public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key
@ 2013-05-07 12:16 Adam Back
  2013-05-07 12:28 ` Gavin Andresen
                   ` (3 more replies)
  0 siblings, 4 replies; 7+ messages in thread
From: Adam Back @ 2013-05-07 12:16 UTC (permalink / raw)
  To: Bitcoin-Dev

Hi

Three minor security/other issues:

1. please a way to unlock the wallet without displaying wallet password in
   console screen (console unlock wallet, to import priv key); or 

2. a button to import a private key (and option to transfer it to another
   key - if you are not the sole controller the private key)

3. a UX way to transfer BTC off a specific adress (eg choose from
   address), rather than having to spend the entire wallet onto a new
   address, just to get BTC off a specific address.  Doing it that way has
   problems: creates more network traffic/bigger packets, higher fees (if
   any transactions are young/low confirmation), and generally damages
   privacy as all your funds end up linked.

Stop reading here if thats clear.. below is how those scenarios happened
which I think are common enough.

So someone sent me a small BTC donation by emailing me the private key, as I
had no bitcoin address.  So naturally I need to move the funds off the
private key, or they could spend it under me.

I had another small amount on a self-controlled private key in the wallet
via a reddit tip (.05BTC tip payed to self-controlled key became .0498BTC).

So I went through the debug->console unlock wallet (password in cleartext on
screen? yuck), then importpriv key, process and that worked, though not
particularly intuitive - could do with an "import key" button?

Then I wanted to take the .01 BTC off the private key and the FAQs etc seem
to suggest that the only way to do it is to spend our entire balance (from
all keys) onto a new address.  Not exactly what I wanted, but I did it
anyway and the tx fee goes up from .0001 which I set it to to .0005 because
the transaction was young, to avoid network flooding.  Even though
transaction I actually wanted to move (on the non self-controlled key had a
big heap of confirmations and so could've been .0001 tx fee).

Would be kind of handy to be able to select the key to empty without having
to empty the entire wallet into a new key...  (Smaller transaction KB on the
network, less fees for the user, less confusing).

Maybe theres a way to do it, eg via the console again, but I didnt find it;
and it's surely common enough that it could do with being another button or
right click option.  eg I could've setup another wallet instance but thats
rather indirect.

Adam



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key
  2013-05-07 12:16 [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key Adam Back
@ 2013-05-07 12:28 ` Gavin Andresen
  2013-05-07 13:14   ` Wladimir
  2013-05-07 13:19 ` Pieter Wuille
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 7+ messages in thread
From: Gavin Andresen @ 2013-05-07 12:28 UTC (permalink / raw)
  To: Adam Back; +Cc: Bitcoin-Dev

[-- Attachment #1: Type: text/plain, Size: 931 bytes --]

"sweep private key" is the missing functionality.

I agree, it would be nice to have.


On Tue, May 7, 2013 at 8:16 AM, Adam Back <adam@cypherspace.org> wrote:

> Hi
>
> Three minor security/other issues:
>
> 1. please a way to unlock the wallet without displaying wallet password in
>    console screen (console unlock wallet, to import priv key); or
>
> 2. a button to import a private key (and option to transfer it to another
>    key - if you are not the sole controller the private key)
>
> 3. a UX way to transfer BTC off a specific adress (eg choose from
>    address), rather than having to spend the entire wallet onto a new
>    address, just to get BTC off a specific address.  Doing it that way has
>    problems: creates more network traffic/bigger packets, higher fees (if
>    any transactions are young/low confirmation), and generally damages
>    privacy as all your funds end up linked.
>
-- 
--
Gavin Andresen

[-- Attachment #2: Type: text/html, Size: 1283 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key
  2013-05-07 12:28 ` Gavin Andresen
@ 2013-05-07 13:14   ` Wladimir
  0 siblings, 0 replies; 7+ messages in thread
From: Wladimir @ 2013-05-07 13:14 UTC (permalink / raw)
  To: Gavin Andresen; +Cc: Bitcoin-Dev

[-- Attachment #1: Type: text/plain, Size: 1585 bytes --]

On Tue, May 7, 2013 at 2:28 PM, Gavin Andresen <gavinandresen@gmail.com>wrote:

> "sweep private key" is the missing functionality.
>
> I agree, it would be nice to have.
>
>
> On Tue, May 7, 2013 at 8:16 AM, Adam Back <adam@cypherspace.org> wrote:
>
>> Hi
>>
>> Three minor security/other issues:
>>
>> 1. please a way to unlock the wallet without displaying wallet password in
>>    console screen (console unlock wallet, to import priv key); or
>>
>> 2. a button to import a private key (and option to transfer it to another
>>    key - if you are not the sole controller the private key)
>>
>> 3. a UX way to transfer BTC off a specific adress (eg choose from
>>    address), rather than having to spend the entire wallet onto a new
>>    address, just to get BTC off a specific address.  Doing it that way has
>>    problems: creates more network traffic/bigger packets, higher fees (if
>>    any transactions are young/low confirmation), and generally damages
>>    privacy as all your funds end up linked.
>>
>
Yes, sweep (send all the coins from this addresses to me) should certainly
be added. Maybe even a way to do it periodically, though but that would
require remembering the key.

Importing private keys into the wallet will not be added as a user-friendly
option, as it is dangerous and potentially confusing.

As for (1), I think a better solution would to add a list of commands whose
arguments are censored in the console screen and command line history. At
least `importprivkey`, `walletpassphrase`, `walletpassphrasechange` should
likely be in that list.

Wladimir

[-- Attachment #2: Type: text/html, Size: 2547 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key
  2013-05-07 12:16 [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key Adam Back
  2013-05-07 12:28 ` Gavin Andresen
@ 2013-05-07 13:19 ` Pieter Wuille
  2013-05-07 16:06   ` Adam Back
  2013-05-07 16:44 ` Craig B Agricola
  2013-05-10 15:27 ` Jesus Cea
  3 siblings, 1 reply; 7+ messages in thread
From: Pieter Wuille @ 2013-05-07 13:19 UTC (permalink / raw)
  To: Adam Back; +Cc: Bitcoin-Dev

On Tue, May 07, 2013 at 02:16:41PM +0200, Adam Back wrote:
> Hi
> 
> Three minor security/other issues:
> 
> 1. please a way to unlock the wallet without displaying wallet password in
>    console screen (console unlock wallet, to import priv key); or 

I think the general solution here is providing a feature-reach Python RPC client,
which can do things like remember passwords, command history/tab completion,
perhaps even batch lookups of compound commands (getblock $(getblockhash X, for
example, ...). The naive RPC client built into bitcoind is not a good fit for
many features, as they can much more efficiently be developed outside of the
core binary,


> 2. a button to import a private key (and option to transfer it to another
>    key - if you are not the sole controller the private key)

I'm quite opposed to any per-key fiddling in the GUI. This will inevitably lead
to (even more) people misunderstanding how wallets work and shooting themself in
the foot. I don't mind an expert mode ("coin control") that enables such features,
but in general, we should for entire-wallet export and import rather than
individual keys.

Import & sweep an address is something else, that sounds safe to.

> 3. a UX way to transfer BTC off a specific adress (eg choose from
>    address), rather than having to spend the entire wallet onto a new
>    address, just to get BTC off a specific address.  Doing it that way has
>    problems: creates more network traffic/bigger packets, higher fees (if
>    any transactions are young/low confirmation), and generally damages
>    privacy as all your funds end up linked.

This belongs in coin control, IMHO.

-- 
Pieter




^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key
  2013-05-07 13:19 ` Pieter Wuille
@ 2013-05-07 16:06   ` Adam Back
  0 siblings, 0 replies; 7+ messages in thread
From: Adam Back @ 2013-05-07 16:06 UTC (permalink / raw)
  To: Pieter Wuille; +Cc: Bitcoin-Dev

At ZKS other than freedom network (ToR precursor) we had psueudonyms
associated with cookie managers.  The idea was you create pseudonyms for
different purposes to segregate your online linkability.  

	medical
	casual browsing
	social media
	private
	work
	true name

Seems to me that people are always going to make mistakes with individual
keys, even if the feature were there and accidentally link all their coin
sources together.  I presume people saw the analysis of the slush related
25k BTC theft, even seemingly the thief made possible slips while trying
presumably not to:

http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html

Does the client have any privacy algorithm (to minimise coin source cross
linking) to reach a given payment?

eg consider say I use social media, with a screen name; I collect reddit
tips etc; I pay them out to others, or use them to buy virtual goods
associated with the same purpose.  

It would be rather useful to help people achieve that, there is already the
ability to create addresses, label them.  But I think just for the GUI to
allow you to control which address the payment is from would be enough, it
doesnt seem like such a complicated concept.  And if people dont care, they
only need create one address.

Technically ZKS wasnt anonymous networking like ToR but pseudonymous
networking.  Multiple wallets for different unlinked purposes would be
somewhat analogous to ZKS freedom pseudonymous networking & cookie-jar. 
Because of the pseudonymity in ZKS misbehavers could be blocked by exit
nodes based on pseudonym.  Of course they can always create a new pseudonym
but then they lose their accumulated reputation.  You can even make people
pay for pseudonyms, as I recall users got 5 free pseudonyms but had to pay
for more.

(Though I have to admit the concensus after some years at ZKS was most end
users didnt understand what a pseudonym was!  They just wanted to be
"private" and have the computer magically solve it for them.)

If you want to simplify maybe you could consider normal (linked to AML
trading accounts, orders for physically delivered goods etc), and "private"
analogus to the private browsing mode in various browsers.  Maybe beyond 2
is an advanced feature but still available.

Adam

On Tue, May 07, 2013 at 03:19:50PM +0200, Pieter Wuille wrote:
>On Tue, May 07, 2013 at 02:16:41PM +0200, Adam Back wrote:
>> Hi
>>
>> Three minor security/other issues:
>>
>> 1. please a way to unlock the wallet without displaying wallet password in
>>    console screen (console unlock wallet, to import priv key); or
>
>I think the general solution here is providing a feature-reach Python RPC client,
>which can do things like remember passwords, command history/tab completion,
>perhaps even batch lookups of compound commands (getblock $(getblockhash X, for
>example, ...). The naive RPC client built into bitcoind is not a good fit for
>many features, as they can much more efficiently be developed outside of the
>core binary,
>
>
>> 2. a button to import a private key (and option to transfer it to another
>>    key - if you are not the sole controller the private key)
>
>I'm quite opposed to any per-key fiddling in the GUI. This will inevitably lead
>to (even more) people misunderstanding how wallets work and shooting themself in
>the foot. I don't mind an expert mode ("coin control") that enables such features,
>but in general, we should for entire-wallet export and import rather than
>individual keys.
>
>Import & sweep an address is something else, that sounds safe to.
>
>> 3. a UX way to transfer BTC off a specific adress (eg choose from
>>    address), rather than having to spend the entire wallet onto a new
>>    address, just to get BTC off a specific address.  Doing it that way has
>>    problems: creates more network traffic/bigger packets, higher fees (if
>>    any transactions are young/low confirmation), and generally damages
>>    privacy as all your funds end up linked.
>
>This belongs in coin control, IMHO.
>
>-- 
>Pieter
>



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key
  2013-05-07 12:16 [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key Adam Back
  2013-05-07 12:28 ` Gavin Andresen
  2013-05-07 13:19 ` Pieter Wuille
@ 2013-05-07 16:44 ` Craig B Agricola
  2013-05-10 15:27 ` Jesus Cea
  3 siblings, 0 replies; 7+ messages in thread
From: Craig B Agricola @ 2013-05-07 16:44 UTC (permalink / raw)
  To: Adam Back; +Cc: Bitcoin-Dev

BTW, Adam, I suspect you might be using the console in the GUI, and that might be
under Windows for all I know, but I usually do it this way on the command line
under Linux:

echo -n "Password: ";bitcoind walletpassphrase `stty -echo;read p;echo $p;stty echo` 60; echo

This uses the JSON API to unlock the wallet (for 60 seconds; which is the "60"
at the end), and should work for either the GUI (if you start it with the
-server flag) or the headless bitcoind.  It keeps the password that you type
off the console, and also keeps it out of the history file.  The only issue
with it is that it will show up in the process tree as an argument of the
command for the period of time that the JSON API is being prepared and sent,
which should be fairly short.  This might be a concern if you are on a
multi-user system (you probably shouldn't be doing this anyway), or
worry that spyware might be monitoring for passwords (though if you are
worried about spyware, you should already be concerned about keyloggers,
so...) I doubt this will work (without significant modifications) on
Windows without Cygwin, though.

 -Craig

On Tue, May 07, 2013 at 02:16:41PM +0200, Adam Back wrote:
> Hi
> 
> Three minor security/other issues:
> 
> 1. please a way to unlock the wallet without displaying wallet password in
>    console screen (console unlock wallet, to import priv key); or 



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key
  2013-05-07 12:16 [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key Adam Back
                   ` (2 preceding siblings ...)
  2013-05-07 16:44 ` Craig B Agricola
@ 2013-05-10 15:27 ` Jesus Cea
  3 siblings, 0 replies; 7+ messages in thread
From: Jesus Cea @ 2013-05-10 15:27 UTC (permalink / raw)
  To: Bitcoin-Dev

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/05/13 14:16, Adam Back wrote:
> 3. a UX way to transfer BTC off a specific adress (eg choose from 
> address), rather than having to spend the entire wallet onto a new 
> address, just to get BTC off a specific address.  Doing it that way
> has problems: creates more network traffic/bigger packets, higher
> fees (if any transactions are young/low confirmation), and
> generally damages privacy as all your funds end up linked.

[...]

> Then I wanted to take the .01 BTC off the private key and the FAQs
> etc seem to suggest that the only way to do it is to spend our
> entire balance (from all keys) onto a new address.  Not exactly
> what I wanted, but I did it anyway and the tx fee goes up from
> .0001 which I set it to to .0005 because the transaction was young,
> to avoid network flooding.  Even though transaction I actually
> wanted to move (on the non self-controlled key had a big heap of
> confirmations and so could've been .0001 tx fee).

"sendfrom" in the RPC interface. Difficult to use (I would like to be
able to use source key, in addition of source "accounts") and easy to
make mistakes. But doable.

Would be nice to have an "advanced" GUI option to chooce source
account/key.

- -- 
Jesús Cea Avión                         _/_/      _/_/_/        _/_/_/
jcea@jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
Twitter: @jcea                        _/_/    _/_/          _/_/_/_/_/
jabber / xmpp:jcea@jabber.org  _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQCVAwUBUY0R5plgi5GaxT1NAQLJ6AQAkWozxNWJdMYbIBKFTxsPErmv3LChAsYm
bzVIb8ufwV45X0QT3maxz6A/u3yr4wGxu53Vs29dJkM5rgO5JU7akuPs3qvg3ffh
h593zmqyVimfpXxBppff4vocpKTCJ+1ocB5MydGjgGoH2hJ8dwZNQRHYnMwqCjDf
2ONQu7nT0pQ=
=zZVh
-----END PGP SIGNATURE-----



^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2013-05-10 15:27 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-05-07 12:16 [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key Adam Back
2013-05-07 12:28 ` Gavin Andresen
2013-05-07 13:14   ` Wladimir
2013-05-07 13:19 ` Pieter Wuille
2013-05-07 16:06   ` Adam Back
2013-05-07 16:44 ` Craig B Agricola
2013-05-10 15:27 ` Jesus Cea

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox