Topic: [ANNOUNCE] Android key rotation - page 10. (Read 66313 times)

I wouldn't mind actually waiting some time if that meant my transaction was free. I didn't want or plan to transfer these funds in the first place and I don't mind them being stuck for some time in limbo. Once the TX is out there, it would be hard to double spend it anyways.

Schildbach allowed this (0 fees) too some time ago so I consider it a regression. If I use PayPal, I pay for a service that goes beyond simple money transfer (I get fraud protection etc.).

This is just stupidity on deepbit's end - they could always include their payouts for free in their own blocks and I suggested something like that (pools accepting each other's payouts for free) long time ago. Back then it was anyways easy to get anything transacted for free, so they never went forward with it. I don't want to pay a whole penny for a few bytes of storage that will be pruned away sooner or later anyways.

The wallet used to have a setting that let me set fees to 0 on my own risk. This setting seems to be gone...
Anyways, fee handling and transaction priorization is a big mess in my opinion still in Bitcoin, especially in the reference client that everyone seems to use unreflected without even thinking about the settings.


About receiving coins at the same address:
In the end it means that you potentially loose privacy (e.g. the free bitcoins site could link your IP to your address, then you sell a obile phone on the web and let them pay to the same address - now the free bitcoin site can see that you received some more coins + the buyer of the phone sees that you probably used this site). Security wise it means that once you send something from your address, you expose the public key belonging to that address. In this case, the signature generated with it is weakening security - there is also the possibility of a breach of ECDSA keys in general. As long as nothing has been transfered off an address, it is as safe as possible from a current security standpoint.

Thanks for the quicks news and update.

Oh boy... justusranvier is totally confusing the newbies.

Oh bother. Thanks. In my case I have never used an android device for any Bitcoin stuff so I trust I am safe from the current non random number issue(?)
However, it has been convenient to gather occasional small amounts from the (get free bitcoins) site http://netlookup.se/free-bitcoins/247552
Just to be very clear here, I now should not offer the same receive address more than once then?
tia
(edit)
I note that  this site mentioned above works on the basis of a receive address being used repeatedly.... Is it a scam site? or is it just  doing rather bad things?

Oh boy, we didn't need this.
Thanks for the heads up.

Thanks for the warning

Receive addresses should be used exactly one time, then never again.

If you reuse addresses for receiving bitcoins you have no financial privacy, and you're vulnerable to issues like this.

Is this flaw related to why "Error Response Invalid signature" keeps happening to certain users attempting to send funds from the Blockchain.info Android app? (thread here: https://bitcointalksearch.org/topic/error-message-error-response-invalid-signature-on-blockchaininfo-android-app-240548). I'd love to be able to get my btc out of this wallet but it seems less likely by the day.

Novice here.
I guess, or understand, that 'receive' addresses can be safely used more than once? Presumably the receive process is much more passive than a payment process? Is my understanding ok here please?

Unfortunately, it is still vulnerable. The signature algorithm uses the random number generator as well and if a signature is generated improperly, it can compromise the private key. This was, in fact, the way the vulnerability was exploited.

"... some signatures have been observed to have colliding R values, allowing the private key to be solved and money to be stolen." -- Mike Hearn

Here are some reasons why:

You might only have only a couple of pennies in your wallet (for novelty purposes).

Those who have moved beyond fiat pricing might like the idea of keeping their 1.0 bitcoins instead of having 0.99999 bitcoins.

Old money which is not broken in many thin slices don't need to pay fees, they don't need to wait more than a few hours anyway.

So you believe that radioactive decay is deterministic? If so, you are in the minority. Say I have two uranium atoms and one of the decays before the other, what do you think accounts for that?

Fees have to be attached due to a strange quirk of bitcoind mining code - it only allocates 27kb per block for free transactions. There's no obvious reason that should be the case and I'm sure it'll get fixed at some point. Even a penny is a high fee to pay, IMO.

Nothing can generate a random number. Us included. Only pseudo-random.

I second this. While mining with deepbit, their tx fees are not included. One payment sat for almost 4 days before being picked up by eligius pool. Just send the penny.

Which does not change the fact that there are corporations out there selling certified random number generators, for thousands of dollars per piece.
Try to explain to a bank that a PC can generate random data equally well...

This is a common misconception. Real-world computers actually have access to any number of sources of real randomness. For example, the offset between the crystal oscillator that drives the CPU and the crystal oscillator that drives the network card is determined by microscopic zone temperature variations that are believed to be truly random. The latency of a hard disk drive is dependent on turbulent airflow drag on the spindle which is also believed to be truly random. Some CPUs and chipsets have true random number generators on them, usually obtained from shot noise which is also believed to be truly random. (And even if they're not truly random, they are entirely unpredictable.)

I cant find any wallet other than bitcoin-qt that lets you put a 0.00 tx fee. Surprising to see people in here wondering about fees. it's a penny. Go sell something on PayPal and tell me about fees.

Well what do you expect? The minimum I always pay is 0.0006 or 0.0005 on the -Qt client. Non-fee transactions usually means hours to days waiting for confirmations.

Annoyingly the Schildbach wallet seems to now enforce(!) a 0.0001 BTC default fee!

Well, these issues aside - thanks for informing us.