Pages:
Author

Topic: Sweep/import private key feature request - page 6. (Read 10318 times)

sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
December 14, 2011, 03:04:33 PM
#15
You can say "Don't Do That", but if they CAN do that, then they WILL.

So what. They CAN delete their wallet, and they WILL.
legendary
Activity: 1652
Merit: 2301
Chief Scientist
December 14, 2011, 03:03:06 PM
#14
In either case, you keep the imported private key in the wallet, in case more BTC is sent to it.

So what happens when two users import the same private key into their wallets?
 (or you accidently or on-purpose import the same private key into two of your wallets?)

You can say "Don't Do That", but if they CAN do that, then they WILL.
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
December 14, 2011, 02:55:53 PM
#13
When importing the private key, just have a check box that says
Quote
If this private key may be known to others, check here to transfer the bitcoins to a new key in your wallet. A transaction fee may apply

In either case, you keep the imported private key in the wallet, in case more BTC is sent to it.

+1, nice elegant way of importing keys.

How about exporting/importing priv keys to file too, with a .bit extension for ex. Should export a newly generated key and fund it with the amount you enter in the respective dialog.
full member
Activity: 154
Merit: 102
Bitcoin!
December 14, 2011, 02:09:01 PM
#12
When importing the private key, just have a check box that says
Quote
If this private key may be known to others, check here to transfer the bitcoins to a new key in your wallet. A transaction fee may apply

In either case, you keep the imported private key in the wallet, in case more BTC is sent to it.
sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
December 14, 2011, 02:05:20 PM
#11
It's simply that you're inputting a private key from an external source, when the mindset most users will have is that their balance is theirs. ie, the risk that someone else somewhere has a copy of the private key.

I think you are pushing the general understanding of 'security' way too far. As if running shoes should be equipped with special sensors and alarms preventing you from tying your shoe laces together.

How did I get this private key? I created it myself, I stole it, or someone gave it to me. If I now see transactions from before I imported this private key, that would be fully expected behavior. At most it is confusing, but I see no security issue what-so-ever.

It's certainly valid to expect features to be well tested, but we should balance utility against impossible-to-protect-the-user-from-himself conservative development practices, lest we relegate the 'reference implementation' into oblivion.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
December 14, 2011, 01:35:17 PM
#10
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
This isn't a place to spam feature demands. If you really want to see this functionality, help get it usable and stable/tested.

The big issue is that importing a key as-is will suddenly show a bunch of "send"s in your history, and likely creates a security risk. What is more likely to be workable is the "sweep" functionality that resends any balance on a private key to a new known-secure private key, but nobody has written that yet.

I put up a bounty worth (at the time) $500 USD for this feature, so I think I deserve to be on a slightly higher level of respect than a spammer.  Although it was denominated in BTC, I would be likely to revise the bounty to be worth the same in USD.

I have put a detailed spec in the wiki as to how I believe sweepprivkey should work.

One obstacle is there needs to be an index so that there is a time-efficient lookup from a Bitcoin address (e.g. hash160) to the blocks that contain references to it.  That index ought to be an option (build-on-first-use etc.) so it doesn't consume disk space of those not interested in using it.  Once this is done, the actual implementation of sweepprivkey ought to be fairly simple.

User jarpiain on github has made some sort of progress on this that could likely be incorporated.
full member
Activity: 154
Merit: 102
Bitcoin!
full member
Activity: 154
Merit: 102
Bitcoin!
December 14, 2011, 01:14:37 PM
#8
It's simply that you're inputting a private key from an external source, when the mindset most users will have is that their balance is theirs. ie, the risk that someone else somewhere has a copy of the private key.
Both import and sweep cases are valid.  If I *know* my private key is secure, I may want to have it in my wallet to receive coins sent there in the future.  If I'm redeeming an unknown private key, I would use sweep which would immediately send the coins to a new key in my wallet, and still maintain the swept key to sweep it again if/when more funds are sent. They are both valid with separate use cases.  There's no security issue.  The client just needs to be clear about what they both do. 

Sorry for getting off topic.  These posts should be moved to another thread.
legendary
Activity: 2576
Merit: 1186
December 14, 2011, 12:59:42 PM
#7
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
This isn't a place to spam feature demands. If you really want to see this functionality, help get it usable and stable/tested.

The big issue is that importing a key as-is will suddenly show a bunch of "send"s in your history, and likely creates a security risk. What is more likely to be workable is the "sweep" functionality that resends any balance on a private key to a new known-secure private key, but nobody has written that yet.

Is there a thread discussing these security risks?
It's simply that you're inputting a private key from an external source, when the mindset most users will have is that their balance is theirs. ie, the risk that someone else somewhere has a copy of the private key.
sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
December 14, 2011, 12:47:08 PM
#6
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
This isn't a place to spam feature demands. If you really want to see this functionality, help get it usable and stable/tested.

The big issue is that importing a key as-is will suddenly show a bunch of "send"s in your history, and likely creates a security risk. What is more likely to be workable is the "sweep" functionality that resends any balance on a private key to a new known-secure private key, but nobody has written that yet.

Is there a thread discussing these security risks?

I no longer use the C++ client because it fulfills few of my use cases. Alternatives reduce the incentive to test and improve the 'reference implementation'. Perhaps there could be an unstable/risky 'and the kitchen sink' nightly build.
legendary
Activity: 2576
Merit: 1186
December 14, 2011, 12:44:47 PM
#5
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
This isn't a place to spam feature demands. If you really want to see this functionality, help get it usable and stable/tested.

The big issue is that importing a key as-is will suddenly show a bunch of "send"s in your history, and likely creates a security risk. What is more likely to be workable is the "sweep" functionality that resends any balance on a private key to a new known-secure private key, but nobody has written that yet.
full member
Activity: 154
Merit: 102
Bitcoin!
December 14, 2011, 12:42:25 PM
#4
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
Pretty please with a cherry on top.
sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
December 14, 2011, 12:39:06 PM
#3
Pretty-please, is importprivkey or sweepprivkey or (mergeWallet or) any similar functionality coming soon?

Beautiful-please...
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
December 14, 2011, 12:28:14 PM
#2
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?

+1
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
December 14, 2011, 12:58:38 AM
#1
Pretty-please, is importprivkey or sweepprivkey or any similar functionality coming soon?
Pages:
Jump to: