i do not know which trxid the transaction had that causes the problem, so i can not look if one of my trx is inside the pool.
yes i allready deleted .bin and synced from scratch. also used rescan_spent.
since i did this, the amount shown in simplewallet is right (it was wrong before too, think its due to the same transaction that causes problems now)
anyway yeah, i will come to irc if i have time (not today i guess)
much easier i agree.
Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 713. (Read 4671660 times)
January 04, 2016, 10:47:00 AM
January 04, 2016, 10:42:24 AM
A "strong" password helps a bit but most of the security comes from the coin ID itself.
If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.
If you don't use it at the very beginning or end, a compromised coin ID is still useful to salt/stretch something human-memorable, especially if you tweak it a bit.
http://rumkin.com/tools/password/passchk.php
Thanks a lot, everybody! We have updated the F.A.Q section at cryptonic.net.
January 04, 2016, 10:11:06 AM
@medusa13, have you tried this already? (Doing both steps!)
It may well be that your wallet's idea of what outputs are spent got out of sync with the blockchain. I believe there is a bug there. One thing you can try that's pretty fast (assuming you're running your own daemon):
- run simplewallet with --trusted-daemon
- in simplewallet, run: rescan_spent
You can also run this in the daemon:
print_pool_sh
If you see your tx, it means it's not being mined. In this case, the likely reason is that it's a double spend caused by the sync problem above.
- run simplewallet with --trusted-daemon
- in simplewallet, run: rescan_spent
You can also run this in the daemon:
print_pool_sh
If you see your tx, it means it's not being mined. In this case, the likely reason is that it's a double spend caused by the sync problem above.
January 04, 2016, 10:00:58 AM
hi guys, still haveing some troubles with 0.9.
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
dont know what it is..is a trx of mine stuck in mempool?
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
Code:
2016-Jan-03 23:26:54.722493 [RPC1]transaction with hash aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd not found in db
2016-Jan-03 23:26:54.722493 [RPC1]Transaction with id=used already spent key images
2016-Jan-03 23:26:54.722493 [RPC1]Transaction verification failed:
dont know what it is..is a trx of mine stuck in mempool?
Doesn't appear to be in a block yet:
http://moneroblocks.eu/search/aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd
the trxid is just an example..
the problem is it says that its allready used..but its not. i want to empty this wallet but i can not make any transactions.
sometimes i have success making small trx, but the big part is not moveable because of this.
any ideas?
I suggest contacting MoneroMooo or one of the other core-team members on IRC (#monero at freenode), they will probably be able to help you faster.
January 04, 2016, 09:54:55 AM
hi guys, still haveing some troubles with 0.9.
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
dont know what it is..is a trx of mine stuck in mempool?
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
Code:
2016-Jan-03 23:26:54.722493 [RPC1]transaction with hash aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd not found in db
2016-Jan-03 23:26:54.722493 [RPC1]Transaction with id=used already spent key images
2016-Jan-03 23:26:54.722493 [RPC1]Transaction verification failed:
dont know what it is..is a trx of mine stuck in mempool?
Doesn't appear to be in a block yet:
http://moneroblocks.eu/search/aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd
the trxid is just an example..
the problem is it says that its allready used..but its not. i want to empty this wallet but i can not make any transactions.
sometimes i have success making small trx, but the big part is not moveable because of this.
any ideas?
January 04, 2016, 02:06:07 AM
A "strong" password helps a bit but most of the security comes from the coin ID itself.
If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.
If you don't use it at the very beginning or end, a compromised coin ID is still useful to salt/stretch something human-memorable, especially if you tweak it a bit.
http://rumkin.com/tools/password/passchk.php
Apparently generating strong pass-phrases is within my skill set.
But (IIRC) brainwallet.org did something silly, which reduced the entropy of even the strongest phrases to a weak maximum?
Oh bother, I really should move those coins to the Trezor....if they are still there.
in the example scheme of having N repetitions of hashing functions, it also has the additional personal advantage that I can choose roughly how much time I'll need to get my secret key. (Assuming I don't put my hand on ASICS for all hashing functions involved). So for an important brain wallet I can make it roughly 24h on a typical computer, and be sure I wouldn't spend it drunk.
Out-of-band OP_HODL. Now that is sweet!
January 03, 2016, 10:13:07 PM
Everybody's different, but I don't trust myself to remember 100 bits or more of information. Recording a mnemonic effects a massive reduction in the information I need to retain.
January 03, 2016, 07:35:21 PM
However you can produce secure brain wallets with for instance a mechanism involving a large number of different hashing functions.
I doubt it. If enough people start doing that, password brute forcers will do it too, the same way they use combinations of words, phrases, common transformations, etc. All you are doing with these sorts of combinations are adding a relatively small number of entropy bits for the various ways that hash functions can be combined.
Key stretching does work but that relies on the hash function being slow, which is somewhat fragile long term.
Right, but this is just one example. The point is to have some semantic to apply to your password, that you never disclose. For me a mini computer program could do the trick but for somebody else it could be something else.
But this is not practical or advisable for the masses, I agree.
EDIT: in the example scheme of having N repetitions of hashing functions, it also has the additional personal advantage that I can choose roughly how much time I'll need to get my secret key. (Assuming I don't put my hand on ASICS for all hashing functions involved). So for an important brain wallet I can make it roughly 24h on a typical computer, and be sure I wouldn't spend it drunk.
January 03, 2016, 07:29:45 PM
However you can produce secure brain wallets with for instance a mechanism involving a large number of different hashing functions.
I doubt it. If enough people start doing that, password brute forcers will do it too, the same way they use combinations of words, phrases, common transformations, etc. All you are doing with these sorts of combinations is adding a relatively small number of entropy bits for the various ways that hash functions can be combined.
Key stretching does work but that relies on the hash function being slow, which is somewhat fragile long term.
January 03, 2016, 07:17:28 PM
A "strong" password helps a bit but most of the security comes from the coin ID itself.
If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.
If you're going to do that, you might as well just use a paper wallet (which I personally recommend). There is no way you will ever have a strong password that doesn't need to be written down. Brain wallets don't work.
False - it's possible, most people just don't do it.
And the ones who do occasionally forget their passwords, because they go so long without needing to recall it. It's possible but hardly practical.
January 03, 2016, 07:15:49 PM
A "strong" password helps a bit but most of the security comes from the coin ID itself.
If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.
If you're going to do that, you might as well just use a paper wallet (which I personally recommend). There is no way you will ever have a strong password that doesn't need to be written down. Brain wallets don't work.
Plain brain wallets don't, and I agree to discourage anyone to use them.
However you can produce secure brain wallets with for instance a mechanism involving a large number of different hashing functions.
Simple example, assuming my brain wallet is 12MD516SHAparmiggianoIsMySalt. (This is easy to remember if you read that word by word).
I would probably still remember, even after some years, that I have to find the secret key by applying 12 times MD5, 16 times SHA256, to that very password itself.
Code:
p="12RIPEMD16SHAparmiggianoIsMySalt" ; for i in `seq 1 12`; do for j in `seq 1 16`; do p=`echo $p | md5sum` ; done; p=`echo $p | sha256sum`; done ; echo "sk = $p" | cut -d ' ' -f 1-3
Not that I encourage anyone to use this, this is simply an example showing that brainwallets can include more entropy than the sole characters they contain. They can include additional entropy due to a particular semantic you attach to them. The idea is to use a semantic that is obvious to you once you read (ie, remember) the word, but hard enough that nobody can enumerate over it easily. Ideally you create your very own semantic for a handfull of critical brain wallets (or for those you create in 2015, or...), and don't disclose your logic to anyone.
January 03, 2016, 06:48:44 PM
A "strong" password helps a bit but most of the security comes from the coin ID itself.
If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.
If you're going to do that, you might as well just use a paper wallet (which I personally recommend). There is no way you will ever have a strong password that doesn't need to be written down. Brain wallets don't work.
January 03, 2016, 06:46:44 PM
A "strong" password helps a bit but most of the security comes from the coin ID itself.
If you want to be reasonably paranoid, you must assume that between production and shipping, the coin ID is compromised.
I'd personally make sure the entropy of my password is fine by itself.
January 03, 2016, 06:40:12 PM
Once I lost (luckily small amount of) Bitcoin from address generated by some paperwallet site using 'brain wallet' shit option - custom phrase entered. So, in seconds after change from transaction went to that address it was withdrawn bo some clever bastard owner of 1LdUHTEVxWJhrhKfy4H3VuYDnTHQVjsdBn.
Therefore my question: is it safe to use custom entropy?
Therefore my question: is it safe to use custom entropy?
Given the stated use case above it should be safe, assuming you trust the manufacturer of the coin and the coin itself has been kept secure from disclosure of the coin ID.
A "strong" password helps a bit but most of the security comes from the coin ID itself.
Although....I'd suggest using slow hash for key stretching as the simplewallet password does. That all but precludes any useful brute forcing of passwords. I thought that was in the standard for physical coin keys, but maybe not.
January 03, 2016, 06:13:11 PM
hi guys, still haveing some troubles with 0.9.
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
dont know what it is..is a trx of mine stuck in mempool?
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
Code:
2016-Jan-03 23:26:54.722493 [RPC1]transaction with hash aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd not found in db
2016-Jan-03 23:26:54.722493 [RPC1]Transaction with id=used already spent key images
2016-Jan-03 23:26:54.722493 [RPC1]Transaction verification failed:
dont know what it is..is a trx of mine stuck in mempool?
Doesn't appear to be in a block yet:
http://moneroblocks.eu/search/aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd
January 03, 2016, 05:31:17 PM
hi guys, still haveing some troubles with 0.9.
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
dont know what it is..is a trx of mine stuck in mempool?
after deleting .bin, the balance shown in simplewallet is now correct.
but if i try to send funds, i get :
Code:
2016-Jan-03 23:26:54.722493 [RPC1]transaction with hash aab282164e86b322823fe99e9595fecce2505d0e322ad4dacfcaa24331f36bbd not found in db
2016-Jan-03 23:26:54.722493 [RPC1]Transaction with id=used already spent key images
2016-Jan-03 23:26:54.722493 [RPC1]Transaction verification failed:
dont know what it is..is a trx of mine stuck in mempool?
January 03, 2016, 12:18:09 PM
Once I lost (luckily small amount of) Bintoin from address generated by some paperwallet site using 'brain wallet' shit option - custom phrase entered. So, in seconds after change from transaction went to that address it was withdrawn bo some clever bastard owner of 1LdUHTEVxWJhrhKfy4H3VuYDnTHQVjsdBn.
Therefore my question: is it safe to use custom entropy?
I'm afraid, human brain is not good at providing uncrackable one.
Upd.: Shit it was not small, - I could bought ONE monero for those satoshies. And they were stolen..
Therefore my question: is it safe to use custom entropy?
I'm afraid, human brain is not good at providing uncrackable one.
Upd.: Shit it was not small, - I could bought ONE monero for those satoshies. And they were stolen..
Generally not, just use the normal one. Custom entropies are risky and should only be used if you know what you are doing.
January 03, 2016, 12:17:57 PM
Therefore my question: is it safe to use custom entropy?
That's a bit like getting in a plane cockpit in flight, and wondering: is it safe to disable the autopilot ?
For some, it will be. For most... it will be down to this:
I'm afraid, human brain is not good at providing uncrackable one.
January 03, 2016, 11:54:22 AM
Once I lost (luckily small amount of) Bitcoin from address generated by some paperwallet site using 'brain wallet' shit option - custom phrase entered. So, in seconds after change from transaction went to that address it was withdrawn bo some clever bastard owner of 1LdUHTEVxWJhrhKfy4H3VuYDnTHQVjsdBn.
Therefore my question: is it safe to use custom entropy?
I'm afraid, human brain is not good at providing uncrackable one.
Upd.: Shit it was not small, - I could bought ONE monero for those satoshies. And they were stolen..
Therefore my question: is it safe to use custom entropy?
I'm afraid, human brain is not good at providing uncrackable one.
Upd.: Shit it was not small, - I could bought ONE monero for those satoshies. And they were stolen..
January 03, 2016, 11:16:30 AM
xpost from Cryptonic's thread: Now you can bind a Monero address to a physical XMR coin! Very cool.
Dear friends! Happy new year!
From now on Cryptonic physical Monero coins are little more than just collectibles.
Moneromooo has kindly added an optional user supplied entropy to his offline wallet generator. So now it's possible to use it with cryptonic coin IDs (and a password for more security) to create a cold storage associated with it.
https://github.com/moneromooo-monero/monero-wallet-generator/
https://moneroaddress.org/
There is a field Custom entropy. Just fill in your coin IDs and a password, for example:
...and click Generate wallet!
From now on Cryptonic physical Monero coins are little more than just collectibles.
Moneromooo has kindly added an optional user supplied entropy to his offline wallet generator. So now it's possible to use it with cryptonic coin IDs (and a password for more security) to create a cold storage associated with it.
https://github.com/moneromooo-monero/monero-wallet-generator/
https://moneroaddress.org/
There is a field Custom entropy. Just fill in your coin IDs and a password, for example:
Code:
1Fe58dA D7auQk6 your_password
...and click Generate wallet!
Jump to: