You can say "Don't Do That", but if they CAN do that, then they WILL.
So what. They CAN delete their wallet, and they WILL.
Topic: Sweep/import private key feature request - page 6. (Read 10245 times)
So what. They CAN delete their wallet, and they WILL.
In either case, you keep the imported private key in the wallet, in case more BTC is sent to it.
So what happens when two users import the same private key into their wallets?
(or you accidently or on-purpose import the same private key into two of your wallets?)
You can say "Don't Do That", but if they CAN do that, then they WILL.
When importing the private key, just have a check box that says
In either case, you keep the imported private key in the wallet, in case more BTC is sent to it.
Quote
If this private key may be known to others, check here to transfer the bitcoins to a new key in your wallet. A transaction fee may apply
In either case, you keep the imported private key in the wallet, in case more BTC is sent to it.
+1, nice elegant way of importing keys.
How about exporting/importing priv keys to file too, with a .bit extension for ex. Should export a newly generated key and fund it with the amount you enter in the respective dialog.
When importing the private key, just have a check box that says
In either case, you keep the imported private key in the wallet, in case more BTC is sent to it.
Quote
If this private key may be known to others, check here to transfer the bitcoins to a new key in your wallet. A transaction fee may apply
In either case, you keep the imported private key in the wallet, in case more BTC is sent to it.
It's simply that you're inputting a private key from an external source, when the mindset most users will have is that their balance is theirs. ie, the risk that someone else somewhere has a copy of the private key.
I think you are pushing the general understanding of 'security' way too far. As if running shoes should be equipped with special sensors and alarms preventing you from tying your shoe laces together.
How did I get this private key? I created it myself, I stole it, or someone gave it to me. If I now see transactions from before I imported this private key, that would be fully expected behavior. At most it is confusing, but I see no security issue what-so-ever.
It's certainly valid to expect features to be well tested, but we should balance utility against impossible-to-protect-the-user-from-himself conservative development practices, lest we relegate the 'reference implementation' into oblivion.
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
This isn't a place to spam feature demands. If you really want to see this functionality, help get it usable and stable/tested.The big issue is that importing a key as-is will suddenly show a bunch of "send"s in your history, and likely creates a security risk. What is more likely to be workable is the "sweep" functionality that resends any balance on a private key to a new known-secure private key, but nobody has written that yet.
I put up a bounty worth (at the time) $500 USD for this feature, so I think I deserve to be on a slightly higher level of respect than a spammer. Although it was denominated in BTC, I would be likely to revise the bounty to be worth the same in USD.
I have put a detailed spec in the wiki as to how I believe sweepprivkey should work.
One obstacle is there needs to be an index so that there is a time-efficient lookup from a Bitcoin address (e.g. hash160) to the blocks that contain references to it. That index ought to be an option (build-on-first-use etc.) so it doesn't consume disk space of those not interested in using it. Once this is done, the actual implementation of sweepprivkey ought to be fairly simple.
User jarpiain on github has made some sort of progress on this that could likely be incorporated.
It's simply that you're inputting a private key from an external source, when the mindset most users will have is that their balance is theirs. ie, the risk that someone else somewhere has a copy of the private key.
Both import and sweep cases are valid. If I *know* my private key is secure, I may want to have it in my wallet to receive coins sent there in the future. If I'm redeeming an unknown private key, I would use sweep which would immediately send the coins to a new key in my wallet, and still maintain the swept key to sweep it again if/when more funds are sent. They are both valid with separate use cases. There's no security issue. The client just needs to be clear about what they both do. Sorry for getting off topic. These posts should be moved to another thread.
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
This isn't a place to spam feature demands. If you really want to see this functionality, help get it usable and stable/tested.The big issue is that importing a key as-is will suddenly show a bunch of "send"s in your history, and likely creates a security risk. What is more likely to be workable is the "sweep" functionality that resends any balance on a private key to a new known-secure private key, but nobody has written that yet.
Is there a thread discussing these security risks?
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
This isn't a place to spam feature demands. If you really want to see this functionality, help get it usable and stable/tested.The big issue is that importing a key as-is will suddenly show a bunch of "send"s in your history, and likely creates a security risk. What is more likely to be workable is the "sweep" functionality that resends any balance on a private key to a new known-secure private key, but nobody has written that yet.
Is there a thread discussing these security risks?
I no longer use the C++ client because it fulfills few of my use cases. Alternatives reduce the incentive to test and improve the 'reference implementation'. Perhaps there could be an unstable/risky 'and the kitchen sink' nightly build.
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
This isn't a place to spam feature demands. If you really want to see this functionality, help get it usable and stable/tested.The big issue is that importing a key as-is will suddenly show a bunch of "send"s in your history, and likely creates a security risk. What is more likely to be workable is the "sweep" functionality that resends any balance on a private key to a new known-secure private key, but nobody has written that yet.
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
Pretty please with a cherry on top. Pretty-please, is importprivkey or sweepprivkey or (mergeWallet or) any similar functionality coming soon?
Beautiful-please...
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
+1
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
Jump to: