Pages:
Author

Topic: Wallet encryption bug found (IMPORTANT!) (Read 30665 times)

legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
January 25, 2012, 03:55:39 AM
#50
All hail the great gavin and satoshi..... All hail the great gavin and satoshi....


I joke but in all seriousness thanks to every one who has, is and will continue to contribute to the bitcoin project wheather its the bitcoin client code its self or some kind of help service or goods you provide or even those bring up the topic of a digital currency with their friends or college class mates -- thanks err'body
legendary
Activity: 2576
Merit: 1186
January 06, 2012, 01:31:11 PM
#49
Has this bug been fixed in 0.5.1 which I downloaded today after 6 months not using bitcoin and which I used today for encrypting my old wallet (5 minutes *before* I read about this bug)?
I think so, but until someone can confirm for certain, you're safe so long as you protect your wallet.dat - ie, don't upload it to the public.
hero member
Activity: 938
Merit: 500
https://youengine.io/
January 06, 2012, 01:23:21 PM
#48
Has this bug been fixed in 0.5.1 which I downloaded today after 6 months not using bitcoin and which I used today for encrypting my old wallet (5 minutes *before* I read about this bug)?
newbie
Activity: 62
Merit: 0
November 19, 2011, 02:57:09 AM
#47
Gavin, thanks for all your hard work. I am sure you know this, but there are many people, hidden away in the background, that are impressed with your efforts. You have a sound strategic vision and have done important work in this crucial early stage. As an experienced professional, you already know that these bugs do happen in complex software. For us less-experienced people, please keep letting us know how to test the code or otherwise contribute.

Thanks again.
YES!. Thanks Gavin!
legendary
Activity: 2576
Merit: 1186
November 15, 2011, 11:16:22 PM
#46
Test please: http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.4.1/test/

Obviously, be sure you have a wallet backup or two.
donator
Activity: 2772
Merit: 1019
November 15, 2011, 12:40:37 PM
#45
Gavin, thanks for all your hard work. I am sure you know this, but there are many people, hidden away in the background, that are impressed with your efforts. You have a sound strategic vision and have done important work in this crucial early stage. As an experienced professional, you already know that these bugs do happen in complex software. For us less-experienced people, please keep letting us know how to test the code or otherwise contribute.

Thanks again.

+1 Many thanks to Gavin and all the other devs that contribute
legendary
Activity: 2576
Merit: 1186
November 15, 2011, 11:03:54 AM
#44
For references, this issue has been assigned CVE-2011-4447
member
Activity: 97
Merit: 10
November 15, 2011, 11:00:24 AM
#43
How about a more generalized donation percentage kind of thing? Give people a choice of a few bundled donation targets and prompt them to choose on the first run. Also extensible so it's possible to click a link on a website and have a new one added to the list.
sr. member
Activity: 252
Merit: 250
November 13, 2011, 10:27:38 AM
#42
Gavin, thanks for all your hard work. I am sure you know this, but there are many people, hidden away in the background, that are impressed with your efforts. You have a sound strategic vision and have done important work in this crucial early stage. As an experienced professional, you already know that these bugs do happen in complex software. For us less-experienced people, please keep letting us know how to test the code or otherwise contribute.

Thanks again.
legendary
Activity: 2576
Merit: 1186
November 13, 2011, 09:30:10 AM
#41
Its just the name you object to I think. There already is such a "tax"in the form of transaction fees. Now they benefit miners, I dont see why we could not redirect part of it to a bitcoin foundation.

The difference between "bitcoin foundation" and "miners" is (lack of) decentralization, one of bitcoins main selling points.
I was going to say that, but you also don't have to use this client, so the fee is still decentralized in that respect. Having a fee to the client developer also make the centralized-client issue more visible to the end users, which may be a good thing to get it solved sooner. It also gives clients an incentive to be competitive.
donator
Activity: 2772
Merit: 1019
November 13, 2011, 09:25:38 AM
#40
Its just the name you object to I think. There already is such a "tax"in the form of transaction fees. Now they benefit miners, I dont see why we could not redirect part of it to a bitcoin foundation.

The difference between "bitcoin foundation" and "miners" is (lack of) decentralization, one of bitcoins main selling points.

I'm not against "bitcoin foundation" at all. But they shouldn't get to put "developer fee" code into the client (to avoid the evil "tax" word here). I probably wouldn't mind myself, but explain that to someone you just explained the coolness of decentralization and "basically free" transactions. It's hard enough to explain the tx fees, but it usually works out with a nice AHA-effect in the end when you explain mining incentive after block reward drops to close to nothing.
hero member
Activity: 518
Merit: 500
November 13, 2011, 09:11:24 AM
#39
Its just the name you object to I think. There already is such a "tax"in the form of transaction fees. Now they benefit miners, I dont see why we could not redirect part of it to a bitcoin foundation.
donator
Activity: 2772
Merit: 1019
November 13, 2011, 07:53:56 AM
#38
Don't know who would come up with the money for it,

We all should. Why not include a donation option in the client? Make it optional, but set it by default so that 0.01% or whatever of each transaction is donated to a fund used to pay Gavin, other developpers and for bug bounties.  There was talk of a bitcoin foundation a while ago, not sure how thats going, but they could manage those funds.

I agree.

In fact, even making such a donation mandatory wouldnt be such a bad thing, like a tobin tax, or like the transaction fees we already pay to miners. Although of course some people will just fork and use a client without the "tobin tax", if you set a hardcoded lower limit low enough, most people wouldnt mind I think.

I don't agree. It'd be very bad from a marketing point of view to make such a mandatory "tax". I'm experiencing a lot of troubles marketing bitcoin to friends (key import/export is a big one, by the way, because I use casascius coins to get people started, they inevitably want to see proof that it's working (and it's a big "AHA", when it finally does). Fiddling with pywallet ("what? that's not even in ubuntu repository") and having the client "stuck on blockchain rescan" with no gui showing for minutes ("that pywallet screwed up bitcoin, now it doesn't start any more, glad I have a backup") doesn't help the cause. But that's a different matter).

Having a tobin tax would only add to the troubles I'm having "selling" bitcoin to people.
donator
Activity: 2772
Merit: 1019
November 13, 2011, 07:46:43 AM
#37
Sure, from random posts on this forum I infer that there is something called testnet, but I have no idea if and how I could help running a client on it.

You forgot to check the Wiki. Grin

https://en.bitcoin.it/wiki/Testnet

That indeed explains what testnet is. That's not the only thing that was asked for, I think.

I think niko was looking for a place where "normal users" would be able to obtain information on how they could help with testing. Such a place would include

  • explanation about what "testnet" is
  • information about the planned release milestones and testing timelines
  • downloads of test releases
  • information on how to submit bug reports and other test results.
  • info about how to test
  • info about what needs testing and maybe current status

I'm sure the information is out there, it's just not easy to get to it if you're not quite heavily involved on developer mailing-lists, github, #bitcoin-dev, etc...

In other words: the bitcoin developer circle is quite a hard place to get into for joe schmoe, am I right? So maybe it would be cool to somehow make it easier for the "normal user" to help.
hero member
Activity: 518
Merit: 500
November 13, 2011, 06:50:16 AM
#36
Don't know who would come up with the money for it,

We all should. Why not include a donation option in the client? Make it optional, but set it by default so that 0.01% or whatever of each transaction is donated to a fund used to pay Gavin, other developpers and for bug bounties.  There was talk of a bitcoin foundation a while ago, not sure how thats going, but they could manage those funds.

In fact, even making such a donation mandatory wouldnt be such a bad thing, like a tobin tax, or like the transaction fees we already pay to miners. Although of course some people will just fork and use a client without the "tobin tax", if you set a hardcoded lower limit low enough, most people wouldnt mind I think.
sr. member
Activity: 300
Merit: 250
November 13, 2011, 05:44:03 AM
#35
So, if i understand it correctly:

1: the fix is still being worked upon ?
2: Gavin has troubles with funding the work on the client ?

Greetz.
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
November 12, 2011, 10:49:42 PM
#34
Sure, from random posts on this forum I infer that there is something called testnet, but I have no idea if and how I could help running a client on it.

You forgot to check the Wiki. Grin

https://en.bitcoin.it/wiki/Testnet

I sure did forget, thanks! 
foo
sr. member
Activity: 409
Merit: 250
November 12, 2011, 10:16:20 PM
#33
Sure, from random posts on this forum I infer that there is something called testnet, but I have no idea if and how I could help running a client on it.

You forgot to check the Wiki. Grin

https://en.bitcoin.it/wiki/Testnet
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
November 12, 2011, 09:09:48 PM
#32
Is there anything an average Windows user without much programming experience could do to help with testing? Do all you experts and "experts" realize how obscure things are?  I looked at the development subforum, hoping to see a stickie. Nothing. I looked at bitcoin.org. Nothing. I looked at sourceforge. No leads. Sure, from random posts on this forum I infer that there is something called testnet, but I have no idea if and how I could help running a client on it.

How can I help at this stage of bitcoin development?
donator
Activity: 2772
Merit: 1019
November 12, 2011, 08:13:17 PM
#31
It is embarrassing and astonishing that this critical a bug was not caught before the 0.4 release; constructive suggestions on how to improve the testing and release processes that do not assume access to hundreds of thousands of dollars of funds to hire security consultants or QA teams are welcome. Getting sufficient testing of code BEFORE it is released has been a chronic problem for this project.

Don't know who would come up with the money for it, but it wouldn't be hundreds of thousands of dollars: Maybe offer BTC-bounties for bugs found in "official test releases". They probably wouldn't have to be high to motivate people in the bitcoin community to do better testing than is done now.

About coming up with the money: I've had quite some success (although not yet what I hoped for) with collecting donations for a common cause (https://bitcointalksearch.org/topic/100-maxkeiserbitcoinfilm-dividends-where-payed-issue-worthless-51133). Maybe enough people would be willing to donate to "bitcoin testing", especially after things like the encryption bug or maybe even more serious stuff happen.
Pages:
Jump to: