Bitcoin Forum

I'm working on a project now that unfortunately has hit a snag in my new philosophy of not requiring trust. I went to someone whom I know has dealt with this problem before (Mike Caldwell / Casascius), but am disappointed to find that he agreed with me that basically there is no way around needing trust for it.

So since I don't want anyone to have to trust me personally to create a private key and store it, I'd prefer asking the community who they feel comfortable doing it for them. Who do you trust most to create a key for you?

(I'll be in contact with the winner of the poll to work with them to outsource key generation to them directly.)

i would prefer a very simple code that people can input a bunch of randomness into a variable and it gives the output of a private and public key.

basically just the brain wallet section of bitaddress, without the extra functions or html code.

wrote in:
PHP
Python
VB.NET
C++
Javascript
Java

etc

then people can themselves play with whatever they like as a random number/word/phrase etc to link to the input variable. and play with how to display the output variables.

I'd prefer that too but it's not an option for various reasons.

I trust coinbase!

Why is this key needed? To have an address that the client has no access to (yet)? To hold funds in escrow?

For the first part, something similar to pooled vanity mining might be useful, in the second case there's no way around it I fear (you could look into time locked transactions maybe).

Well, my first choice is https://www.bitaddress.org, but from what I can tell you won't be able to use that, so my second vote goes to mt.gox.

User input like passphrases and mouse movement, random keystrokes, /dev/random, cpu tick count, hashed all together with multilevel nested Sha256.

With "multilevel nested hash" I mean NestedHash(data,level) := { x=data; while((level--)>0) x=Hash(x)+data; return Hash(x) }

So NestedSha256(data,0) would be Sha256(data), NestedSha256(data,1) would be Sha256(Sha256(data)+data), NestedSha256(data,2) would be Sha256(Sha256(Sha256(data)+data)+data), et cetera. Unlike the default double hashing that is used by Bitcoin (i.e. DoubleHash(x) = Hash(Hash(x))) this doesn't reduce entropy.

Excellent test case for this scenario. Let's say that's exactly what it's for and that key needs to be printed physically and stored in an envelope. The problem is that the person giving the envelope can cheat and change the contents, and there is no way to prove what's in it without opening it. So, you need a third party that both has experience in bitcoin security and a business reputation of greater value than the temporary key.

My question is then, whom would you trust to make that key for you?

I have thought about producing Bitcoin checks; contracting out the printing. I think to provide a secure mechanism you need to prove two things:

• That there is no way that you, your equipment, or contractors can know the private key.
• That when examining a suspect document, you know whether or not you printed it (or if it is a fake).

Proving the first point involves generating the private key with a secure offline printer and computer. Documents should be kept under seal at all times. Cameras (including cell phones and video cameras) are not allowed in the printing room. Hopefully the private keys should be long enough that nobody can memorize them just by glancing at them. The printer memory should be wiped after every run. This involves knowing a lot about how the printer works.

Proving the second point involves applying some kind of mark to the document that uniquely identifies the printer. I was thinking silk-screen with the date placed over top of a seal that you scratch off. Used silk-screen would be damaged and kept under lock and key so that they can be retrieved in the case of a dispute.

I'd need an audit of the software and business practices by trusted third parties, AND an insurance policy from a globally recognized underwriter before I'd trust a private key that anyone else had access to.

blockchain.info for small amount wallet.

No one for saving wallet.

Blockchain info is storing my 300 bitcoins :) they can completly be trusted because they couldnt steal your keys if they wanted to.

Probably blockchain.info for trivial amounts, and Armory for everything else. ;)

You're making it hard to solve this problem by not telling us the problem, but I think there might be a trustless solution to this. See for example vanitypool, which allows vanity mining for custom addresses, and only the client gets the full private key.

So, given the customer's public key, it's probably possible to generate an address that you do not have control over, but that the customer will have control over once you give them your own part of the secret.

Ask one of the core devs or someone who worked on the vanitypool spec.

BLOCKCHAIN 4 LYFE

I use blockchain for small amounts, but if I'm creating a key to store a lot of BTC, I use my local instance of this:

https://www.bitaddress.org/bitaddress.org-v2.4-SHA1-1d5951f6a04dd5a287ac925da4e626870ee58d60.html

I do not understand the concept of golden coins, I assume this is what you want.

Bitcoin is a natural commodity in within itself, no need to inscribe it on another one.