POLL - Importing Private Keys in Satoshi Client. - page 2.

SgtSpike

legendary

Activity: 1400

Merit: 1005

Quote from: etotheipi on December 06, 2012, 01:11:10 AM

If you're willing to go as far as creating plugins for Bitcoin-Qt to do this, you might as well just use Armory. It basically is an add-on, and both importing and sweeping are supported. Only sweeping is supported if you are in "Standard" usermode, with importing being available in "Advanced" and "Expert" (for reasons already described here). It also has batch-importing/sweeping so you don't have to wait for a rescan between each one. Not to mention all the other nice benefits of Armory: printable one-time-only-needed backups, multi-wallet interface, simple cold storage with watching-only wallets...

I just wish it didn't require running both clients at the same time. I suppose it's the same difference, but I don't like waiting for two large softwares to load up instead of just one. Tongue

I do agree that Armory is a much superior client to QT for a variety of reasons though.

etotheipi

legendary

Activity: 1428

Merit: 1093

Core Armory Developer

If you're willing to go as far as creating plugins for Bitcoin-Qt to do this, you might as well just use Armory. It basically is an add-on, and both importing and sweeping are supported. Only sweeping is supported if you are in "Standard" usermode, with importing being available in "Advanced" and "Expert" (for reasons already described here). It also has batch-importing/sweeping so you don't have to wait for a rescan between each one. Not to mention all the other nice benefits of Armory: printable one-time-only-needed backups, multi-wallet interface, simple cold storage with watching-only wallets...

SgtSpike

legendary

Activity: 1400

Merit: 1005

Quote from: Sukrim on December 05, 2012, 07:51:09 PM

Bad example:

The difference is like giving you a cheque that you can cash and teaching you how to forge my signature to sign one single transaction that I know about.

I know you want this functionality because of your coins and whatnot, but seriously I'd rather have sweeping private keys/wallets as a web service than within the client.
There needs to be a better way to keep bitcoins "portable" (= not under my control anymore but anyone else can redeem them to any address) than to give away private keys.

About vanity addresses, as far as I saw one can already combine a private key to such an address made up of 2 parts (so people can mine for them without knowing the private key), so that could be built in in some point of time. As you still need to have the 2nd part unique (and to your own) that doesn't solve the "physical bitcoin coin" issue though that anyone should be able to redeem.

So that's your preference, but why prevent other people from using the client how they wish? If I KNOW I am the sole owner of a particular private key, then why should I not be able to import it into my client so it can hang with the rest of my bitcoin wallet?

Vanity addresses can easily be generated by anyone on their home machines. It doesn't have to be through a two-factor system (though I admit that the vanity-gen pool is very neat as well!)

I understand protecting people from stupidity, but the restrictions you'd like to see are going too far. You eliminate so many use-cases by not allowing private key imports.

Quote from: bitfreak! on December 05, 2012, 10:32:37 PM

Just look at the results of the poll so far. Why are we even debating whether people want this or now. It's clear most people want it. Hell, there have been several times where I could have used it for multiple different reasons. And a lot of those times I wouldn't need the sweep function either, I just wanted to import my private keys in a simple easy way. Is that so much to ask for christ sakes. If we are letting stupid people be the guide of bitcoins future, the future is looking dull.

My suggestion solves all the problems. It lets people know the risk of not sweeping the funds, and gives them the option of sweeping the funds, but also allows them to import the key without sweeping the funds. It's important to have both options available because they both server their own purpose and are useful under different circumstances. This isn't rocket science.

Lol, +1. I don't understand why this is even a debate.

bitfreak!

legendary

Activity: 1536

Merit: 1000

electronic [r]evolution

Just look at the results of the poll so far. Why are we even debating whether people want this or not. It's clear most people want it. Hell, there have been several times where I could have used it for multiple different reasons. And a lot of those times I wouldn't need the sweep function either, I just wanted to import my private keys in a simple easy way. Is that so much to ask for christ sakes. If we are letting stupid people be the guide of bitcoins future, the future is looking dull.

My suggestion solves all the problems. It lets people know the risk of not sweeping the funds, and gives them the option of sweeping the funds, but also allows them to import the key without sweeping the funds. It's important to have both options available because they both server their own purpose and are useful under different circumstances. This isn't rocket science.

FreeMoney

legendary

Activity: 1246

Merit: 1016

Strength in numbers

Quote from: becoin on December 05, 2012, 11:42:17 AM

Quote from: bitfreak! on December 05, 2012, 11:24:19 AM

but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?".

This is good. May be instead of 'your other secure addresses' this warning should read 'your organic addresses'? Just mark addresses to imported and organic with proper warning if imported addresses are attempted to be used as payment receipt or request payment addresses.

Small nitpick. The wording should not be "Your funds can be stolen" but "The funds are not yours" or something like that.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: Sukrim on December 05, 2012, 07:51:09 PM

I know you want this functionality because of your coins and whatnot, but seriously I'd rather have sweeping private keys/wallets as a web service than within the client.

Because of my coins... and the bills you can print... and the bitcoins one can dispense from a vending machine, or a POS receipt printer, or a million other uses that don't involve smartphones and desktop PC's.

I'd rather have it in bitcoind, because then other websites can accept private keys directly as payment. If I had to pick between having a "Casascius Coin Redeemer" in the client versus an RPC call for sweeping private keys, I'd enthusiastically opt for the latter.

Quote from: Sukrim on December 05, 2012, 07:51:09 PM

There needs to be a better way to keep bitcoins "portable" (= not under my control anymore but anyone else can redeem them to any address) than to give away private keys.

But there's not, and there's nothing wrong with that. Private keys are just numbers. Ultimately you have to give somebody 1's and 0's they have to keep private so they can take the money and nobody else, regardless of how it's implemented.

Quote from: Sukrim on December 05, 2012, 07:51:09 PM

About vanity addresses, as far as I saw one can already combine a private key to such an address made up of 2 parts (so people can mine for them without knowing the private key), so that could be built in in some point of time. As you still need to have the 2nd part unique (and to your own) that doesn't solve the "physical bitcoin coin" issue though that anyone should be able to redeem.

That's already been built. https://bitcointalksearch.org/topic/10-btc-4-u-2-steal-protected-by-a-weak-5-letter-password-crack-its-yours-128699. You can have a two-factor trust-in-nobody physical bitcoin today, and I brought it to you. You can even print your own two-factor paper wallets. The second factor can be a full private key or just a passphrase. Best yet (fwiw), if a website offered a "redeem" option, a user would never see the unencrypted private key (assuming that really matters).

bg002h

donator

Activity: 1464

Merit: 1047

I outlived my lifetime membership:)

Quote from: casascius on December 05, 2012, 09:24:37 AM

I think import private key should not be exposed to average users. Sweep private key should be offered instead.

Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.

https://en.bitcoin.it/wiki/Sweepprivkey

On the other hand, I see no reason why "sweep" would need to be under an advanced menu, any more than you'd expect "Redeem iTunes Gift Card" to be on the advanced menu of iTunes.

This would make a good topic for the foundation..

Sukrim

legendary

Activity: 2618

Merit: 1007

Bad example:

The difference is like giving you a cheque that you can cash and teaching you how to forge my signature to sign one single transaction that I know about.

I know you want this functionality because of your coins and whatnot, but seriously I'd rather have sweeping private keys/wallets as a web service than within the client.
There needs to be a better way to keep bitcoins "portable" (= not under my control anymore but anyone else can redeem them to any address) than to give away private keys.

About vanity addresses, as far as I saw one can already combine a private key to such an address made up of 2 parts (so people can mine for them without knowing the private key), so that could be built in in some point of time. As you still need to have the 2nd part unique (and to your own) that doesn't solve the "physical bitcoin coin" issue though that anyone should be able to redeem.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: Sukrim on December 05, 2012, 07:12:52 PM

I believe on the contrary that private keys should be kept private as much as possible and never exposed to users to "redeem" or "swipe" in the first place. Importing private keys for anything else than constantly monitoring their addresses and swiping them is dangerous at best and leads to a lot of coins lost at worst.

I am not sure I agree with such a blanket proposition. I think the term "private key" is simply a language expression and does not mean that all "private keys" should be kept "private" the same way people should keep their genitals "private" while riding public transit. Rather it should be dictated by the needs of the application employing them.

If a Bitcoin client using a deterministic wallet scheme would suffer a compromise of the whole wallet if one were to disclose a private key, well hell yeah, let's do our best to make sure the only way one can ever see one is to use no less than a debugger or a hacked client. But if I want to make up a random number to assist me in handing you bitcoins on a piece of paper - a number that will be thrown away once you're done - just like a gift card or a money pack or phone card - I see no reason that that I should need to shield that number from your eyes the same way I'd be expected to shield you from seeing up my shorts... just because the algorithm you'll be feeding that number to refers to it as a "private" key.

SgtSpike

legendary

Activity: 1400

Merit: 1005

Quote from: Sukrim on December 05, 2012, 07:12:52 PM

I believe on the contrary that private keys should be kept private as much as possible and never exposed to users to "redeem" or "swipe" in the first place. Importing private keys for anything else than constantly monitoring their addresses and swiping them is dangerous at best and leads to a lot of coins lost at worst.

I'd rather have people come up with a way to create signed transactions that can go to any address and trade these around than exposing private keys and thinking about how to swipe them again and who else might have seen them.

I disagree.

Say I've just generated a vanity address that I wish to use in my QT client. Aside from some command-prompt wizardry, there is no way for me to use it.

If an import option is offered, it absolutely MUST have the option to NOT sweep the funds. I don't care if that is a feature reserved in some advanced options dialog, but it NEEDS to be an option. There are plenty of legitimate use cases where private key importation without instant sweeping is necessary and desirable.

Also, I am 100% for GUI-based private key exportation as well. Keeping the private keys locked up in a non-accessible format only hinders flexibility. Again, it can be in an advanced options dialog for all I care, but it really needs to be an option for those who want to use it.

Sukrim

legendary

Activity: 2618

Merit: 1007

I believe on the contrary that private keys should be kept private as much as possible and never exposed to users to "redeem" or "swipe" in the first place. Importing private keys for anything else than constantly monitoring their addresses and swiping them is dangerous at best and leads to a lot of coins lost at worst.

I'd rather have people come up with a way to create signed transactions that can go to any address and trade these around than exposing private keys and thinking about how to swipe them again and who else might have seen them.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: JackH on December 05, 2012, 03:50:17 PM

Guys I really think this should be either kept extremely simple or extremely complex (from a general users point of view).

Mom and pop out there (which is pretty much the entire world online right now), have never even touched anything we all know as FTP client.

The gap between this little core of people here and the world is huge. Adding something that is way to user friendly will piss people off here since its not allowing for cool functions. Adding it too complex wideness the gap to mom and pop people. Plugins are seriously a great way to archive all the geekishness and still have a client that will only take mom and pop users 1 year to understand Grin

I totally agree with the concept of plugins but believe that sweeping private keys should be a core feature. Kind of like a normal bank account: depositing cash and checks is a core feature, investing in stocks is a plugin.

Everyone has used an FTP client before... to name a few in no particular order: Internet Explorer, Chrome, Safari, Firefox. Being able to browse the web doesn't make them any less an FTP client.

JackH

sr. member

Activity: 381

Merit: 255

Guys I really think this should be either kept extremely simple or extremely complex (from a general users point of view).

Mom and pop out there (which is pretty much the entire world online right now), have never even touched anything we all know as FTP client.

The gap between this little core of people here and the world is huge. Adding something that is way to user friendly will piss people off here since its not allowing for cool functions. Adding it too complex wideness the gap to mom and pop people. Plugins are seriously a great way to archive all the geekishness and still have a client that will only take mom and pop users 1 year to understand Grin

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: DannyHamilton on December 05, 2012, 02:23:58 PM

Quote from: casascius on December 05, 2012, 01:37:16 PM

. . . Right below the text box where they type the key. "Remember this key and sweep any future incoming payments?". . .

Interesting idea, I'm curious though about how it would handle the likelihood that autoswept funds would need a transaction fee? What if the transaction fee ended up being a significant portion (or all) of the the swept funds?

It would have to pay the fee out of the autoswept funds - there's no clean alternative. To avoid the fee, it would have to involve some of the user's coins (messy), or wait until the transaction is old enough (not good).

If the fee were most or all of the swept funds, it might as well not attempt to sweep them.

Advanced configuration options could include: Minimum amount to auto-sweep? (default: 0.01 BTC). Auto-sweep even when a fee must be deducted? (default: yes)

DannyHamilton

legendary

Activity: 3472

Merit: 4801

Quote from: casascius on December 05, 2012, 01:37:16 PM

. . . Right below the text box where they type the key. "Remember this key and sweep any future incoming payments?". . .

Interesting idea, I'm curious though about how it would handle the likelihood that autoswept funds would need a transaction fee? What if the transaction fee ended up being a significant portion (or all) of the the swept funds?

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: JackH on December 05, 2012, 01:16:17 PM

How about making this as a plugin to the bitcoin client? Then anyone that knows what they are doing would also know about the plugin, thus allowing them to install it. At the same time, all new users wont have more confusing buttons and terminologies they need to understand.

I think it should be built in, and look as much like "Redeem iTunes Gift Card" does in iTunes: a simple button or menu option, and that's all you see until you go there and click it. It doesn't confuse anyone: the concept is understandable even for children and grandma. The setup infrastructure for finding and loading plugins would be far more intrusive and complex.

(Just for fun, I went to look at iTunes's redemption screen, and discovered that you can actually redeem iTunes gift cards just by holding them up to the computer's web cam. The pictures in the interface suggest it does OCR on the gift card number, rather than any sort of bar code. Now, that's user friendly. Kudos to BlockChain.info for offering something similar for reading QR code private keys)

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: Sukrim on December 05, 2012, 01:12:42 PM

If private keys are being sweeped, should the client still store these keys and sweep any further payments to these addresses too?

I think yes.

I think checkbox. Right below the text box where they type the key. "Remember this key and sweep any future incoming payments?". The fact that MtGox has done it by default without providing any warning or notice has confused a lot of people, and confusion over money that moves by itself when you weren't expecting it is not confidence building.

On the other hand, a popup box would be needed to warn them that this will only happen while the client is running and synchronized with the network. An expectation that their money "auto-forwards" like forwarding your calls when your mobile phone is off would also result in a rude awakening if someone finds that their money could be stolen by someone who was able to grab it before the sweep did.

JackH

sr. member

Activity: 381

Merit: 255

How about making this as a plugin to the bitcoin client? Then anyone that knows what they are doing would also know about the plugin, thus allowing them to install it. At the same time, all new users wont have more confusing buttons and terminologies they need to understand.

Sukrim

legendary

Activity: 2618

Merit: 1007

If private keys are being sweeped, should the client still store these keys and sweep any further payments to these addresses too?

I think yes.

pc

sr. member

Activity: 253

Merit: 250

I'll agree with adding "sweep" to the GUI, and leaving "import" to the RPC API.

The import use cases are things where people are doing some crazy things managing their own offline wallets or whatnot, and I think the command line is fine for things like that. Sweep is for people handing you a physical token (or QR code or the like) to pay you for something, and is a great way for me to give people their first coins.

Topic: POLL - Importing Private Keys in Satoshi Client. - page 2. (Read 4603 times)