Pages:
Author

Topic: Word of caution using Bitcoin-qt client and managing your own private keys (Read 2822 times)

sr. member
Activity: 286
Merit: 251
Something similar happened to me recently, which also had a happy ending. In essence my wallet.dat became corrupt and the backup I initially used was too old for a particularly large reception of bitcoins.

Luckily a newer backup existed. But this random generation of a hundred new addresses is something that happens behind the scenes, and you dont know about it.

I think its an appaling 'feature' of the qt client.

It could flash and say new keys generated, back up your wallet!! Better, it could actually do it.

legendary
Activity: 3472
Merit: 4801
Bitcoin-QT could send the "change" back to the originating wallet by default
Be careful about your terminology. Bitcoin-QT already does this.

It seems to me that you meant to say:

Bitcoin-QT could send the "change" back to the originating address by default.

But what should it do if there are multiple inputs from multiple addresses for the transaction.  Which one should get the "change"?  Furthermore, re-using addresses decreases security since the public key becomes public knowledge when you spend an output associated with a particular address. Re-using addresses also reduces anonymity.

As an alternative, users would be presented with the two options
If this is what a user wants, I thought there were already other clients that allow this.
newbie
Activity: 9
Merit: 0
This is, in my opinion, one of the more serious "non-obvious" problems with Bitcoin-QT for newcomers or non-experts.

Newcomer POV: "I know my wallet just stores my private key, and I backed-up my key and wallet, so I should be fine, right?"
Wrong!

It is non-intuitive and bad usability.

Bitcoin-QT could send the "change" back to the originating wallet by default, and have an option in the settings (for privacy-seekers) to send the change to another address.
As an alternative, users would be presented with the two options (and information) when starting the client.
newbie
Activity: 59
Merit: 0
Thank you for sharing you experience, now i will not be so stupid as to try messing around with private keys
legendary
Activity: 1904
Merit: 1002
Your savior here is called the "keypool".   By default there will always be 100 unused keys in your wallet.  When you ask for a new address, it grabs one from this keypool (which has already been backed up hopefully) and then generates a new one to stick at the back of the queue.  There is a keypoolsize parameter you can set to alter the default size of 100 keys.

I disagree. He got lucky. The "keypool" is the reason there might have been a problem to begin with.

Deterministic wallets are clearly superior.

Sure deterministic wallets are superior, unless you are generating an abnormally large number of keys or have privacy concerns.
legendary
Activity: 1904
Merit: 1002
Your savior here is called the "keypool".   By default there will always be 100 unused keys in your wallet.  When you ask for a new address, it grabs one from this keypool (which has already been backed up hopefully) and then generates a new one to stick at the back of the queue.  There is a keypoolsize parameter you can set to alter the default size of 100 keys.
newbie
Activity: 40
Merit: 0
And every one though i was mad for having a daily cronjob to backup my wallet Tongue
To a different file each day, I trust. It's always real fun when your wallet gets corrupted and your daily backup job overwrites your only backup with the corrupt data.

Yeah Of course i have a floder for odd days and even days Smiley so its very hard to loose my wallet the cronjob moves the backup to my nas before it makes the new one Smiley
newbie
Activity: 13
Merit: 0
very very nice. browser would obviously be the best. cross platform compatibility and what have you. I would offer my help if I felt I had any to offer. By the time I learn enough java to get anything done, I'm sure you will have it all finished.  Grin innovation and expansion of bitcoin for the win!
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
@casascius That is really cool and exciting. What is the decryption method like tho? I guess if you are able to convince the client maintainers to adopt this new method of yours (and it is secure, I don't doubt you!) it won't really matter to the end user to much... unless they are like me and want to know how everything in the world works.  Grin

Decryption methods:

Available now: download my utility and decrypt it
Coming soon: point your iPhone at an encrypted QR code (program works, needs improvement before going to App Store)
Hopefully coming soon: a javascript decryption script so decryption can happen in a browser (I've opened a bounty and some people are working on it)
Hopefully leading to: that javascript incorporated into every website that accepts private keys, so the browser can do the decryption on the fly.
newbie
Activity: 13
Merit: 0
@casascius That is really cool and exciting. What is the decryption method like tho? I guess if you are able to convince the client maintainers to adopt this new method of yours (and it is secure, I don't doubt you!) it won't really matter to the end user to much... unless they are like me and want to know how everything in the world works.  Grin
newbie
Activity: 24
Merit: 0
sounds like a disaster averted!
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Just to throw in a plug: I've released a methodology for doing encrypted private keys on paper wallets, and am evangelizing to get other bitcoin-related services to support it.

With encrypted paper wallets, you can make multiple copies of the paper wallet, as well as make one or more written copies of the passphrase, and store them in a way that makes sense.  (example: paper wallets in safe deposit box, passphrase at home/in brain/with important papers/etc.) so you can strategize on how to keep them safe without needing to worry about any technology.
hero member
Activity: 520
Merit: 500
Clearly I shouldn't have more coins on that computer than I would be angry to lose.

For all the rest of your coins, there's cold storage on paper.

I haven't heard of a single bitcoin being lost or stolen from a paper wallet.

It's so simple: print a paper wallet, and then send the coins to the address printed on it.  When you need the coins, import the private key.

http://bitaddress.org

That is exactly what the OP did.  However he then imported that private key into the QT client and sent funds from it.

The larger issue is that one would either treat a wallet file as a complete unit (i.e. forget about individual keys) and treat the wallet as a single object which needs to be be backed up in its entirety OR use individual private keys in systems like offline paper wallets.

Anyone mixing both systems without understanding how it works under the hood is running the risk of losing funds.


+1
Clearly the paper wallet is the most straightforward way to do cold storage, which I at least feel confident about using at this point. It’s simple, and easy to avoid malware attacks. The only risk is losing the paper wallet - which is just a private key, the way I think about it. The confusion on my part is that the “wallet” in bitcoin-qt is more than just one private key. The terminology could be a lot clearer.

As a side note, I just came up with an thought for double or triple checking any process that involves transferring a large amount of coins. I’m a DYI kind of person, but it might be worth the peace of mind to have a trusted individual with at least equivalent knowledge of bitcoin to oversee the process and look out for “stupid human” errors. Just because a 0.01% error rate is still too high when it does involve significant BTC. That’s probably overkill, but if I ever cross over to having more money in bitcoin than what I could afford to lose, it might very well be worth it. Just a thought from a non-superuser.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
I make sure that I always send all coins back to paper when I'm not actively transacting them.  By doing this, I never need to back up my wallet, since it (almost) never has coins in it.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Clearly I shouldn't have more coins on that computer than I would be angry to lose.

For all the rest of your coins, there's cold storage on paper.

I haven't heard of a single bitcoin being lost or stolen from a paper wallet.

It's so simple: print a paper wallet, and then send the coins to the address printed on it.  When you need the coins, import the private key.

http://bitaddress.org

That is exactly what the OP did.  However he then imported that private key into the QT client and sent funds from it.

The larger issue is that one would either treat a wallet file as a complete unit (i.e. forget about individual keys) and treat the wallet as a single object which needs to be be backed up in its entirety OR use individual private keys in systems like offline paper wallets.

Anyone mixing both systems without understanding how it works under the hood is running the risk of losing funds.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Clearly I shouldn't have more coins on that computer than I would be angry to lose.

For all the rest of your coins, there's cold storage on paper.

I haven't heard of a single bitcoin being lost or stolen from a paper wallet.

It's so simple: print a paper wallet, and then send the coins to the address printed on it.  When you need the coins, import the private key.

http://bitaddress.org
hero member
Activity: 784
Merit: 1000
Annuit cœptis humanae libertas
Armory requires QT to run online anyway AFAIK.
hero member
Activity: 520
Merit: 500
It is called a change address.  You can't spend part of an output.  So if you have an output worth 10 BTC and want to send 6 BTC the transaction has 6 BTC sent to your destination and another 4 BTC sent back to a change address.  Why a new address?  To preserve anonymity.  If the change address was always an existing address it would be trivial to track transactions.

Still your right if you don't know what you are doing..... don't frak around with private keys and make frequent backups.  Honestly the point of a cold wallet is to keep it as an offline backup, not to import it, and play around periodically.  You gain nothing and run the risk of doing something silly.

Yeah, I still don't understand the whole change address thing or why it is necessary. Which is probably just one of many Bitcoin topics I don't understand, which is why I shouldn't be messing around with anything in the first place. I know just enough to be dangerous to myself, lol.

Although I have trust in the bitcoin-qt program, I'm going to try out some of the other programs like Armory for a better solution to cold storage. I'll still run bitcoin-qt since I want to support the network and the bandwidth and space are no big deal to me. Clearly I shouldn't have more coins on that computer than I would be angry to lose.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
And every one though i was mad for having a daily cronjob to backup my wallet Tongue
To a different file each day, I trust. It's always real fun when your wallet gets corrupted and your daily backup job overwrites your only backup with the corrupt data.
newbie
Activity: 40
Merit: 0
And every one though i was mad for having a daily cronjob to backup my wallet Tongue
Pages:
Jump to: