|
Title: Grabbing other peoples private keys with bitcoin-qt Post by: BTCevo on August 12, 2014, 04:16:31 PM Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?
This could be a possible security flaw am I right? Title: Re: Grabbing other peoples private keys with bitcoin-qt Post by: gmaxwell on August 12, 2014, 04:18:51 PM I just grabbed your USD bank account balance balance while grabbing your message.
Title: Re: Grabbing other peoples private keys with bitcoin-qt Post by: BTCevo on August 12, 2014, 04:28:48 PM but could you not, when connecting, have the peers client send you all their bitcoins?
Title: Re: Grabbing other peoples private keys with bitcoin-qt Post by: DannyHamilton on August 12, 2014, 04:55:01 PM but could you not, when connecting, have the peers client send you all their bitcoins? Obviously not. If this was possible, then all bitcoins from all internet connected wallets would already be stolen. Clearly, when peers connect, it's through a communication protocol that carefully defines what requests are valid, and peers only respond to valid requests. Title: Re: Grabbing other peoples private keys with bitcoin-qt Post by: shorena on August 12, 2014, 04:57:53 PM but could you not, when connecting, have the peers client send you all their bitcoins? No. If your modified client sends any regular client "all your keys belong to us" it will not understand that message as it was not implemented in it. Title: Re: Grabbing other peoples private keys with bitcoin-qt Post by: CJYP on August 12, 2014, 05:00:35 PM Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain? This could be a possible security flaw am I right? The way communication over the bitcoin network works is, you send me a message then I send you another message. While you can modify your bitcoin-qt code to send any me message you want to send, I will not respond with a message containing my private keys. Unless you can find a bug in the bitcoin software that causes it to respond to some message with private keys (for example, the heartbleed bug in 0.9 - I might be misunderstanding what exactly is possible, but it was bad enough that 0.9 is insecure). Title: Re: Grabbing other peoples private keys with bitcoin-qt Post by: cosix on August 12, 2014, 05:02:36 PM but could you not, when connecting, have the peers client send you all their bitcoins? because no developer in there right mind would write code to make that possibleTitle: Re: Grabbing other peoples private keys with bitcoin-qt Post by: gmaxwell on August 12, 2014, 05:08:49 PM (for example, the heartbleed bug in 0.9 - I might be misunderstanding what exactly is possible, but it was bad enough that 0.9 is insecure). Bitcoin core has never exposed SSL to the internet in any sane configuration. So no, that wasn't generally possible. For the vast majority of users the fix wrt that was precautionary.Title: Re: Grabbing other peoples private keys with bitcoin-qt Post by: Candystripes on August 13, 2014, 01:56:45 AM At least you knew what section to put it in xD
Title: Re: Grabbing other peoples private keys with bitcoin-qt Post by: BTCevo on August 13, 2014, 02:02:19 AM At least you knew what section to put it in xD This was moved.. Title: Re: Grabbing other peoples private keys with bitcoin-qt Post by: Strawbtcerries on August 13, 2014, 04:46:07 PM This is imposible, btc would have crashed by now if this was a posibility
Title: Re: Grabbing other peoples private keys with bitcoin-qt Post by: InwardContour on August 13, 2014, 06:05:03 PM Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain? This could be a possible security flaw am I right? No it's impossible at all because if this critical issue would have been real, the developers would have fixed it in no time. Title: Re: Grabbing other peoples private keys with bitcoin-qt Post by: Foxpup on August 14, 2014, 03:17:20 AM If the wallet is encrypted, what your suggesting is completely impossible (it was impossible anyway, but with an encrypted wallet it's especially impossible). An encrypted wallet cannot (and I mean "cannot" in the sense that "it's physically impossible") access its own private keys without the correct passphrase (which is never stored and must be entered by the user every time).
The reason it was impossible anyway is because peers cannot "grab" arbitrary data from the client; they can only obtain data that the client purposefully transmits. The client never transmits sensitive data, nor is there even any way for a peer to request that it do so. |