Author

Topic: Grabbing other peoples private keys with bitcoin-qt (Read 1258 times)

legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
If the wallet is encrypted, what your suggesting is completely impossible (it was impossible anyway, but with an encrypted wallet it's especially impossible). An encrypted wallet cannot (and I mean "cannot" in the sense that "it's physically impossible") access its own private keys without the correct passphrase (which is never stored and must be entered by the user every time).

The reason it was impossible anyway is because peers cannot "grab" arbitrary data from the client; they can only obtain data that the client purposefully transmits. The client never transmits sensitive data, nor is there even any way for a peer to request that it do so.
sr. member
Activity: 644
Merit: 260
Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?

This could be a possible security flaw am I right?

No it's impossible at all because if this critical issue would have been real, the developers would have fixed it in no time.
newbie
Activity: 33
Merit: 0
This is imposible, btc would have crashed by now if this was a posibility
legendary
Activity: 1834
Merit: 1008
At least you knew what section to put it in xD

This was moved..
sr. member
Activity: 294
Merit: 250
***THIS ACCOUNT IS NO LONGER ACTIVE***
At least you knew what section to put it in xD
staff
Activity: 4284
Merit: 8808
(for example, the heartbleed bug in 0.9 - I might be misunderstanding what exactly is possible, but it was bad enough that 0.9 is insecure).
Bitcoin core has never exposed SSL to the internet in any sane configuration. So no, that wasn't generally possible. For the vast majority of users the fix wrt that was precautionary.
member
Activity: 77
Merit: 10
but could you not, when connecting, have the peers client send you all their bitcoins?
because no developer in there right mind would write code to make that possible
member
Activity: 112
Merit: 10
Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?

This could be a possible security flaw am I right?

The way communication over the bitcoin network works is, you send me a message then I send you another message.
While you can modify your bitcoin-qt code to send any me message you want to send, I will not respond with a message containing my private keys.
Unless you can find a bug in the bitcoin software that causes it to respond to some message with private keys (for example, the heartbleed bug in 0.9 - I might be misunderstanding what exactly is possible, but it was bad enough that 0.9 is insecure).
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
but could you not, when connecting, have the peers client send you all their bitcoins?

No.

If your modified client sends any regular client "all your keys belong to us" it will not understand that message as it was not implemented in it.

legendary
Activity: 3472
Merit: 4801
but could you not, when connecting, have the peers client send you all their bitcoins?

Obviously not.

If this was possible, then all bitcoins from all internet connected wallets would already be stolen.

Clearly, when peers connect, it's through a communication protocol that carefully defines what requests are valid, and peers only respond to valid requests.
legendary
Activity: 1834
Merit: 1008
but could you not, when connecting, have the peers client send you all their bitcoins?
staff
Activity: 4284
Merit: 8808
I just grabbed your USD bank account balance balance while grabbing your message.  
legendary
Activity: 1834
Merit: 1008
Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?

This could be a possible security flaw am I right?
Jump to: