Author

Topic: Is it standard to create a new address everytime? (Read 792 times)

legendary
Activity: 2072
Merit: 1049
┴puoʎǝq ʞool┴
Do I need to create a new receiving address every time I submit my address to a new site etc? For example if I am joining various BTC sites, Should I create a new address for every place I am required to post an address?

Thanks!

No need but if you want to protect your privacy then yes you should
newbie
Activity: 56
Merit: 0
I have to say that if you want your money never leave you, then probably you should do the best to protect it, no mattwr how inconvenient it is

legendary
Activity: 3472
Merit: 4801
OK, as I said I don't really know much about bitcoin security so this might sound like a stupid question but how would you avoid reusing addresses if you are a store that accepts bitcoins? If you have 500 customers sending you bitcoins then you would need 500 different receiving addresses right? And what if you wanted to put all of these coins in cold storage?

The same way BitPay, and thebitcoinstore.com, and any other well written bitcoin accepting website handles it.

Your software generates a new address each time you have a transaction (so yes, 500 addresses for 500 transactions).

You can either keep all the addresses separately in cold storage, or you can generate a cold storage address, and create a program that consolidates your bitcoin receipts into a single cold storage address on a regular basis.
legendary
Activity: 2562
Merit: 1414
You can keep the old address or make a new one , its all up to you .
hero member
Activity: 490
Merit: 500
Yes, it's not strictly necessary but a good, recommended practice
sr. member
Activity: 462
Merit: 250
I don't know much about bitcoin security

And yet your going to make guesses based purely on what you hope?

but I'm sure it must be safe security-wise, right?

That depends on what you mean by safe.  It's mostly safe when everything is working perfectly, but it does increase the risk more than if you used a new address for each transaction.

After all, websites like xkcd that accept bitcoin donations can't really change their address every time someone makes a donation.

They certainly can if it's important to them.

Nobody is going to gain access your wallet with just an address because they won't have your private key(s).

Ask Andriod users that re-used addresses back in August.  I suspect they will correct you on that matter.

It might be possible to identify the owner of a bitcoin address by looking at their transactions on the blockchain though. For example, if address A receives bitcoins from address B and you know the identity of address B (eg. it belongs to a known person or a company), then you could ask them who the owner of address A is and find out their identity that way.

Yes, you certainly give up some anonymity that way.

OK, as I said I don't really know much about bitcoin security so this might sound like a stupid question but how would you avoid reusing addresses if you are a store that accepts bitcoins? If you have 500 customers sending you bitcoins then you would need 500 different receiving addresses right? And what if you wanted to put all of these coins in cold storage?
legendary
Activity: 3472
Merit: 4801
Satoshi himself recommended this in the original whitepaper.

I think that Satoshi himself didn't want for addresses to be used for day to day transactions at all.

Why do you think that?

Did you read the whitepaper?  What in there makes you think that he didn't want it used for day to day transactions?
legendary
Activity: 3472
Merit: 4801
I don't know much about bitcoin security

And yet your going to make guesses based purely on what you hope?

but I'm sure it must be safe security-wise, right?

That depends on what you mean by safe.  It's mostly safe when everything is working perfectly, but it does increase the risk more than if you used a new address for each transaction.

After all, websites like xkcd that accept bitcoin donations can't really change their address every time someone makes a donation.

They certainly can if it's important to them.

Nobody is going to gain access your wallet with just an address because they won't have your private key(s).

Ask Andriod users that re-used addresses back in August.  I suspect they will correct you on that matter.

It might be possible to identify the owner of a bitcoin address by looking at their transactions on the blockchain though. For example, if address A receives bitcoins from address B and you know the identity of address B (eg. it belongs to a known person or a company), then you could ask them who the owner of address A is and find out their identity that way.

Yes, you certainly give up some anonymity that way.
sr. member
Activity: 252
Merit: 250
Satoshi himself recommended this in the original whitepaper.

I think that Satoshi himself didn't want for addresses to be used for day to day transactions at all.
sr. member
Activity: 462
Merit: 250
I don't know much about bitcoin security but I'm sure it must be safe security-wise, right? After all, websites like xkcd that accept bitcoin donations can't really change their address every time someone makes a donation. Nobody is going to gain access your wallet with just an address because they won't have your private key(s).

It might be possible to identify the owner of a bitcoin address by looking at their transactions on the blockchain though. For example, if address A receives bitcoins from address B and you know the identity of address B (eg. it belongs to a known person or a company), then you could ask them who the owner of address A is and find out their identity that way.
legendary
Activity: 3682
Merit: 1580
Thanks guys

Thing is how do you change it for every transaction? If a site is paying you a few times a week say... You have logged an address just for that site. How would you change it for each tx? Keep going back to the site daily and entering in a new address? Impossible to do it you had many of these sites paying you?

In such a situation you don't change the address. Simples.

In future we might see solutions to these scenarios as well. There are three competing implementations that I know of:

1. Deterministic wallets. You submit the master public key of a branch and a the site generates a new address for each transaction using that.

2. Bitcoin payments protocol.

3. Stealth addresses.

Only time will tell which one of these gets the widest adoption.
legendary
Activity: 3472
Merit: 4801
Thanks guys

Thing is how do you change it for every transaction? If a site is paying you a few times a week say... You have logged an address just for that site. How would you change it for each tx? Keep going back to the site daily and entering in a new address? Impossible to do it you had many of these sites paying you?

I simply refuse to use any site that doesn't require me to enter a bitcoin address for each transfer.  A well designed site will accumulate value in an account for me at the site, and then will allow me to request payment of the total accumulated value when I choose.  That way I can avoid the hundreds of miniscule "dust" transactions that cost me huge transaction fees later.  If a site isn't well designed, I refuse to reward their lazy, inept, inconsiderate, and incompetent behavior with my business.
full member
Activity: 196
Merit: 100
★Bitvest.io★ Play Plinko or Invest!
Thanks guys

Thing is how do you change it for every transaction? If a site is paying you a few times a week say... You have logged an address just for that site. How would you change it for each tx? Keep going back to the site daily and entering in a new address? Impossible to do it you had many of these sites paying you?

In any security situation, you always want to find that perfect line between usability & security that suits your specific needs.

You can be ultra-secure, cold store all your coins, place them in vaults / safe deposit boxes, create different addresses for every transaction, etc. etc....however, the "usability" of that scenario (read in this case: liquidity / accessibility) is damn-near zero.

On the other hand, you can make them ultra accessible (put all your coins in an online wallet, no 2FA, etc.), and have them begging to be stolen.

You just have to find the balance between the two that fits you.
newbie
Activity: 42
Merit: 0
Thanks guys

Thing is how do you change it for every transaction? If a site is paying you a few times a week say... You have logged an address just for that site. How would you change it for each tx? Keep going back to the site daily and entering in a new address? Impossible to do it you had many of these sites paying you?
legendary
Activity: 3472
Merit: 4801
As stated, it is recommended for several reasons.  The "best practice" is actually to use a new address not only for every site, but for every transaction.

Satoshi himself recommended this in the original whitepaper.

Many people do not follow this recommendation.  In doing so, they give up some anonymity and a small amount of security.  They also make it more difficult to identify the source and purpose of a payment that they receive.
full member
Activity: 238
Merit: 109
It's recommended, for multiple reasons:-
1. Easier to tell who is paying what from where
2. Better privacy, site A can't tell you also use site B. Site A also can't tell how much money you have.
newbie
Activity: 42
Merit: 0
Do I need to create a new receiving address every time I submit my address to a new site etc? For example if I am joining various BTC sites, Should I create a new address for every place I am required to post an address?

Thanks!
Jump to: