|
Title: Offline key generation Post by: Timo Y on October 29, 2010, 12:19:33 PM I am trying to set up a "savings account" where I can be 100% certain that the private key of a bitcoin address never comes in contact with the internet:
1. generate a private/public key pair while not connected to other peers, on an offline machine. 2. copy only the public key to the online machine. 3. connect to peers 4. receive payments 5. copy private key to online machine only to send a payment. Is this doable? Title: Re: Offline key generation Post by: theymos on October 29, 2010, 12:31:58 PM It's technically possible, but Bitcoin isn't yet able to import/export keys. You could probably do something like that by swapping wallet files around, though the "checking" account wouldn't detect transactions to the "savings" account.
Title: Re: Offline key generation Post by: davout on October 29, 2010, 10:30:19 PM I don't really see the point of copying the public key to the online machine.
In any case, in my understanding, you can receive money on an offline wallet, if you just copy the up to date block chain to the offline machine the correct balance should appear for your wallet. Your safety measures become moot once you copy the private key over to the online machine to make a payment. Still in my understanding, the most secure way of making a payment would be to get a fresh block chain to the offline machine, somehow export a signed transaction to a USB stick and then broadcast it from an online machine, this way, your private key *never* gets in contact with the internet Title: Re: Offline key generation Post by: Timo Y on November 03, 2010, 08:19:09 PM In any case, in my understanding, you can receive money on an offline wallet, if you just copy the up to date block chain to the offline machine the correct balance should appear for your wallet. Yes you can, but in my undestanding, that offline wallet needs to have been online at least once, otherwise its public key(s) are not known to the bitcoin network. If you try to send money to a bitcoin address that has never been online you'll get an error message - try it. Hence the need to copy only the public key to the online machine. Title: Re: Offline key generation Post by: Gavin Andresen on November 03, 2010, 08:26:28 PM Yes you can, but in my undestanding, that offline wallet needs to have been online at least once, otherwise its public key(s) are not known to the bitcoin network. That's not right-- the person paying you doesn't know your public key, they just know your bitcoin address (which is a 160-bit hash of your public key). You can (and I have) send bitcoins to ANY 160-bit bitcoin address, whether or not there actually is a public/private keypair corresponding to that address. Title: Re: Offline key generation Post by: nelisky on November 03, 2010, 08:49:42 PM Yes you can, but in my undestanding, that offline wallet needs to have been online at least once, otherwise its public key(s) are not known to the bitcoin network. That's not right-- the person paying you doesn't know your public key, they just know your bitcoin address (which is a 160-bit hash of your public key). You can (and I have) send bitcoins to ANY 160-bit bitcoin address, whether or not there actually is a public/private keypair corresponding to that address. Are those coins lost? Or if someone were to magically get a wallet that corresponded to that public key, would it then be deposited into their account? (Chances of course very small) [/quote Could that be an attack vector? I know chances are very *very* slim, but what if I was to put 100 high powered machines generating keys at random, would that potentially net me access to someone else's wallet, or part thereof? Title: Re: Offline key generation Post by: theymos on November 03, 2010, 09:09:35 PM Are those coins lost? Or if someone were to magically get a wallet that corresponded to that public key, would it then be deposited into their account? (Chances of course very small) If someone happened to generate a colliding address, the amount would be added to their account. It's so unlikely that the coins should be considered lost.See http://www.bitcoin.org/wiki/doku.php?id=address Could that be an attack vector? I know chances are very *very* slim, but what if I was to put 100 high powered machines generating keys at random, would that potentially net me access to someone else's wallet, or part thereof? No. It's too unlikely. It'd never be profitable, and it probably isn't even possible to do in any reasonable time frame (<20 years). Title: Re: Offline key generation Post by: davout on November 03, 2010, 09:13:24 PM Could that be an attack vector? I know chances are very *very* slim, but what if I was to put 100 high powered machines generating keys at random, would that potentially net me access to someone else's wallet, or part thereof? Yes. But I think it's pretty unlikely, but who knows, if bitcoins get really widespread and they're very fractioned, lots of addresses might end up with positive balance, thus increasing your chances. However I'm way too lazy to even think of putting figures in front of such a statement :D Title: Re: Offline key generation Post by: davout on November 03, 2010, 09:45:32 PM Sha-1 has 4 billion times as many combinations as a 120 bit md5... for an idea of how many possibilities there are for a 160-bit combo. brb, building quantum computerGood luck. Title: Re: Offline key generation Post by: ribuck on November 03, 2010, 09:47:43 PM brb, building quantum computer Your quantum computer will have much more profitable targets than trying to find some very sparsely-distributed bitcoin keys.Title: Re: Offline key generation Post by: davout on November 03, 2010, 09:49:43 PM brb, building quantum computer Your quantum computer will have much more profitable targets than trying to find some very sparsely-distributed bitcoin keys. |