Post APJA33F58f8N7LfUZc by Moneroxide@xmrposter.club
(DIR) More posts by Moneroxide@xmrposter.club
(DIR) Post #APHQodf3qeD4vTnJnk by Hyolobrika@gleasonator.com
2022-11-05T02:55:51.737141Z
0 likes, 0 repeats
Monerujo or Cake Wallet?What are the differences?
(DIR) Post #APIYUFVAxLsozqv2Zc by silverpill@mitra.social
2022-11-05T15:56:09.552653Z
1 likes, 0 repeats
@Hyolobrika I'd recommend Monerujo. Both are not on F-Droid, but at least Monerujo has a self-hosted F-Droid repo so you can get automatic updates.Also Monerujo can connect through Tor (connecting to remote Monero node via clearnet significantly reduces your privacy)
(DIR) Post #APIafeXaP0yPkNc0Lg by ZeoZ@xmrposter.club
2022-11-05T16:20:59.879635Z
1 likes, 0 repeats
@HyolobrikaMonerujo> Cake
(DIR) Post #APIlR5xxFivpxPCs4W by pokkst@xmrposter.club
2022-11-05T18:21:36.386706Z
1 likes, 0 repeats
@silverpill@Hyolobrika Monerujo sucks. Just found a bug in it yesterday with the seed offset feature that could result in coin lossUse https://mynero.net (my wallet 😎)
(DIR) Post #APIm1dxGMOnPnSJJaq by pokkst@xmrposter.club
2022-11-05T18:28:13.620115Z
1 likes, 0 repeats
@silverpill@Hyolobrika Also for whatever reason my wallets often get corrupted in Monerujo, which can also lead to coin loss if you haven’t written down the seed yet.
(DIR) Post #APIn021dzkv5pF9gDg by Hyolobrika@gleasonator.com
2022-11-05T18:39:07.919645Z
0 likes, 0 repeats
@silverpill>Monerujo has a self-hosted F-Droid repo so you can get automatic updates.I use Aurora Store to get updates for Play Store apps without having to use a Google account.>Monerujo can connect through Tor (connecting to remote Monero node via clearnet significantly reduces your privacy)Hmm. I had heard that using Tor with Bitcoin reduced your privacy*. Is that not the case with Monero+Tor as well?I thought Dandelion++ was used with Monero instead of a normal mixnet, but, looking it up just now, I learned that apparently you can get better privacy if you use both: https://localmonero.co/knowledge/monero-dandelion*I remember seeing a paper that said that, which I put on the back burner to read later.
(DIR) Post #APIn6GrPkfgZZaLTVI by Hyolobrika@gleasonator.com
2022-11-05T18:40:16.274283Z
0 likes, 0 repeats
@ZeoZWhy?
(DIR) Post #APIpQ0xwl0GVybwWyu by silverpill@mitra.social
2022-11-05T19:05:27.687592Z
1 likes, 0 repeats
@Hyolobrika Dandelion++ is used by full node, but Monerujo is a light wallet. By default it connects to 3rd party nodes which shouldn't be trusted (but you can connect it to your own node too).I don't know how Tor can reduce your privacy, perhaps they were talking about bitcoin mixers, that certainly doesn't apply to Monero.
(DIR) Post #APIpY4EWUd1QQWXJb6 by Hyolobrika@gleasonator.com
2022-11-05T19:07:41.605983Z
0 likes, 0 repeats
@pokkst>MyNero is still in early developmentHmm. I think I'll go with Cake. Ty. I'll keep yours in mind though.@silverpill
(DIR) Post #APIqKxRmVpavZN3CZU by silverpill@mitra.social
2022-11-05T19:16:02.260248Z
0 likes, 0 repeats
@pokkst @Hyolobrika Yeah I would like to try MyNero at some point. Are you planning to submit it to main F-Droid? I understand the benefits of self-hosted repo, but you can have both. For me, F-Droid submission is a kind of public audit
(DIR) Post #APIuAgUZ60TduAi2hE by pokkst@xmrposter.club
2022-11-05T19:59:29.912059Z
1 likes, 0 repeats
@silverpill@Hyolobrika I do not plan to submit it to the official F-Droid repo; I much prefer having control over the build process, keys, and server so I personally know it is secure. You really shouldn’t consider it a public audit, as they do not review the code at all.Feel free to join the Telegram if you have questions or message me on XMPP.
(DIR) Post #APIuUct6CqVmWBh5XM by pokkst@xmrposter.club
2022-11-05T20:03:06.167679Z
2 likes, 0 repeats
@Hyolobrika@silverpill Yep, I started it recently, but I have years of wallet development experience behind me for BTC and BCH, and chains like that, including Samourai and Bitcoin.com.There are some features you will find in MyNero that you won’t find in Cake.
(DIR) Post #APIwQUBonrr6I8bStc by Hyolobrika@gleasonator.com
2022-11-05T20:24:45.736596Z
0 likes, 0 repeats
@pokkst>There are some features you will find in MyNero that you won’t find in Cake.Like what?@silverpill
(DIR) Post #APIyqlNfi2Kr2wnzOa by silverpill@mitra.social
2022-11-05T20:51:31.400615Z
2 likes, 0 repeats
@pokkst @Hyolobrika>I much prefer having control over the build process, keys, and server so I personally know it is secure.Yes, but you can distribute APKs via main F-Droid too, so the users will have a choice.>You really shouldn’t consider it a public audit, as they do not review the code at all.They don't review code manually, but they have a system that automatically detects non-free dependencies. In most cases it's google spyware that is hidden somewhere in dependency tree
(DIR) Post #APJA33F58f8N7LfUZc by Moneroxide@xmrposter.club
2022-11-05T22:55:41.798389Z
1 likes, 0 repeats
@pokkst @Hyolobrika @silverpill I can't import my wallet file using MyNero while I can do with Monerujo (and Desktop wallets).
(DIR) Post #APJA33ffXoOwRo6j0y by pokkst@xmrposter.club
2022-11-05T22:57:23.601414Z
1 likes, 0 repeats
@Moneroxide@Hyolobrika @silverpill Right now it only supports 25-word seed backup (soon with seed offset support), wallet file backup is coming soon.
(DIR) Post #APJAdTytCZRKTISxSi by pokkst@xmrposter.club
2022-11-05T23:04:00.118529Z
1 likes, 0 repeats
@Hyolobrika @silverpill - First mobile wallet with UTXO management ("coin control"). You can churn/sweep/send individual UTXOs if you need.- The UTXO list also gives you the global output index of each UTXO, which you can use with https://github.com/pokkst/monero-decoy-scanner to view when your outputs are used in ring signatures.- Tor connectivity, which even differs from Monerujo 1/
(DIR) Post #APJAqo31uBXwTKkvaq by pokkst@xmrposter.club
2022-11-05T23:06:23.340910Z
1 likes, 0 repeats
@Hyolobrika @silverpill because Monerujo forces you to use Orbot, while MyNero allows you to use whatever Tor daemon you want, on whatever port.- You can set a password, not just a PIN like Cake. I'm not even sure if Cake encrypts the wallet file with the PIN.- Seed offset support (similar to BIP39 passphrase) is coming in the next update.- Soon you will also be able to sign 2/
(DIR) Post #APJB4iaV0EVJal2pRA by pokkst@xmrposter.club
2022-11-05T23:08:54.487550Z
1 likes, 0 repeats
@Hyolobrika @silverpill arbitrary messages for an address within the wallet, similar to Bitcoin address signing.- I am deliberately NOT adding some features from Cake into MyNero, like biometric auth. since it is less secure.I'm also working on I2P support, but it's a bit of a pain.
(DIR) Post #APJBQ0XdRiXBM7rBEe by pokkst@xmrposter.club
2022-11-05T23:12:46.299921Z
1 likes, 0 repeats
@silverpill @Hyolobrika Here's a starting point for you: https://github.com/pokkst/monero-wallet/blob/main/app/build.gradle#L127 (though you should be viewing the new I2P Gitea instance).MyNero is "technically" a fork of Monerujo, since I didn't want to bother setting up the C++ shit myself, so the dependencies should be the same (besides the removal of lombok, and dif versions), 1/
(DIR) Post #APJBYEMbwIkUXccZrE by pokkst@xmrposter.club
2022-11-05T23:14:15.254014Z
0 likes, 0 repeats
@silverpill @Hyolobrika but I deleted literally everything besides some helper methods like converting longs/ints to formatted balances, and the C++ code. Rewrote everything else since Monerujo is a slow, buggy wallet.
(DIR) Post #APJCqqmHxH0qqb4emG by pokkst@xmrposter.club
2022-11-05T23:28:48.413583Z
0 likes, 0 repeats
@silverpill @Hyolobrika I also have another, older wallet called Crescent Cash that IS available on the main F-Droid repo, however, it hasn't been updated in like two years because GitLab made a change that required email verification, but any time I required a verification email, it never came. Then after a few months they blocked all non-verified accounts.It also won't work with 1/
(DIR) Post #APJD1DnFEspx7lT02S by pokkst@xmrposter.club
2022-11-05T23:30:41.189829Z
0 likes, 0 repeats
@silverpill @Hyolobrika the latest Bitcoin Cash protocol rules. The wallet later became Pokket.cash: https://web.archive.org/web/20220122053112/https://pokket.cash/
(DIR) Post #APJUuADNwYAdAqThEO by Hyolobrika@gleasonator.com
2022-11-06T02:51:06.074874Z
0 likes, 0 repeats
@pokkst>I'm not even sure if Cake encrypts the wallet file with the PINWell that's concerning. I would like to know that for sure.@silverpill
(DIR) Post #APJVMgcL46e5mDkaaO by pokkst@xmrposter.club
2022-11-06T02:56:15.153218Z
1 likes, 0 repeats
@Hyolobrika @silverpill I will take a look at their code in a sec to confirm, but it's still just a 6-digit number at best I think.
(DIR) Post #APJVh3KcK9vG10AloO by pokkst@xmrposter.club
2022-11-06T02:59:57.031020Z
0 likes, 0 repeats
@Hyolobrika @silverpill It does seem they use some password, even though the only thing I've seen in-app that could function as a password would be the 6-digit PIN. Still not sure if it's salted and whatnot:https://github.com/cake-tech/cake_wallet/blob/418c9563fe4997e953ab67910514d7998a2c2cfa/cw_monero/ios/Classes/monero_api.cpp#L258
(DIR) Post #APJXfTWQB5D4ZY4My0 by Hyolobrika@gleasonator.com
2022-11-06T03:22:03.093742Z
0 likes, 0 repeats
@pokkstStill wondering if they encrypt the wallet files but I'm not very good at searching through source code to find out.I tried searching for "WalletManager" but I couldn't find where it's defined.@silverpill
(DIR) Post #APJYYHyEpKUcfpDZ5M by pokkst@xmrposter.club
2022-11-06T03:31:58.052737Z
1 likes, 0 repeats
@Hyolobrika @silverpill That's the Monero C++ API. I did end up finding some more calls, and they seem to create a random key, then they use that as the password, and that key is stored (encrypted) in the app's secure preferences. How that's encrypted, I haven't found.I think they learned their lesson after their RNG vulnerability issue. :P
(DIR) Post #APJYfintSb8VvEvJSq by pokkst@xmrposter.club
2022-11-06T03:33:17.932011Z
0 likes, 0 repeats
@Hyolobrika @silverpill This thing: https://teddit.net/r/Monero/comments/n9yypd/urgent_action_needed_for_bitcoin_wallets_cake/Didn't affect Monero seed generation luckily
(DIR) Post #APJeyac6jb7xkRn5cG by Hyolobrika@gleasonator.com
2022-11-06T04:43:56.640822Z
1 likes, 0 repeats
@pokkstThanks. So this means that the wallet private key is encrypted?It prob doesn't matter *too* much since Android has isolation but it's good to have an extra layer.@silverpill
(DIR) Post #APJfyQumtUAJce191c by pokkst@xmrposter.club
2022-11-06T04:55:08.272436Z
1 likes, 0 repeats
@HyolobrikaIt seems so, and yes I agreeThey still don‘t allow Tor connectivity, or UTXO management, or seed offsets@silverpill