Bitcoin Forum
November 23, 2017, 10:24:16 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Questions Regarding BIP32 Security  (Read 1514 times)
2_Thumbs_Up
Sr. Member
****
Offline Offline

Activity: 323


View Profile
February 20, 2015, 06:32:36 PM
 #1

I'm trying to wrap my head around the security implications of HD wallets. The vulnerability I'm a bit unclear on is where a private key and a master public key together can leak a master private key.

As far as I understand HD-wallets, they consist of a pair of master keys, derived "account master keys", and then a pair of keys for every single address in every account. Say my xpub master key is known, what would someone with a single private key be able to do with this? My guess is that he could get the private account key, thus getting access to all the coins in that account, but not any other accounts. Correct? Any other things I should be aware of?

Secondly, apparently there is this thing called hardened keys as well that makes this leaking impossible, which is why it is isolated to single accounts. I assume there is some sort of drawback of this, since otherwise all keys should be derived in this manner. What's the deal here?

If there is any other non-intuitive possibility of leakage of private keys that I'm unaware of, please tell me.

Thanks.
1511432656
Hero Member
*
Offline Offline

Posts: 1511432656

View Profile Personal Message (Offline)

Ignore
1511432656
Reply with quote  #2

1511432656
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
rgenito
Full Member
***
Offline Offline

Activity: 138


View Profile WWW
October 18, 2016, 11:18:04 PM
 #2

Check out this article written by Vitalik Buterin, it will answer your question... basically, do not give *any* private keys to people that should not be able to spend....ever Smiley and do not give out *any* private keys when anyone in a company has a "master public key" (or extended public key...)

https://bitcoinmagazine.com/articles/deterministic-wallets-advantages-flaw-1385450276

https://WallofCoins.com * A peer-to-peer market for buying and selling decentralized, Digital Currencies. Intelligent, trustworthy, and secure.
RealBitcoin
Hero Member
*****
Offline Offline

Activity: 854


JAYCE DESIGNS - http://bit.ly/1tmgIwK


View Profile
October 18, 2016, 11:20:45 PM
 #3

I have just asked the same question a few hours ago, what a coincidence, check here:

https://bitcointalk.org/index.php?topic=1652854

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!