Title: Memorizing a private key
Post by: grondilu on November 26, 2011, 01:31:02 PM
This could be in technical, but it does have a "psychological" aspect too so I put it in the general discussion forum.
I have written a set of bash functions to handle bitcoin addresses: https://github.com/grondilu/bitcoin-bash-tools. I added a few functions to turn a private key into a bunch of english words, inspired from RFC-1751.
My aim with this is to help people memorizing at least one bitcoin private key. Such a key could be used in case the FBI threatens to seize your computer, if you want an extremely low tech solution to hoard bitcoins, if you don't trust any physical support, or whatever ...
I have no idea if it is easy or even possible to memorize 27 english words but I guess it should if one uses a method such as the [url=http://en.wikipedia.org/wiki/Method_of_loci]loci method[/url]
Here is an example of a generated address. You'll recognize the public key, the private key in WIF format, the 27 english words and the key in openssl's PEM format.
[code]
1ArPXGu8H3PhKduTamJ5Dj5uPtdpubFuaA, 5JUL6oXMMrgo4MC31oWySDpdH65qLuSNaCdV97i3DekWPyRrJtU
THE BLOT SET TWIT BARE LEER WAGE LILT LIND CORK GOAL OFT REAR VOTE FLEW
WAD KEYS GAVE SEES WAGE EAR YOGA VAST POT BIRD FAKE BEE
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIFZh3PHqWrJ6+vNfmtRtLtmz1kFEP0yihsf14g//ecNMoAcGBSuBBAAK
oUQDQgAEmblPqTIy9lhU5U/UW97j/FLFYra5VSol4AX1avdVitR5n6pxcvyAB4BX
/HjeTsZZdxBK127h9zVk0N4Df9dxzw==
-----END EC PRIVATE KEY-----
Notice that, conveniently enough, the leading 5 in the WIF format makes the sentence often start with 'THE'. If you have other ideas about how to memorize a private key, please share.[/code]
Title: Re: Memorizing a private key
Post by: ThomasV on November 26, 2011, 02:19:24 PM
Electrum uses a 1600-word dictionary to provide mnemonic codes:
https://bitcointalk.org/index.php?topic=51397.0
Title: Re: Memorizing a private key
Post by: grondilu on November 26, 2011, 03:09:59 PM
Electrum uses a 1600-word dictionary to provide mnemonic codes:
https://bitcointalk.org/index.php?topic=51397.0
This looks awesome. The bitcoin forum has become so huge that it gets difficult to learn about cool stuffs. Thanks.
Title: Re: Memorizing a private key
Post by: BurtW on November 27, 2011, 12:39:39 AM
I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.
Title: Re: Memorizing a private key
Post by: sebastian on November 27, 2011, 02:11:13 AM
bwagner: Actually a good idea. Then these live-CD-systems with bitcoin could work more well, and you have access to your coins on *any* computer with bitcoin, as long as you know your passphrase.
Like this:
When you start the bitcoin client, you enter a passphrase/password, like:
"HereIAm".
Then, it would generate SHA hash for HereIAm.(number from 1 to 10 000) to generate a new adress. Note that the number 1-10000 is random to increase anonymity, and it will never use any other number, since then some coins would be unspendable. No track of used adresses should occur, the client is simply allowed to "reuse" adresses if its just lucky to pick the same number.
(For webshops/exchanges, the webshop/exhange just check that a adress is "settled" before reusing it for a another customer. With "settled", I mean that goods have been delivered for that adress and all payments have been received for that adress)
To find out coins, it could generate adresses from hash of HereIAm.1 to like hash of HereIAm.10000 and check which coins belong to these, while downloading blockchain. Then it simply saves it to RAM (this takes only 2,4 Mb)
Then you would never need to save any wallet.dat, you simply enter your password/passphrase at startup, in any bitcoin client.
Of course, if 2 people use same passphrase/password, they would share the same wallet, and spend each other's coins.
Title: Re: Memorizing a private key
Post by: FreeMoney on November 27, 2011, 05:35:17 AM
I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.
Anyone doing this or similar should really add just a bit of unique and random data. If a lot of people are choosing keys this way people are going to be trying everything remotely common. Adding your name and bank pin ought lock it up tight I think.
Title: Re: Memorizing a private key
Post by: casascius on November 27, 2011, 05:40:36 AM
I have done this before:
rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key. this is way easier.
as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase. sha256(yourname + passphrase) for example
Title: Re: Memorizing a private key
Post by: grondilu on November 27, 2011, 02:10:28 PM
I have done this before:
rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key. �this is way easier.
as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase.� sha256(yourname + passphrase) for example
I had no idea that any random number up to 2^256 could be used as a private key. I guess I should learn more about ECDSA.
Title: Re: Memorizing a private key
Post by: BTCurious on November 27, 2011, 02:18:35 PM
I have done this before:
rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key. �this is way easier.
as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase.� sha256(yourname + passphrase) for example
I had no idea that any random number up to 2^256 could be used as a private key. I guess I should learn more about ECDSA. Technically, not quite any random number up to 2^256, but nearly every number anyway. If you're gonna read up on EC, then it's every number smaller than the field size Fp.
Title: Re: Memorizing a private key
Post by: ThomasV on November 27, 2011, 02:45:38 PM
I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.
The first version of Electrum worked just like that. However, this was not secure enough, because some users might not provide enough entropy. The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that.
Title: Re: Memorizing a private key
Post by: dunand on November 27, 2011, 05:36:42 PM
If you want a code example in Java you can look at SimpleClient.java from the bccapi project. This SimpleClient generate a private key and public keys from a seed. That seed is generated from a passphrase and a salt.
More info here : http://code.google.com/p/bccapi/wiki/SimpleClient
Title: Re: Memorizing a private key
Post by: jothan on November 27, 2011, 05:48:27 PM
I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.
The first version of Electrum worked just like that. However, this was not secure enough, because some users might not provide enough entropy. The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that. Something like PBKDF2 should be perfect with SHA-2 256. http://en.wikipedia.org/wiki/PBKDF2
Title: Re: Memorizing a private key
Post by: ThomasV on November 27, 2011, 06:07:11 PM
I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.
The first version of Electrum worked just like that. However, this was not secure enough, because some users might not provide enough entropy. The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that. Something like PBKDF2 should be perfect with SHA-2 256. http://en.wikipedia.org/wiki/PBKDF2 This is exactly what Electrum does with its seed, except there is no salt. Using a salt stored on a server would make users dependent on that server, which is clearly not acceptable; we want users to be able to recover their wallet in any situation.
|