How long to hack an address that is used to send BTC multiple times?

[nullius]

Especially, when you can improve all 3 of those situations by simply generating a new address for EVERY transaction?  A business wouldn't re-use an invoice number, why would you re-use a bitcoin address?

I don't want to diss you but are you from another planet?

The invoice number? A Bitcoin address is more like a customer ID, which remains fixed!

Nonsense.  What DannyHamilton described is not only a well-known “best practice”, but also the actual and longstanding current practice of numerous Bitcoin businesses, both large and small.  Assigning one address per transaction is also the only practical, reliable means of tracking payments and matching payments to transactions; thus, a Bitcoin address works out perfectly as a quasi invoice number—or even an actual invoice number.

I emphasize that this is the common and customary usage.  Forget about discussing your qualifications as a developer:  If you have not seen this as a customer, such reveals that you have rarely if ever used Bitcoin at all.

It would be much more convenient for businesses or individuals, to provide their counterparties with fixed addresses for further use.
 
Otherwise a new one would have to be created everytime someone sends you a payment. What a nuisance! And imagine this is done automatically, and a partial payment is received: CHAOS, CONFUSION and MAYHEM!

Years of the real-world experience of actual businesses flatly contradict your supposition.

What happens if a partial payment is received?  Whatever happens according to the payee’s usual handling of partly-paid invoices—that’s what.  Using one address per transaction makes it easier to track and account for partial payments.

For privacy you would need a new private key (HD) every time anyways.

With your reference to “(HD)”, you are confusing the BIP 32 seed with a Bitcoin private key.  From a single seed, a BIP 32 HD wallet can generate up to 2,147,483,648 hardened or non-hardened private-key/address pairs per derivation path.  That’s over two billion addresses.

At the current rate of transactions per day, it would take about 25–35 years for the entire Bitcoin network to process 2,147,483,648 transactions.  If you had somehow anachronistically created an HD wallet when Bitcoin was first released in January 2009, and every Bitcoin transaction ever made had been spent to you with a new address for each one, then you would have still only used a fraction of your addresses.

Still worried about running out of addresses in your HD wallet?

But if you want privacy, BTC is not the right crypto.

So, if Bitcoin does not provide a privacy suit of armour without special measures, you recommend walking around naked?  (Moreover, given some effort and skill, Bitcoin can be plenty private.)

I guess a company with good blockchain knowledge could try and create 1 private key per customer, then issuing a different address on that key for each invoice. But for the average company/individual that is way too much overhead.

So yes I do think address re-use should be fully supported.

For a lightweight solution, Electrum provides easy merchant features which even the dullest developer should be able to get working and integrate with a shopcart and accounting backend.  It automatically provides a new address for each payment request, and serves up fancy auto-generated payment request pages with QR codes.  For security, it works fine with a cold wallet (no webserver access to funds).  If you can set up a webserver and a basic shopcart package, then you are capable of doing this, too.

Making this work with Core is not exactly rocket science, either.

[DannyHamilton]

I don't want to diss you but are you from another planet?

No.

But, it appears you may be.

The invoice number? A Bitcoin address is more like a customer ID, which remains fixed!

You are quite mistaken about that.

A bitcoin address is intended to be used only once and as a method to identify a payment.  That sounds like an invoice number to me.

It would be much more convenient for businesses or individuals, to provide their counterparties with fixed addresses for further use.

I suppose it would be convenient to provide "counterparties" with a fixed invoice number for further use as well, but it doesn't make sense and is really quite silly.

Otherwise a new one would have to be created everytime someone sends you a payment.

You mean, like an invoice number?  Right.  Exactly.

What a nuisance!

Most people don't think of invoice numbers as being a nuisance.

And imagine this is done automatically, and a partial payment is received: CHAOS, CONFUSION and MAYHEM!

Or, you just wait to receive the full amount.

For privacy you would need a new private key every time anyways.

Correct.  Each new address comes with its own new private key.

But if you want privacy, BTC is not the right crypto.

Perhaps, but it's better than alternative forms of electronic representation of value (such as bank accounts).

I guess a company with good blockchain knowledge could try and create 1 private key per customer

Any company that doesn't understand that every address has a separate private key doesn't have good blockchain knowledge and shouldn't be managing their own cryptocurrency decisions.

issuing a different address on that key

Not possible.  Each private key has only one address.

for the average company/individual that is way too much overhead.

It's too much overhead for a company (or individual) to keep track of what addresses they give out for which payments?  Then they probably can't manage money at all.  They probably need to get someone else to manage their money for them.

So yes I do think address re-use should be fully supported.

You can think whatever you like.  It doesn't make it a good idea.

[leopard2]

No matter what you and Nullius say, the fact remains that in the real world, having a fixed address is an advantage from a usability perspective.

Examples: donation addresses, used by the thousands on webpages and signatures. Or exchanges, which use address locking as a security measure. Or address books in each and every client, which would be utterly useless and stupid if you were right.

I do not condone address re-use, but I believe a good crypto should be designed so that security is not compromised when doing it. This related to the technical issue OP is talking about.

Of course for privacy, address re-use is bad. But sometimes you do not need privacy (e.g. paying your phone bill). If you better privacy, use HD wallets which create new addresses automatically. If you want perfect privacy use Monero, Byteball or Spectrecoin - they offer private and public addresses.

But the people I know, real people in the real world, would prefer to send their recurring payments (phone, rent etc.) to the same address. Businesses call such numbers "billing accounts" and they don't change.

I simply oppose the idea of calling address re-use a user fault.

I believe every person has a right to re-use an address or not, it is not up to developers to decide that for them!

Flame me all you want, but don't you whine when idiots flock to (ewwww....) XRP or some other crap. 

[leopard2]

One thing, though.

It is really bad for privacy. In fact Nullius has a point about the long term thinking. I did re-use addresses in the past and regretted that later.

Every client should pop up a warning about it, to make it clear that this should be avoided unless you really need it for XYZ purpose.

Or is it still a bad idea, even then? I am willing to learn, you know...

[DannyHamilton]

No matter what you and Nullius say, the fact remains that in the real world, having a fixed address is an advantage from a usability perspective.

You are mistaken.

It can equally be true to say that "in the real world, having a fixed invoice number is an advantage from a usability perspective".

Sure its true that the customer doesn't need to keep track of which invoice number ot use when they pay you (since they always use the same one), but it doesn't fit it's purpose (identifying a payment) and is therefore a DISADVANTAGE.

Examples: donation addresses, used by the thousands on webpages and signatures.

A webpage can easily generate a new address everytime the page refreshes.

Earning money through signatures on a forum is a cancer. it is a perfect example of why you shouldn't be allowed to re-use an address, and why you should refuse to ever engage in any transaction with anyone that ever re-uses an address.

Or exchanges, which use address locking as a security measure.

Every well run exchange that I've ever used generates a brand new address for every deposit.

Or address books in each and every client, which would be utterly useless and stupid if you were right.

They are utterly useless and stupid.  I never use them.  I expect them to slowly fade away into the pages of history.

I do not condone address re-use,

I don't think that word means what you seem to think it means.

but I believe a good crypto should be designed so that security is not compromised when doing it.

It's a bad idea regardless.  It reduces privacy, and it is a bad practice.

Of course for privacy, address re-use is bad.

It's just a bad idea.  It's also bad for privacy, but it shouldn't be done regardless.

But sometimes you do not need privacy (e.g. paying your phone bill).

Privacy is always important. Even if you are paying your phone bill.  I shouldn't need to announce to the world the total value of bitcoins I have just because you want to pay your phone bill.

If you better privacy, use HD wallets which create new addresses automatically.

Correct.  New address for every transaction.

If you want perfect privacy use Monero, Byteball or Spectrecoin - they offer private and public addresses.

There's no such thing as "perfect privacy".  They offer arguably "better" privacy, but not perfect.

But the people I know, real people in the real world, would prefer to send their recurring payments (phone, rent etc.) to the same address.

If you are mailing a payment, you are welcome to re-use a mailing address.

If you are transfering USD (or other local currency) then you are welcome to re-use an account number.

Bitcoin addresses are not mailing addresses, and they are not account numbers. They are a way to identify who sent a payment, when they sent it, and wy they sent it.  In other words, they are an invoice number.

Businesses call such numbers "billing accounts" and they don't change.

Businesses do NOT call invoice numbers "billing accounts" and invoice numbers DO change.  You may have MANY invoices all associated with the same account, just like a business may have MANY bitcoin addresses all associated with your account.  They account identifier (account number) won't change, but the bitcoin address should (if they are doing it right).

I simply oppose the idea of calling address re-use a user fault.

Call it what you want.  That doesn't change the fact that they shouldn't do it, and they are at fault if they do.

I believe every person has a right to re-use an address or not,

That is currently true.  It is possible for users to do a LOT of things that they shouldn't do.  They can publish their private keys if they want.  They can re-use addresses if they want. They can send their bitcoins to random addresses if they want.

The fact that a user CAN do these things, or that they have the "right" to do these things doesn't make ANY of them a good idea.  They should be discouraged from all of these bad concepts.

it is not up to developers to decide that for them!

I'd be pretty happy if Bitcoin ever hard-forked to refuse to accept address re-use.  It's never going to happen, but I can dream.

Flame me all you want, but don't you whine when idiots flock to (ewwww....) XRP or some other crap. 

Idiots can go do whatever they like.  I'm here to help educate people that want to learn and that want to understand.

[leopard2]

But sometimes you do not need privacy (e.g. paying your phone bill).

Privacy is always important. Even if you are paying your phone bill.  I shouldn't need to announce to the world the total value of bitcoins I have just because you want to pay your phone bill.

What? Why would you pay your phone bill from your cold wallet?

But alright. I get your point. 

Perhaps we could leave it at that: a user could re-use addresses for situations where traceability is explicitly desired - but generally it should not be done.

I really wish someone like you would have told me all that shit when I was a newbie :-)

[DannyHamilton]

I really wish someone like you would have told me all that shit when I was a newbie :-)

Which is why I am so adamant about it when I get caught up in a conversation with someone that says something like:

I don't want to diss you but are you from another planet?

The invoice number? A Bitcoin address is more like a customer ID, which remains fixed!

The newbies need to understand just how important it is to use a new address for every transaction.  If I don't refute such statements, then many MORE newbies are going to be wishing later that someone had explained the importance of avoiding address re-use, and wishing they hadn't listened to the person that stated that an address should remain fixed.

Additionally, by voting with my dollars (refusing to do business with ANYONE that asks me to re-use an address to send to them), I make a difference in the marketplace helping (forcing) more merchants to learn the importance about protecting their customer's privacy.  Those that behave appropriately gain more business from me (and others like me) and are therefore more successful.  Those that don't behave appropriately suffer a lack of business from me (and others like me) and are therefore less successful until they learn.

[The Demon Slick]

So I have a miner pointed at nh, and I was planning on using the same adress for my new machine also, because otherwise they don't pay out often enough, and I don't trust sending it to thier online wallet. I'm getting it straight to btc core wallet. Minimum payout is .1 for external wallets. Then I move it to a cold wallet. Are you saying this is not a good way to go? Also, I know it's a little OT, but if I have the core wallet running, open to connections, usually 8 active.... am I running a node? Or do I have to do something else? I couldn't find the answer, I did look. Thanks.

[Destined2B_Rich]

If you have a public address and you reuse this address to send BTC from multiple times, my understanding is that your public address is more susceptible to being hacked (ie. easier for somebody to generate the private key from your public address).  From what I have read, if you send BTC from your public address and you keep any leftover coins in that public address, your public address is only protected by ECDSA.  I have also read that the more you reuse the same address to send BTC, the more your address is susceptible to being hacked.

So let's say I am using a public address.  I send a portion of my BTC from my public address to somebody else but the leftover BTC remains in my public address (doesn't Electrum keep your leftover BTC in the same address by default?).  I use this same public address to send BTC from over the next several weeks.  In total, I have sent from this address 4 or 5 times over several weeks.  Several weeks later, after I am done sending my BTC, I backup my wallet and my private key, uninstall Electrum and decide to let my leftover BTC sit there in my public address.

With today's technology, how long would it take to hack this public address?  Is this something I don't have to worry about for the next 10 years?  The next 5 years?  The next 1 year?

it is almost impossible for you to do it, unless you have a computing power more than the total half of all the computing power participating on a particular blockchain.