Author Topic: Security question for Importing PTS wallet.dat into new DACs  (Read 2313 times)

0 Members and 1 Guest are viewing this topic.

Offline vikram

Re: Security question for Importing PTS wallet.dat into new DACs
« Reply #2 on: October 10, 2014, 08:57:31 pm »
I do not know the answer but I would not be surprised if you are right. The PTS wallet could start with a pregenerated set of keys which all get imported into the DAC, and then one of them just gets used when you create a "new" address to send your PTS. Someone familiar with how the Bitcoin Core client operates can let us know. Otherwise it should be possible to manually test this by playing around with the PTS and BTS wallets.

Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
Security question for Importing PTS wallet.dat into new DACs
« Reply #1 on: October 10, 2014, 08:47:35 pm »
Say I have a PTS wallet that contains all my long-term-hodling PTS. I import this wallet to a new DAC by doing a wallet.dat import, like in the official Bitshares products. I assume this loads every private key in wallet.dat into my new DAC wallet. With TITAN, to move all balances out of these keys, all I have to do is register an account and then transfer my entire balance to myself. Whammo, they keys I imported now have zero balance. Even if my original PTS wallet is totally compromised, my new DAC shares will still be safe.

So I go back to my original PTS wallet, click "New Address" and transfer my entire PTS balance to this new address. Cool, now all my original keys that I imported are empty also. Everything is good, right? ....right?

Here's my question: is the "new address" I created in the PTS wallet completely random, or is it generated deterministically from some random seed? If someone gains control over my new DAC wallet, could they access this (hypothetical) random seed because I imported the PTS wallet into the DAC client, and thereby construct the private key for this "new address" in my PTS wallet, and steal my PTS?

It's a pretty nuanced question; it would be a very subtle and un-intuitive security hole. Anybody know?
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."