BTCevo (OP)
Legendary
Offline
Activity: 1834
Merit: 1008
|
|
August 12, 2014, 04:16:31 PM |
|
Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?
This could be a possible security flaw am I right?
|
|
|
|
|
|
|
In order to get the maximum amount of activity points possible, you just need to post once per day on average. Skipping days is OK as long as you maintain the average.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
gmaxwell
Staff
Legendary
Offline
Activity: 4172
Merit: 8419
|
|
August 12, 2014, 04:18:51 PM Last edit: August 12, 2014, 05:06:36 PM by gmaxwell |
|
I just grabbed your USD bank account balance balance while grabbing your message.
|
|
|
|
BTCevo (OP)
Legendary
Offline
Activity: 1834
Merit: 1008
|
|
August 12, 2014, 04:28:48 PM |
|
but could you not, when connecting, have the peers client send you all their bitcoins?
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3388
Merit: 4653
|
|
August 12, 2014, 04:55:01 PM |
|
but could you not, when connecting, have the peers client send you all their bitcoins?
Obviously not. If this was possible, then all bitcoins from all internet connected wallets would already be stolen. Clearly, when peers connect, it's through a communication protocol that carefully defines what requests are valid, and peers only respond to valid requests.
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1520
No I dont escrow anymore.
|
|
August 12, 2014, 04:57:53 PM |
|
but could you not, when connecting, have the peers client send you all their bitcoins?
No. If your modified client sends any regular client "all your keys belong to us" it will not understand that message as it was not implemented in it.
|
Im not really here, its just your imagination.
|
|
|
CJYP
Member
Offline
Activity: 112
Merit: 10
|
|
August 12, 2014, 05:00:35 PM |
|
Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?
This could be a possible security flaw am I right?
The way communication over the bitcoin network works is, you send me a message then I send you another message. While you can modify your bitcoin-qt code to send any me message you want to send, I will not respond with a message containing my private keys. Unless you can find a bug in the bitcoin software that causes it to respond to some message with private keys (for example, the heartbleed bug in 0.9 - I might be misunderstanding what exactly is possible, but it was bad enough that 0.9 is insecure).
|
|
|
|
cosix
Member
Offline
Activity: 77
Merit: 10
|
|
August 12, 2014, 05:02:36 PM |
|
but could you not, when connecting, have the peers client send you all their bitcoins?
because no developer in there right mind would write code to make that possible
|
|
|
|
gmaxwell
Staff
Legendary
Offline
Activity: 4172
Merit: 8419
|
|
August 12, 2014, 05:08:49 PM |
|
(for example, the heartbleed bug in 0.9 - I might be misunderstanding what exactly is possible, but it was bad enough that 0.9 is insecure).
Bitcoin core has never exposed SSL to the internet in any sane configuration. So no, that wasn't generally possible. For the vast majority of users the fix wrt that was precautionary.
|
|
|
|
Candystripes
Sr. Member
Offline
Activity: 294
Merit: 250
***THIS ACCOUNT IS NO LONGER ACTIVE***
|
|
August 13, 2014, 01:56:45 AM |
|
At least you knew what section to put it in xD
|
--------------------------------- No longer under the possession of Candystripes. Account is currently dormant.
|
|
|
BTCevo (OP)
Legendary
Offline
Activity: 1834
Merit: 1008
|
|
August 13, 2014, 02:02:19 AM |
|
At least you knew what section to put it in xD
This was moved..
|
|
|
|
Strawbtcerries
Newbie
Offline
Activity: 33
Merit: 0
|
|
August 13, 2014, 04:46:07 PM |
|
This is imposible, btc would have crashed by now if this was a posibility
|
|
|
|
InwardContour
|
|
August 13, 2014, 06:05:03 PM |
|
Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?
This could be a possible security flaw am I right?
No it's impossible at all because if this critical issue would have been real, the developers would have fixed it in no time.
|
|
|
|
Foxpup
Legendary
Offline
Activity: 4354
Merit: 3044
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
August 14, 2014, 03:17:20 AM |
|
If the wallet is encrypted, what your suggesting is completely impossible (it was impossible anyway, but with an encrypted wallet it's especially impossible). An encrypted wallet cannot (and I mean "cannot" in the sense that "it's physically impossible") access its own private keys without the correct passphrase (which is never stored and must be entered by the user every time).
The reason it was impossible anyway is because peers cannot "grab" arbitrary data from the client; they can only obtain data that the client purposefully transmits. The client never transmits sensitive data, nor is there even any way for a peer to request that it do so.
|
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
|
|
|
|