Bitcoin Forum
November 11, 2024, 09:50:40 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Poll
Question: Would users like an "Import Private Key" menu item in Satoshi Client?
No
Yes

Pages: [1] 2 3 »  All
  Print  
Author Topic: POLL - Importing Private Keys in Satoshi Client.  (Read 4603 times)
nibor (OP)
Sr. Member
****
Offline Offline

Activity: 438
Merit: 291


View Profile
December 05, 2012, 08:07:37 AM
 #1


You can currently do this but is a bit manual:
https://en.bitcoin.it/wiki/How_to_import_private_keys_v7%2B

I have developed and posted a pull request for this to the developers:
https://github.com/bitcoin/bitcoin/pull/2050

However they have concluded that users need protecting from themselves so are not including it.

This is just a poll to get users input on the subject.
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 2058
Merit: 1054



View Profile WWW
December 05, 2012, 08:17:38 AM
 #2

How about an "Advanced" menu which needs to be unlocked with a big warning sign in which such features can be added?

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
Yuhfhrh
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
December 05, 2012, 09:04:24 AM
 #3

How about an "Advanced" menu which needs to be unlocked with a big warning sign in which such features can be added?

This. Please.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 05, 2012, 02:24:37 PM
Last edit: December 05, 2012, 03:09:19 PM by casascius
 #4

I think import private key should not be exposed to average users. Sweep private key should be offered instead.

Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.

https://en.bitcoin.it/wiki/Sweepprivkey

On the other hand, I see no reason why "sweep" would need to be under an advanced menu, any more than you'd expect "Redeem iTunes Gift Card" to be on the advanced menu of iTunes.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
proudhon
Legendary
*
Offline Offline

Activity: 2198
Merit: 1311



View Profile
December 05, 2012, 02:34:11 PM
 #5

I think import private key should not be exposed to average users. Sweep private key should be offered instead.

Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.

+1

Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
JackH
Sr. Member
****
Offline Offline

Activity: 381
Merit: 255


View Profile
December 05, 2012, 03:55:07 PM
 #6

How about an "Advanced" menu which needs to be unlocked with a big warning sign in which such features can be added?

This. Please.

This too

<helo> funny that this proposal grows the maximum block size to 8GB, and is seen as a compromise
<helo> oh, you don't like a 20x increase? well how about 8192x increase?
<JackH> lmao
Jan
Legendary
*
Offline Offline

Activity: 1043
Merit: 1002



View Profile
December 05, 2012, 04:07:01 PM
 #7

I would rather see export private key functionality.
I believe that the needle is pointing in a direction where users migrate to alternative clients. Let's make the transition easier. I know that they can just move the funds elsewhere, but many users have sent the corresponding addresses to other users/web-sites and/or use vanity addresses.
Also, exporting a key is much much easier, no need to have Bitcoin-QT rescan the block chain.

Mycelium let's you hold your private keys private.
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736
Merit: 1014

Let's talk governance, lipstick, and pigs.


View Profile
December 05, 2012, 04:10:33 PM
 #8

I think import private key should not be exposed to average users. Sweep private key should be offered instead.

Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.

+1
+1  Yes, please.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
becoin
Legendary
*
Offline Offline

Activity: 3431
Merit: 1233



View Profile
December 05, 2012, 04:20:55 PM
 #9

I'd rather vote for both import / export private key functionality under 'Advanced' menu option, reading something like 'Do only if you know exactly what you're doing!'. And may be some special marking of the imported keys to be visibly distinct to those generated by current wallet.
bitfreak!
Legendary
*
Offline Offline

Activity: 1536
Merit: 1000


electronic [r]evolution


View Profile WWW
December 05, 2012, 04:24:19 PM
 #10

Or perhaps... we forget about the advanced menu and just make the import private key function available, but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?".

Problem solved. You're welcome. Grin

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
becoin
Legendary
*
Offline Offline

Activity: 3431
Merit: 1233



View Profile
December 05, 2012, 04:42:17 PM
 #11

but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?".
This is good. May be instead of 'your other secure addresses' this warning should read 'your organic addresses'? Just mark addresses to imported and organic with proper warning if imported addresses are attempted to be used as payment receipt or request payment addresses.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 05, 2012, 05:34:13 PM
 #12

Or perhaps... we forget about the advanced menu and just make the import private key function available, but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?".

Problem solved. You're welcome. Grin

I would have that prompt off by default and not even bother with the explanation, and if anything, have an option in the advanced menu that turns that prompt on.  So, by default, one can only "sweep" a private key.  BUt if they go to the advanced menu, they could turn on a checkbox that gives them the choice of sweep/import each time they do it.  And that's a HUGE if.  I think if users can sweep keys, there is no good reason for them to import them into their wallet, and plenty of reasons for them not to.

The main advantage to importing versus sweeping is a) seeing future funds in your wallet if you're expecting them, b) preserving the bitcoin-days-destroyed and number of confirmations, resulting in a far less likelihood of needing to pay a fee to immediately respend the money.  Advantage A could be offered with a checkbox: "Remember this key and sweep any funds that arrive in the future?" and a boolean flag on the address that prods the client to sweep any time incoming money is seen.  Advantage B is relatively obscure and only those experts who are micro-managing their wallet should care to control it, especially if the coin selection algorithm is decent.  Someone with that much expertise and that much desire for control already understands the command line anyway, making it arguable that an import option is good enough when restricted to the RPC API.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
bitcoinbear
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500


View Profile
December 05, 2012, 05:40:14 PM
 #13

Or perhaps... we forget about the advanced menu and just make the import private key function available, but the user is prompted with an option of sweeping the funds when they do it. Like when they go to import the key it will show a message like "If someone else had this private key before you, your funds may be stolen. You can eliminate this risk by transferring the funds into your other secure addresses. Would you like to sweep the funds into another account?".

Problem solved. You're welcome. Grin

I would have that prompt off by default and not even bother with the explanation, and if anything, have an option in the advanced menu that turns that prompt on.  So, by default, one can only "sweep" a private key.  BUt if they go to the advanced menu, they could turn on a checkbox that gives them the choice of sweep/import each time they do it.  And that's a HUGE if.  I think if users can sweep keys, there is no good reason for them to import them into their wallet, and plenty of reasons for them not to.

The main advantage to importing versus sweeping is a) seeing future funds in your wallet if you're expecting them, b) preserving the bitcoin-days-destroyed and number of confirmations, resulting in a far less likelihood of needing to pay a fee to immediately respend the money.  Advantage A could be offered with a checkbox: "Remember this key and sweep any funds that arrive in the future?" and a boolean flag on the address that prods the client to sweep any time incoming money is seen.  Advantage B is relatively obscure and only those experts who are micro-managing their wallet should care to control it, especially if the coin selection algorithm is decent.  Someone with that much expertise and that much desire for control already understands the command line anyway, making it arguable that an import option is good enough when restricted to the RPC API.

If the number of confirmations is important for not incurring a fee, wouldn't sending any coins put into the address to another address you control require a fee?

CryptoNote needs you! Join the elite merged mining forces right now here in Fantomcoin topic: https://bitcointalk.org/index.php?topic=598823.0
Elwar
Legendary
*
Offline Offline

Activity: 3598
Merit: 2386


Viva Ut Vivas


View Profile WWW
December 05, 2012, 05:46:06 PM
 #14

I much prefer keeping my private key written down than backing up my wallet.

I found it difficult to import my private key when I needed to spend money from that address. I could only do it from the command line and only had access to my phone and tablet at the time. I had to install the client and download the blockchain to my work computer which took a while.

I wish there was a way to import on the Bitcoin App.

First seastead company actually selling sea homes: Ocean Builders https://ocean.builders  Of course we accept bitcoin.
jgarzik
Legendary
*
Offline Offline

Activity: 1596
Merit: 1100


View Profile
December 05, 2012, 05:49:30 PM
 #15

I think import private key should not be exposed to average users. Sweep private key should be offered instead.

Users are apt to believe that once they import a private key they have ownership of the funds. But someone else who has the private key can still swipe them, a rude awakening. Offering sweep solves this.

Indeed.  Any sort of private key from a gift card (or casascius coin) should be import and then the funds immediately sent to another private key, to prevent the previous private key holder from touching those funds.


Jeff Garzik, Bloq CEO, former bitcoin core dev team; opinions are my own.
Visit bloq.com / metronome.io
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
pc
Sr. Member
****
Offline Offline

Activity: 253
Merit: 250


View Profile
December 05, 2012, 05:52:31 PM
 #16

I'll agree with adding "sweep" to the GUI, and leaving "import" to the RPC API.

The import use cases are things where people are doing some crazy things managing their own offline wallets or whatnot, and I think the command line is fine for things like that. Sweep is for people handing you a physical token (or QR code or the like) to pay you for something, and is a great way for me to give people their first coins.
Sukrim
Legendary
*
Offline Offline

Activity: 2618
Merit: 1007


View Profile
December 05, 2012, 06:12:42 PM
 #17

If private keys are being sweeped, should the client still store these keys and sweep any further payments to these addresses too?

I think yes.

https://www.coinlend.org <-- automated lending at various exchanges.
https://www.bitfinex.com <-- Trade BTC for other currencies and vice versa.
JackH
Sr. Member
****
Offline Offline

Activity: 381
Merit: 255


View Profile
December 05, 2012, 06:16:17 PM
 #18

How about making this as a plugin to the bitcoin client? Then anyone that knows what they are doing would also know about the plugin, thus allowing them to install it. At the same time, all new users wont have more confusing buttons and terminologies they need to understand.

<helo> funny that this proposal grows the maximum block size to 8GB, and is seen as a compromise
<helo> oh, you don't like a 20x increase? well how about 8192x increase?
<JackH> lmao
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 05, 2012, 06:37:16 PM
 #19

If private keys are being sweeped, should the client still store these keys and sweep any further payments to these addresses too?

I think yes.

I think checkbox.  Right below the text box where they type the key.  "Remember this key and sweep any future incoming payments?".  The fact that MtGox has done it by default without providing any warning or notice has confused a lot of people, and confusion over money that moves by itself when you weren't expecting it is not confidence building.

On the other hand, a popup box would be needed to warn them that this will only happen while the client is running and synchronized with the network.  An expectation that their money "auto-forwards" like forwarding your calls when your mobile phone is off would also result in a rude awakening if someone finds that their money could be stolen by someone who was able to grab it before the sweep did.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 05, 2012, 06:41:48 PM
 #20

How about making this as a plugin to the bitcoin client? Then anyone that knows what they are doing would also know about the plugin, thus allowing them to install it. At the same time, all new users wont have more confusing buttons and terminologies they need to understand.

I think it should be built in, and look as much like "Redeem iTunes Gift Card" does in iTunes: a simple button or menu option, and that's all you see until you go there and click it.  It doesn't confuse anyone: the concept is understandable even for children and grandma.  The setup infrastructure for finding and loading plugins would be far more intrusive and complex.

(Just for fun, I went to look at iTunes's redemption screen, and discovered that you can actually redeem iTunes gift cards just by holding them up to the computer's web cam.  The pictures in the interface suggest it does OCR on the gift card number, rather than any sort of bar code.  Now, that's user friendly.  Kudos to BlockChain.info for offering something similar for reading QR code private keys)

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!