Bitcoin Forum
November 01, 2024, 03:48:53 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Is there a simple solution for this process?  (Read 1351 times)
cbeast (OP)
Donator
Legendary
*
Offline Offline

Activity: 1736
Merit: 1014

Let's talk governance, lipstick, and pigs.


View Profile
May 06, 2012, 08:43:56 PM
 #1

I have a website I am developing. It has a page that offers to pay out to someone in Bitcoin, but there is a catch. The website user will be presented with a Brain Wallet series of words they must enter to create a private key hash. That hash will have a pre-loaded amount of Bitcoin. The private key will be eventually also know to others, so the first person to get the key must move the balance to another account and delete that private key from their wallet (or mark it) so they don't accidentally use it again and let someone steal their Bitcoin.

I am ok with writing a step-by-step instruction guide to do so, but would appreciate knowing that there is a simple solution already out there that regular Joe Blow folks can use.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
yogi
Legendary
*
Offline Offline

Activity: 947
Merit: 1042


Hamster ate my bitcoin


View Profile
May 06, 2012, 11:15:00 PM
 #2

Do you have to reveal the private key?

If yes, then you could automate the process with some code.

Don't know of any pre-existing solutions though.

cbeast (OP)
Donator
Legendary
*
Offline Offline

Activity: 1736
Merit: 1014

Let's talk governance, lipstick, and pigs.


View Profile
May 06, 2012, 11:19:54 PM
 #3

Do you have to reveal the private key?

If yes, then you could automate the process with some code.

Don't know of any pre-existing solutions though.

Yeah, for now the safest and simplest solutions are MtGox, MyWallet, and soon perhaps Armory. Smart phone apps might work too. When people start copying my website idea, there will be solutions created.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
piuk
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1005



View Profile WWW
May 06, 2012, 11:39:42 PM
 #4

If i understand you correctly you need an easy way to import a private key into a wallet?

You can ago sweep a private key into a My Wallet account by appending #newpriv|${private_key} to the login url e.g.

https://blockchain.info/wallet/login#newpriv|BhGmdqTbfJ5c2hi5CmNkBhFB5QWMymJx7pRUcxCCKoDm

I don't know if thats what your looking for.

cbeast (OP)
Donator
Legendary
*
Offline Offline

Activity: 1736
Merit: 1014

Let's talk governance, lipstick, and pigs.


View Profile
May 07, 2012, 12:14:49 AM
 #5

If i understand you correctly you need an easy way to import a private key into a wallet?

You can ago sweep a private key into a My Wallet account by appending #newpriv|${private_key} to the login url e.g.

https://blockchain.info/wallet/login#newpriv|BhGmdqTbfJ5c2hi5CmNkBhFB5QWMymJx7pRUcxCCKoDm

I don't know if thats what your looking for.
Yeah that's great, but it needs to be something grandma and her knitting circle can do.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
May 08, 2012, 01:10:01 AM
 #6

The private key will be eventually also know to others, so the first person to get the key must move the balance to another account and delete that private key from their wallet (or mark it) so they don't accidentally use it again and let someone steal their Bitcoin.

That's exactly what "sweeping" is for, in Armory.  Copy the key into Armory, select "sweep" and it will search the blockchain for the balance and transfer it to the selected wallet.  The private key is not saved (because if you are sweeping, it is assumed you don't trust it and shouldn't put it in your wallet).




If this becomes popular, it would be quite easy to add an entry field for inputting whatever it is you are proposing, then doing the hashing and sweeping for the user in one operation


Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
May 08, 2012, 03:16:44 AM
 #7

That's exactly what "sweeping" is for, in Armory.  Copy the key into Armory, select "sweep" and it will search the blockchain for the balance and transfer it to the selected wallet.  The private key is not saved (because if you are sweeping, it is assumed you don't trust it and shouldn't put it in your wallet).

Why would you ever want to delete a private key? If ever accidentally anybody reuses that key, it should repeat the sweeping if anything. Showing it in my address book is another thing.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
May 08, 2012, 03:26:23 AM
 #8

That's exactly what "sweeping" is for, in Armory.  Copy the key into Armory, select "sweep" and it will search the blockchain for the balance and transfer it to the selected wallet.  The private key is not saved (because if you are sweeping, it is assumed you don't trust it and shouldn't put it in your wallet).

Why would you ever want to delete a private key? If ever accidentally anybody reuses that key, it should repeat the sweeping if anything. Showing it in my address book is another thing.

This thread is full of discussion about this very topic (mainly starting on page 4).

The gist of it is that you have wallets and keys in your wallet.  If you import an insecure key to your wallet, someone can "pay you" by sending funds to it and making you believe you've received money, then yank it out from under you.  It's a very easy attack and completely avoidable.  This is why I plan not to allow importing of keys in "Standard/Beginner" mode in Armory.

The solution would be to have a separate portion of the program devoted to maintaining addresses for sweeping.  Well, sure.  You could do that.  But the vast majority of the time you receive an insecure key, it's because it's intended to be used just once.  Ever.  I don't really feel like designing and interface around something that should basically never happen, and just confuse users with the extra functionality.

That's not to say it can't be done.  I just won't be doing it myself.

However, if this thread is talking about multiple people eventually seeing the same key, then it makes sense for one user to keep the key around around, monitoring the network for when it receives more funds and sweeping it right away.  In fact, if this is done, I'll be setting up a daemon to do just that...  Might make the whole thing kind of useless.  But maybe I don't understand the application.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1026



View Profile
May 08, 2012, 04:12:34 PM
 #9

However, if this thread is talking about multiple people eventually seeing the same key, then it makes sense for one user to keep the key around around, monitoring the network for when it receives more funds and sweeping it right away.  In fact, if this is done, I'll be setting up a daemon to do just that...  Might make the whole thing kind of useless.  But maybe I don't understand the application.

Just because a key is intended for a single use doesn't mean that it will only be used one time.

If someone gives me a key, I'll want to sweep it immediately because I don't trust it.  But I'll also want to watch it forever and attempt to sweep anything that ever gets sent to it in the future, because I might get lucky.  But I don't want to treat it like a normal key that accumulates transactions because I don't trust it.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
May 08, 2012, 04:21:43 PM
 #10

However, if this thread is talking about multiple people eventually seeing the same key, then it makes sense for one user to keep the key around around, monitoring the network for when it receives more funds and sweeping it right away.  In fact, if this is done, I'll be setting up a daemon to do just that...  Might make the whole thing kind of useless.  But maybe I don't understand the application.

Just because a key is intended for a single use doesn't mean that it will only be used one time.

If someone gives me a key, I'll want to sweep it immediately because I don't trust it.  But I'll also want to watch it forever and attempt to sweep anything that ever gets sent to it in the future, because I might get lucky.  But I don't want to treat it like a normal key that accumulates transactions because I don't trust it.

And of all the one-time-use keys that are ever distributed to all the people that ever receive them.  How often do you expect such a key to be magically refilled?  Who is refilling it?  Do people like throwing money away?  What purpose could possibly be served by sending money to a completely-insecure key after it's been used once?

In reality, I'd have to spend time to complicate my interface to add an "untrusted keys" feature, and it would be absolutely useless.

If you really want to do this anyway, just create a new wallet, label it "INSECURE" and put such keys in there.  Then I don't have to add anything to my interface.  

P.S. -- I've pondered some kind of auto-sweep setting for certain addresses, but that doesn't work with encrypted wallets, and even for unencrypted wallets, I've never been comfortable with moving money in any of the users' wallets when they aren't looking, no matter how benevolent my intentions are.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1026



View Profile
May 08, 2012, 05:01:42 PM
 #11

However, if this thread is talking about multiple people eventually seeing the same key, then it makes sense for one user to keep the key around around, monitoring the network for when it receives more funds and sweeping it right away.  In fact, if this is done, I'll be setting up a daemon to do just that...  Might make the whole thing kind of useless.  But maybe I don't understand the application.

Just because a key is intended for a single use doesn't mean that it will only be used one time.

If someone gives me a key, I'll want to sweep it immediately because I don't trust it.  But I'll also want to watch it forever and attempt to sweep anything that ever gets sent to it in the future, because I might get lucky.  But I don't want to treat it like a normal key that accumulates transactions because I don't trust it.

And of all the one-time-use keys that are ever distributed to all the people that ever receive them.  How often do you expect such a key to be magically refilled?  Who is refilling it?  Do people like throwing money away?  What purpose could possibly be served by sending money to a completely-insecure key after it's been used once?

In reality, I'd have to spend time to complicate my interface to add an "untrusted keys" feature, and it would be absolutely useless.

If you really want to do this anyway, just create a new wallet, label it "INSECURE" and put such keys in there.  Then I don't have to add anything to my interface.  

P.S. -- I've pondered some kind of auto-sweep setting for certain addresses, but that doesn't work with encrypted wallets, and even for unencrypted wallets, I've never been comfortable with moving money in any of the users' wallets when they aren't looking, no matter how benevolent my intentions are.

I totally agree about the single use keys.  No one is going to refill them.  But that doesn't mean that I want to abandon them.

No need to do anything with the UI.  Just remember keys imported for sweeping instead of deleting them, and check them again from time to time, or as you do with regular keys (which I presume is as blocks come in).

Very low priority feature.  But it actually looks pretty simple to do.  Add a flag to whatever you are using to store imported keys now.  If someone picks the sweep option on import, store it with that flag set.  When you are checking the imported keys for new transactions, if that flag is set, call out to the sweep code.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
giszmo
Legendary
*
Offline Offline

Activity: 1862
Merit: 1114


WalletScrutiny.com


View Profile WWW
May 08, 2012, 05:34:03 PM
 #12

If I used an address for many purposes and suddenly fear my wallet might have gotten into the wrong hands I can never be sure if my contacts might still reuse those tipping addresses for example that i gave them or that i embedded in pictures.
I guess people would want to run a watch dog to sweep charges to that address without publicly announcing they lost their wallet.

Other use-case: I found a lost wallet. Of course I would want to likewise run a watch dog on that one.
I just imagine some key of some miner leaking and 60,000 users importing it hoping to be the lucky sweeper of the next automatic mining pay out Wink  .... hmmm ...  most likely the winner could only be some pool that has such a watch dog on their own.

ɃɃWalletScrutiny.comIs your wallet secure?(Methodology)
WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value.
ɃɃ
etotheipi
Legendary
*
Offline Offline

Activity: 1428
Merit: 1093


Core Armory Developer


View Profile WWW
May 08, 2012, 06:59:15 PM
 #13

If I used an address for many purposes and suddenly fear my wallet might have gotten into the wrong hands I can never be sure if my contacts might still reuse those tipping addresses for example that i gave them or that i embedded in pictures.
I guess people would want to run a watch dog to sweep charges to that address without publicly announcing they lost their wallet.

Other use-case: I found a lost wallet. Of course I would want to likewise run a watch dog on that one.
I just imagine some key of some miner leaking and 60,000 users importing it hoping to be the lucky sweeper of the next automatic mining pay out Wink  .... hmmm ...  most likely the winner could only be some pool that has such a watch dog on their own.

I'm more referring to the use case that some party puts 1 BTC in a private key and distributes it like a coupon code, or as a refund for something, or when you're redeeming a Casascius coin.  Or in the case of "buried keys."  I personally believe it's a waste of time to put any effort towards keeping those keys around, because that key is dead.  No one has any reason to ever send that key any money, ever again.  Sweep it and move on with your life.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!