Grabbing other peoples private keys with bitcoin-qt

[BTCevo]

Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?

This could be a possible security flaw am I right?

[gmaxwell]

I just grabbed your USD bank account balance balance while grabbing your message.  

[BTCevo]

but could you not, when connecting, have the peers client send you all their bitcoins?

[DannyHamilton]

but could you not, when connecting, have the peers client send you all their bitcoins?

Obviously not.

If this was possible, then all bitcoins from all internet connected wallets would already be stolen.

Clearly, when peers connect, it's through a communication protocol that carefully defines what requests are valid, and peers only respond to valid requests.

[shorena]

but could you not, when connecting, have the peers client send you all their bitcoins?

No.

If your modified client sends any regular client "all your keys belong to us" it will not understand that message as it was not implemented in it.

[CJYP]

Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?

This could be a possible security flaw am I right?

The way communication over the bitcoin network works is, you send me a message then I send you another message.
While you can modify your bitcoin-qt code to send any me message you want to send, I will not respond with a message containing my private keys.
Unless you can find a bug in the bitcoin software that causes it to respond to some message with private keys (for example, the heartbleed bug in 0.9 - I might be misunderstanding what exactly is possible, but it was bad enough that 0.9 is insecure).

[cosix]

but could you not, when connecting, have the peers client send you all their bitcoins?

because no developer in there right mind would write code to make that possible

[gmaxwell]

(for example, the heartbleed bug in 0.9 - I might be misunderstanding what exactly is possible, but it was bad enough that 0.9 is insecure).

Bitcoin core has never exposed SSL to the internet in any sane configuration. So no, that wasn't generally possible. For the vast majority of users the fix wrt that was precautionary.

[Candystripes]

At least you knew what section to put it in xD

[BTCevo]

At least you knew what section to put it in xD

This was moved..

[Strawbtcerries]

This is imposible, btc would have crashed by now if this was a posibility

[InwardContour]

Would it be possible to edit the bitcoin-qt code so that when communicating with other peers it also grabs their private keys whilst grabbing their version of the blockchain?

This could be a possible security flaw am I right?

No it's impossible at all because if this critical issue would have been real, the developers would have fixed it in no time.

[Foxpup]

If the wallet is encrypted, what your suggesting is completely impossible (it was impossible anyway, but with an encrypted wallet it's especially impossible). An encrypted wallet cannot (and I mean "cannot" in the sense that "it's physically impossible") access its own private keys without the correct passphrase (which is never stored and must be entered by the user every time).

The reason it was impossible anyway is because peers cannot "grab" arbitrary data from the client; they can only obtain data that the client purposefully transmits. The client never transmits sensitive data, nor is there even any way for a peer to request that it do so.