Topic: Why is not recommended to use the same address twice? And is there solution? (Read 2952 times)

Ok, thanks for clarification, I got what I needed .


Where are your manners man? I wasnt trolling, I was very concerned about the vulnerabilities that could arise in this case, given that bitcoin is new and there could be many bugs that have not been discussed yet, or observed yet.

In either case i got what i was looking for, so i close the thread before anyone else calls me a "troll" because he has manners like a 5 year old.

I think you've all done a great job of explaining things to this troll.  At this point he just keeps repeating himself and ignoring anything any of you say.  Perhaps it's time to abandon this thread and stop feeding the troll.  He's managed to make it on to my ignore list.

Not sure if trolling, but just in case...

What do you mean by "manage" them? You create an address, tell your customer or whoever to send money to it, check that you've received said money, and then forget about it. I myself have hundreds of addresses (I don't even know the exact number, nor do I need to) and I haven't been inconvenienced by it.

Everyone can do that; it's just not a good idea.

I have a hard time imagining that, since generating a million addresses in 57 years would mean 48 new addresses per day. Who do you know who makes that many transactions per day? And what's the problem with having a million addresses in the first place?

I don't think the word "limit" means what you think it means.

A timing sidechannel attack requires that the attacker have access to your computer's memory, in which case you're generally already screwed.

Do you know what the "timing sidechannel" attack is?  If someone has access to your machine to perform this attack, you have more problems than just this attack and nothing will save you.

If there are "exploits are available that the developers dont know about" how do you propose that "these issues need to be fixed asap"?

If there are true exploits found eventually, they will be fixed, but these are not them.

If you are just using an "address" to receive multiple times there is no security issue.  If you send from the same address multiple times, in reality it is not a security issue right now.  If your software is buggy or there are cryptological breakthroughs in the future, it could potentially weaken security. HOWEVER, the potential weakness is inherent in the nature of the design and is the different between a drop of water in the Pacific ocean and a cup of water.  This would likely also occur gradually so it could be fixed IF needed.  This is pretty unlikely any time soon though, imo.

As far as managing many addresses your wallet software can handle this just fine.  So your software could keep receiving at one address and using something like dark wallet, move it to a new one every so often if you were concerned about privacy and spending from one address.

Nope, according to bitcoin wiki (updated feb 1 2015)

https://en.bitcoin.it/wiki/Address_reuse


Now we can disregard the same K attack, because probably Armory,Electrum, Latest Core, Multibit and others have updated their signing mechanism.

But the Timing channel attack is possible, + who knows how many more exploits are available that the developers dont know about.

I think these issues need to be fixed asap.

Just to chime in.  

First, there is nothing to fix, so the bitcoin developers won't be changing anything regarding this any time soon.

Second, it is open source so if you don't like the way something works, you can change it yourself or pay someone to do so.  Given that you can reuse addresses though, there really isn't anything to fix.

So, just keep reusing addresses to collect your dividends etc. No one will stop you.  As above, it is a privacy issue since people can see what you get, but it is not prohibited.  

AFAIK THERE IS NO SECURITY ISSUE, JUST A PRIVACY ISSUE!!!

   -MZ

Nothing is stopping people from jumping out the 8th floor of a building, does that mean that they should do it?

I`m saying that the devs need to fix all security issues related to using an address more than once, otherwise it can become risky if you hold alot of bitcoins, and very inconvenient to use.

Otherwise bitcoin will have a security flaw that could ruin its reputation in the longterm and people could turn to safer altcoins later.

WHAT ISSUE?

There is nothing stopping anyone from using same address multiple times.
What Are you talking about?

Well its inconvenient to manage 2000 addresses dont you think? Unless you design a script of somekind to manage it for you, but thats also complicating the thing more.

It would be much simpler if the bitcoin developers would fix this issue once and for all, and then everybody can use 1 address forever, or if they want to account for their cash and organize it, then use addresses for categories of income/expenditure (faucet address, sales address, income address, etc).

But then everyone would hold at most 20 addresses, and not 20.000.

Imagine being born now and by the time the kid gets to age 13 or whatever when he is able to use bitcoin,by the time he gets 70, he would have wasted millions of addresses.

And the addresses numbers is also limited, so it would help people not to waste addresses.

What's so silly about that?

Then there's no problem.

Are you serious? I just explained that. Bitcoin is not a bank, is nothing like a bank, and banking isn't the point of it. It is not an alternative to the banking system, it can't deliver that, and it has nothing to do with security and everything to do with what it actually is. It's a payment network, like SWIFT or Western Union. It's not a bank, and Bitcoin addresses aren't like bank accounts and aren't meant to be.

It is not a 'security' issue as you've been mentioning. It is more of a 'privacy' issue.

Nobody is going to steal your Bitcoins if you use same address multiple times. It's just that people will be able to see all incoming and outgoing transactions to specific address, knowing the whole history of a particular address.

And if you're concerned about this 'privacy' issue, you should take measures to not link your real identity with an address - as simple as that.

We can track your money if you use one address. I use one address because I don't like creating new address every time.

   -MZ

Yea but what if you got like 1 million $ worth of bitcoin in an addres, for example a big company, and you need to spend from it to pay your workers,expenditures, etc.

And you only withdraw 100-200 btc at a time, and send it to the respective addresses, you then spend from that address regularly, so if there is a technical problem, this could be a serious security issue.

And the solution to this is what? Store 1 million $ worth of bitcoins in 2000 different addresses? It sounds silly to me.

No thats not a problem, the address is a final address, where i collect only my profits from comissions. The sales/trade process is handles by a sales service, not by me.

I use latest version of Armory, hopefully its not a problem there, i heard its the best security wallet (for online use aswell, like signing transaction with properly generated k on an online PC) , although my savings are held in cold storage, offline, and signed offline of course.


Yes i do want a bank, but a bitcoin bank. I mean what is the point of bitcoin if not that, to hold funds for people. The people need an alternative to the banking system, and bitcoin can easily deliver that, but only if these security problems get fixed properly.

See here:
https://bitcointalksearch.org/topic/bitcoin-address-question-946756

In short, there is nothing wrong that needs to be fixed.
It is fine to use an address multiple times and that's what people usually do.

The main reason for not using the same address again is privacy. But if it is not a major concern for you, you can keep using same address with no problem at all.

The most basic risk is that anyone who knows an address can see all transactions involving that address. In your example of receiving money from sales, this means that your customers can see how much money other customers are paying. Combined with knowledge of the prices of the goods you're selling, they'll be able to tell exactly what you're selling and when, whether other customers are getting discounts, and, if your customers also reuse addresses, they'll be able to tell who your repeat customers are and what they're buying. Aside from the massive violation of your own and your customers' privacy, this information could be used by unscrupulous customers to try to negotiate lower prices, or by your competitors to undercut you, etc. Using a different address for each order mitigates this problem.

The more practical problem is that using a different address for each order makes it easier to track which payments are for which orders. Say two people have ordered something for the same price, but you only receive one payment for that amount. Which one of them paid? If you used different addresses, you just look at which address received the payment. Simple.

It shouldn't be, and in any competently designed wallet this isn't the problem. That doesn't mean there aren't more fundamental problems.

No it isn't. If you want a bank, you know where to find one. Bitcoin is an international payment network. Bitcoin addresses are meant to facilitate transactions, not storing money. Obviously storing money is a prerequisite to transacting it, but that is not the whole point of Bitcoin addresses, which do not behave like bank accounts because they serve a completely different function.

What is not recommended is sending many times from the same address.


This is a receiving address, and as far as I know there is nothing at all wrong with having a million transactions sent to this address.

I don't completely understand the technical issues, and yes, I think there may be some possible security issue, but it may also be a performance issue related to "change" addresses. It's my understanding though that this only applies when you send, not when you receive.

TT

I do use it multiple times, but i mean what are the risks, and how likely are they to happen?

I know about the "non-random k" problem, but arent the newer version of wallets have good random number generators?

I mean this shouldn't be a problem.


Also what other vulnerabilities are there that should concern me? And are there any plans in the future to remove them?
It would be nice if bitcoin addresses could behave like bank accounts, because thats the whole point of storing money in it!

Addresses aren't bank accounts.  It is like saying amazon using a unique order number for each order is impractical.  I mean they must have billions of order numbers by now.  Think of all the wasted numbers.

You can use the same address twice.  Nobody will stop you.  It isn't recommended for a variety of technical reasons but you can.  People do everyday.  Just like they jaywalk when that is not recommended either.