Pages:
Author

Topic: POLL - Importing Private Keys in Satoshi Client. - page 3. (Read 4618 times)

legendary
Activity: 1596
Merit: 1100
I think import private key should not be exposed to average users. Sweep private key should be offered instead.

Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.

Indeed.  Any sort of private key from a gift card (or casascius coin) should be import and then the funds immediately sent to another private key, to prevent the previous private key holder from touching those funds.

legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
I much prefer keeping my private key written down than backing up my wallet.

I found it difficult to import my private key when I needed to spend money from that address. I could only do it from the command line and only had access to my phone and tablet at the time. I had to install the client and download the blockchain to my work computer which took a while.

I wish there was a way to import on the Bitcoin App.
hero member
Activity: 518
Merit: 500
Or perhaps... we forget about the advanced menu and just make the import private key function available, but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?".

Problem solved. You're welcome. Grin

I would have that prompt off by default and not even bother with the explanation, and if anything, have an option in the advanced menu that turns that prompt on.  So, by default, one can only "sweep" a private key.  BUt if they go to the advanced menu, they could turn on a checkbox that gives them the choice of sweep/import each time they do it.  And that's a HUGE if.  I think if users can sweep keys, there is no good reason for them to import them into their wallet, and plenty of reasons for them not to.

The main advantage to importing versus sweeping is a) seeing future funds in your wallet if you're expecting them, b) preserving the bitcoin-days-destroyed and number of confirmations, resulting in a far less likelihood of needing to pay a fee to immediately respend the money.  Advantage A could be offered with a checkbox: "Remember this key and sweep any funds that arrive in the future?" and a boolean flag on the address that prods the client to sweep any time incoming money is seen.  Advantage B is relatively obscure and only those experts who are micro-managing their wallet should care to control it, especially if the coin selection algorithm is decent.  Someone with that much expertise and that much desire for control already understands the command line anyway, making it arguable that an import option is good enough when restricted to the RPC API.

If the number of confirmations is important for not incurring a fee, wouldn't sending any coins put into the address to another address you control require a fee?
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Or perhaps... we forget about the advanced menu and just make the import private key function available, but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?".

Problem solved. You're welcome. Grin

I would have that prompt off by default and not even bother with the explanation, and if anything, have an option in the advanced menu that turns that prompt on.  So, by default, one can only "sweep" a private key.  BUt if they go to the advanced menu, they could turn on a checkbox that gives them the choice of sweep/import each time they do it.  And that's a HUGE if.  I think if users can sweep keys, there is no good reason for them to import them into their wallet, and plenty of reasons for them not to.

The main advantage to importing versus sweeping is a) seeing future funds in your wallet if you're expecting them, b) preserving the bitcoin-days-destroyed and number of confirmations, resulting in a far less likelihood of needing to pay a fee to immediately respend the money.  Advantage A could be offered with a checkbox: "Remember this key and sweep any funds that arrive in the future?" and a boolean flag on the address that prods the client to sweep any time incoming money is seen.  Advantage B is relatively obscure and only those experts who are micro-managing their wallet should care to control it, especially if the coin selection algorithm is decent.  Someone with that much expertise and that much desire for control already understands the command line anyway, making it arguable that an import option is good enough when restricted to the RPC API.
legendary
Activity: 3431
Merit: 1233
but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?".
This is good. May be instead of 'your other secure addresses' this warning should read 'your organic addresses'? Just mark addresses to imported and organic with proper warning if imported addresses are attempted to be used as payment receipt or request payment addresses.
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
Or perhaps... we forget about the advanced menu and just make the import private key function available, but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?".

Problem solved. You're welcome. Grin
legendary
Activity: 3431
Merit: 1233
I'd rather vote for both import / export private key functionality under 'Advanced' menu option, reading something like 'Do only if you know exactly what you're doing!'. And may be some special marking of the imported keys to be visibly distinct to those generated by current wallet.
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
I think import private key should not be exposed to average users. Sweep private key should be offered instead.

Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.

+1
+1  Yes, please.
Jan
legendary
Activity: 1043
Merit: 1002
I would rather see export private key functionality.
I believe that the needle is pointing in a direction where users migrate to alternative clients. Let's make the transition easier. I know that they can just move the funds elsewhere, but many users have sent the corresponding addresses to other users/web-sites and/or use vanity addresses.
Also, exporting a key is much much easier, no need to have Bitcoin-QT rescan the block chain.
sr. member
Activity: 381
Merit: 255
How about an "Advanced" menu which needs to be unlocked with a big warning sign in which such features can be added?

This. Please.

This too
legendary
Activity: 2198
Merit: 1311
I think import private key should not be exposed to average users. Sweep private key should be offered instead.

Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.

+1
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
I think import private key should not be exposed to average users. Sweep private key should be offered instead.

Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.

https://en.bitcoin.it/wiki/Sweepprivkey

On the other hand, I see no reason why "sweep" would need to be under an advanced menu, any more than you'd expect "Redeem iTunes Gift Card" to be on the advanced menu of iTunes.
full member
Activity: 238
Merit: 100
How about an "Advanced" menu which needs to be unlocked with a big warning sign in which such features can be added?

This. Please.
donator
Activity: 2058
Merit: 1054
How about an "Advanced" menu which needs to be unlocked with a big warning sign in which such features can be added?
sr. member
Activity: 438
Merit: 291

You can currently do this but is a bit manual:
https://en.bitcoin.it/wiki/How_to_import_private_keys_v7%2B

I have developed and posted a pull request for this to the developers:
https://github.com/bitcoin/bitcoin/pull/2050

However they have concluded that users need protecting from themselves so are not including it.

This is just a poll to get users input on the subject.
Pages:
Jump to: