Newbie with some questions and comments

[PaulBx9]

First, thanks all for what you are doing! Reminds me a bit of "A Lodging of Wayfaring Men". 

Second, I'd like to take advantage of my newbie experience to help improve the wiki. So if I ask some dumb questions, yeah I will search around first but may need some further help to get some concept exactly right. I will give an example:

First thing I ran onto was the concept of addresses. This wiki article suggests going to bitcoin faucet to get a fraction of a coin and see the client do its thing. I did that, gave it my google login and it asked for my bitcoin address. It said, "Download and install the Bitcoin program from bitcoin.org. At the top of its main window it will show you Your Bitcoin Address." Well, no it doesn't. The client shows only "Bitcoin Wallet" at the top. So somewhere I either have to generate an address, or recognize I already have one. I looked at the address book in the client and there found a single address with no label (I had not clicked the "new address" button). I wondered if that's my address? Then I got out of there, and just went back into the address book and found no address at all. Appears to be a bug...

Then I am wondering about this concept of addresses. It appears to be a destination for payments, so it's like a home address in a way, but then people are advised to create a new one for every payment received as a crude bookeeping device apparently, so it's a bit like an invoice number (or at least, the label part is like an invoice number). If you don't generate a new address, and throw several payments into an existing one, that's like money that comes in that you don't care to keep track of? Such as minor donations, as opposed to a rent payment?

Anyway I will play around with this and do some more searches to make sure I have a fix on how addresses are used.

The other thing I ran into, was that I was trying to register on this forum from my Netherlands VPN proxy. I was surprised this was not allowed; after all, privacy is one of the things a movement toward bitcoin offers (if I'm not mistaken). Might I suggest a slight modification of this policy to allow Netherlands proxy addresses, and perhaps those from one or two other countries that have strong privacy laws? I understand the motivation because I am an admin on another forum and we have also blocked many ip addresses, but I really would rather access the forum and the bitcoin network from "offshore" if possible.

[1715608484]

1715608484

[Meni Rosenfeld]

First thing I ran onto was the concept of addresses. This wiki article suggests going to bitcoin faucet to get a fraction of a coin and see the client do its thing. I did that, gave it my google login and it asked for my bitcoin address. It said, "Download and install the Bitcoin program from bitcoin.org. At the top of its main window it will show you Your Bitcoin Address." Well, no it doesn't. The client shows only "Bitcoin Wallet" at the top. So somewhere I either have to generate an address, or recognize I already have one. I looked at the address book in the client and there found a single address with no label (I had not clicked the "new address" button). I wondered if that's my address? Then I got out of there, and just went back into the address book and found no address at all. Appears to be a bug...

This description is based on Bitcoin's old wxWidgets GUI that was used before version 0.5. Starting with 0.5 there's a QT GUI which is quite different. You could contact Gavin about updating the faucet description.

In the "Receive coins" you have your own addresses which people can use to send to you, pick one or generate a new address to give to the faucet. It should have one address to begin with. In "Address book" you have other people's address which you can send to, if you haven't added anything it will be blank.

Then I am wondering about this concept of addresses. It appears to be a destination for payments, so it's like a home address in a way, but then people are advised to create a new one for every payment received as a crude bookeeping device apparently, so it's a bit like an invoice number (or at least, the label part is like an invoice number). If you don't generate a new address, and throw several payments into an existing one, that's like money that comes in that you don't care to keep track of? Such as minor donations, as opposed to a rent payment?

The most common practice is to use an address for each purpose, this has both bookkeeping and privacy implications. So I have an address for forum donations, a different address for donations from Wikipedia, and I have an address for each eWallet of all sorts (including exchanges and mining pools), and an address for each customer, etc., but I don't demand a new address for every transaction.

[PaulBx9]

Thanks for responding, Meni.

You could contachttps://wiki.archlinux.org/index.php/System_Encryption_with_LUKS#Securing_the_unencrypted_boot_partitiont Gavin about updating the faucet description.

Done.

In "Address book" you have other people's address which you can send to, if you haven't added anything it will be blank.

Ah, clearly I was getting mixed up between "address book" and "receive coins". But I wonder why I see only 1 address in "receive coins"? I have read somewhere that there are supposed to be 100.

...an address for each customer, etc., but I don't demand a new address for every transaction

OK, makes sense, however this means since you don't do a new address for every transaction that the gui cannot be used for keeping track of things like rent payments? Or are individual payment stored in the block chain? I guess it must be. So one could in theory just receive coins from someone making payments and never keep any other record of payments, because it is all out there in the block chain. Cool.

I read this comment in another thread:

1. Put all your coins in a new wallet that has never connected to the network

https://bitcointalk.org/index.php?topic=33835.0

The context is maximum security. I don't quite understand the comment. Even if you sent all your current bitcoins to a new wallet of yours that you had created offline, isn't the transaction incomplete until the wallet has been connected to the network? For at least an hour or so?

I was reading the thread about everyone wishing the gui had encryption as part of it. This also makes no sense to me. If you mount an encrypted wallet even for a short time in an insecure environment, it is as good as lost. Encryption and security should be a broad concern, not some little thing you enable in one application. To me it appears the most practical path is a liveUSB drive with linux and complete system encryption. Even for Windows users (except for wallets with very little cash that you can afford to lose - such are OK to leave on a Windows system). Boot the liveUSB drive, it doesn't matter how many trojans are on the hard drive because it never gets mounted and even if mounted, nothing is run from it. Even the unencrypted /boot partition should be protected as described in this link. Keep the wallet on the same drive. Use the drive only for bitcoin. Backup the drive by using a straight dd copy to another flash drive.

[bitlotto]

Ah, clearly I was getting mixed up between "address book" and "receive coins". But I wonder why I see only 1 address in "receive coins"? I have read somewhere that there are supposed to be 100.

The wallet creates 100 behind the scenes so when its backed up you have it backed up even for addresses you may use in the near future. They will show up when you click to create a new receiving address.

The context is maximum security. I don't quite understand the comment. Even if you sent all your current bitcoins to a new wallet of yours that you had created offline, isn't the transaction incomplete until the wallet has been connected to the network? For at least an hour or so?

You could think of it as you only need the wallet to send coins. When you send coins your are essentially saying "these coins now belong to x and to be sent again, they must be signed with x's private key" The blockchain records the tx. If you don't need to send them you don't need to connect it online.

I was reading the thread about everyone wishing the gui had encryption as part of it. This also makes no sense to me. If you mount an encrypted wallet even for a short time in an insecure environment, it is as good as lost. Encryption and security should be a broad concern, not some little thing you enable in one application. To me it appears the most practical path is a liveUSB drive with linux and complete system encryption. Even for Windows users (except for wallets with very little cash that you can afford to lose - such are OK to leave on a Windows system). Boot the liveUSB drive, it doesn't matter how many trojans are on the hard drive because it never gets mounted and even if mounted, nothing is run from it. Even the unencrypted /boot partition should be protected as described in this link. Keep the wallet on the same drive. Use the drive only for bitcoin. Backup the drive by using a straight dd copy to another flash drive.

For large amounts of BTC, live cd's are the way to go for sure. IMHO. Not sure if you need to dd to back it up. Just make sure to copy the encrypted wallet to something safe and reboot.

[Foxpup]

Ah, clearly I was getting mixed up between "address book" and "receive coins". But I wonder why I see only 1 address in "receive coins"? I have read somewhere that there are supposed to be 100.

100 addresses are generated in advance, but they are not displayed until you click "New Address", at which point one of your "hidden" address is made visible and new hidden address is generated, so you always have 100 hidden addresses (you start out with 1 non-hidden address). The reason for this is that if you back up your wallet, then create a some new addresses and receive coins to those address, then your hard drive dies and you have to restore your backed-up wallet, you'll still be able to access your coins, because the "new" addresses were actually already there to start with. However, if you've created more than 100 addresses since the last time you backed up your wallet, you will lose some coins if you have to restore from your back-up, so its a good idea to always back up your wallet at regular intervals.

OK, makes sense, however this means since you don't do a new address for every transaction that the gui cannot be used for keeping track of things like rent payments? Or are individual payment stored in the block chain? I guess it must be. So one could in theory just receive coins from someone making payments and never keep any other record of payments, because it is all out there in the block chain. Cool.

Well, the transactions themselves are stored in the block chain, but there is no information about the transaction other than "this amount was transferred to that address". To keep track of your payments, you should create a new address for each purpose, eg you create an address labelled "Payment from Bob", give that address to Bob so that he can pay you, and then any transactions sent to that address will be labelled "Payment from Bob". You know it's from Bob because he's the only one you gave that address to (you should create a different address for every person who wants to pay you). If you only have one address, and everybody is paying you at that address, then there's no easy way to tell who is paying you what.

I read this comment in another thread:

1. Put all your coins in a new wallet that has never connected to the network

https://bitcointalk.org/index.php?topic=33835.0

The context is maximum security. I don't quite understand the comment. Even if you sent all your current bitcoins to a new wallet of yours that you had created offline, isn't the transaction incomplete until the wallet has been connected to the network? For at least an hour or so?

A wallet does not need to connected to the network in order to recieve coins, only to send coins. A wallet doesn't even need to be connected to the network to create addresses, because addresses are not actually stored on the network until coins are sent from them (this also means there is no way to guarantee that an address even exists if no coins have ever been sent from it, however the address format includes a checksum to prevent non-existent address from being entered by mistake - creating a valid but non-existent address takes deliberate effort). Transactions take about an hour to receive six confirmations (which is the standard number required to ensure the transaction is valid), but this is from the time the transaction is broadcast to the network (which requires that the wallet sending the coins be online). Transactions sent to an offline wallet receive confirmations as normal.

I was reading the thread about everyone wishing the gui had encryption as part of it.

The current GUI does have encryption. Just go Settings -> Encrypt Wallet. Enter a passphrase and don't forget it. God Himself can't get your coins back if you forget your passphrase.

This also makes no sense to me. If you mount an encrypted wallet even for a short time in an insecure environment, it is as good as lost.

Encrypted wallets aren't like encrypted hard drives. It is not "mounted", instead it requires a passphrase to decrypt the private keys needed to send coins and create new addresses (viewing your balance and transaction history does not require your passphrase, and doesn't even require your wallet if someone knows all your addresses, since all transactions are stored in the blockchain). While obviously entering your passphrase in an insecure environment is a bad idea, using an unencrypted wallet in an insecure environment is an even worse idea, for equally obvious reasons. The main idea behind encrypted wallets is to prevent people with access to the wallet file (or a backup of the wallet file) from stealing your money; it is not intended to prevent the sort of attack that involves reading keys directly from RAM (which in fact no form of encryption will protect you from).

Encryption and security should be a broad concern, not some little thing you enable in one application. To me it appears the most practical path is a liveUSB drive with linux and complete system encryption. Even for Windows users (except for wallets with very little cash that you can afford to lose - such are OK to leave on a Windows system). Boot the liveUSB drive, it doesn't matter how many trojans are on the hard drive because it never gets mounted and even if mounted, nothing is run from it. Even the unencrypted /boot partition should be protected as described in this link. Keep the wallet on the same drive. Use the drive only for bitcoin. Backup the drive by using a straight dd copy to another flash drive.

Any exploit that allows execution of arbitrary code with root privileges will allow reading the key from RAM, then sending it along with the wallet file to some remote location for the coins to be spent. If you need real security, check out Armory's Offline Wallet feature (true RED/BLACK separation).

[Meni Rosenfeld]

Ah, clearly I was getting mixed up between "address book" and "receive coins". But I wonder why I see only 1 address in "receive coins"? I have read somewhere that there are supposed to be 100.

As others said, the 100 are in reserve and not displayed.

...an address for each customer, etc., but I don't demand a new address for every transaction

OK, makes sense, however this means since you don't do a new address for every transaction that the gui cannot be used for keeping track of things like rent payments? Or are individual payment stored in the block chain? I guess it must be. So one could in theory just receive coins from someone making payments and never keep any other record of payments, because it is all out there in the block chain. Cool.

Not only are individual transactions stored on the blockchain, they are displayed in the client in the "Transactions" tab. So you can have a "rent for tenant A" address (or from the sender's side, this address will be called "rent to landlord"), and you can track the payments to this address every month.

I read this comment in another thread:

1. Put all your coins in a new wallet that has never connected to the network

https://bitcointalk.org/index.php?topic=33835.0

The context is maximum security. I don't quite understand the comment. Even if you sent all your current bitcoins to a new wallet of yours that you had created offline, isn't the transaction incomplete until the wallet has been connected to the network? For at least an hour or so?

No. Once the transaction is out in the open, it's final and cannot be reversed (up to some technical issues). They don't need to be "received" by the beneficiary. In fact you don't even need to connect the computer with the wallet to the internet to send these coins, you can just have it create signatures and pass these manually to a connected computer. With this method, there's no way to compromise your wallet without physical access.

For maximum security, Split keys / multi-signature transactions are an important part of the solution.

[PaulBx9]

On the "new wallet that has never been connected to the network" issue, I now understand, thanks for clearing this up. It's sort of a black hole though, isn't it? Eventually you are going to want to spend those coins. But I suppose if you wanted to spend 10%, you could go online and do so, then immediately send the remaining 90% to yet another new wallet that has never been connected to the network?

The main idea behind encrypted wallets is to prevent people with access to the wallet file (or a backup of the wallet file) from stealing your money;

Like people who do online banking, saving their bank login password in a browser without bothering to protect it with a master password? I see the point, these people need help. Still leaves them pretty vulnerable to trojans and such. Oh well; we might have a bank holiday pretty soon too, so I guess banks are hardly any better. Maybe stuffing mattresses with money will come back into style for people who can't figure out the security issues...

Any exploit that allows execution of arbitrary code with root privileges will allow reading the key from RAM...

Well, it's not arbitrary code. If you take the trouble to do it right with an OS like Debian (or maybe even OpenBSD) I think you are about as safe as it gets. Boot up the most compromised Windows computer with a properly built and encrypted liveUSB drive and it should be solid. Only exception I can think of is a hardware keystroke logger, and that is beat by an onscreen keyboard - except the password is asked for before X is started. Yeah, hardware keystroke loggers are tough. Well, you could let it log your OS password, possibly no harm there, and then after X is started use the onscreen keyboard for the bitcoin transaction. But that is getting complex, nobody would bother.

That Armory Offline Wallet is pretty cool. I'd feel a little nervous transferring a file from the online to the offline computer, but I suppose if nothing on the flash drive is executed that would work, and you could use a freshly formatted flash drive with just the one file on it. Even better if the offline computer has an encrypted system; then physical access by an attacker does not gain him anything, again outside the hardware keystroke logger problem.

[Meni Rosenfeld]

On the "new wallet that has never been connected to the network" issue, I now understand, thanks for clearing this up. It's sort of a black hole though, isn't it? Eventually you are going to want to spend those coins. But I suppose if you wanted to spend 10%, you could go online and do so, then immediately send the remaining 90% to yet another new wallet that has never been connected to the network?

That's one way to do it (with the current standard client), but as I said, in principle (using Armory offline wallets etc) to send coins you don't need the computer with your private keys to be connected to the internet or any network. That's the beauty of digital signatures.

But yes, the more secure and inconvenient the wallet, the more it is suitable for long-term savings rather than a spending wallet.

That Armory Offline Wallet is pretty cool. I'd feel a little nervous transferring a file from the online to the offline computer, but I suppose if nothing on the flash drive is executed that would work, and you could use a freshly formatted flash drive with just the one file on it. Even better if the offline computer has an encrypted system; then physical access by an attacker does not gain him anything, again outside the hardware keystroke logger problem.

Don't the same risks exist with whatever medium you use to install the OS?

Anyway, with split keys you can make this even more secure. Have one computer in your house with one OS installed with some medium, another at a friend's house (which could be on the other side of the globe) with a different OS and installation medium. Have both of them offline, collect the public keys to generate the address, then manually input transactions and output signatures from both computers. Stealing your coins would require compromising two offline computers with different systems in different locations. I'm sure that's pretty hard.

[Foxpup]

On the "new wallet that has never been connected to the network" issue, I now understand, thanks for clearing this up. It's sort of a black hole though, isn't it? Eventually you are going to want to spend those coins. But I suppose if you wanted to spend 10%, you could go online and do so, then immediately send the remaining 90% to yet another new wallet that has never been connected to the network?

That's not necessary. You can store your wallet's private keys on a RED box (one that will never touch a network of any kind for any reason), and have it sign individual transaction messages, then transfer the signed transactions on a disk (which need not be encrypted) to a BLACK box (which is connected to the network and will never handle sensitive data of any kind) to broadcast the transactions to the network. Since a signed transaction message only allows specific coins to be send to specific addresses (and this information cannot be tampered with thanks to the digital signature), and does not contain the private keys necessary to spend the rest of your coins, it is perfectly safe to use it on an insecure system (and the assumption (if you're security paranoid) must be that any system connected to any kind of network is insecure).

Any exploit that allows execution of arbitrary code with root privileges will allow reading the key from RAM...

Well, it's not arbitrary code. If you take the trouble to do it right with an OS like Debian (or maybe even OpenBSD) I think you are about as safe as it gets.

Don't give me this "Linux is safe" crap. Although it is arguably much safer than Windows, any kind of network connection provides an opportunity for arbitrary code to be sent to your machine. If any program on your computer (especially those running as root) mishandles the data it receives on the network and allows that code to be executed - BAM! Proper RED/BLACK separation is the only true defence.

That Armory Offline Wallet is pretty cool. I'd feel a little nervous transferring a file from the online to the offline computer, but I suppose if nothing on the flash drive is executed that would work, and you could use a freshly formatted flash drive with just the one file on it. Even better if the offline computer has an encrypted system; then physical access by an attacker does not gain him anything, again outside the hardware keystroke logger problem.

The offline computer being encrypted will make no difference at all, and it's easy to guarantee that nothing on the flash drive will be executed (at least on Linux). However, if an attacker has physical access to the offline computer, it can be compromised, and no amount of encryption will help you. If you think an attacker has gained physical access to your offline computer, you should dispose of it and create a new system, using your encrypted wallet backup. You should have an encrypted backup of your wallet even if you're not paranoid about security; at the very least it'll save you from losing all your money to a hard drive failure or some other such problem.

[PaulBx9]

This discussion does have an air of unreality about it. How many people do not have wealth stolen from them constantly by governments? And anyone with great wealth is not going to put all of it into bitcoins, although he may put some there. He will diversify. Still I suppose it makes sense to go over this stuff to build confidence. People can implement the countermeasures that make sense to them.

The more important problem is making it usable for ordinary people, not the guy with a lot of resources or computer savvy. Until acceptance goes up, it won't be a viable replacement when the dollar finally bites the dust.

I'm wondering how shop owners can use it when it takes an hour for a transaction to complete. I suppose one can just assume it will complete for small purchases. But the mechanics of someone going in and buying a cup of coffee with bitcoins escapes me for the moment. I will have to dig some more.

[Meni Rosenfeld]

I'm wondering how shop owners can use it when it takes an hour for a transaction to complete. I suppose one can just assume it will complete for small purchases. But the mechanics of someone going in and buying a cup of coffee with bitcoins escapes me for the moment. I will have to dig some more.

It's very difficult to reverse a transaction even with 0 confirmations. Shop owners can be completely safe accepting payment immediately for most purchases.

For large purchases you can either wait for a confirmation or two or use a layer on top of Bitcoin, such as a split-key eWallet with a green address. There will also be insurance services and so on.

[PaulBx9]

I'm talking about small purchases. We can't expect people to carry their computers around as they go shopping. Smartphones maybe, but I hate the damn things because they feel like "big brother is watching". I did see that physical bitcoin idea, but the cards with 5 or 10 bitcoins in them can't be divided if I'm not mistaken, and anyway there is no infrastructure to swipe cards like visa does. I suppose visa and mastercard will still be with us, and maybe at some point they will accept bitcoins as payment for the visa bill.

Maybe we shouldn't worry about a substitute for cash because society is going cashless anyway. As long as the transactions are private and control decentralized, there is probably nothing wrong with that.

[Meni Rosenfeld]

We can't expect people to carry their computers around as they go shopping.

Of course.

Smartphones maybe, but I hate the damn things because they feel like "big brother is watching".

That depends on the smartphone. There's no reason why there shouldn't be smartphones that maintain a tolerable level of privacy, though I don't know if any are currently available. It can also be a dedicated Bitcoin storage device, which doesn't need to be connected to the internet, a cellular network or anything - it can connect wirelessly to the merchant to send a transaction, and at your home to synchronize. Such a device can also be smaller than a smartphone, possible comparable with a CC.

I did see that physical bitcoin idea, but the cards with 5 or 10 bitcoins in them can't be divided if I'm not mistaken, and anyway there is no infrastructure to swipe cards like visa does. I suppose visa and mastercard will still be with us, and maybe at some point they will accept bitcoins as payment for the visa bill.

Just like banks, credit cards etc. exist to overcome the limitations of traditional physical cash, so can services exist to overcome whatever limitations Bitcoin has (which are much milder than for cash). You can have Bitcoin credit cards and physical tokens, either including a private key or not - the latter would require more trust in the issuer, but will allow smaller denominations (in both cases the issuer will need to be trusted and have an infrastructure to prevent counterfeiting).

Maybe we shouldn't worry about a substitute for cash because society is going cashless anyway.

Right. On one hand I like cash, on the other I find it archaic to have to mess with composing amounts from various coins and/or receiving change rather than simply having a digital representation of the exact amount. I wouldn't mind paying by pulling out a device and entering a PIN.