-
Notifications
You must be signed in to change notification settings - Fork 36.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypt wallet #3
Comments
I think we can be creative about the way to input the password. IMHO it should be similar to the Android. It is really awesome and forces you into thinking about something more abstract. :) |
How does Android do it? Got a reference? |
I jotted down some thoughts here: |
I think this is a key feature. Manually backing up and securing your wallet really sucks, I think this keeps a lot of users from using BitCoin. Also there should be possible to specify wallet location. This way I would keep my wallet in my dropbox and therefore would take care of backing up. |
The Andriod way of inputting your passcode (assuming you mean what you think I mean) is kind of a 'connect the dot' system, where you slide your finger from the first digit directly to the second. This has the implication of actually being less secure than using the traditional tap per digit system, because it limits the number of neighboring digits to 8 as opposed to the full 10. I would like if my wallet was encrypted taking advantage of my already existing GnuPG key. :) |
Suppose we encrypt keys with the public key of a separate private key. That private key is encrypted with a symmetric algorithm, whose key is derived from the passphrase. I believe this is how GnuPG works. When we store this encrypted key in the wallet, we also store a reference to the associated private key. (Or, perhaps have it elsewhere on the file system... usb drive? smart card? keyring?) With this functionality, we could prompt the user for a password once and decrypt multiple keys. It also means that a wallet could be separated into virtual partitions with different encryption keys. I think it would allow a smooth transition, but would it be backwards compatible?[1] Here's the way I imagine interacting with this. I would keep a small amount of bitcoin in the clear. This allows me to easily spend the small amount while assuring I won't lose much if my device is compromised (good for mobile devices). I can easily encrypt/decrypt keys by entering a target amount to "transfer". The actual amount is determined by picking keys with transactions (outputs?) summing to approximately the target. In order to spend more than is in the clear, I must enter one (or more) passphrases, but the rest is automated. [1]Can the structure of the wallet be modified for encrypted keys and a reference to the encrypting private key without causing a breaking change? |
Fnordsoft, I hope the GPG mechanism is simpler - the pass phrase is hashed into a symmetric key, and that key is used to encrypt the sensitive data in the wallet. Much simpler, and you don't have to worry about storing a private key anywhere. The user enters the pass phrase, and the program checks it by encrypting something with the public key, then decrypting it with the private key, and ensuring that the resulting 'something' matches the original 'something'. As for the input, keep it simple: there's nothing wrong with the plain ol' keyboard. The Android style may work well on a mobile device, but would be a royal pain in the *** anywhere else. |
jhyslop, but many of us already use GnuPG with public key cryptography, so we're already storing private keys which we use for other purposes. Adding one more key is trivial. I see no reason why both symmetric and public key cryptography couldn't be available as an option. Aside from the obvious "who will program it" part. |
OK, I see what you're getting at, Jeff. Yeah, that could be an option. The default, I think, should be to use the hashed pass phrase as a symmetric key, with an option to allow advanced users to provide a public key. |
By the way, just to clarify - when I said "the default should be to use the hashed pass phrase as a symmetric key" (HPPASK) I wasn't necessarily pushing HPPASK as The Solution. To generalize my statement, what I meant was "the default should be some password mechanism that keeps the wallet self-contained, and by the way the HPPASK seems to me a simple solution that meets the needs." |
Couldn't find how to assign myself tickets, but I'm working on this. So give me a couple of weeks (focus on other issues) if possible ;) (don't like duplicating work). BTW I'm using a symmetric key (AES now, but easy to switch to blowfish .etc) with the passphrase hashed with RSA using OpenSSL. If you're interested then run 'man evp_sealinit' or man evp_openinit. |
An alternative (or stop-gap measure) to encrypting the wallet could be to allow the user to specify where the file should be. This way, he can place it on an encrypted volume (that he may already have for other important documents). |
My proposal: wallet.dat zipped and encrypted. How effective is break password by brute force? One step can require verify all file? |
First time user experience. I am a developer, but would like to shed light on what I encountered when discovering the world of Bit Coins. After reading a taste of what BCs were I download the client (developer side) and fired it up (OSX). I was met with a string of characters not too frightening for a developer and especially not when expecting crazy encryption fun times to be going on. However, I didn't quite know what I was looking at or what it meant to me. I stumbled onto Bit Faucet and it introduced the notion that these characters were an address used to receive BC. So I learned something. At some point I clicked "New..." and my string of characters changed; this befuddled me a bit. Some more reading calmed me as it was "good practice" to generate these new addresses and use them liberally. As I continued to learn about what I had gotten myself into it came to light that the client I had downloaded was the key to whatever BTC I began to acquire. So as a developer, my first questions were, "where is the secret key?", "how do I protect it?", and "how do I move it and still use this client?". All of these questions are being touched on in IRC and in this thread. So I'm glad to see the discussion is taking place. However, I have yet to see reasonable discourse that talks about what sort of experience our target end-user should see. When starting a conversion in IRC #bitcoin-dev about the above questions I quickly received answers such as: "just backup your wallet.dat file", "use truecrypt", "use gpg", "use a USB stick or dropbox", et cetera. My response is... DUH! The point of the discourse was not to get an answer I am perfectly capable of doing as a developer. It was to discuss how to make Bit Coins and the associated software accessible to our girlfriends, mothers, and fathers. So, with all of that context, and as a development brother looking at my experience as a first time user (while it is still fresh, I discovered BC two days ago and now have 40BTC, yay), I'd like to suggest the following:
My suggestions focus on education and features crucial to the adoption of Bit Coins, in my opinion. I cannot feel good about telling a non-techy about Bit Coins without these features. I want to be able to tell my girlfriend and her be able to make sense of the experience on her own. Thanks for all of the hard work thus far and I'm really enjoying my foray into the Bit Coins community. Cheers, |
If TryCrypt give anything? It joins file as disk. This disk is readable to other programs (trojans), only advantage TryCrypt is defense against read wallet.dat when someone steals computer. |
As far as I see, this discussion was not about malicious software on the device in which the wallet.dat file was being stored. Trojans could be a problem now, and you are correct, they could be a problem when using True Crypt. To clarify, the goal of using True Crypt is as you said, to protect against theft when one no longer has access to their device OR when the bit coin client is not running (in this case, trojans mean nothing). Not to derail the conversation onto malware, but I see no reason to have the wallet.dat file (or other sensitive files) open when not needed. I cannot speak to the internals of how the wallet.dat file is used, but I would summise there could be a way of "locking" or un-mounting the True Crypt disk when the client is not using it and prompting when necessary. That could get annoying, but more discussion on real-time protections should be in another thread. As I see it, this discussion concerns some level of inherent encryption built into the client. To be fair, my mentions of "backups" should be in another thread as well, but the topics tend to be mentioned together. Thank you for the opportunity to clarify. |
Encrypted or not, I strongly advocate a plaintext wallet. Encryption DOES NOT help backup the wallet. It does mean (to a minor extent) that you don't need to be quite as careful with where you backup, but you should ALWAYS backup. As it is, I've got multiple copies of three wallet files on the same media because I am too scared to delete some of them, despite the fact that the addresses are redundant. I can not 'diff' the files, so my backup solution is just copy copy copy. If I ever need to recover, I'll probably have to load a hundred versions of all my wallets looking for loose change. If the wallet were plain text, I'd keep ONLY the key pairs I need and never duplicate them (on the same media). For similar reasons I disagree with the keypool=100 hack because it presents a false sense of security. Eventually (after the 100th key pair) a restoration from backup will blow away real money. And yes, you can have plain text and encryption as a radix64 key block. |
I'd love to see a scheme like in SSH, where the private keys can be encrypted, and a password is then required for using them. Make it optional for all I care, but personally if someone should be able to obtain my wallet.dat it should be useless to them without an extensive amount of work (say brute-forcing my password). |
Encrypting private keys pulled. Closing this request. |
… non-deterministic c061be1 tests: Mark unit test blockfilter_index_initial_sync as non-deterministic (practicalswift) Pull request description: Mark unit test `blockfilter_index_tests/blockfilter_index_initial_sync` as non-deterministic. Before this PR: ``` $ contrib/devtools/test_deterministic_coverage.sh 500 [2019-06-04 09:58:57] Measuring coverage, run #1 of 500 [2019-06-04 10:00:33] Measuring coverage, run #2 of 500 [2019-06-04 10:02:19] Measuring coverage, run #3 of 500 The line coverage is non-deterministic between runs. Exiting. The test suite must be deterministic in the sense that the set of lines executed at least once must be identical between runs. This is a necessary condition for meaningful coverage measuring. --- gcovr.run-1.txt 2019-06-04 10:00:33.389059973 +0000 +++ gcovr.run-3.txt 2019-06-04 10:03:45.619491207 +0000 @@ -72,7 +72,7 @@ hash.h 54 33 61% 71,74-77,82,85-89,111,113,128,147-148,175,178-181 httprpc.cpp 120 3 2% 31,34-35,38-40,46,49,52,54,56,58,70,73-74,76,78-79,81,83-84,89,91,94-95,97,99-101,103,106-107,111-112,117-119,121-122,125,128,130,132,134-136,138-139,142,145,148,151-153,156-160,163-166,171,173-175,180-182,185,187,189-190,192,195,198-199,201,203-204,212,215,217,219-222,224,227-228,230,232,237,239-240,243-245,247-251,254,256,259,261-264,266-267 [* 205-206,208-209] httpserver.cpp 312 6 1% 46,49-50,53,55,80-81,90,92-93,96-98,101,104,106-109,111-112,114,118,120-122,126,128-129,153,155,157-158,164,166-178,180,182,184-188,192,194-196,198-199,201-202,204-205,207-208,213,216-221,225,228-232,236-239,243-244,247-254,256-258,264-267,270-271,274,279,281-282,286,288-290,292-293,297,299-300,303-307,309-310,312-317,322-328,330,332,335,339,341-342,346,352-353,355,358,360,364,368-369,375,378,381-384,388-391,393-394,398-400,402,404-406,409,411-412,414,416,426,428-431,433-434,438,440-441,443,445-446,449,451-455,457-459,463-464,466-469,471-473,475-477,479,482,484,487,490-493,496-497,499-500,502,504,506,508-509,511,513-514,517,519,521-522,527,529-533,535,538,540-543,550-555,558,560-562,570,572-574,577-582,585-590,594-597,600,602-604,606-609,611,614,616,619,621,625-626,628-629,631-632,634-635,640,642-643,646,648-651,653,655-656 -index/base.cpp 149 94 63% 20,22-25,28,66,98,102-103,117-118,140-141,145-146,155,163,175,177-178,181-182,184-185,200-201,203,212,214-215,219-221,228-229,234,236,240,243-244,247-249,258-260,262,270,292-294,308-309 [* 263] +index/base.cpp 149 97 65% 20,22-25,28,66,98,102-103,117-118,140-141,145-146,155,163,175,177-178,181-182,184-185,200-201,203,212,214-215,219-221,228-229,234,236,240,243-244,247-249,258-260,262,270,308-309 [* 263] index/base.h 3 2 66% 77 index/blockfilterindex.cpp 199 134 67% 70,79,81,84-88,91,122,139,142,179-181,184-185,188-189,193-194,201-202,207,233,258,262-263,265-266,268,271-272,274,277,279,284,286,288-289,294,301-302,304,322,329,332-333,350,371,373,438,440-441,444,446,449,455-456,459,461,464,466 [* 162-163] index/blockfilterindex.h 4 4 100% @@ -358,7 +358,7 @@ util/validation.cpp 5 1 20% 12,15-17 validation.cpp 2167 808 37% 291,293,297-300,302,330,332,340,348,355-357,359,362,364-365,368,371,380,382-383,385-386,388-389,396,398-402,406-413,415,417,419,422-425,439-440,442-443,446,449,455-458,461-464,467,469-470,472,474,476,492,494-495,502-503,505-507,511-513,515,517,523,526,528,533,535,540,542-544,550,552-556,558-560,564,574,578-583,586,590-591,594-596,601-602,607-608,611-612,616-617,619-621,635-636,638,640,647-648,651,657-658,660-662,665-667,673,675,677-678,682-683,690,693,700-701,703-705,709-710,713-714,716,719-720,724-727,733-735,737-739,741-743,747-748,751-752,754,757-764,771,773-774,776-779,785-788,793-794,796-800,815-816,818-822,825,827,830,835,838-839,841-843,846-848,850,853,859,864-867,875,877-879,884-885,887-891,895,899-900,904-906,908-909,911,930-931,933,936,942,944-950,952,959,962,965-968,972,978,982-984,990-991,994-996,999,1003-1004,1011,1013,1015-1019,1022-1023,1026-1032,1056,1065,1079,1091,1108,1112,1114-1118,1125,1127-1130,1133-1135,1138-1139,1147,1149,1151-1152,1155,1197,1199-1201,1206-1209,1211-1212,1226,1230,1232-1234,1236,1238-1241,1245-1246,1256,1258,1260-1262,1264-1266,1268,1278-1280,1282-1283,1286,1289,1291-1292,1294-1302,1305-1311,1319-1323,1330,1332-1333,1336-1339,1379,1383-1384,1395,1401,1405-1407,1411-1414,1423-1428,1438-1440,1451,1455,1458,1471,1480,1497,1503,1519,1525,1527-1530,1532-1533,1536,1538-1539,1549,1551,1553,1555,1559-1562,1571,1573,1578,1580,1582-1584,1588-1589,1594-1597,1601-1606,1613-1616,1619-1623,1630,1632,1635,1637,1639-1640,1642-1646,1658,1660,1675,1688,1711,1713-1715,1742,1755,1760,1765,1769,1811,1815,1817,1841-1845,1855,1942,1946-1947,1956,1984-1986,1991-1992,1994,1996-1999,2005-2007,2010-2012,2022-2023,2028-2031,2038-2039,2042,2044,2049,2058-2061,2064,2114-2115,2117-2118,2120-2124,2152-2153,2156,2159-2163,2165-2169,2171-2172,2176-2178,2187-2188,2191-2194,2199,2207-2211,2215-2220,2224,2227-2230,2235,2237-2238,2261-2263,2265,2274,2278,2286,2301,2303-2304,2306-2309,2311,2313-2318,2320,2322,2325,2327-2328,2330,2332-2334,2338,2340,2343-2344,2407-2410,2430,2445-2447,2507-2509,2511-2514,2518,2520-2521,2523-2524,2561,2564,2590,2592-2593,2595-2598,2603,2620,2626,2658,2719,2724,2773,2776-2777,2779,2781,2783,2785-2788,2791,2793-2795,2799,2801-2802,2805,2807-2809,2813,2816,2818-2821,2825-2826,2832-2834,2841-2845,2848,2854,2858-2859,2861,2865-2868,2872-2875,2880,2884-2885,2890-2891,2894-2895,2897,2900-2906,2908,2910,2912,2918-2922,2924,2928-2929,2940,3002-3005,3009-3010,3026-3028,3036-3037,3039-3040,3045,3053,3056,3077,3080,3090,3112,3118,3129,3133,3135-3136,3141-3142,3150,3190-3193,3259,3268,3273,3277,3282-3285,3303,3314,3321-3324,3338-3341,3345-3346,3348-3350,3360,3372,3392,3397,3403,3406,3408,3435-3441,3443,3468-3469,3485,3487-3488,3492-3493,3534-3536,3542,3547-3549,3552,3565-3566,3601-3602,3610,3628,3630,3632,3645,3647,3649-3651,3653,3657,3659,3661-3669,3675-3680,3686-3687,3691,3693-3697,3702,3704,3706-3708,3711-3718,3720,3724,3726-3729,3748,3750-3752,3754,3758-3759,3763,3765,3767,3772,3774,3777-3778,3780-3781,3783,3787-3788,3790,3792-3794,3798-3800,3823,3825,3828,3830,3832,3836-3838,3841-3843,3845,3848,3850,3854-3856,3858-3859,3861-3862,3864-3867,3870-3873,3875-3876,3879,3882-3883,3886-3893,3899,3901,3905-3909,3911-3915,3922-3924,3926-3928,3931,3933-3934,3940-3942,3945-3947,3952,3954-3955,3957,3960-3961,3964,3966,3968-3972,3975,3977,3980,3982,3985,3987-3988,3992-3996,3998-4006,4008-4009,4011-4012,4014,4016,4019,4021-4022,4024-4026,4028-4032,4037-4041,4043-4045,4047,4050,4053-4054,4057,4060-4064,4066-4067,4069-4075,4079-4080,4086,4089-4091,4094-4097,4101,4106,4108,4110,4112-4114,4116-4117,4119,4121,4123-4124,4126,4128-4130,4132-4134,4138-4142,4144-4147,4154,4158-4163,4166-4169,4172-4173,4177,4179-4180,4183,4185,4187-4189,4191-4193,4195,4197-4201,4207-4208,4212,4220-4223,4230,4232-4233,4237,4240,4243,4247,4249,4251,4253-4255,4265-4266,4277,4279,4282,4285-4287,4292-4293,4296,4298,4302,4305-4306,4310-4311,4315-4318,4360,4363-4367,4370,4377,4397,4412,4415-4416,4418,4421-4422,4424,4426-4429,4433-4437,4439-4441,4448-4452,4454-4456,4458,4460,4462-4467,4471-4475,4477,4480-4481,4486-4488,4493,4496-4503,4505,4507-4511,4513-4514,4517-4519,4529-4531,4546,4600,4638-4639,4647,4653,4662-4664,4696,4703-4704,4718,4720,4723,4725,4727,4730,4732-4733,4736,4738-4739,4742,4744-4745,4750,4752-4757,4761-4765,4769-4770,4774-4776,4779-4781,4783-4785,4787-4790,4793-4794,4800-4801,4803,4807,4809-4810,4812-4813,4815-4816,4823,4827,4829,4831-4832,4834-4835,4838-4840,4842,4845,4848-4849,4853,4855-4856,4858-4863,4866-4872,4877,4891,4907 [* 1085-1086,1140-1141,1513-1514,2201-2202,2428,3569-3570,4400-4401,4442,4453,4504,4522-4523,4526-4527,4818-4819,4873-4874] validation.h 19 5 26% 338,350-352,356-363,366,484 -validationinterface.cpp 81 50 61% 78-82,85-86,112-113,116,119-120,123-124,126-128,130,133-136,151-153,163-165,169-171 +validationinterface.cpp 83 60 72% 78-82,85-86,112-113,116,133-136,151-153,163-165,169-171 validationinterface.h 9 4 44% 94,105,112,118,135 versionbits.cpp 92 27 29% 33,35-36,38-39,48-50,52-54,56-57,61-62,67-71,73,75-76,80,82-83,91,98,100,102-103,105,109-110,113-118,121-122,124,127,129-130,134,137,141,149,151,153-155,159,177,179,184,194,196,199,201,204,206 [* 26] versionbits.h 1 1 100% @@ -400,5 +400,5 @@ zmq/zmqpublishnotifier.h 5 0 0% 12,31,37,43,49 zmq/zmqrpc.cpp 23 3 13% 16,18,20,23,33-35,37,40-47,51,62,64-65 ------------------------------------------------------------------------------ -TOTAL 52472 7784 14% +TOTAL 52474 7797 14% ------------------------------------------------------------------------------ $ ``` After this PR: ``` $ contrib/devtools/test_deterministic_coverage.sh 500 [2019-06-03 14:45:25] Measuring coverage, run #1 of 500 [2019-06-03 14:48:15] Measuring coverage, run #2 of 500 [2019-06-03 14:50:49] Measuring coverage, run #3 of 500 [2019-06-03 14:52:20] Measuring coverage, run #4 of 500 [2019-06-03 14:53:49] Measuring coverage, run #5 of 500 … [2019-06-04 09:04:58] Measuring coverage, run #496 of 500 [2019-06-04 09:07:42] Measuring coverage, run #497 of 500 [2019-06-04 09:10:32] Measuring coverage, run #498 of 500 [2019-06-04 09:13:26] Measuring coverage, run #499 of 500 [2019-06-04 09:16:32] Measuring coverage, run #500 of 500 Coverage test passed: Deterministic coverage across 500 runs. $ ``` ACKs for commit c061be: Tree-SHA512: 00cd55b4371290d8587ab667c64249bc31d26cc9dc3dd519677eb91ddb9dbc5333dfbdef5e90c7a0d74eecd24757113e7ec3eda836859ddc033b1de715df81b6
…erministic f899580 tests: Make coins_tests/updatecoins_simulation_test deterministic (practicalswift) Pull request description: Make `coins_tests/updatecoins_simulation_test` deterministic. Before: ``` $ contrib/devtools/test_deterministic_coverage.sh 1000 [2019-06-15 05:36:20] Measuring coverage, run #1 of 1000 [2019-06-15 05:38:05] Measuring coverage, run #2 of 1000 [2019-06-15 05:39:49] Measuring coverage, run #3 of 1000 [2019-06-15 05:41:38] Measuring coverage, run #4 of 1000 [2019-06-15 05:43:16] Measuring coverage, run #5 of 1000 ... [2019-06-16 18:25:23] Measuring coverage, run #880 of 1000 [2019-06-16 18:27:12] Measuring coverage, run #881 of 1000 [2019-06-16 18:29:33] Measuring coverage, run #882 of 1000 [2019-06-16 18:33:00] Measuring coverage, run #883 of 1000 [2019-06-16 18:35:32] Measuring coverage, run #884 of 1000 The line coverage is non-deterministic between runs. Exiting. The test suite must be deterministic in the sense that the set of lines executed at least once must be identical between runs. This is a necessary condition for meaningful coverage measuring. --- gcovr.run-1.txt 2019-06-15 05:38:05.282359029 +0200 +++ gcovr.run-884.txt 2019-06-16 18:37:23.518298374 +0200 @@ -269,7 +269,7 @@ test/bloom_tests.cpp 320 320 100% test/bswap_tests.cpp 13 13 100% test/checkqueue_tests.cpp 223 222 99% 169 -test/coins_tests.cpp 478 472 98% 52,68,344-345,511,524 +test/coins_tests.cpp 478 474 99% 52,68,511,524 test/compilerbug_tests.cpp 18 18 100% test/compress_tests.cpp 27 27 100% test/crypto_tests.cpp 268 268 100% @@ -401,5 +401,5 @@ zmq/zmqpublishnotifier.h 5 0 0% 12,31,37,43,49 zmq/zmqrpc.cpp 23 3 13% 16,18,20,23,33-35,37,40-47,51,62,64-65 ------------------------------------------------------------------------------ -TOTAL 53323 28305 53% +TOTAL 53323 28307 53% ------------------------------------------------------------------------------ ``` After: ``` $ contrib/devtools/test_deterministic_coverage.sh 1000 [2019-06-15 05:36:20] Measuring coverage, run #1 of 1000 [2019-06-15 05:38:05] Measuring coverage, run #2 of 1000 [2019-06-15 05:39:49] Measuring coverage, run #3 of 1000 [2019-06-15 05:41:38] Measuring coverage, run #4 of 1000 [2019-06-15 05:43:16] Measuring coverage, run #5 of 1000 ... $ ``` ACKs for commit f89958: MarcoFalke: ACK f899580 (checked that the randomness state of g_insecure_rand_ctx is the same after three test runs) Tree-SHA512: 796d362b050c5750e351de1126b62f0f2c8e2d712cf01b6e1a3e2cc6ef92fa68439a32fc24c76d34bce4d553aee4ae4ea88a036c56eb9e25979649a19c59c3e5
…urn checking 8d22ab0 ci: Enable address sanitizer (ASan) stack-use-after-return checking (practicalswift) Pull request description: Enable address sanitizer (ASan) stack-use-after-return checking (`detect_stack_use_after_return=1`). Example: ``` #include <iostream> #include <string> const std::string& get_string(int i) { return std::to_string(i); } int main() { std::cout << get_string(41) << "\n"; } ``` Without address sanitizer (ASan) stack-use-after-return checking: ``` $ ./stack-use-after-return $ ``` With address sanitizer (ASan) stack-use-after-return checking: ``` $ ASAN_OPTIONS="detect_stack_use_after_return=1" ./stack-use-after-return ================================================================= ==10400==ERROR: AddressSanitizer: stack-use-after-return on address 0x7f7fa0400030 at pc 0x00000049d2cc bp 0x7ffcbd617070 sp 0x7ffcbd616820 READ of size 2 at 0x7f7abbecd030 thread T0 #0 0x439781 in fwrite #1 0x7f7ac0504cb3 in std::basic_ostream<char, std::char_traits<char> >& std::__ostream_insert<char, std::char_traits<char> >(std::basic_ostream<char, std::char_traits<char> >&, char const*, long) (/usr/lib/x86_64-linux-gnu/libstdc++.so.6+0x113cb3) #2 0x4f9b5f in main stack-use-after-return.cpp:9:15 #3 0x7f7abf440b96 in __libc_start_main #4 0x41bbc9 in _start … $ ``` Top commit has no ACKs. Tree-SHA512: 6557a9ff184023380fd9aa433cdf413e01a928ea99dbc59ec138e5d69cb9e13592e8bb5951612f231ff17a37a895bec5c0940c8db5f328a5c840a5771bdeeba5
1828c6f refactor: Styling w/ clang-format, comment update (Hennadii Stepanov) 88a94f7 qt: Fix missing qRegisterMetaType for size_t (Hennadii Stepanov) Pull request description: On master (a7aec7a) this connection https://github.com/bitcoin/bitcoin/blob/a7aec7ad97949a82f870c033d8fd8b65d772eacb/src/qt/rpcconsole.cpp#L587 fails due to `ClientModel::mempoolSizeChanged()` signal has unregistered parameter type `size_t`: https://github.com/bitcoin/bitcoin/blob/a7aec7ad97949a82f870c033d8fd8b65d772eacb/src/qt/clientmodel.h#L102 More: ``` $ QT_FATAL_WARNINGS=1 lldb src/qt/bitcoin-qt -- -debug=qt ... (lldb) bt * thread #17, name = 'QThread', stop reason = signal SIGABRT * frame #0: 0x00007ffff35fce97 libc.so.6`__GI_raise(sig=2) at raise.c:51 frame #1: 0x00007ffff35fe801 libc.so.6`__GI_abort at abort.c:79 frame #2: 0x00007ffff5901352 libQt5Core.so.5`QMessageLogger::warning(char const*, ...) const + 354 frame #3: 0x00007ffff5b216fe libQt5Core.so.5`___lldb_unnamed_symbol2329$$libQt5Core.so.5 + 334 frame #4: 0x00007ffff5b2456d libQt5Core.so.5`QMetaObject::activate(QObject*, int, int, void**) + 1933 frame #5: 0x000055555566872e bitcoin-qt`ClientModel::mempoolSizeChanged(this=<unavailable>, _t1=<unavailable>, _t2=<unavailable>) at moc_clientmodel.cpp:260 ... ``` `debug.log`: ``` [] GUI: QObject::connect: Cannot queue arguments of type 'size_t' (Make sure 'size_t' is registered using qRegisterMetaType().) ``` This PR fixes it. Refs: - [Qt docs: qRegisterMetaType](https://doc.qt.io/qt-5/qmetatype.html#qRegisterMetaType) - #16348 --- Side NOTE: Also I believe this line https://github.com/bitcoin/bitcoin/blob/a7aec7ad97949a82f870c033d8fd8b65d772eacb/src/qt/bitcoin.cpp#L63 is redundant since long `CAmount` is a `typedef`. ACKs for top commit: laanwj: Tested ACK 1828c6f Tree-SHA512: 2c7f9fe6a5ae70f2e1dd86b07f95d4b00c85c5706a9d722f063f80beb71880d012ec46556963fb1544c2af53d006936c2f7612eae60d9193f67db62ba3d86129
1f9d5af tests: Add initialization order fiasco detection in Travis (practicalswift) Pull request description: Add initialization order fiasco detection in Travis :) Context: #17670 (comment) This would have caught the `events_hasher` initialization order issue introduced in #17573 and fixed in #17670. Output in case of an initialization order fiasco: ``` ==7934==ERROR: AddressSanitizer: initialization-order-fiasco on address 0x557098d79200 at pc 0x55709796b9a3 bp 0x7ffde524dc30 sp 0x7ffde524dc28 READ of size 8 at 0x557098d79200 thread T0 #0 0x55709796b9a2 in CSHA256::Finalize(unsigned char*) src/crypto/sha256.cpp:667:25 #1 0x5570978150e9 in SeedEvents(CSHA512&) src/random.cpp:462:19 #2 0x5570978145e1 in SeedSlow(CSHA512&) src/random.cpp:482:5 #3 0x5570978149a3 in SeedStartup(CSHA512&, (anonymous namespace)::RNGState&) src/random.cpp:527:5 #4 0x55709781102d in ProcRand(unsigned char*, int, RNGLevel) src/random.cpp:571:9 #5 0x557097810d19 in GetRandBytes(unsigned char*, int) src/random.cpp:576:59 #6 0x557096c2f9d5 in (anonymous namespace)::CSignatureCache::CSignatureCache() src/script/sigcache.cpp:34:9 #7 0x557096511977 in __cxx_global_var_init.7 src/script/sigcache.cpp:67:24 #8 0x5570965119f8 in _GLOBAL__sub_I_sigcache.cpp src/script/sigcache.cpp #9 0x557097bba4ac in __libc_csu_init (src/bitcoind+0x18554ac) #10 0x7f214b1c2b27 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:266 #11 0x5570965347d9 in _start (src/bitcoind+0x1cf7d9) 0x557098d79200 is located 96 bytes inside of global variable 'events_hasher' defined in 'random.cpp:456:16' (0x557098d791a0) of size 104 registered at: #0 0x557096545dfd in __asan_register_globals compiler-rt/lib/asan/asan_globals.cpp:360:3 #1 0x557097817f8b in asan.module_ctor (src/bitcoind+0x14b2f8b) SUMMARY: AddressSanitizer: initialization-order-fiasco src/crypto/sha256.cpp:667:25 in CSHA256::Finalize(unsigned char*) ``` ACKs for top commit: promag: Tested ACK 1f9d5af, got MarcoFalke: ACK 1f9d5af 👔 Tree-SHA512: f24ac0a313df7549193bd7f4fcfdf9b72bdfc6a6ee31d0b08e6d0752e5108fbd532106b6c86377ae0641258c9adb4921872e5d9a0154c0284e03315e0777102c
…s (descriptor_parse) 6338c02 tests: Fix fuzzing harness for descriptor parsing (descriptor_parse) (practicalswift) Pull request description: Fix bug in the descriptor parsing fuzzing harness (`descriptor_parse`) by making sure `secp256k1_context_verify` is properly initialized (via `ECCVerifyHandle`). Background: When fuzzing `Parse(…)` with `libFuzzer` I eventually reached the test case `combo(020000000000000000000000000000000000000000000000000000000000000000)`. That input triggers a call to `CPubKey::IsFullyValid()` which in turns requires an initialized `secp256k1_context_verify`. The fuzzing harness did not fulfil that pre-condition prior to this commit (sorry, my fault!) :) Before: ``` $ mkdir descriptors/ $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/ … pubkey.cpp:210:38: runtime error: null pointer passed as argument 1, which is declared to never be null secp256k1/include/secp256k1.h:305:3: note: nonnull attribute specified here #0 0x561c032ccf25 in CPubKey::IsFullyValid() const src/pubkey.cpp:210:12 #1 0x561c022139c3 in (anonymous namespace)::ParsePubkeyInner(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:674:24 #2 0x561c02207680 in (anonymous namespace)::ParsePubkey(Span<char const> const&, bool, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:730:42 #3 0x561c0220080e in (anonymous namespace)::ParseScript(Span<char const>&, (anonymous namespace)::ParseScriptContext, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) src/script/descriptor.cpp:774:23 #4 0x561c021ffb07 in Parse(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, FlatSigningProvider&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, bool) src/script/descriptor.cpp:994:16 #5 0x561c0218d5d4 in test_one_input(std::vector<unsigned char, std::allocator<unsigned char> > const&) src/test/fuzz/descriptor_parse.cpp:20:9 … $ ``` After: ``` $ mkdir descriptors/ $ echo -n 'combo(020000000000000000000000000000000000000000000000000000000000000000)' > descriptors/input $ UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1" src/test/fuzz/descriptor_parse -runs=1 descriptors/ … Done 2 runs in 0 second(s) $ ``` ACKs for top commit: paymog: ACK 6338c02 MarcoFalke: ACK 6338c02 🕊 Tree-SHA512: bf24c404e1f64183761b057d2f210c3db85277f4415122977c315d7d6835acb5e897b5d64032615e9e44ad4a16dfe857e94481f6e4b57b6dfa8cb37adb2528a5
d65fafc gui: disable File->CreateWallet during startup (fanquake) Pull request description: Same as #16118. Early calls to Create Wallet will crash bitcoin-qt. ```bash lldb /Applications/Bitcoin-Qt.app/Contents/MacOS/Bitcoin-Qt -- --regtest -debug Process 18143 launched: '/Users/michael/github/bitcoin/src/qt/bitcoin-qt' (x86_64) 2019-12-07 15:49:37.823867-0500 bitcoin-qt[18143:5696499] MessageTracer: Falling back to default whitelist Process 18143 stopped * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) frame #0: 0x00000001000d2d9d bitcoin-qt`CreateWalletActivity::createWallet() + 381 bitcoin-qt`CreateWalletActivity::createWallet: -> 0x1000d2d9d <+381>: movq 0x18(%rax), %r14 0x1000d2da1 <+385>: movq %r15, -0xa8(%rbp) 0x1000d2da8 <+392>: leaq -0xa0(%rbp), %r12 0x1000d2daf <+399>: leaq -0x80(%rbp), %rsi Target 0: (bitcoin-qt) stopped. (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) * frame #0: 0x00000001000d2d9d bitcoin-qt`CreateWalletActivity::createWallet() + 381 frame #1: 0x0000000100833e6f bitcoin-qt`QMetaObject::activate(QObject*, int, int, void**) + 1631 frame #2: 0x0000000100a1fc47 bitcoin-qt`QDialog::done(int) + 247 frame #3: 0x0000000100833ef5 bitcoin-qt`QMetaObject::activate(QObject*, int, int, void**) + 1765 frame #4: 0x00000001009e04c2 bitcoin-qt`QDialogButtonBoxPrivate::_q_handleButtonClicked() + 786 ``` ACKs for top commit: jonasschnelli: utACK d65fafc promag: ACK d65fafc. Tree-SHA512: 12d7f9e8772508bffbb0163849d9eceec5b1c80068c5d377a4d0973c713dc5f8ad38be8f793fec843d7fb604f0e60a72398b0c95f0a8b775dab39d25b29ac046
* Add ci, docker-compose, sonar * Add service locator, pop, rpc services (#1) Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Add RPC service implementation (#2) * Add rpc_service_impl Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Add opcodes Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Link libvbk everywhere Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Fix build Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Register RPCs Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Fix linker error * Make service locator templated * Use default template param to get rid of second overload of get/setService * Set timeout on build Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Fix usage on OP_CHECKATV&VTB Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Add test template Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Add fakeit Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Use fixture Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Move tests to vbk dir Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Fix double free Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Fix locator Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Disable -fno-devirtualize * Uncomment test Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Fix script_test Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Fix makefile Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Fix flag * Fix -fno-devirtualize flag * Add more interfaces (#3) * Add more interfaces Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Remove unneeded comments Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Fix build, sonar Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Add lcov coverage to sonar (#5) * Add lcov coverage to sonar Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Use gcovr Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Implement Util Service & add tests (#4) * Implement Util Service & add tests Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Add guard impl Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Remove slice; include vector Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Fix Signed-off-by: Bogdan Vaneev <warchantua@gmail.com> * Add init methods (#7) * Fixe AreInputsStandard, GetTransactionSigOpCostGetP2SHSigOpCount (#6) * Fixe AreInputsStandard, GetTransactionSigOpCostGetP2SHSigOpCount * fixes * fixes * fixes * fixe test, udate UpdateCoins' (#9) * fixes (#12) * fixes * small fixe * fixe * Update src/vbk/util_service/util_service_impl.cpp Co-Authored-By: Bohdan <warchantua@gmail.com> * Update src/script/interpreter.h Co-Authored-By: Bohdan <warchantua@gmail.com> * fixes * bitcoin-cli: convert parameters of the RPC service from JSON as needed (#16) * update mempool, add grpc calls (#14) * update mempool, add grpc calls * remove grpc * fixe * Fix locator (#17) * Fix locator * Fixes * Use clang in CI * Generate genesis blocks; change merkle root calc (#13) * Generate genesis blocks; change merkle root calc * Fixes * Fix main genesis block; disable tests * Fix * Fix make check * tests: add a VeriBlock integration test runner (#10) * tests: add a VeriBlock integration test runner * add a linker flag to resolve circular dependencies * Fix CI * ExtractMatches: fix incorrect condition (#19) * ExtractMatches fixed * Fix BTC-31 * Add SavePopTxToDatabase (#20) * add forkresolution, calculate block without pop tx (#18) * add forkresolution, calculate block without pop tx * Feature/update mempool comparator (#21) * update comparator, add tests * Feature/validate poptx (#22) * Add validate pop tx * Add EvalScript for pOP * Remove unused config const * Fix typo * Fix tests * Feature/pop reward (#23) * add pop rewards * fixe tests * fixes * Feature/fix bitcoind dnsseed (#26) * fix bitcoind * remove seeds and checkpoint data * Feature/add grpc service (#24) * add interface for the statefull block validation * add first verson of grpc class * Add autogeneration * Change submodule git -> https * add grpc calls of the service * add statefull validation * Update proto to v1; fix in Makefile * Fix build * Fix build * fixe * Fix build * Fixes to please CI * Fix build * Fix * Fix * Fix * First version of config... will continue tomorrow * Fix * FIx * add Pop merkle root commitment (#27) * fixe bitcoind * Fix (#28) * Add CD (#30) * Add CD * Try * Try * Try * Fix prerelase on * Add submodules * Update strip code * Remove email * Revert stripping * change the getblocktemplate method (#31) * Feature/disable checks (#32) * Disable requirement on at least one node * Fix tests * Fixes of grpc (#33) * Fixes of grpc * Update docker-compose image * Remove prefix in cd * Fix * Update cd * Fix (#34)
Flagged as official release, updated Bitcore copyright year,
change collateral to 500 VLS, force at block 240k
…tion d31e5c1 Fix shutdown in case of errors during initialization (Wladimir J. van der Laan) Pull request description: PR bitcoin#10286 introduced a few steps which are not robust to early shutdown in initialization. Stumbled upon this with bitcoin#11781, not sure if there are other scenarios that can trigger it, but it's good to harden against this in any case. E.g. ``` $ src/bitcoind -debuglogfile=/dfdf Error: Could not open debug log file /dfdf Program received signal SIGSEGV, Segmentation fault. UnregisterValidationInterface (pwalletIn=0x0) at /.../bitcoin/src/validationinterface.cpp:82 82 g_signals.m_internals->BlockChecked.disconnect(boost::bind(&CValidationInterface::BlockChecked, pwalletIn, _1, _2)); (gdb) bt #0 UnregisterValidationInterface (pwalletIn=0x0) at /.../bitcoin/src/validationinterface.cpp:82 #1 0x00005555555a11fc in Shutdown () at /.../bitcoin/src/init.cpp:196 #2 0x00005555555961cc in AppInit (argc=<optimized out>, argv=<optimized out>) at /.../bitcoin/src/bitcoind.cpp:183 #3 0x0000555555596249 in main (argc=0, argv=0x555555ecf200) at /.../bitcoin/src/bitcoind.cpp:19 ``` Tree-SHA512: 7dd9570a9803514a17781bfadf1edde47e96df4e852cce2f423cab422e005fb94d44e777af1a6ea5167b04a4d889e848ae7a61a7e0e94232247ddea32ee70fc8
I dowlanded bitcoin core but without create account and encrypt private keys i send small amount btc now I can't send btc what is the reason? If i encrypt keys will I lose my bitcoin please help! |
Often requested feature: encrypt private keys in the wallet.dat file, so a password is required for a send transaction.
The text was updated successfully, but these errors were encountered: