* [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key
@ 2013-05-07 12:16 Adam Back
2013-05-07 12:28 ` Gavin Andresen
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Adam Back @ 2013-05-07 12:16 UTC (permalink / raw)
To: Bitcoin-Dev
Hi
Three minor security/other issues:
1. please a way to unlock the wallet without displaying wallet password in
console screen (console unlock wallet, to import priv key); or
2. a button to import a private key (and option to transfer it to another
key - if you are not the sole controller the private key)
3. a UX way to transfer BTC off a specific adress (eg choose from
address), rather than having to spend the entire wallet onto a new
address, just to get BTC off a specific address. Doing it that way has
problems: creates more network traffic/bigger packets, higher fees (if
any transactions are young/low confirmation), and generally damages
privacy as all your funds end up linked.
Stop reading here if thats clear.. below is how those scenarios happened
which I think are common enough.
So someone sent me a small BTC donation by emailing me the private key, as I
had no bitcoin address. So naturally I need to move the funds off the
private key, or they could spend it under me.
I had another small amount on a self-controlled private key in the wallet
via a reddit tip (.05BTC tip payed to self-controlled key became .0498BTC).
So I went through the debug->console unlock wallet (password in cleartext on
screen? yuck), then importpriv key, process and that worked, though not
particularly intuitive - could do with an "import key" button?
Then I wanted to take the .01 BTC off the private key and the FAQs etc seem
to suggest that the only way to do it is to spend our entire balance (from
all keys) onto a new address. Not exactly what I wanted, but I did it
anyway and the tx fee goes up from .0001 which I set it to to .0005 because
the transaction was young, to avoid network flooding. Even though
transaction I actually wanted to move (on the non self-controlled key had a
big heap of confirmations and so could've been .0001 tx fee).
Would be kind of handy to be able to select the key to empty without having
to empty the entire wallet into a new key... (Smaller transaction KB on the
network, less fees for the user, less confusing).
Maybe theres a way to do it, eg via the console again, but I didnt find it;
and it's surely common enough that it could do with being another button or
right click option. eg I could've setup another wallet instance but thats
rather indirect.
Adam
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key 2013-05-07 12:16 [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key Adam Back @ 2013-05-07 12:28 ` Gavin Andresen 2013-05-07 13:14 ` Wladimir 2013-05-07 13:19 ` Pieter Wuille ` (2 subsequent siblings) 3 siblings, 1 reply; 7+ messages in thread From: Gavin Andresen @ 2013-05-07 12:28 UTC (permalink / raw) To: Adam Back; +Cc: Bitcoin-Dev [-- Attachment #1: Type: text/plain, Size: 931 bytes --] "sweep private key" is the missing functionality. I agree, it would be nice to have. On Tue, May 7, 2013 at 8:16 AM, Adam Back <adam@cypherspace.org> wrote: > Hi > > Three minor security/other issues: > > 1. please a way to unlock the wallet without displaying wallet password in > console screen (console unlock wallet, to import priv key); or > > 2. a button to import a private key (and option to transfer it to another > key - if you are not the sole controller the private key) > > 3. a UX way to transfer BTC off a specific adress (eg choose from > address), rather than having to spend the entire wallet onto a new > address, just to get BTC off a specific address. Doing it that way has > problems: creates more network traffic/bigger packets, higher fees (if > any transactions are young/low confirmation), and generally damages > privacy as all your funds end up linked. > -- -- Gavin Andresen [-- Attachment #2: Type: text/html, Size: 1283 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key 2013-05-07 12:28 ` Gavin Andresen @ 2013-05-07 13:14 ` Wladimir 0 siblings, 0 replies; 7+ messages in thread From: Wladimir @ 2013-05-07 13:14 UTC (permalink / raw) To: Gavin Andresen; +Cc: Bitcoin-Dev [-- Attachment #1: Type: text/plain, Size: 1585 bytes --] On Tue, May 7, 2013 at 2:28 PM, Gavin Andresen <gavinandresen@gmail.com>wrote: > "sweep private key" is the missing functionality. > > I agree, it would be nice to have. > > > On Tue, May 7, 2013 at 8:16 AM, Adam Back <adam@cypherspace.org> wrote: > >> Hi >> >> Three minor security/other issues: >> >> 1. please a way to unlock the wallet without displaying wallet password in >> console screen (console unlock wallet, to import priv key); or >> >> 2. a button to import a private key (and option to transfer it to another >> key - if you are not the sole controller the private key) >> >> 3. a UX way to transfer BTC off a specific adress (eg choose from >> address), rather than having to spend the entire wallet onto a new >> address, just to get BTC off a specific address. Doing it that way has >> problems: creates more network traffic/bigger packets, higher fees (if >> any transactions are young/low confirmation), and generally damages >> privacy as all your funds end up linked. >> > Yes, sweep (send all the coins from this addresses to me) should certainly be added. Maybe even a way to do it periodically, though but that would require remembering the key. Importing private keys into the wallet will not be added as a user-friendly option, as it is dangerous and potentially confusing. As for (1), I think a better solution would to add a list of commands whose arguments are censored in the console screen and command line history. At least `importprivkey`, `walletpassphrase`, `walletpassphrasechange` should likely be in that list. Wladimir [-- Attachment #2: Type: text/html, Size: 2547 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key 2013-05-07 12:16 [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key Adam Back 2013-05-07 12:28 ` Gavin Andresen @ 2013-05-07 13:19 ` Pieter Wuille 2013-05-07 16:06 ` Adam Back 2013-05-07 16:44 ` Craig B Agricola 2013-05-10 15:27 ` Jesus Cea 3 siblings, 1 reply; 7+ messages in thread From: Pieter Wuille @ 2013-05-07 13:19 UTC (permalink / raw) To: Adam Back; +Cc: Bitcoin-Dev On Tue, May 07, 2013 at 02:16:41PM +0200, Adam Back wrote: > Hi > > Three minor security/other issues: > > 1. please a way to unlock the wallet without displaying wallet password in > console screen (console unlock wallet, to import priv key); or I think the general solution here is providing a feature-reach Python RPC client, which can do things like remember passwords, command history/tab completion, perhaps even batch lookups of compound commands (getblock $(getblockhash X, for example, ...). The naive RPC client built into bitcoind is not a good fit for many features, as they can much more efficiently be developed outside of the core binary, > 2. a button to import a private key (and option to transfer it to another > key - if you are not the sole controller the private key) I'm quite opposed to any per-key fiddling in the GUI. This will inevitably lead to (even more) people misunderstanding how wallets work and shooting themself in the foot. I don't mind an expert mode ("coin control") that enables such features, but in general, we should for entire-wallet export and import rather than individual keys. Import & sweep an address is something else, that sounds safe to. > 3. a UX way to transfer BTC off a specific adress (eg choose from > address), rather than having to spend the entire wallet onto a new > address, just to get BTC off a specific address. Doing it that way has > problems: creates more network traffic/bigger packets, higher fees (if > any transactions are young/low confirmation), and generally damages > privacy as all your funds end up linked. This belongs in coin control, IMHO. -- Pieter ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key 2013-05-07 13:19 ` Pieter Wuille @ 2013-05-07 16:06 ` Adam Back 0 siblings, 0 replies; 7+ messages in thread From: Adam Back @ 2013-05-07 16:06 UTC (permalink / raw) To: Pieter Wuille; +Cc: Bitcoin-Dev At ZKS other than freedom network (ToR precursor) we had psueudonyms associated with cookie managers. The idea was you create pseudonyms for different purposes to segregate your online linkability. medical casual browsing social media private work true name Seems to me that people are always going to make mistakes with individual keys, even if the feature were there and accidentally link all their coin sources together. I presume people saw the analysis of the slush related 25k BTC theft, even seemingly the thief made possible slips while trying presumably not to: http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html Does the client have any privacy algorithm (to minimise coin source cross linking) to reach a given payment? eg consider say I use social media, with a screen name; I collect reddit tips etc; I pay them out to others, or use them to buy virtual goods associated with the same purpose. It would be rather useful to help people achieve that, there is already the ability to create addresses, label them. But I think just for the GUI to allow you to control which address the payment is from would be enough, it doesnt seem like such a complicated concept. And if people dont care, they only need create one address. Technically ZKS wasnt anonymous networking like ToR but pseudonymous networking. Multiple wallets for different unlinked purposes would be somewhat analogous to ZKS freedom pseudonymous networking & cookie-jar. Because of the pseudonymity in ZKS misbehavers could be blocked by exit nodes based on pseudonym. Of course they can always create a new pseudonym but then they lose their accumulated reputation. You can even make people pay for pseudonyms, as I recall users got 5 free pseudonyms but had to pay for more. (Though I have to admit the concensus after some years at ZKS was most end users didnt understand what a pseudonym was! They just wanted to be "private" and have the computer magically solve it for them.) If you want to simplify maybe you could consider normal (linked to AML trading accounts, orders for physically delivered goods etc), and "private" analogus to the private browsing mode in various browsers. Maybe beyond 2 is an advanced feature but still available. Adam On Tue, May 07, 2013 at 03:19:50PM +0200, Pieter Wuille wrote: >On Tue, May 07, 2013 at 02:16:41PM +0200, Adam Back wrote: >> Hi >> >> Three minor security/other issues: >> >> 1. please a way to unlock the wallet without displaying wallet password in >> console screen (console unlock wallet, to import priv key); or > >I think the general solution here is providing a feature-reach Python RPC client, >which can do things like remember passwords, command history/tab completion, >perhaps even batch lookups of compound commands (getblock $(getblockhash X, for >example, ...). The naive RPC client built into bitcoind is not a good fit for >many features, as they can much more efficiently be developed outside of the >core binary, > > >> 2. a button to import a private key (and option to transfer it to another >> key - if you are not the sole controller the private key) > >I'm quite opposed to any per-key fiddling in the GUI. This will inevitably lead >to (even more) people misunderstanding how wallets work and shooting themself in >the foot. I don't mind an expert mode ("coin control") that enables such features, >but in general, we should for entire-wallet export and import rather than >individual keys. > >Import & sweep an address is something else, that sounds safe to. > >> 3. a UX way to transfer BTC off a specific adress (eg choose from >> address), rather than having to spend the entire wallet onto a new >> address, just to get BTC off a specific address. Doing it that way has >> problems: creates more network traffic/bigger packets, higher fees (if >> any transactions are young/low confirmation), and generally damages >> privacy as all your funds end up linked. > >This belongs in coin control, IMHO. > >-- >Pieter > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key 2013-05-07 12:16 [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key Adam Back 2013-05-07 12:28 ` Gavin Andresen 2013-05-07 13:19 ` Pieter Wuille @ 2013-05-07 16:44 ` Craig B Agricola 2013-05-10 15:27 ` Jesus Cea 3 siblings, 0 replies; 7+ messages in thread From: Craig B Agricola @ 2013-05-07 16:44 UTC (permalink / raw) To: Adam Back; +Cc: Bitcoin-Dev BTW, Adam, I suspect you might be using the console in the GUI, and that might be under Windows for all I know, but I usually do it this way on the command line under Linux: echo -n "Password: ";bitcoind walletpassphrase `stty -echo;read p;echo $p;stty echo` 60; echo This uses the JSON API to unlock the wallet (for 60 seconds; which is the "60" at the end), and should work for either the GUI (if you start it with the -server flag) or the headless bitcoind. It keeps the password that you type off the console, and also keeps it out of the history file. The only issue with it is that it will show up in the process tree as an argument of the command for the period of time that the JSON API is being prepared and sent, which should be fairly short. This might be a concern if you are on a multi-user system (you probably shouldn't be doing this anyway), or worry that spyware might be monitoring for passwords (though if you are worried about spyware, you should already be concerned about keyloggers, so...) I doubt this will work (without significant modifications) on Windows without Cygwin, though. -Craig On Tue, May 07, 2013 at 02:16:41PM +0200, Adam Back wrote: > Hi > > Three minor security/other issues: > > 1. please a way to unlock the wallet without displaying wallet password in > console screen (console unlock wallet, to import priv key); or ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key 2013-05-07 12:16 [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key Adam Back ` (2 preceding siblings ...) 2013-05-07 16:44 ` Craig B Agricola @ 2013-05-10 15:27 ` Jesus Cea 3 siblings, 0 replies; 7+ messages in thread From: Jesus Cea @ 2013-05-10 15:27 UTC (permalink / raw) To: Bitcoin-Dev -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/05/13 14:16, Adam Back wrote: > 3. a UX way to transfer BTC off a specific adress (eg choose from > address), rather than having to spend the entire wallet onto a new > address, just to get BTC off a specific address. Doing it that way > has problems: creates more network traffic/bigger packets, higher > fees (if any transactions are young/low confirmation), and > generally damages privacy as all your funds end up linked. [...] > Then I wanted to take the .01 BTC off the private key and the FAQs > etc seem to suggest that the only way to do it is to spend our > entire balance (from all keys) onto a new address. Not exactly > what I wanted, but I did it anyway and the tx fee goes up from > .0001 which I set it to to .0005 because the transaction was young, > to avoid network flooding. Even though transaction I actually > wanted to move (on the non self-controlled key had a big heap of > confirmations and so could've been .0001 tx fee). "sendfrom" in the RPC interface. Difficult to use (I would like to be able to use source key, in addition of source "accounts") and easy to make mistakes. But doable. Would be nice to have an "advanced" GUI option to chooce source account/key. - -- Jesús Cea Avión _/_/ _/_/_/ _/_/_/ jcea@jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/ Twitter: @jcea _/_/ _/_/ _/_/_/_/_/ jabber / xmpp:jcea@jabber.org _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQCVAwUBUY0R5plgi5GaxT1NAQLJ6AQAkWozxNWJdMYbIBKFTxsPErmv3LChAsYm bzVIb8ufwV45X0QT3maxz6A/u3yr4wGxu53Vs29dJkM5rgO5JU7akuPs3qvg3ffh h593zmqyVimfpXxBppff4vocpKTCJ+1ocB5MydGjgGoH2hJ8dwZNQRHYnMwqCjDf 2ONQu7nT0pQ= =zZVh -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2013-05-10 15:27 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-05-07 12:16 [Bitcoin-development] minor bitcoin-qt gripes moving BTC off specific key Adam Back 2013-05-07 12:28 ` Gavin Andresen 2013-05-07 13:14 ` Wladimir 2013-05-07 13:19 ` Pieter Wuille 2013-05-07 16:06 ` Adam Back 2013-05-07 16:44 ` Craig B Agricola 2013-05-10 15:27 ` Jesus Cea
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox