Bitcoin Forum
November 01, 2024, 05:28:40 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Grabbing other peoples private keys with bitcoin-qt  (Read 1254 times)
BTCevo (OP)
Legendary
*
Offline Offline

Activity: 1834
Merit: 1008


View Profile
August 12, 2014, 04:16:31 PM
 #1

Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?

This could be a possible security flaw am I right?
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 4270
Merit: 8805



View Profile WWW
August 12, 2014, 04:18:51 PM
Last edit: August 12, 2014, 05:06:36 PM by gmaxwell
 #2

I just grabbed your USD bank account balance balance while grabbing your message.  
BTCevo (OP)
Legendary
*
Offline Offline

Activity: 1834
Merit: 1008


View Profile
August 12, 2014, 04:28:48 PM
 #3

but could you not, when connecting, have the peers client send you all their bitcoins?
DannyHamilton
Legendary
*
Offline Offline

Activity: 3472
Merit: 4801



View Profile
August 12, 2014, 04:55:01 PM
 #4

but could you not, when connecting, have the peers client send you all their bitcoins?

Obviously not.

If this was possible, then all bitcoins from all internet connected wallets would already be stolen.

Clearly, when peers connect, it's through a communication protocol that carefully defines what requests are valid, and peers only respond to valid requests.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
August 12, 2014, 04:57:53 PM
 #5

but could you not, when connecting, have the peers client send you all their bitcoins?

No.

If your modified client sends any regular client "all your keys belong to us" it will not understand that message as it was not implemented in it.


Im not really here, its just your imagination.
CJYP
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
August 12, 2014, 05:00:35 PM
 #6

Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?

This could be a possible security flaw am I right?

The way communication over the bitcoin network works is, you send me a message then I send you another message.
While you can modify your bitcoin-qt code to send any me message you want to send, I will not respond with a message containing my private keys.
Unless you can find a bug in the bitcoin software that causes it to respond to some message with private keys (for example, the heartbleed bug in 0.9 - I might be misunderstanding what exactly is possible, but it was bad enough that 0.9 is insecure).
cosix
Member
**
Offline Offline

Activity: 77
Merit: 10


View Profile
August 12, 2014, 05:02:36 PM
 #7

but could you not, when connecting, have the peers client send you all their bitcoins?
because no developer in there right mind would write code to make that possible
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 4270
Merit: 8805



View Profile WWW
August 12, 2014, 05:08:49 PM
 #8

(for example, the heartbleed bug in 0.9 - I might be misunderstanding what exactly is possible, but it was bad enough that 0.9 is insecure).
Bitcoin core has never exposed SSL to the internet in any sane configuration. So no, that wasn't generally possible. For the vast majority of users the fix wrt that was precautionary.
Candystripes
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250

***THIS ACCOUNT IS NO LONGER ACTIVE***


View Profile
August 13, 2014, 01:56:45 AM
 #9

At least you knew what section to put it in xD

---------------------------------
No longer under the possession of Candystripes.
Account is currently dormant.
BTCevo (OP)
Legendary
*
Offline Offline

Activity: 1834
Merit: 1008


View Profile
August 13, 2014, 02:02:19 AM
 #10

At least you knew what section to put it in xD

This was moved..
Strawbtcerries
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile
August 13, 2014, 04:46:07 PM
 #11

This is imposible, btc would have crashed by now if this was a posibility
InwardContour
Sr. Member
****
Offline Offline

Activity: 644
Merit: 260


View Profile
August 13, 2014, 06:05:03 PM
 #12

Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?

This could be a possible security flaw am I right?

No it's impossible at all because if this critical issue would have been real, the developers would have fixed it in no time.
Foxpup
Legendary
*
Offline Offline

Activity: 4530
Merit: 3183


Vile Vixen and Miss Bitcointalk 2021-2023


View Profile
August 14, 2014, 03:17:20 AM
 #13

If the wallet is encrypted, what your suggesting is completely impossible (it was impossible anyway, but with an encrypted wallet it's especially impossible). An encrypted wallet cannot (and I mean "cannot" in the sense that "it's physically impossible") access its own private keys without the correct passphrase (which is never stored and must be entered by the user every time).

The reason it was impossible anyway is because peers cannot "grab" arbitrary data from the client; they can only obtain data that the client purposefully transmits. The client never transmits sensitive data, nor is there even any way for a peer to request that it do so.

Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!