Hai guise, did anyone crack this yet? I said it would take days, you said it would take hours, so far it took days. I can make it interesting, like putting a valid wallet with some bitcents in it if that would raise your interest. Yeah, I admit that I gave up, I didn't have enough patience. The tool tested all 5-character-passwords and did not find any match. I didn't want to invest any more effort, the computer went hot all night.
|
|
|
If something is made up of 6 parts, and you only have 5 of the parts, and each part is unique, you do not have the whole thing. That is not something I am just hoping, that is fact, I know that if you don't have all 6 parts you don't have all 6 parts.
You can't get information about the sixth part, but you still may get information about the secret without it. The core concept here is that there are 6 volume parts and 6 encryption key parts. All are required in order to access the wallet. Each media only has 5 of the volume parts and 5 of the key parts. Don't you think it's safe to say that there is pretty much no way to derive the missing part of either, if you only have 5 of the 6 parts? And to compromise the wallet, you'd have to somehow come up with BOTH of the missing parts. BTW I have decided I like the number 6, this could be done the same as long as there's 3 or more parts. I realize this seems overly complex but so far I do feel confident that it provides a fairly high level of both security and redundancy and in many regards, this approach is me keeping it simple. I very much appreciate the feedback, information, and opportunity to discuss. And I'm happy so far anyway, nothing has come up that suggests to me that this is a bad approach. I think we (the community) should try to put together several guides for keeping bitcoin wallets safe and each one would have a different paranoia level associated with it Yes, I think your idea is worth a try. But I think is not reviewed enough to advice people in a forum to do that, or only for experiments. In my opinion everybody is free to do as he likes, but when people start to spread their unproven ideas to other users (who may be noobs who just follow the advice without having the capabilities to review it themselves) I get a little upset. Your thread is very valuable for a discussion here, I just wanted to say that unexperienced users should prefer the better tested ideas. I also appreciate the very fact that you share your ideas with us in the first place! I also appreciate that you take criticism seriously and review your work. That's how we get closer to the solutions for our problems.
|
|
|
"you cannot eat bitcoins"
|
|
|
EDIT: I am just trying to understand why simply splitting the file is "stupid".
It is not stupid. But you should not trust it until you have a reason to assert that it is secure. If you don't know whether it is secure, assert that it isn't. That's the only proper way to do security.
|
|
|
EDIT: Shamir's Sharing is proven to be information theoretically secure. If you have one part less than required, you don't get a single bit of information about the secret.
Seems like what I have come up with is similar to Shamir's Secret Sharing scheme with K=2 and N=6. Thanks for that link. It has similar properties, but you don't have a prove that your's is secure. Shamir's is secure because it is based on polynomial functions. If you have a polynomial function of degree N, you need at least N+1 points on the curve to reconstruct it. If you have one point less, the secret could be everything. EDIT: Btw, Shamir is the guy, who the S of RSA stands for. Not an unknown person in the world of cryptography.
|
|
|
3. XOR files A and B (call the result file C) 4. Store files B and C at isolated locations
Can you XOR and end up with B, C, D, E, F & G and then just need any 2 of them to restore? That's why I mentioned Shamir's Secret Sharing. That is designed for that purpose, and well known. You shouldn't just create your own schemes, how do you know it is secure? Use publicly known schemes that are known to researchers worldwide for decades. EDIT: Shamir's Sharing is proven to be information-theoretically secure. If you have one part less than required, you don't get a single bit of information about the secret.
|
|
|
@bcearl:
So encryption is 100% perfect and can't possibly be hacked/cracked/etc? I accept that this approach is probably overkill for many but it suites my tastes. Even if it is unlikely that the encryption could be hacked, why not have the additional protection of each USB drive only having "part" of the wallet?
I am trying to understand your point.. Are you hinting that you think my concept for having the wallet split into multiple chunks where you need at least 2 of the chunks together in order to access the wallet is a bad idea?
Is there a better way to achive the same "Security and Redundancy" that this approach provides? Or does this approach maybe not provide the "Security and Redundancy" that I think it does?
Never make it more complicated, if you don't get a security advantage. It just makes flaws more likely. How do you split the wallet for example? Splitting is stupid, I can tell you an absolutely secure (mathematically provable!!) way to do it: 1. Take your wallet.dat (call it file A) 2. Create a file with the same amount of bits, but totally random (each bit probability of 0.5, each bit independent of the other bits) (call it file B) 3. XOR files A and B (call the result file C) 4. Store files B and C at isolated locations Now you can be absolutely certain that nobody reconstructs a single bit of your wallet without getting both files. Further reading: http://en.wikipedia.org/wiki/One-time_padAnother method is even more flexible, but not absolutely secure. [EDIT: Turns out to be absolutely secure also.] You can choose freely a number N of parts, and choose freely a number n of how many parts shall be needed to reconstruct the secret. http://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing
|
|
|
I wouldn't trust an iPhone with a single bitcoin.
|
|
|
but when you want to actuall retrieve those coins you've got to remove all the security, and when bitcoin loads or reads a wallet file it loads the entire wallet.dat into memory, making it trivially easy to steal. It's like building a giant nuclear proof bunker to store all your priceless art in, but then to read it you take it out of that and walk to a bus stop at the dodgy end of town.
Since when do you have to use the regular client software?
|
|
|
I don't want it to be encrypted actually, but I want that feature to be there for others.
|
|
|
The problem with that "high security" approach is that the wallet exists in it's entirety in one single place. Put it in a safety deposit box in a bank and that bank gets robbed, the thieves have your complete wallet - doesn't matter if it's encrypted, that can be hacked with enough time and resources, now the thieves have your wallet.
No, that's not an issue. Of course, everything can be broken some day. But AES-encrypted wallets will not be broken before the very methods of bitcoin blocks are.
|
|
|
I haven't noticed any other threads that discuss a concept that provides this level of security and redundancy (although I did develope this concept after reading as many other threads as I could.
Perhaps you could point me to the other threads that provide a similar end result?
I did a less effort setup with Ubuntu user accounds, you find it here: http://forum.bitcoin.org/index.php?topic=15068A high security idea more similar to yours has been made here: http://forum.bitcoin.org/index.php?topic=17292
|
|
|
Does this general concept make sense?
Any feedback welcome and appreciated. But please at least read the OP first.
You should better look at existiting advice on how to manage wallets, and if you find flaws there you can add ideas. Your idea is complicated, which is very bad for security. You have to be able to think about the whole thing clearly and analyze it for possible flaws. You put so much obscurity in it that it's hard to check for flaws.
|
|
|
You should blame the people who told you that bitcoin is anonymous. It isn't and it never was.
Though, with effort it indeed can approach pretty impenetrable levels of anonymity... You should call it privacy, not anonymity. Anonymity is an absolute thing.
|
|
|
Atheism is a more popular religion than judaism. Thanks a lot Hitler...
Hitler. The most famous catholic.
|
|
|
You should blame the people who told you that bitcoin is anonymous. It isn't and it never was.
|
|
|
i'm a catolic guy and i like the budism too Do you like it or do you believe it?
|
|
|
Poor horseshoe makers, almost all got unemployed ...
|
|
|
I drank raw milk all my life, I grew up on a dairy farm.
It is healthier? Or it is gross evil and made you die? Or neither? It definately tastes better. But I think neither healthier nor worse, maybe some more vitamins, but also maybe some more germs. So it has to be clean and fresh, I wouldn't drink it after a week in a grocery store's shelf.
|
|
|
|