Comments on: A sjsqd walks into a pub... http://trilema.com/2015/a-sjsqd-walks-into-a-pub/ Moving targets for a fast crowd. Wed, 10 Jun 2026 02:23:18 +0000 http://polimedia.us hourly 1 By: Check out this demented fuck on Trilema - A blog by Mircea Popescu. http://trilema.com/2015/a-sjsqd-walks-into-a-pub/#comment-161763 Check out this demented fuck on Trilema - A blog by Mircea Popescu. Sat, 27 Mar 2021 01:42:16 +0000 http://trilema.com/?p=60376#comment-161763 [...] sjsqd walks into a pub, and Stevegarywhatever's going to... what is he going to do ? He's going to yell [...] [...] sjsqd walks into a pub, and Stevegarywhatever's going to... what is he going to do ? He's going to yell [...]

]]> By: A Review of the Bitcoin Category on trilema.com « Ossa Sepia http://trilema.com/2015/a-sjsqd-walks-into-a-pub/#comment-148077 A Review of the Bitcoin Category on trilema.com « Ossa Sepia Fri, 27 Mar 2020 19:31:02 +0000 http://trilema.com/?p=60376#comment-148077 [...] adnotated failed introduction of a newcomer to #trilema. [...] [...] adnotated failed introduction of a newcomer to #trilema. [...]

]]> By: Mircea Popescu http://trilema.com/2015/a-sjsqd-walks-into-a-pub/#comment-112528 Mircea Popescu Fri, 06 Mar 2015 21:56:50 +0000 http://trilema.com/?p=60376#comment-112528 Anon's idea is not bad imo. However, as Peter Lambert points out, even as trivial a fix as "allow user to select change address" would go a very long way to resolve the problem. You could have a clicked-by-default checkbox saying 'generate new address' with an optional field where user can supply an arbitrary address. The automatically-generated-change-address-for-all-sent-tx model currently in place is very weak, weak to the degree of perhaps being deliberately so. It allows some presumptions to be made by an attacker that should never be allowed. Anon's idea is not bad imo.

However, as Peter Lambert points out, even as trivial a fix as "allow user to select change address" would go a very long way to resolve the problem. You could have a clicked-by-default checkbox saying 'generate new address' with an optional field where user can supply an arbitrary address.

The automatically-generated-change-address-for-all-sent-tx model currently in place is very weak, weak to the degree of perhaps being deliberately so. It allows some presumptions to be made by an attacker that should never be allowed.

]]> By: Peter Lambert http://trilema.com/2015/a-sjsqd-walks-into-a-pub/#comment-112521 Peter Lambert Fri, 06 Mar 2015 12:44:34 +0000 http://trilema.com/?p=60376#comment-112521 > How would you implement it ? The problem now is that during the course of normal use, wallet backups become stale as new addresses are generated for change. How about -- the wallet generates a (user) specified number of addresses, and uses ONLY those as change addresses and receiving addresses. If the addresses are all used, it should give a message to the user (perhaps have an option of whether to give you this message or just ignore it?). When the user wants, they can generate another batch of addresses. Thus the user will know when they need to make a new backup, since they are the one who decides when to add new addresses to the wallet. > How would you implement it ?

The problem now is that during the course of normal use, wallet backups become stale as new addresses are generated for change.

How about -- the wallet generates a (user) specified number of addresses, and uses ONLY those as change addresses and receiving addresses. If the addresses are all used, it should give a message to the user (perhaps have an option of whether to give you this message or just ignore it?). When the user wants, they can generate another batch of addresses. Thus the user will know when they need to make a new backup, since they are the one who decides when to add new addresses to the wallet.

]]> By: anon http://trilema.com/2015/a-sjsqd-walks-into-a-pub/#comment-112519 anon Fri, 06 Mar 2015 08:02:10 +0000 http://trilema.com/?p=60376#comment-112519 How about -- require user to feed wallet file with significant entropy, proceed to generate addresses on the basis of that (hash and salt, hash and salt). Whenever the user feels like it, he can replace the entropy seed and the salt, thus invalidating his old backups. For as long as the user doesn't feel like it, the security of generated addresses slowly decays (but is still, for at least the first however many decades, massively ahead of the security of addresses generated by the currently deployed scheme). How about -- require user to feed wallet file with significant entropy, proceed to generate addresses on the basis of that (hash and salt, hash and salt). Whenever the user feels like it, he can replace the entropy seed and the salt, thus invalidating his old backups. For as long as the user doesn't feel like it, the security of generated addresses slowly decays (but is still, for at least the first however many decades, massively ahead of the security of addresses generated by the currently deployed scheme).

]]>