work on each little detail (vanity gen in wallet, locking/unlocking wallets, default on screen keyboard), because we will go mad otherwise. I think we have covered 90% of the causes of coin theft than the user could not control.

We will add a password feature on wallet, but it is a false sense of security. It will stop someone from passively grabbing the wallet, but if they have a key logger, they will get the password. It does make it more difficult (grab file + keylogger). If you use an on-screen keyboard, then it makes it painful. It would put wallet theft beyond skill level of most script kiddies.

The average user will lose more coins from unexpected behavior, than security. We have almost eliminated unexpected behavior. Exchanges are where we need enough software and hardware security to protect against government level infosec/hacker firms.

>Wallet Seed Security

We recommend creating a new wallet from scratch and using a strong password. Anything less than 12 characters will get brute forced. Some GPUs can brute force 2,600,000,000 passwords per second and anything less than 12 characters will get broken eventually (but is safe for small balances). Hackers combine very fast hash rates (trillions of passwords per second) with rainbow tables. So generally, most passwords comely used can be brute forced.

Lowercase 10 letters/numbers: 51.7 BoE (bits of entropy)
5 common words (2000 word dictionary): 54.8 BoE
Mixed case 10 letters/numbers: 59.5 BoE
6 common words (2000 word dictionary): 65.8 BoE
Lower case 13 letters/numbers: 67.2 BoE
Mixed case 13 letters/numbers: 77.4 BoE
12 common words +120 BoE

Brute forcing all wallets with 64 bits of entropy is doable in four years. Electrum pass phrases are 128 bits of entropy and this is minimum. Skycoin should adapt the electrum pass phrase model with 8 to 12 random words from dictionary. This is easier to write down than the hex. It is harder to screw up.

If you need security, we recommend using a SHA256 hash as the seed. Or take a decent password, then add your phone number after it or birthdate. Something you will remember and that an attacker wont know usually.

>How to get wallet seed

This is a very good question!

Look at the interface, see "import from seed button". This lets you type in a need seed/passphrase and generate a wallet



New Wallet: creates a new wallet, with a random pass phrase (also called a seed)

Import Wallet From Seed: Lets you generate a wallet from a pass phrase you choose (Which becomes the seed that generates the wallet)

In the web-wallet, add /wallets to the URL and you can see your wallets and copy down the seed.

Remote Wallet Example:

This is a remote wallet. Its public, so dont inport your wallet seed here. This is for publicly checking balances and demonstration.

http://skycoin-chompyz.c9.io/

These are the "outputs". This is where coins are stored. You can check balance here.

http://skycoin-chompyz.c9.io/outputs

If you open your wallet through the web interface and do "/wallet", you get the list of wallets. As long as you have written down "seed", then you cannot lose your coins.

http://skycoin-chompyz.c9.io/wallets

Try creating a wallet with a seed (import wallet from seed), then close the client, delete the wallet, then go and reimport the wallet from the seed. Make sure you get the same address and private key the second time.

IPO Status

We have not started sending out confirmation receipts yet. We finished the remote server, so people can check balances.

http://skycoin-chompyz.c9.io/outputs

We also triple tested deterministic bitcoin privatekey and address generation from Skycoin. We are sure this is working now. So we can generate a unique address for each receipt in the IPO.

We will have a bitcoin wrapper over sx, when the darkwallet team makes that stable and then can store bitcoin in Skycoin wallets. Also allows libraries for making it easier to deal with a good library without having to go through bitcoind. This will make developers happy.

> OSX issue:

There is a problem with the wget flags in the gvm script. It appears to affect mingw and some versions of OSX. You may need to look up the gvm instructions for installing go, do that (and maybe fix script and do pull request). We tested it on OSX and it worked for us.

>Even if I delete them now or store them in TrueCrypt or USB-Stick, it could be already stolen.

I think we might change the Skycoin wallet storage directory, to be subfolder of the exe. So it is easier to find. Then you can just put skycoin exe and wallets on a USB stick. In Bitcoin, many users cannot find their wallets at all and it can be difficult.
hero member
Activity: 784
Merit: 1000
February 24, 2015, 07:50:25 PM

but right now, following that long discussion with iamback - which from 80% I couldn't understand a thing -  I am a bit confused what's happening.

Apologies. It appears you can ignore my discussion and continue as if it hadn't taken place. The devs apparently have their priorities and if you think what they talked about is important and want to invest in their vision, then I guess proceed as if the discussion with me had not taken place.

If my posts are confusing, I think it is indicative of how easy it is to raise money in an IPO from naive investors. But that does not mean that the devs here are not serious. You have to make that judgement, because I have no extra information to offer you other than what is in this thread.

Add: to some extent, I am obfuscating (purposefully not making great effort to summarize and organize) my discussion, because I am not ready to launch such a project. Why should I give away all my ideas too early. At the appropriate time, the points can be made more clear for laymen.

No please, no apologies required at all. You have been trying to initiate a constructive dialogue here to make the project better, I have got that. What I was trying to say is more on the line with your suggestions that the objectives need to be prioritized and focus on practical issues instead of very ambitious plans (such as revolutionize the Internet). English is my third or fourth language, but having several decades hardcore software coding under my belt I can understand sort of software design discussed in English and its related business requirements, use cases, etc., but from your discussion I could understand little, and not because your posts were confusing, but because you guys on very different level than we software foot soldiers are. You guys seems are extremely smart people and talking about very advance stuff, but it makes me wonder how realistic to implement such advance concepts - and I understood you have been concerned about that as well.

Seeing the last few pages here I think you need to prioritize. I got that part about secure hardware because I am programming ARM mcu with TrustZone, so I understand the risk of hardware level security vulnerabilities and the importance of the secure hardware, but isn't it that a completely irrelevant concern at the current state of crypto? After 5 years Bitcoin has only 1 million users, 90% of average computer users have absolutely no idea what digital currency is, and the rest would never touch it because the criminals, P&D scammers, ICO con artist around the ecosystem, and then you guys (more precisely skycoin) have been wondering about hardware level security vulnerabilities and about issues with the Internet protocols? Seems a bit unrealistic approach to me terms of defining the business requirements. Digital currency in general is having issue not because the Internet isn't secure enough nor because the latest openSSL problems nor the hardware level vulnerabilities, but because scammers, dishonest exchanges and all kind of con artist parasites around it makes digital currency untouchable for businesses and users. So you are quite right - if I got that correctly - that the first step would be to implement reliable decentralized exchanges.

Why don't you use guys your very impressive intellect identify more realistic targets and implement something that useful and works?

I was waiting this IPO eagerly, but as I said right now I am a bit confused where the project is heading.
member
Activity: 86
Merit: 10
February 24, 2015, 06:52:54 PM

when you're at this point, don't do ./gui.sh build

either generate addresses or run wallet

follow the exact steps from previous post, don't skip any commands

i have informed the dev to comment just in case i'm missing something

thank you

still cant get it working

however .. i now use the windows executable and that works fine
member
Activity: 98
Merit: 10
February 24, 2015, 06:10:05 PM
I think this is too much of me spamming Skycoin's thread. They have been enormously patient with my too numerous posts in their thread. Unless the developers engage me in further discussion, I kindly ask that any further discussion directed at me be move to another thread. Simply provide a link here or in PM please. Feel free to create a discussion thread.

I would like to continue to discuss your ideas. We can start another thread to pursue it.

I created a discussion thread (so this will be my last post in this thread, apologies to the devs for spamming their thread):

https://bitcointalksearch.org/topic/multiple-competing-currencies-platform-design-966977

...
Afaics, they have not provided to me a BitMessage key to communicate privately.
...

It's in the OP.

Thanks. 12+ hours hence, they did not reply in BitMessage.

[redacted to avoid spamming this thread]
newbie
Activity: 21
Merit: 0
February 24, 2015, 06:08:23 PM
... and then the keys are in a plain text file.

this was known all along as you can see here

there is no way to backup our wallets through the browser yet either. does that mean one should not make backups?

make backups, especially of the wallet holding the address you send for the IPO; encrypt everything

maybe wipe the wallet (afterwards) until you need to move coins around and/or until these features are implemented
hero member
Activity: 784
Merit: 1000
February 24, 2015, 05:27:28 PM
Is it alright or not? Can I use it for the IPO?

yes

Quote
Where do I get my personal key from?

C:\Users\"YOUR USER"\.skycoin\wallets

inside wallets folder you'll find all the wallets you have created through the browser (.wlt files)

you can open these files with notepad; they include the seed, address & pub/priv keys
only one address per seed generated in browser at this stage

note:  these .wlt files are not encrypted; make encrypted backups




Really? All this talking about security stuff: "Nothing is save, etc."
And now we create wallets with secret keys in plain text, unencrypted without a password?Huh??
Even if I delete them now or store them in TrueCrypt or USB-Stick, it could be already stolen.



Super tinfoil mode:

Generate a wallet using electrum seed words on a computer that's not connected to the internet, surrounded by signal absorbing material on an open-source operating system with open-source hardware. Write the words down, don't print them on a printer. Then, destroy the computer without removing it from the room w/ signal absorbing material, after writing down the receiving address first.

Then, do what you'd like with those words. Things can get pretty creative from there.

Also, not so good idea to use truecrypt anymore: WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

Not sure if skycoin is using any kind of mnemonic wallet generation. I'd be surprised if they aren't.


Very funny. I am not talking about securing it from Pentagon. I am talking about secret keys in plain text files without password protection!!!


You are quite right. The DEV is concerned about security vulnerabilities at hardware shack attack level and try address that (in technical terms correctly) by suggesting security devices that uses ARM TrustZone to make secure the solution at the lowest possible layer at hardware registers and firmware boot ... and then the keys are in a plain text file.

I have been the biggest fan of the DEV and this project for a long time, but right now, following that long discussion with iamback - which from 80% I couldn't understand a thing -  I am a bit confused what's happening.
sr. member
Activity: 258
Merit: 250
February 24, 2015, 05:20:13 PM
Wow, it started. I've been watching for since this thread was created and I'll keep watching Skycoin developments.
newbie
Activity: 21
Merit: 0
February 24, 2015, 05:19:18 PM
I see "Acknowledgement of the message received", one of messages is 23 Feb 06:59 PM

even better  Smiley, mine hasn't been acknowledged

no receipts and/or test coins have been sent
hero member
Activity: 621
Merit: 507
Radix-The Decentralized Finance Protocol
February 24, 2015, 05:09:26 PM
I didn't receive any receipt from it, though I was following the instructions very carefully

as long as you see "Message sent. Waiting for acknowledgement." in Bitmessage, you're fine

no receipts and/or test coins have been sent

I see "Acknowledgement of the message received", one of messages is 23 Feb 06:59 PM

the structure is the following:

{    contact: "bitcointalk: 13Darko, email: [email protected]",        bitcoin_addr: "xxx",    skycoin_addr: "xxx",    coins_requested: "xxx" }

Skycoin address is taken from the wallet, not a deterministic key for generating a new one.
newbie
Activity: 21
Merit: 0
February 24, 2015, 04:56:20 PM
I didn't receive any receipt from it, though I was following the instructions very carefully

as long as you see "Acknowledgement of the message received..." in Bitmessage, you're fine

no receipts and/or test coins have been sent


if you see "Message sent. Waiting for acknowledgement." in Bitmessage for more than 24 hours, send again
hero member
Activity: 621
Merit: 507
Radix-The Decentralized Finance Protocol
February 24, 2015, 04:42:36 PM
So is the IPO bot operational? I didn't receive any receipt from it, though I was following the instructions very carefully
newbie
Activity: 21
Merit: 0
February 24, 2015, 04:41:19 PM
And now we create wallets with secret keys in plain text, unencrypted without a password?Huh??

there is no way to encrypt the wallet through the browser yet
hero member
Activity: 767
Merit: 500
Never back down !!!
February 24, 2015, 04:40:07 PM
Is it alright or not? Can I use it for the IPO?

yes

Quote
Where do I get my personal key from?

C:\Users\"YOUR USER"\.skycoin\wallets

inside wallets folder you'll find all the wallets you have created through the browser (.wlt files)

you can open these files with notepad; they include the seed, address & pub/priv keys
only one address per seed generated in browser at this stage

note:  these .wlt files are not encrypted; make encrypted backups




Really? All this talking about security stuff: "Nothing is save, etc."
And now we create wallets with secret keys in plain text, unencrypted without a password?Huh??
Even if I delete them now or store them in TrueCrypt or USB-Stick, it could be already stolen.



Super tinfoil mode:

Generate a wallet using electrum seed words on a computer that's not connected to the internet, surrounded by signal absorbing material on an open-source operating system with open-source hardware. Write the words down, don't print them on a printer. Then, destroy the computer without removing it from the room w/ signal absorbing material, after writing down the receiving address first.

Then, do what you'd like with those words. Things can get pretty creative from there.

Also, not so good idea to use truecrypt anymore: WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

Not sure if skycoin is using any kind of mnemonic wallet generation. I'd be surprised if they aren't.


Very funny. I am not talking about securing it from Pentagon. I am talking about secret keys in plain text files without password protection!!!
Jump to: