Feed for category: wallets
BTCPay Server Payment Request: Invoice Clients and Get Paid in BTC by Sharing a Simple Link

The team at BTC Pay Server published an article introducing their Payment Requests feature.

It allows you to get paid in cryptocurrency just by sharing a simple URL using a new type of time-sensitive inoice page built into BTCPay.

BTCPay Server is an open-source cross platform, self-hosted bitcoin server compatible with Bitpay API.

Ledger's Nano S 1.5.5 Firmware Update Causes Troubles

The Ledger Nano S’ firmware has been recently updated to 1.5.5, while this update brings several features like the support of Groestl and Blake2b as new hashes, Schnorr with Zilliqa as a new signature scheme, Bip32-ed25519 as a new derivation scheme and several other major security updates.

It also caused troubles for its owners wanting to update. As this firmware is slightly larger in size than old ones, HSM servers hosting this update became unresponsive as many users were simultaneously trying to update their device, causing access to the Manager and installing apps to be slower than usual, a significant amount of users reported their device getting stuck during the update which would be later addressed with another update and an apology from Ledger.

Electrum Fishing Scheme Warning

A fishing malware scheme has been spotted targeting electrum wallet users. Electrum users are advised to read the warning explainer that has been setup here.

A malicious notification popup with a clickable link.

Users of many versions of Electrum released may see messages as pictured when attempting to send a transaction with their wallet. The message, or some variation of, purports that a security update is required to continue.

This is not the case.

The message is generated by the server you are connected to, and contains a link to a malicious modification of the wallet which, if installed, will result in the immediate theft of all of your money. If you install any software shown in a message such as this you have no recourse to recover your funds.

Card Shuffle to Bitcoin Seed
Bitcoin seed generation is the most important event for any Bitcoin holder, as without this seed your wallet and ultimately your money is lost. We as users trust hardware and air gapped wallets to be correct and honest in their seed generation, which is hard to verify. A new bring-your-own-entropy method was proposed on the Bitcoin dev mailing list by developer Ryan Havar to allow users to create randomness they trust.
Summary for December 2018
We’ve been taking a break for the past two months while working on a website upgrade. Since we did not cover news in that time, we decided to make a series of recap articles covering the last two months, starting with news related Bitcoin Core and going through Lightning Network and its related updates.
Visual Identification of Payee Node Id

Checking the payee node id in the send dialog is always troublesome, the long hex value can be as confusing as typing a bitcoin address yourself. Just like every other thing in Bitcoin, a visual representation of the payee node id might be helpful.

There were suggestions on the Lightning dev mailing list that called lighting user-facing wallets to add an icon identifier for the id so that we can check if its the correct one, after all we as humans are much better at remembering visual cues that random long hex values, there were counter proposals that suggested using Chernoff Faces, as humans are best fit in recognizing small changes in faces and another that suggested using strings of seperate words, like BIP 39 seeds, that are easier to recognize, or memorize, than random hex values.

Data Piggybacking Within the Payment Preimage for Offline Payments in Wallets
Piggybacking information within payment_preimage is a suggestion by developer Jose Femenias, it is used to enable sharing a common secret seed between an offline device and an online LN node, both the devices calculate the same per_transaction_secret, the node encrypts the PIN within the payment_preimage and then when the LN wallet receives the payment_preimage it decrypts it showing the PIN, this is provided as proof of payment to the offline device.
Bip 39 Seeds Using Random Words
There was a discussion on BIP39 seeds and the probability of getting a valid BIP39 using randomly chosen words, otherwise known as brute forcing. The probability is about 1:256 for 24 words and 1:16 for 12 words. This is meant to change drastically with SLIP 39, proposed last year, SLIP 39 describes a standard implementation of Shamir’s secret-sharing, which splits a secret into unique parts which can be distributed among participants.