Payout Address Security

[The00Dustin]

I wasn't sure where to post this, but thought Pools might be the best section for pool operators to see the suggestion (as opposed to suggesting it to a specific pool operator).  I was just messing around with bitcoind and noticed this option:

Code:

signmessage <bitcoinaddress> <message>

I know several pools advocate payout locking and using PINs and the like.  Seeing this option made me wonder if it wouldn't be more secure to require a new payout address to be signed by the old one.  For instance, when I sign FakeNewAddress with 1B19RDfQtFNDsAa9toRWEXZbrFRZvZcET6 I get this:

Code:

G4Z1xAHdiqLnIY/+V5a0m3wmaTfjPUcJhlZZiwUgAx/lKlQbFvCnZpB3GxslYqNKuSb08T87obPaopN25NPRX6o=

So if I entered FakeNewAddress into an address field and the above into a signature field, the pool server could run this:

Code:

bitcoind verifymessage 1B19RDfQtFNDsAa9toRWEXZbrFRZvZcET6 G4Z1xAHdiqLnIY/+V5a0m3wmaTfjPUcJhlZZiwUgAx/lKlQbFvCnZpB3GxslYqNKuSb08T87obPaopN25NPRX6o= FakeNewAddress

and it should return true.
Even if it wouldn't be desirable (for instance, because the Windowns bitcoin-qt executable dosen't appear to support the walletpassphrase command, which is necessary to unlock an encrypted wallet before signing) to be required for all address changes (after the initial address input), it might be a nice optional security feature to override a 24 hour payout lock or otherwise permanent payout lock, at least for users who have their wallet stored in multiple locations.

[The00Dustin]

So I was thinking about this today, and I realized a flaw.  Does the public key have to be in the blockchain before you can verify a message signed by an address not in your wallet?  If so, the old payout address would have to have an outbound transaction before the server could verify the signature around the new one.  I suppose that could be a simple as a payment to ones self at another address (which may involve a net loss in the amount of the transaction fee).

[Maged]

So I was thinking about this today, and I realized a flaw.  Does the public key have to be in the blockchain before you can verify a message signed by an address not in your wallet?

No, it doesn't necessarily need to be in the blockchain, but if the public key has never been used, it would need to provided along with the signed message. (although I don't know if the client accepts a public key to check against...)

[The00Dustin]

(although I don't know if the client accepts a public key to check against...)

I don't think it does from the help output, however, in order to provide one, it would also need to be possible to get the client to put it out, and I didn't see anything in the help output about that either.  I don't run a pool, or otherwise contribute much, so I can't hardly request features, especially when they might not even be used, so I suppose this isn't likely to happen, but it would probably be a geek-only feature anyway.

[The00Dustin]

With MtRed being down and my hashrate being low enough that only PPS variants make sense, I finally gave in to mining at Eligius even though I prefer to control my payouts.  Imagine my surprise when I learned Eligius does this for registering namecoin payout addresses...  From the Eligius thread, it looks like they were doing this back during 0.5.0 rc1.  And here I thought I came up with a unique idea!  Interestingly, I forgot about the public key not being in the chain for the BTC address I used to sign my NMC address, and my signature was accepted.  However, maybe it waits for the public key to be published in the blockchain (via a BTC payout it will make) before it starts NMC payouts, or maybe it is possible to confirm a signature from the BTC address (I am assuming Maged is right and the address isn't the necessary public key, although that posibility did otherwise occurr to me as I started this post).

[DeepBit]

I know several pools advocate payout locking and using PINs and the like.  Seeing this option made me wonder if it wouldn't be more secure to require a new payout address to be signed by the old one.

Frequently the reason for changing the payment address is the fact that the old wallet is lost, so this won't work.
May be it would be better for other purposes...

[The00Dustin]

Frequently the reason for changing the payment address is the fact that the old wallet is lost, so this won't work.
May be it would be better for other purposes...

Even if it wouldn't be desirable (for instance, because the Windowns bitcoin-qt executable dosen't appear to support the walletpassphrase command, which is necessary to unlock an encrypted wallet before signing) to be required for all address changes (after the initial address input), it might be a nice optional security feature to override a 24 hour payout lock or otherwise permanent payout lock, at least for users who have their wallet stored in multiple locations.

Also, note that a permanent payout lost combined with a lost wallet = you have to create a new account and lose the old bitcoins unless the pool operator will change the address for you manually due to the lost wallet.  In that case, if you didn't lose your wallet, having this as an optional way to override that (or other) security wouldn't change the game much, but might save some work from the pool operator who is willing to override such security (maybe not enough to justify the time necessary to implement this).  That said, I don't know how many pool operators are using permanent payout locks, and waiting for a temporary payout lock to expire shouldn't end the world, so it wouldn't necessarily be a high priority feature for most regardless.

[Red Emerald]

I know several pools advocate payout locking and using PINs and the like.  Seeing this option made me wonder if it wouldn't be more secure to require a new payout address to be signed by the old one.

Frequently the reason for changing the payment address is the fact that the old wallet is lost, so this won't work.
May be it would be better for other purposes...

Wallets are getting lost frequently?

[DeepBit]

I know several pools advocate payout locking and using PINs and the like.  Seeing this option made me wonder if it wouldn't be more secure to require a new payout address to be signed by the old one.

Frequently the reason for changing the payment address is the fact that the old wallet is lost, so this won't work.
May be it would be better for other purposes...

Wallets are getting lost frequently?

Usually not, but when there are thousands of users, they sometimes do.
Many of "non-advanced" users are never doing backups and usually try to solve software problems by formatting HDD+reinstalling Windows.