tag:blogger.com,1999:blog-37798047.post8541881618922501846..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: Bitcoin QT weirdnessDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-37798047.post-92155863592137395322014-02-16T11:06:56.324-05:002014-02-16T11:06:56.324-05:00I hope you don't make your living in as a secu...I hope you don't make your living in as a security expert. You just made yourself a joke.<br /><br />It is very good that people are curious and check or audit Bitcoin and what is going on under the hood.<br />But this type of posting suggesting malicious intend embedded in some bitcoin software is actually negligence and making just FUD.<br />The bitcoin protocol takes in account the ownership of bitcoins by tracking transactions. And transactions are considered unspent or spent (that meaning totally spent).<br />This optimization have great advantages since by protocol, only standing unspent transactions have to be check in order to validate new transactions.<br />So if you receive 2 BTC in one inbound transaction, and you want to send 0.5 BTC to someone, you'll have to spend the inbound transaction and send back to yourself the remaining 1.5 BTC to what is called a change address. This is done automatically by the software.<br />Bitcoin-qt will use a new change address every time it needs to send a change back to you for privacy issues.<br />This change address has its own private key and it is stored in the wallet file (wallet.dat).<br />Actually, Bitcoin-qt precreates 100 private keys, 99 of which are reserve and will be used if you want a new address or if a new change address is needed. If it runs out of these reserve addresses, it will create more (and you should backup your wallet again, old backups won't have the new addresses).<br />What is a little annoying about Bitcoin-qt is that these change addresses are not shown (I guess in order to simplify the interface and the reports).<br />So once a person start to discover this 'strange' behavior it can get spooky. It is common for people first to ask in a forum where they would get good answers, but posting it in a blog is king of embarrassing once you realize you didn't do your due diligence first.Anonymoushttps://www.blogger.com/profile/03450626646571781351noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-54940307190761496682014-02-14T01:55:20.883-05:002014-02-14T01:55:20.883-05:00If you want to consolidate, you can always spend a...If you want to consolidate, you can always spend all your coins to one address.Anonymoushttps://www.blogger.com/profile/16455120881531867958noreply@blogger.com