Bitcoin Forum

While playing around with PawGo's StellarSolver (https://bitcointalk.org/index.php?topic=5361270.msg58005436#msg58005436) with shifting and rotating characters of a private key, I realized this:
I'd appreciate some help with this!

1. Please write down 1 or more of the following private keys (created by Bitaddress.org) (dear Newbies, DO NOT use those in your wallet!). Do not double check your handwriting, I want to catch possible mistakes made when being careless.

1,"1LyPnHoU624ejo3Rb6nHv3GRMiDbM2Mvf9","KyHmMbp1TvBNBzi6uAAekb6DwtCsUJyYXG5CDrkDv2sCc8h4UfmD"
2,"1DJBmoEAhs3no14CCdQ3suUJiNcGg7qnWA","L4on7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g"
3,"18zBPQ64PoDhzfKNP1e3ufApGrbmQBr212","L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpyYS7nrBLzv9K"

2. Wait a day! Don't look at this page again.

3. Type the private keys you wrote down yesterday, without checking the original in this topic. Now do double check to make sure you enter the exact same thing you wrote down. Even better if you tripple check. I'm not looking to find reading mistakes (because you can always check that again later when needed), I'm looking to find writing mistakes (which you can't correct when you're looking to import your private keys years after you wrote them down).

The goal of this topic is to find some mistakes, and see how difficult they are to recover. I'm curious to see if they match my assumptions of common mistakes.

I've written down the last PK. I'll try to also reply tomorrow.
I expect to have no errors (of course), but I can tell some things I've seen that can lead to errors, maybe you can add some to your list:

* 1 - l - I can be easily confused
* one can easily type small cap instead of capital or the opposite (more chances, but not limited to those where the small cap and the capital letter is written in the same way)
* v and w can easily be written incorrect
* 5 and S
* 9 and g

And, maybe I'm overthinking it, but one may also miss one letter in the middle or the last few characters that didn't fit to the first row(s) on the paper, especially after one more copying from one paper to another.

The most common mistake I did when writing private keys and addresses was writing "W" instead of "w", the shape is similar, only the size is different.

I recall a game in High school which I *think* was called Chinese Whispers whereby students would form a circle, the teacher would whisper in the first students ear, they would repeat what was heard around the circle then the teacher would record what was said.

After a few times, various students would say their phrase out allowed and the circle was broken.  This seems to be a sililar project.  I might even give it a go...


Well... Look up.

I wrote down the second private key. I did it quickly without doublechecking because that's how mistakes are made. These are the possible dangers that I see with this particular private key when it comes to writing it down by hand if your handwriting is bad:

• Mistakes between uppercase 'o' and lowercase 'O'
• Thinking the letter 'o' is the number '0'.
• Mistakes between uppercase 'W', 'V', 'K' and lowercase 'w', 'v', 'k'.
• Thinking the uppercase 'V', is an uppercase 'U'.
• Thinking the number '6', is a lowercase 'b'.
• Thinking lowercase 'q' is a lowercase 'g'.

I will report back tomorrow.

I don't bother take the test, but if i really want to write private key, i would split it every 4 character and 4-8 group of character on each line to reduce potential mistake.


Alternatively i would convert the private key to HEX/decimal if i have bad handwriting, but it takes more time and i lost advantage of checksum which offered by WIF.

Those aren't much of a problem because 0, O, I, and l (https://en.bitcoin.it/wiki/Base58Check_encoding) are excluded.
I've had most problems deciding between S and 5.

I admit I haven't written down any of these, but one common error I encounter when typing passwords and PKs is typing an adjacent key to the right of the correct one, e.g.:

i => o
s => d
e =>r
t =>y
EDIT: c => x (error from drifting left)

These are some of the more common mistakes.

Also sometimes I forget to Shift a letter, or perhaps I want to type "a" followed by some other character ("w" as a random example but it can happen with any character), instead of pressing "a" I press Left Shift (or worse, Caps Lock) and the next letter becomes uppercase.

*The probability of these errors increases inverse proportionally to the size of the keyboard/pad.

Maybe it's because I'm a QWERTY typist, but it's still good to note.

This can bring another problem: one may think he's on QWERTY and he's actually on QWERTZ, hence typing y and z interchanged. But this may be off topic, since it's OP asked for handwriting.

Tjat ja[[ems tp ,e tpp sp,eto,se/
I mean: that happens to me too sometimes.
But my assumption for this test is that people write down the key, a pen doesn't have this problem.

You can just write in hex what you get after decoding base58, there is a checksum and version, you can just keep it. Also, in such case importing that key will be easier, because only encoding it as base58 will be needed.

Edit: Also, in case of handwriting I noticed it is much faster for me to write some hexadecimal characters with versions and checksums than typing base58-encoded private keys and addresses, it is just easier where you are a programmer and you have 16 simple characters instead of 58 and you have to pay attention on capitalization, similar characters like 5 and S, and so on. But of course in that case there could be problems between 6 and b or B and 8.

Sure, they are but someone new to Bitcoin wouldn't know that, and those are the people who mostly make these mistakes. Even someone familiar with the technology could overlook that and forget which letters can't be part of the private key. If you entered those characters into a wallet such as Electrum, it wouldn't allow you to proceed with the recovery, but you wouldn't know why exactly.

You can solve all of these issues by coming up with a system that indicates if a character is a number, an upper case letter, or a lower case letter.

For example, you could underline every upper case letter, and overline every number (those without an underline, nor an overline would be a lower case letter by process of elimination).

---

You can always check to ensure you wrote down a private key correctly by typing the private key after you write it down. If the key matches, you know the private key was written correctly, and if it doesn't match, you can look to see if the error was a reading or writing mistake and make the appropriate correction.

The problem IMO with writing down a private key is that people's handwriting will generally change over time, and something you can easily read today may be illegible in several years.

I'm participating to this experiment because I expect that it will help the average Joe who comes here only after he no longer can import his private key.
For us, the ones who participate to this forum on a daily basis, i think that there's a much easier way to avoid mistyping the humanly-counterintuitive private key: use HD seed. The chances to mistype beyond recovery those English words are much much smaller.

Yes, but using HD seed is not easy in case of Bitcoin Core. You can dump your wallet to some text file and read xprv in this way, but still, this is base58-encoded. Of course in case of wallets like Electrum you can use HD seed as for example 12 words, but if you want to import that into Bitcoin Core wallet, then you have to import it key by key or use some tool that will convert it for you on-the-fly.

Also, for this topic some mistakes related to HD seeds may be relevant, like for example typing another word that is different in writing, but similar in spelling.

I agree, I think it is far superior to use a seed in all cases, but especially if you are going to write down your backup.

If you are using a BIP 39 seed, I understand you only need the first 3 letters of a seed word to know the entire seed word (when dealing with the English word list). If you are not sure what the first 3 letters are, the rest of the word will narrow down the potential words. If you are missing information about some of your words, the number of potential seeds is much lower than when dealing with a private key.

How can they mistakenly write a 0 instead of an O if both do not ever exist in a base58check encoded string? There is no way they can swap these 2 even if they have no idea that neither is part of the base58check alphabet. They don't need to know to be protected, I hope it's cleared up a bit ;D

I am pretty confident such words have been intentionally excluded exactly because of this. The different wordlists (https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md) are all thoroughly chosen. As an example, from the Italian wordlist rules:

Your comment woke some old ideas in me, how about converting the key to human readable words? It is easier to write down, typos occur but are less common and easier to detect, it also has a checksum.
An example can be seen below, the private key's binary form is encoded using the same BIP39 scheme which can be converted back to a WIF using the same scheme in reverse.

I made a new option for it in Denovo (https://github.com/Autarkysoft/Denovo/commit/6d9c503420aee2c725eeefbc4d2a70d0153a14a6), the first two options are for this conversion and the second two are dealing with versioned WIFs (BIP178 and what Electrum briefly used).
https://i.imgur.com/hrBY4g0.jpg (https://i.imgur.com/hrBY4g0.jpg)

This is actually a related problem, because people are inevitably going to type their private keys on some airgapped device (for storage purposes) without writing it down.

I haven't seen any QWERTZ keyboards these days, but perhaps a more common problem is if you are attempting to type on a compact laptop keyboard, or some keypad on a mobile device, as opposed to a regular keyboard.

Even though their key can still be recovered, they'll need to figure out the problem before doing so.

This would be a great feature for Electrum to add: automatically replace non-existing characters by the likely equivalent instead of graying out the Next button.

As for the HD seed discussion or marking upper case: that's great advice if you're creating a new cold storage now, but it doesn't help you if you're stuck with a written down private key (the hand written key I received 3 years ago (https://bitcointalk.org/index.php?topic=4959742.msg45571909#msg45571909) still has a substantial amount of money in it).

---

---

Here's the typed version of my own handwriting:
1. KyHmMbp1TvBNBzi6uAAekb6DwtCsUJyYXG5CDrkDvzsCc8h4UfmD (I was in doubt: the z could have been a 2)
2. L40n7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g (the k could have been a K)
3. L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpyYS7nrBLzv9K

I've typed all keys twice in an editor, then used CTRL-C to check if they match. Key 1. didn't match my second typing: I had omitted the green 5 the first time.

Now for the real comparison:
1. KyHmMbp1TvBNBzi6uAAekb6DwtCsUJyYXG5CDrkDv2sCc8h4UfmD original
1. KyHmMbp1TvBNBzi6uAAekb6DwtCsUJyYXG5CDrkDvzsCc8h4UfmD typed after writing it down
This confirmed my susicion.

2. L4on7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g original
2. L40n7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g typed after writing it down
I didn't notice this while typing, but it's not something that's hard to detect.

3. No differences between the original and what I typed in after writing it down.

Conclusion: I hate writing :P But so far this shouldn't be hard to figure out and restore when needed.
Note: when using CTRL-F, tick "Match Case".

You are writing the private key by hand. It's possible to write down the lowercase "o" bigger than it should be on your piece of paper. When you attempt to recover your wallet and you type in the private key, when you get to the part where there is an lowercase "o", you might think it's an uppercase "O" or the number "0" because you wrote it down in a weird way. A wallet like Electrum won't let you proceed and isn't telling you that your private key contains unsupported characters. The person doing the recovery wouldn't know where the mistake is.

I just noticed I made a mistake in my previous post and I corrected it after I saw this reply of yours.

Either that or adding some feedback that the user has added a non-supported character in his private key and display the characters on screen which aren't supported. Maybe someone with a GitHub account can suggest such a feature to Electrum devs?

---

Back to the private key. I wrote down the 2nd hey key like this:
L4on7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g

I just compared it to the one in OP. They match. I tried to create a new wallet in Electrum by importing the key, and it works.
I only had problems with the last letter. Had to think a bit whether it's a "g" or a "q", but I went for the correct one.

Interesting test!

I had that problem in the past when changing typing language from EN-US to DE-DE or RO-RO. Indeed, now it's no longer that common (maybe the newer OSes are smarter).



Me too, still, I didn't make any error:

Do you have the corresponding public key (it starts with G and is 56 chars long)?

Wrote them down. I had forgotten how awful it is to write WIFs. I think that writing them in hex format would be much less tedious.

Check the keys below and tell me which one is easier to read.

May I propose an idea? Why not allowing 0 and O, but counting them as o? Same thing for I and l; counting both as i. You could avoid searching what you've written wrong this way.

OK I did this yesterday, but about 16 hours ago I think it still counts:) and I made only 1 mistake in the first address, where the "1" I wrote down as "l".

I normally am a slow and careful writer, my 7s have a cross, my 5 and S are very distinct, and my zero has a cross also, but I guess this is a common mistake, because the 1 does look like the letter l. I can't really say if this was because I "saw" a letter, or if I saw the number but my brain forgot to add the top down-dash to make it look like 1.

Very interesting and thanks for sharing, it makes me think a lot now.

I am certainly not in a position to propose to Electrum developers what should be included and how because I don't have the underlying skills or knowledge to do so. But I do believe that it can be done.

The software knows whether you are entering an address or a private key already. It doesn't happen that someone imports a private key and the software recovers a watch-only wallet like if you imported an address. Probably based on the length, checksums, and whatnot. Once it recognizes that the imported/entered string is a private key, the new feature could check if the entered string contains characters that don't belong there, such as "O" or "0". If discovered, a notification would inform the user of the non-allowed characters. With that, it would be easier to recognize mistakes if you know you entered a "0", for example, and you shouldn't have.

I just checked the wiki (https://en.bitcoin.it/wiki/Base58Check_encoding) again and it turns out that lowercase i and lowercase o are indeed part of the alphabet. I thought they were omitted as well for some reason.

From the software perspective, I think that's a great idea: since 0 and O don't exist, they can be remapped to lowercase o automatically, otherwise indeed a user needs to know that these are not part of the alphabet.

In Electrum, this function (https://github.com/spesmilo/electrum/blob/1ff9f9910f1a8d17ebba04439c1fcaf1476b3e8f/electrum/base_wizard.py#L227), or actually the lambda expression in the first line of it, checks if the input is valid.

The functions is_address_list (https://github.com/spesmilo/electrum/blob/1ff9f9910f1a8d17ebba04439c1fcaf1476b3e8f/electrum/keystore.py#L996) and is_private_key_list (https://github.com/spesmilo/electrum/blob/1ff9f9910f1a8d17ebba04439c1fcaf1476b3e8f/electrum/keystore.py#L1012) specify what is classified as valid and what isn't, so I added some code that replaces the keys there and also where they're saved. I don't have enough knowledge about the Electrum codebase, but as a PoC it seems to work and I submitted a pull request (https://github.com/spesmilo/electrum/pull/7520).

The logic how it decides between address list or private key list is very trivial: it checks first that it's not a list of addresses (link (https://github.com/spesmilo/electrum/blob/1ff9f9910f1a8d17ebba04439c1fcaf1476b3e8f/electrum/base_wizard.py#L228)) and if not, it checks if it's a list of private keys.
My proposal just replaces the characters which are out of the alphabet with the ones that are (0 => o, O => o, I => i, l => i).

When entering a mnemonic, Electrum shows a small list of possible words. Something similar could work for private key characters. It should even be possible to instantly brute-force 1 or even 2 incorrect characters in the background, but that may be a bit too much to ask from a wallet.

Yes.

Sorry I could not participate in this kind of testing, but private keys in that format are not meant to be written down by hand. If you do write it down, you must make sure there are no mistakes. The trick is to be extra careful and make sure to distinguish lowercase and uppercase letters, maybe an extra line or dot or something when writing it down.

Since you might end up printing it anyway, I would include a QR code as well. (all done offline, of course).

Seed phrases are meant to be written down by hand, so that's why they are so much easier to write, stamp, engrave, etch.

I don't know if automatically changing unsupported characters to supported ones should be done without also providing an explanation to the user of what is going on. I would assume that you are paying attention to what you are entering into the software. If you type in a "0", and Electrum changes it to an "o" the user might think there is a bug in the wallet or something wrong with his keyboard. But if he knows that the wallet is doing that itself and the reason, then I am all for it.

Since I have pretty good number memory I waited a bit longer; here is what I wrote down for key 2 and 3, didn't bother to do 1 ;D


Damn second one has an error. I wrote the 'y' so weird that it looks more like 'q'. If I would have written it more carefully maybe I had fixed it up a bit, it doesn't look like all my 'y's but I purposely did it quick and without double check or anything to give a good result for this writing test.

L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpqYS7nrBLzv9K

So, here's the private key written by me:

And that's the first private key copied from page 1:

Bingo! Same keys.

I tried to mess up with the letters. Task failed successfully.  :P

That nicely summarizes my little experiment. I have no idea how people manage to write down useless private keys.