UPDATE (5/27):
I’d like to clarify that with the post below, our intention was not to cast bitcoinjs-lib in a bad light. The situation was that due to Counterwallet’s (premature, in hindsight) use of the new HDwallet functionality in the library. Basically, we got caught up tracking new changes of the library on their master branch while extensive refactoring was going on. The most recent versions of the library have received an extensive test suite, and appear to be quickly stabilizing under very competent hands. I think in our case, the timing was just bad, as well as our reliance on newer bitcoinjs-lib code.
The other thing to keep in mind with this post, is that when it was originally written, we had run into 2 address change issues (that caused users to have new addresses) and 1 security bug. All of this was a consequence of us tracking bitcoinjs-lib master, instead of the older 1.3.x branch, which was much more stable, but did not include the HDwallet functionality. The bitcoinjs-lib devs (especially Daniel Cousens) provided great support though this, but overall the situation was frustrating for us and our users at the time.
As always, Bitcoin is a work-in-progress. When we started work on Counterwallet, Bitcore had not even been released, and bitcoinjs-lib had just added initial support for BIP32 (HDwallets). Given that Counterwallet was to be a deterministic wallet, we decided to go with the HDwallet support, in leiu of going with an older Electrum style deterministic implementation (e.g. like what Carbonwallet uses) which we knew would force our users to have to update/re-sweep once we moved to BIP32. In hindsight, this decision may have been premature.
Thanks to both the bitcoinjs-lib and Bitpay developers for working with us through this process. Live and Learn.
---------------------
ORIGINAL POST:
We have just released a new version of Counterwallet (1.1.5) that moves from bitcoinjs-lib to Bitpay’s bitcore library for the underlying Bitcoin-related functionality. This move was largely due to the earlier security issue we had earlier with bitcoinjs-lib, as well as the current state of rapid change that library is in. At this time at least, we feel that bitcore is the more mature library, and has more support and unit tests. Furthermore, we have had the bitcore development team review and okay our bitcore integration, and currently have a security professional performing testing on Counterwallet.
Why?
On top of the security issue we experienced with the library, there was also a change to the underlying Crypto library in use by bitcoinjs-lib. This update silently did not support the specific way we were supplying the passphrase to the library’s wallet generation code, but still appeared to work fine (due to the absence of assertion checking in the library). This had the unfortunate side effect of reducing the entropy (randomness) of the wallet keys generated by Counterwallet, from the full 128 bits down to ~100-108 bits of entropy. While this is still too high for any kind of effective brute-forcing attacks (i.e. existing wallets are still very much safe), we are requiring our users to migrate to a new wallet within the next 2 months (i.e. before July 15, 2014), just to be sure. The bitcore code uses standard input formats, has tests around it, as well as necessary type checking.
Accessing Your Existing Wallet
If you created your wallet before May 8th, please prepend your passphrase with “old " to access your funds. For example, if your existing passphrase was “acid doubt danger hum dinner action final point demand inhale bedroom ocean”, your new passphrase would be "old acid doubt danger hum dinner action final point demand inhale bedroom ocean".
Once logged into your existing wallet, it should continue to work as before. Remember: you should migrate your funds to a new wallet as soon as possible, and definitely by July 15. Read on for instructions on how to do that.
Sweeping your old funds
[size=1em][font=arial]Setting up a new wallet and sweeping your existing funds into it is a very easy process, with our autosweep functionality. To get started, simply log into Counterwallet using your existing passphrase (without the “old “ prefix). Once in, click on the Import Funds button, and then choose From Old Wallet. Follow the instructions on that dialog, which will allow you to directly import all old wallet funds into the new wallet. [/font][/size][font=arial]Using your existing passphrase for this process is safe, and will enable the full 128 bits of entropy for your new wallet.[/font]
[font=arial]
[size=1em]Note that if you do not have sufficient BTC balance to handle the fees to transfer the assets at a given address in your old wallet, the dialog will give you the chance to specify a private key to another address with the BTC to use for the fees.[/size][/font]
Conclusion
To be honest, our experience with bitcoinjs-lib has been frustrating, and we apologize for the inconvenience this has caused our users. We have tried to make this process as smooth as possible this time, and these kinds of issues should hopefully be a thing of the past with our move to bitcore.
The Counterparty Team
Thanks xnova.
Does this change to Insight affect the time it takes to build the database using counterpartyd? Or is that reliant on bitcoind?
[quote author=Patel link=topic=321.msg2267#msg2267 date=1399578041]
Thanks xnova.
Does this change to Insight affect the time it takes to build the database using counterpartyd? Or is that reliant on bitcoind?
[/quote]
Nah, it’s unrelated to that. Although there was a commit made to counterpartyd a few days ago that should speed that up somewhat significantly.
[quote author=sparta_cuss link=topic=321.msg2270#msg2270 date=1399585379]
[quote author=xnova link=topic=321.msg2266#msg2266 date=1399564816]
Sweeping your old funds
[size=1em][font=arial]Setting up a new wallet and sweeping your existing funds into it is a very easy process. To get started, simply log into Counterwallet using your existing passphrase (without the “old “ prefix). Once in, click on the Import Funds button, and then choose From Old Wallet. Follow the instructions on that dialog, which will allow you to directly import all old wallet funds into the new wallet. [/font][/size][font=arial]Using your existing passphrase for this process is safe, and will enable the full 128 bits of entropy for your new wallet.[/font]
[font=arial]
[size=1em]Note that if you do not have sufficient BTC balance to handle the fees to transfer the assets at a given address in your old wallet, the dialog will give you the chance to specify a private key to another address with the BTC to use for the fees.[/size][/font]
[/quote]
[font=verdana][size=13px]Thanks for making the changes. [/size][/font]
[font=verdana][size=13px]I logged into/created the “new” account, but I don’t see the Import Funds button, only the Create New Address button in the top right.[/size][/font]
[/quote]
Please clear your cache and refresh. Thks.
Yep, that worked. Thanks.
I (now) see the notice on the login page, but I logged in earlier and nearly had a heart attack to see my entire wallet empty. You might consider also putting a popup screen upon login, so that people really can’t miss it. The way it is right now is going to cause a lot of unnecessary angst.
There are a few bugs. First of all, logging into my old wallet only pulls up the 3 addresses that are generated at wallet creation (which I never used). None of my other (10) generated addresses appear. Is there a way to get counterwallet to find them, because I need them (see below).
Second, so I tried logging into the new wallet and importing from the old. It successfully recognized my first 7 created addresses (all of which had funds in them), and I swept those successfully. It doesn’t recognize the other 3. The reason may be because the 7th address I created never had any transactions to or from it, i.e. it’s a gap. Maybe the code stops searching for new addresses then? The 8th and 9th have funds, and the 10th used to but not anymore.
So there are two addresses with funds that I currently can’t sweep or access in any way.
Incidentally, the new wallet does have 13 addresses for me, so in that sense recognized that my old wallet had 13 addresses.
[quote author=Winslow Strong link=topic=321.msg2281#msg2281 date=1399624204]
There are a few bugs. First of all, logging into my old wallet only pulls up the 3 addresses that are generated at wallet creation (which I never used). None of my other (10) generated addresses appear. Is there a way to get counterwallet to find them, because I need them (see below).
Second, so I tried logging into the new wallet and importing from the old. It successfully recognized my first 7 created addresses (all of which had funds in them), and I swept those successfully. It doesn’t recognize the other 3. The reason may be because the 7th address I created never had any transactions to or from it, i.e. it’s a gap. Maybe the code stops searching for new addresses then? The 8th and 9th have funds, and the 10th used to but not anymore.
So there are two addresses with funds that I currently can’t sweep or access in any way.
[/quote]
I posted a script for the old wallet if it’s still not working for you.
https://forums.counterparty.co/index.php/topic,325.msg2287.html
[quote author=porqupine link=topic=321.msg2289#msg2289 date=1399665120]
[quote author=Winslow Strong link=topic=321.msg2281#msg2281 date=1399624204]
There are a few bugs. First of all, logging into my old wallet only pulls up the 3 addresses that are generated at wallet creation (which I never used). None of my other (10) generated addresses appear. Is there a way to get counterwallet to find them, because I need them (see below).
Second, so I tried logging into the new wallet and importing from the old. It successfully recognized my first 7 created addresses (all of which had funds in them), and I swept those successfully. It doesn’t recognize the other 3. The reason may be because the 7th address I created never had any transactions to or from it, i.e. it’s a gap. Maybe the code stops searching for new addresses then? The 8th and 9th have funds, and the 10th used to but not anymore.
So there are two addresses with funds that I currently can’t sweep or access in any way.
[/quote]
I posted a script for the old wallet if it’s still not working for you.
https://forums.counterparty.co/index.php/topic,325.msg2287.html
[/quote]
It sounds like (unless I’m not understanding the full functionality) that’s a tool to use if you forgot your passcode. I didn’t forget my passcode. Instead, there’s a problem with the way the old-wallet works. Namely, it doesn’t pull up all of my addresses when I login. This is true when I login to it with the preappended “old”, and when I log into the corresponding new wallet and try to import from my old addresses.
I suspect that the import stops searching for addresses anywhere after the initial 3 addresses when it finds an address created that was never used. Even entering my public addresses explicitly into the address field of “import from old wallet” doesn’t work. If I had the private keys (I don’t) I could just import from the addresses explicitly. Any advice?
"Select the address in your old wallet that the specified tokens should be sent from"
Does this "address" mean BTC wallet address, for example like 12v3GmGXkLHXkKE6BWD5ZrK7uBLhJjJVB9? Because when I fill in my old wallet address, there comes "No matches found",nothing else.
[quote author=applepepe link=topic=321.msg2324#msg2324 date=1399793590]
“Select the address in your old wallet that the specified tokens should be sent from”
Does this “address” mean BTC wallet address, for example like 12v3GmGXkLHXkKE6BWD5ZrK7uBLhJjJVB9? Because when I fill in my old wallet address, there comes “No matches found”,nothing else.
[/quote]
If you are having the same problem I was (above), namely that the import from old wallet functionality isn’t recognizing some addresses in your old wallet, then you can do what Porquipine suggested in the bug thread and log into the old wallet, generate new addresses until all your old addresses with balances reappear (I had to log out and log in again to get the XCP balances to appear), and then you can just directly send from the old wallet addresses to the new wallet addresses.