Topic: Wallets : backup, security and change - page 2. (Read 2519 times)

You will find that it's difficult to create a paper wallet with Bitcoin-Qt (and difficult to spend bitcoins from a paper wallet using Bitcoin-Qt as well).  So while Bitcoin-Qt does send change to a brand new unused address, it would require advanced techniques to use it with a paper wallet and if you are using those advanced techniques, you really should make sure you understand what you are doing first.

I use bitcoin-qt. A paper wallet is not an issue for me now, since I have too few btc to care about security so much. But, man, it is better to know about such things as sending change to new address before using bitcoins.

Buy the way, thanks for all your nice explanations, very informative.

 

Some do. As a matter of fact, most of the wallets that make it easy to spend funds from a paper wallet also attempt to protect you from this problem.

Which wallet do you use to spend your bitcoins?  This may not be a problem for you at all.

Man, this sucks. Should a client allow to choose between anonymity and using paper wallet without pain? The worst thing is that many (including myself before reading thread) really do not know about this dangerous feature.

You can, but it is considered an advanced function, so it is not a part of the regular user interface.

In the console window you can use the importprivkey and dumpprivkey commands.

A paper wallet is generally an advanced function.  You really shouldn't be using a paper wallet if you don't understand what you are doing.  The paper wallet only "becomes empty" if you happen to use a client (or create a transaction) that sends change to a new address (rather than re-using the existing one), and if all the BTC associated with the paper wallet address were received in a single transaction.

If the BTC were received in multiple transactions, then it is likely that some of those outputs will be unused in the spending transaction and will remain associated with the paper wallet address (you can still potentially lose the change from the transaction if you don't know what you are doing, but that doesn't necessarily mean that the wallet is "empty").

The moment you import the private key from a paper wallet to an online wallet, you immediately loose the security that the paper wallet is providing you.  The moment you broadcast a transaction that spends any of the value from what used to be a paper wallet, you lose even more security.  At that point, if you care enough about security to want a paper wallet in the first place, then you should want to send ALL remaining bitcoins that were associated with that paper wallet to a brand new paper wallet to regain the level of security you previously had.  Doing so will intentionally empty out the previous paper wallet, so there shouldn't be any surprise.

You got it!  Well explained.

Bitcoin doesn't actually store any "coins" anywhere.  The blockchain that every full node has a copy of has a list of every confirmed transaction that has ever occurred.  Each transaction is a reference to one or more "outputs" from previous transactions that are being used as "inputs" and one or more values that are being assigned to addresses as new "outputs".  There is no way to indicate a fraction of a previous output.  The transaction simply references the previous output, and anyone/everyone running the correct protocol recognizes this reference as being an indication that the entire output is being "spent".

The protocol checks to make sure that the total of the inputs is greater than or equal to the outputs (so you can't send more than you have). If the total of the outputs is less than the total of the inputs, that difference is what the miners take as fees when the transaction is added to a block.  So if you don't want all that extra value to all be taken by a miner as fees, then you need to send some of it back to yourself as a new output (either to a new address or an existing one).

Using a new address for the change every time increases both anonymity and security a bit.

Improved security:
There is currently no known way to determine someone's private key if you know their public key, but there is no guarantee that a weakness won't be discovered in the ECDSA algorithm at some time in the future.  When you receive bitcoins, you don't receive them at a public key, you receive them at a hash of a hash of the public key. The public key is first hashed with SHA-256, and that result is hashed with RIPEMD-160 to create a bitcoin address.  Since there is currently no known way to "reverse" either of those hashes, there is no way to determine what the public key is from a bitcoin address.  This means that serious weaknesses would have to be discovered almost simultaneously in ECDSA, SHA-256, and RIPEMD-160 for someone to be able to determine your private key from the bitcoin address that is publicly used in the output of a transaction and permanently stored in the blockchain.

When you send bitcoins, your wallet has to provide a signature for each of the previous outputs that are referenced as inputs.  This signature is intended to prove that you know the private key associated with the address that the previous output was set to, and that you therefor have the right to re-assign that value to some other address. If that was all that was provided, then nobody could verify the signature since they don't know the public key.  Therefore, as part of the requirements of the signature script in the bitcoin protocol, along with the signature your wallet also includes the public key associated with each address that inputs are associated with.  This means that the first time that you send bitcoins that were received at an address, that address becomes slightly less secure.  Since the public key is then permanently stored in the public blockchain, any other transactions that are received at that address are no longer protected by the SHA-256 and RIPEMD-160 hash.  It would only require a weakness to be discovered in ECDSA to steal your bitcoins.  If every output always goes to an address that has never previous been used, then you will never have bitcoins at an address that is not protected by SHA-256 and RIPEMD-160.  This is why it is recommended to use a new address for every output you receive (regardless of whether it is "change" or otherwise).

Improved anonymity:
Lets say Alfred sends me 10 bitcoins, and Bob sends me 20.  If I used a new address for each of those transactions, then Alfred knows I have at least 10 BTC (since he sent them), and Bob knows I have at least 20 (send he sent them), but neither Alfred nor Bob can tell that I have 30 BTC no matter how hard they look at the blockchain.

Now lets say I'm going to send 13 bitcoins to someone.

If my wallet creates a transaction that spends those 30 BTC and sends the 17 BTC of "change" back to one of the two existing addresses, then depending on which address the wallet uses, either Alfred or Bob can tell that I now have 17 BTC, and they can tell what address I just sent 13 BTC to.

If my wallet creates a transaction that spends those 30 BTC and sends the 17 BTC of "change" to a brand new address, then it is impossible to tell if I have 13 BTC sent as change, or 17 BTC sent as change, or no change at all because the full amount was used to send BTC to two other people.

If you have 5 btc in an address and you buy something that cost 1btc, you only send 1btc. The client by default will then send the other 4btc to a new address, for anonimity reason. Note that this behaviour is not part of the bitcoin rules, is just a thing that some clients do. Other clients don't.

This is important to know because 1)almost no one know 2)if you put all your btc on the address of a paperwallet and then you spend a part of them, that paperwallet will become empty. And then if you later try to use that paperwallet... surprise!

I'm using only Armory, I haven't tried any other except Bitcoin.org client. I like in Armory that you can get/add private key, which you can not with Bitcoin.org client (or I don't know how)

Is there any downside from using electrum as my only client?

I may have figured it out where comes the change from ! Tell me if i'm right :
1 address contains BTCs, but these BTCs come from many previous incoming transactions. And when you want to send BTCs to someone, you must pick BTCs from that previous transactions, but you can't take only a part of 1 previous transaction, you must take the entire BTCs from the previous transaction. So if it is more than what you need you will receive the change back.
Here is an example, let's say I made these previous transactions :
Incoming :
0.001 BTC
0.00025 BTC
0.00257243 BTC
0.01887694 BTC

And now I want to send 0.022 BTCs, so it will take these 4 previous transaction to reach the 0.022 I want to send, but the total of the 4 transactions is 0.02269937. Now you take that amount (0.02269937), you substrat 0.022 I want to send plus 0.0005 for the fees and the change is 0.00019937 which comes back to my wallet, on the same address or a different one according to the wallet I use. Tadaaa ?

This supplied some good info. The change and the validity of backups was very helpful.
Thanx!

Yes I understand !


Ok it's good now.

So basically, wallet does not keep BTC, only addresses do, and wallets are just containers for multiple addresses with total of all addresses's BTC.

And last thing I think is weird is about the change, when I spend some BTC from my address to another one, why can't it just send the exact amount of BTC ? Why does it have to send some more and send me back the change, on the same address or on a new one?

Part of your confusion seems to be coming from the fact that you appear to be expecting all the wallets/clients to work the same way.  Each of the wallet programs (clients) works a bit differently, this is why there are multiple popular wallets.  Different people have different preferences.  So you either need to start by choosing one wallet to try and understand (and disregard the behaviors of the others), or you need to start by understanding what the differences are between the wallets before you try to understand how backing up and recovering works (since it is a bit different for each wallet).

Think of it like this:

The blockchain is why when you restore back-ups you are "known to the system" because the wallet.dat will contain your public address and private keys, the public address will be matched up to one on the blockchain that has X balance and previous transactions. The blockchain is made of magic dust and is all around us, it is distrubuted on many computers / nodes and can be read by anyone.

I think the advice about not keeping money in a Bitcoin address you have previously used is for privacy reasons only.



Your wallet(.dat) can consist of many addresses, If you print out a bitcoin note then you are printing the private key to just one of those addresses (unless you print more notes).

The balance of that "printed" address (pub key / private key pair) is redeemed in full when you enter that private key into a clients or online wallet, you do not get the option of spending some of it until it has been redeemed because that private key is matched to a public key / address on the blockchain which indicated the balance of that address, this balance will be the same balance that funded that address before you printed it on paper. once it is redeemed into a client or online wallet you can then spend whatever fractions you like.


Does that make sense?

I might not be correct about the technical details but I think the effects are correct.




 

Just delete the blkindex.dat file in the AppData folder or delete all the blockchain files and redownload the blockchain and it should be fine.

I cannot restore wallet, block index.dat corrupt
In the 0.7.2 and in 0.8.1

Ok, so the change will be sent to a new address, but how the system knows that the new address has to belong to me and is automatically added to my wallet ?
And why is it recommended to don't keep BTC on an address that has been used to spend BTCs ? Why an address would not be safe anymore once you've spend BTC with oO ?

No!
I am saying the opposite. You have 1 address, you receive some BTC. You spend some of these BTC to buy something. Most client will put the BTC you didn't spend on a NEW address, for anonimity purpose.

Yes

"change" in bitcoin world is the btc you don't spend when sending some.

I don't know about blockchain.info

wallet.dat contain private keys. Each private key correspond to an address.

Easier for the different client's developers 

up for my last message 
And other questions:

7. I have trouble to understand the differences (if there are) between wallet (as wallet.dat) and addresses.
Because for example, I can take one of my adresses from blockchain.info with its private key, and add it to my armory wallet, then my address is inside of two wallets ?

8. Why wallet files differ from bitcoin client ? For example Armory wallet file will be .wallet, and Bitcoin client wallet file will be .dat, so I can not export from Armory and Import into Bitcoin.

Thank you guys for all your help !