Author

Topic: Wallet security suggestion - cancellable bitcoin transactions (Read 4288 times)

newbie
Activity: 28
Merit: 0
Guys, thanks for your responses.

It means that my suggestion wouldn't fly, especially due to following scenario:

1) Attacker gets the private key, and starts a transaction;
2) I am notified and cancel the attaker's transaction;
3) Then I try to start my transaction to move the bitcoins to safer place;
4) However the attacker cancels my transaction as well;
5) Then all repeats...

I realized the delaying of the transaction doesn't really help. We need something else. Something which is more like a "vault" then just a "wallet".

I think I have another idea, but I'll start another thread on that.

Thanks!

legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
Not publishing transactions for X hours/minutes or setting an execution time in the future that would allow to cancel the transaction would help against "fat finger" errors. It wouldn't help against someone holding a private key without changes in the way transactions work - once someone has a private key, this person can do whatever they want with the coins that are associated with it.

You can arbitrarily limit yourself but not a determined attacker.

Greats valid points!

The best bet would be not to hold any bitcoins on the wallet and just hold the "rawtx" signed data on the wallet that are awaiting to be sent.
legendary
Activity: 2618
Merit: 1007
Not publishing transactions for X hours/minutes or setting an execution time in the future that would allow to cancel the transaction would help against "fat finger" errors. It wouldn't help against someone holding a private key without changes in the way transactions work - once someone has a private key, this person can do whatever they want with the coins that are associated with it.

You can arbitrarily limit yourself but not a determined attacker.
newbie
Activity: 28
Merit: 0
Quote
This doesn't work.  In the scenario OP describes, the hacker steals the private key, he doesn't send them from the client the OP is using.  All the hacker would have to do is use a different client. (I would have just have generated the rawtx and sent it manually).

The only way to add a way to universally cancel transactions is to change how the chain processes transactions.

Are you saying that in order to have such feature, it requires a change in the Bitcoin protocol?
newbie
Activity: 28
Merit: 0
There's also the issue of... if the "hacker" can send that transaction, can't they also cancel your transactions?>

Sure of course, but the hacker can't steal anything by cancellation of the transaction. It would be an annoyance for you but you would retain your money, which should be a huge difference for you.
In sum the feature would prevent (or make it much harder) the stealing.
newbie
Activity: 28
Merit: 0
Quote
Rereading it again, it just seems like all one would have to do is just make a "timed" rawtx be sent out (which could be cancelled) . ALl you would have to do now is push one of the Bitcoin GUI devs to add that in, nothing needs to be done to the Bitcoin network or protocal logic it self at all.

Yes, exactly I didn't want to change how the Bitcoin protocol, just would like to have such feature in the existing (or new) business, similar to 2 step verification feature.
member
Activity: 182
Merit: 10
Rereading it again, it just seems like all one would have to do is just make a "timed" rawtx be sent out (which could be cancelled) . ALl you would have to do now is push one of the Bitcoin GUI devs to add that in, nothing needs to be done to the Bitcoin network or protocal logic it self at all.
That could also just be easily scripted, I mean people could always buy a rasp pi and stick this "timed offline wallet" script on it.
There's also the issue of... if the "hacker" can send that transaction, can't they also cancel your transactions?

This doesn't work.  In the scenario OP describes, the hacker steals the private key, he doesn't send them from the client the OP is using.  All the hacker would have to do is use a different client. (I would have just have generated the rawtx and sent it manually).

The only way to add a way to universally cancel transactions is to change how the chain processes transactions.
sr. member
Activity: 336
Merit: 254
CEO of Privex Inc. (www.privex.io)
Rereading it again, it just seems like all one would have to do is just make a "timed" rawtx be sent out (which could be cancelled) . ALl you would have to do now is push one of the Bitcoin GUI devs to add that in, nothing needs to be done to the Bitcoin network or protocal logic it self at all.
That could also just be easily scripted, I mean people could always buy a rasp pi and stick this "timed offline wallet" script on it.
There's also the issue of... if the "hacker" can send that transaction, can't they also cancel your transactions?
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
Rereading it again, it just seems like all one would have to do is just make a "timed" rawtx be sent out (which could be cancelled) . ALl you would have to do now is push one of the Bitcoin GUI devs to add that in, nothing needs to be done to the Bitcoin network or protocal logic it self at all.
legendary
Activity: 4466
Merit: 3391
I apologize if it was suggested before, but I couldn't find it in the forum.

The problem:
What I see the main problem with bitcoin wallets (online or private) is that if somebody hacks into it, it can transfer all your bitcoins immediatelly and the transaction is irreversible.

The solution:
Suggesting to have two kinds of wallets:
1) Wallet for daily usage, which would allow the immediate transactions like the current wallets do. The users would typically use those with small amount of bitcoins needed for everyday use, similar like your real wallet having just small amount of cash.

2) Wallet for storing, which would not allow immediate transactions. Those transactions would be scheduled, and would execute only after certain time interval (let's say 24h or 48h).
Such pending transaction would be cancellable at any time during that interval. This feature would prevent the attacker to steal your bitcoins quickly. Using appropriate notifications for scheduling the transactions, the rightful owner would be able to cancel maliciously planned transactions.

You can transfer bitcoins to an offline or paper wallet. That money can't be spent until it is transferred back. Nobody can do that except you because it is offline. There are wallets (such as Armory) that support offline wallets.

Bitcoin transactions cannot be cancelled. That is a fundamental property of Bitcoin.

Encrypting your wallet is simple and provides basic protection that is sufficient for most people. Unfortunately, many people don't encrypt their wallets, and so some of them get ripped off. Nobody should use a wallet that is not both encrypted and backed up.
full member
Activity: 196
Merit: 100
Bitcoin is a crypto currency.  It's entire purpose is to be a secure, non-refundable, system of monetary exchange.  If you want a payment processor that offers cancellations (PayPal for BTC), then that is what you will need to find, start, or contribute towards, but bitcoin isn't intended to be cancel-able, for a reason.
I don't think has asks for bitcoin transfers to be refundable, as the transfers wouln't hit the blockchain until the delay was over(as I understand it). this function may be usefull in some cases, but has imo no urgency. perhaps as a nice to have feature in bitcoind v4.x
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
Its just a physical property of reality. You can only know something unless you or someone else discovers it, if you discover your Bitcoin address and don't tell anyone know body else can gain access to your money.

In other words nobody can solve stupidity, you either risk fraud by online/public/private wallet or you risk your own stupidity you can't have both....
member
Activity: 182
Merit: 10
I am sorry, it is not a question of being stupid.

The issue is that a regular user doesn't have any clue about cryptography, public/private keys etc. However each of them would understand to cancel transaction which didn't originate from them, providing they'd have the chance.

It's about making adoption of Bitcoin easy for everybody.
If the adoption will require too much of knowledge especially about security, as it does now, then the wide spread adoption won't happen.

Bitcoin is a crypto currency.  It's entire purpose is to be a secure, non-refundable, system of monetary exchange.  If you want a payment processor that offers cancellations (PayPal for BTC), then that is what you will need to find, start, or contribute towards, but bitcoin isn't intended to be cancel-able, for a reason.
newbie
Activity: 28
Merit: 0
I am sorry, it is not a question of being stupid.

The issue is that a regular user doesn't have any clue about cryptography, public/private keys etc. However each of them would understand to cancel transaction which didn't originate from them, providing they'd have the chance.

It's about making adoption of Bitcoin easy for everybody.
If the adoption will require too much of knowledge especially about security, as it does now, then the wide spread adoption won't happen.
member
Activity: 182
Merit: 10
Why? Just don't be stupid with your Private Keys.

P.S. This topic probably belongs under "Bitcoin Discussion", not "Project Development"
newbie
Activity: 28
Merit: 0
I apologize if it was suggested before, but I couldn't find it in the forum.

The problem:
What I see the main problem with bitcoin wallets (online or private) is that if somebody hacks into it, it can transfer all your bitcoins immediatelly and the transaction is irreversible.

The solution:
Suggesting to have two kinds of wallets:
1) Wallet for daily usage, which would allow the immediate transactions like the current wallets do. The users would typically use those with small amount of bitcoins needed for everyday use, similar like your real wallet having just small amount of cash.

2) Wallet for storing, which would not allow immediate transactions. Those transactions would be scheduled, and would execute only after certain time interval (let's say 24h or 48h).
Such pending transaction would be cancellable at any time during that interval. This feature would prevent the attacker to steal your bitcoins quickly. Using appropriate notifications for scheduling the transactions, the rightful owner would be able to cancel maliciously planned transactions.


What do you think?
Thanks,
-P
Jump to: