Bitcoin Forum
December 06, 2016, 08:15:39 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: wallet vs. private key  (Read 719 times)
grau
Hero Member
*****
Offline Offline

Activity: 836


bits of proof


View Profile WWW
July 01, 2011, 06:12:11 AM
 #1

Please confirm or correct:

The private key associated with the receiving address enables you to transfer all BTC owned by the address now and even in future.

Means protecting the wallet is important but is the private key leaked your BTC can be stolen even if you earned it after the wallet was compromised.
1481055339
Hero Member
*
Offline Offline

Posts: 1481055339

View Profile Personal Message (Offline)

Ignore
1481055339
Reply with quote  #2

1481055339
Report to moderator
1481055339
Hero Member
*
Offline Offline

Posts: 1481055339

View Profile Personal Message (Offline)

Ignore
1481055339
Reply with quote  #2

1481055339
Report to moderator
The block chain is the main innovation of Bitcoin. It is the first distributed timestamping system.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481055339
Hero Member
*
Offline Offline

Posts: 1481055339

View Profile Personal Message (Offline)

Ignore
1481055339
Reply with quote  #2

1481055339
Report to moderator
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
July 01, 2011, 07:50:08 AM
 #2

Please confirm or correct:

The private key associated with the receiving address enables you to transfer all BTC owned by the address now and even in future.
Correct.

Quote
Means protecting the wallet is important but is the private key leaked your BTC can be stolen even if you earned it after the wallet was compromised.
The reason protecting the wallet is important is because it contains private keys.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
grau
Hero Member
*****
Offline Offline

Activity: 836


bits of proof


View Profile WWW
July 01, 2011, 08:11:54 AM
 #3

Thanks Joel,

so transfering private key is an off network payment (intentional or not) to the one first using it to transfer the money to an other key.

i assume this will generate the need for an extra secure store, it might sound contradictory, but let me ask: could the network help here too?
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
July 01, 2011, 08:49:19 AM
 #4

Thanks Joel,

so transfering private key is an off network payment (intentional or not) to the one first using it to transfer the money to an other key.
Yep.

Quote
i assume this will generate the need for an extra secure store, it might sound contradictory, but let me ask: could the network help here too?
I don't see how. And there's no desire to bloat the network with anything not necessary or nearly so.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
Spacy
Full Member
***
Offline Offline

Activity: 168


View Profile
July 01, 2011, 09:15:04 AM
 #5

I think it would be sufficient if they introduced encryption in the bitcoin client. So a encrypted wallet with a very strong personal PW, with the possibility to move it from the computer onto multiple secured usb sticks should be enough.
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
July 01, 2011, 09:26:48 AM
 #6

I think it would be sufficient if they introduced encryption in the bitcoin client. So a encrypted wallet with a very strong personal PW, with the possibility to move it from the computer onto multiple secured usb sticks should be enough.
That won't work very well for two reasons:

1) The possibility of losing the password would likely present a greater risk than the risk of having your wallet stolen. (I once forgot a password I entered pretty much daily for 8 years after not using it for just 5 months.)

2) If you encrypt everything (inlcuding the public keys), you'll be entering in the password so often an attacker might catch it with a keylogger. If you encrypt only the private keys so you only need to enter the password in to send coins, you'll be using the password so infrequently you'll have to keep it short to avoid forgetting it. An attacker will know which stolen wallets have the most bitcoins and he'll be able to use compromised machines to brute force their passwords.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
grau
Hero Member
*****
Offline Offline

Activity: 836


bits of proof


View Profile WWW
July 01, 2011, 01:45:21 PM
 #7

Passwords suck, but not having any protection because it is not the primary scope of the client is also a bit harsh to enter mainstream. I guess with time we will have a choice of clients some with embedded feature like password protection of the wallet.

There is an obvious need to protect savings against theft, and just like gold is usually stored in a vault, we need to come up with something, i keep thinking...
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
July 01, 2011, 02:07:34 PM
 #8

Passwords suck, but not having any protection because it is not the primary scope of the client is also a bit harsh to enter mainstream. I guess with time we will have a choice of clients some with embedded feature like password protection of the wallet.

There is an obvious need to protect savings against theft, and just like gold is usually stored in a vault, we need to come up with something, i keep thinking...
Well there is BOTG!  Wink You essentially create a key that only exists on a piece of paper. No where else. It's as secure as you secure that paper. So rather than computer security you deal with "brick-morter" security.

Quote
A tiny little script that uses openssl to create a private key along with a matching Bitcoin address. When run off of a Live CD environment, a very safe location for storing BTC can be created. Running on a Live CD with no Internet ensures no virus or malware can get the private key. The script will create a private key and present it in two formats: Hex and Base58. Either format can be used to access the matching Bitcoin address and helps provide redundancy in case one is copied down wrong. After copying down the keys and the matching Bitcoin address the user is advised to reboot the computer. Keeping the key "off-the-grid" or off any computer means no viruses or computer security lapses will jeopardize your BTC. No backups or encryption is needed. Any money you send to the matching Bitcoin address will be safe. The only way to steal the BTC would be to steal the key directly off of where it is written down. Therefore, it's best to keep the paper somewhere safe where it can't get destroyed or stolen.

Other uses could be:
-pre-loaded cards/tickets that are redeemable
-sending BTC when you are not sure who is going to receive it such as geo cache locations
-scratch cards or draws that are done at parties where everyone gets tickets with unknown amounts
-give BTC to someone and you don't know their Bitcoin address

To spend the BTC the private key has to be manually imported into a wallet. Once imported regular security precautions are needed. There are just a few utilities for importing keys but they are becoming more common. Online wallets may soon add the feature to "redeem" private keys.


*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 1890



View Profile WWW
July 01, 2011, 02:13:34 PM
 #9

1) The possibility of losing the password would likely present a greater risk than the risk of having your wallet stolen. (I once forgot a password I entered pretty much daily for 8 years after not using it for just 5 months.)
SRS. It's no surprise what happened to you, because you used your password daily it never entered your long-term memory (at least that's what some theories say).

You can have two encrypted copies of your wallet, each with a different password, and memorize them both. If you forget one, chances are you'll still remember the other. You can even use an SRS which hashes your input so you won't have to keep the passwords stored on your computer.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!