Bitcoin Forum
June 25, 2024, 08:27:58 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 ... 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 [289] 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 »
5761  Bitcoin / Bitcoin Discussion / Re: Will China ever ban email? on: January 02, 2013, 03:43:13 AM
Sure - sending private keys via email (to be swept) or signing raw tx's offline (which does not require Armory of course) would work, however, I would probably go a little further to "obscure" the information like using say stego with one or more attached pics (if you are worried about the emails being "identified" as payments).
5762  Bitcoin / Bitcoin Discussion / Re: Will China ever ban email? on: January 02, 2013, 02:50:01 AM
I very much doubt it as the PRC government aren't really that concerned about "private discussion" between individuals (and mass emailing is generally fairly easy to identify) and also there is so much business that *depends* upon email (after all it's not as though they could turn to Facebook or Twitter).
5763  Bitcoin / Project Development / Re: [ANN] CIYAM Open - a new way to develop web apps and fund open source projects on: January 01, 2013, 12:28:36 PM
Nearly there now (the "Memory Key" topic was another step along the way) - just ironing out the rough edges for safely and reasonably easily moving data between the "online" and "offline" computers now (have gone for air-gap via QR).
5764  Bitcoin / Bitcoin Discussion / Re: Try out "Memory Key" - a tool to help generate passwords (suitable for all ages) on: January 01, 2013, 01:19:33 AM
How will you know if people tend to pick the same types of events, and, therefore, create big non-random clusters of choices that might be easily brute-forced?

Of course that is probably the biggest weakness of this type of system (and despite warnings some people will just go ahead and use "where was I on 9/11") although I think perhaps a small amount of training would possibly help a lot.

.... you could store a small number of bitcoin at private key = SHA256(memory_key), store the bulk of bitcoin at scrypt(Name+PIN+memory_key), and tell users to choose a new memory key if the SHA256(memory_key) coins are either ever spent or if that key ever gets funds from somebody else.

Because that means somebody else chose the same memory key.

Good suggestion.
5765  Bitcoin / Bitcoin Discussion / Re: Try out "Memory Key" - a tool to help generate passwords (suitable for all ages) on: December 31, 2012, 12:50:58 PM
A happy new years to all fellow Aussie Bitcoiners!

Let's hope that 2013 will bring us a local exchange for AUD that can be relied upon and has *volume*.

Smiley
5766  Bitcoin / Bitcoin Discussion / Re: Try out "Memory Key" - a tool to help generate passwords (suitable for all ages) on: December 31, 2012, 09:42:02 AM
Just worked out a great way for being able to narrow your time down to a quarter hour (rather than just picking morning or afternoon)- find a photo from one of your holidays where something you remember clearly happened either just before or afterwards (but was not documented in any way) and use the time that the photo was taken.

The hint would then be a clue to help you find the photo (so you can be sure to get be able to get the time and month exact) - even if someone worked out the photo the photo itself won't really give away anything other than the time (without having "been there").

Smiley
5767  Bitcoin / Bitcoin Discussion / Re: Try out "Memory Key" - a tool to help generate passwords (suitable for all ages) on: December 31, 2012, 08:42:50 AM
I like it, you should allow the user to throw in an extra blob of text to input though to make it more secure.  

Thanks - suggestion noted (and also I think that the last select could have quite a lot more added to it).

Other ideas I've also had were to include things like ISBN #'s for books or product codes (for DVDs, etc.) which would be included in some sort of bundled DB (as it needs to be used "offline") to try and make having to add anything "manually" hopefully unnecessary.

P.S.: I don't see Canada in there!  Cheesy

Sorry - haven't been there (yet) - but if we do end up starting up a project for this that will be right up there on the list!
5768  Bitcoin / Bitcoin Discussion / Re: Try out the "Memory Key" - a new way to help generate passwords (for all ages) on: December 31, 2012, 07:26:52 AM
I know the combinations make it hard to bruteforce, but someone close to the target might have most of information handy - the region and event for example. Just another part of security I would say.  Cheesy

Of course a big part of the strength of a "memory key" must be that it is derived from an event that is very personal (i.e. don't pick "where was I on 9/11?" as the "hint" you would keep written down to reconstruct your key but instead pick something like "what was the color of that crazy dog that I threw a rock at?"). Even better use an event that *only* you know about (could even be one that happened in a dream or nightmare).

Another feature I would suggest is the use of icons/photos as question choices to help facilitate memory retention. Seems easier for older people where their memory is like a sieve.

Yup - indeed I was thinking along the same lines (in another thread) - I think if others are interested in working on this then I might create a project for it on CIYAM Open and help fund it.

Even elderly people with early dementia typically can remember childhood and adolescent memories quite well (so generally it would be a good idea for the more senior end users to tap into their older more stable memories).
5769  Bitcoin / Bitcoin Discussion / Re: Try out the "Memory Key" - a new way to help generate passwords (for all ages) on: December 31, 2012, 07:00:32 AM
OMG Malaysia's actually listed!  Shocked

Yup - I have been there (at this stage it is a very personalised implementation although I have put some things in that are not from my real life).

I noticed that a single change in the options does not change the entire code generated - i.e. 'avalanche effect'. Maybe V2 will impose elements like this? It's easy to identify the code as being generated by your website currently, and a bruteforce might be possible.

Yup - the script could be improved (this was just a sneak peek really to get some feedback) and of course the key could always be hashed.

In regards to the brute forcing please check out just how many options there already are (the # of combinations possible is already huge and of course those options with less than 100 entries could be expanded so that it ends being equivalent to a traditional 12 character password) - also note that I plan to use this in combination with a small traditional password (or PIN) and to perform key hardening using an algorithm such a scrypt (and likely will be holding another competition to give it a real world *test*).
5770  Bitcoin / Bitcoin Discussion / Re: Try out the "Memory Key" - a new method to help with password generation on: December 31, 2012, 06:12:30 AM
5771  Bitcoin / Bitcoin Discussion / Try out "Memory Key" - a tool to help generate passwords (suitable for all ages) on: December 31, 2012, 06:07:00 AM
After some brainstorming about this whole difficult passphrase and keeping it safe I have come up with the following:

http://ciyam.org/memory_key.html

Please note that the form doesn't actually post anything to my or any other website and of course it can be run offline.

Smiley

R21L03A251E16Y72D03E13O122X21R19F31Z34
5772  Bitcoin / Bitcoin Discussion / Re: Idea for a UI that "grandmas" could use in order to create entropy for salting on: December 30, 2012, 03:33:35 AM
Thanks Bruno - I think you're getting it.

Now let's add "Chess Boards", "Cooking Recipes", "Knitting Patterns", "Sporting Events", "Wines and Beers", "Rock Concerts", "Foreign Words", etc., etc.

Smiley

If we can then combine a few such choices (as an "off the cuff" example perhaps what wine or beer you remember eating with what meal/meat/vegetable you were eating with which friend's first/last name when on holiday at what place during what time of year and what the weather was like at the time).

Am thinking we could call this idea a "memory wallet".
5773  Bitcoin / Bitcoin Discussion / Re: Idea for a UI that "grandmas" could use in order to create entropy for salting on: December 30, 2012, 02:45:41 AM
Sure - let's call it a "second password" - in any case as the competition I ran recently showed it really doesn't take very much (in that case just a very small and to me obvious math equation needed to be supplied rather than some difficult to remember "passphrase") to make brute force attacking impossible and it can be done in a way that does not require trying to remember hard random things but instead simply recalling memories that are very clear.

(btw - I had seen it stated that the previous password hashing used on this forum used the lower case "user id" as "salt" so maybe that's why I get confused with the terminology as I don't see that as really being anything different)
5774  Bitcoin / Bitcoin Discussion / Re: Idea for a UI that "grandmas" could use in order to create entropy for salting on: December 30, 2012, 02:20:33 AM
Brute force guessing using the top 100 cities and the top 10,000 ISBNs stands a good chance of guessing a key very quickly.

Note that the idea I have with this is for some "salt entropy" and not for a whole password - the idea is to do something the following:

Code:
real_password = hash( harden( small_password + salt ) )

so the address space of the salt doesn't need to be that huge to make brute forcing quickly become too costly assuming that the password is say 5 characters (and we could also have the user put in some other less important information such as a phone number email address or the like to increase the entropy against a "blind" brute force attacks).

So for the specific attack of 100 cities and 10,000 codes we get 1,000,000 combinations which (without any additional entropy being added) would need to be tried against all possible 5 character passwords (so say 2 billion) where each "hardened hash" takes say 1 second.

Smiley

Also this is only a starting point - many long lists of things could be added (apart from just films and books) and easily navigated to via a simple UI.
5775  Bitcoin / Bitcoin Discussion / Re: Idea for a UI that "grandmas" could use in order to create entropy for salting on: December 30, 2012, 12:50:36 AM
Am now thinking that it can actually be even simpler than I first thought.

Consider the following:

1) Extract a list of international airport codes for all major countries (there are over 2000 to choose from but perhaps half of these would be sufficient).

2) Extract lists of ISBN numbers for books and UPC codes for DVDs (no idea how many but obviously a lot).

The user is prompted to remember a film they saw or a book that they read from a holiday that they took (or break they were on) that sticks in their mind (but not so much because of the film or book itself) and after picking the relevant UPC/ISBN by selecting the title of the film/book (where they could also filter the titles by year) they would then next from a map of the world select the country and city (effectively choosing an international airport code).

Now they are instructed to write down an obvious (to them) clue about the occasion that they were watching that film/reading that book which does not include its name nor the name of the city.

Here is an example (taken from my own memory):

Code:
Clue: Home of the Shart
Code: PEK794043554223

Even if you knew me very well I very much doubt from that clue that you would be able to get that code (my wife doesn't get it at all and my family would have even less of a chance). Smiley

P.S. It is quite interesting that the typo pointed out from the OP is in my clue - it was no doubt this (Freudian?) slip up brought up a recent memory which I used to then then link back to a more distant one.
5776  Bitcoin / Bitcoin Discussion / Re: Another riddle - guess script win 10BTC on: December 29, 2012, 05:01:46 PM
Maryland has the National Cryptologic Museum, so I would guess git-encrypt (which is AES256)

Shit - I actually saw the link to that Museum when I Googled Maryland and thought it must have somehow been relevant - great find!
5777  Bitcoin / Bitcoin Discussion / Re: Idea for a UI that "grandmas" could use in order to create entropy for salting on: December 29, 2012, 03:17:43 PM
"shartk"? I'm not sure which way that typo was supposed to go, but I suppose either would make for a pretty vivid memory.  Grin

Yup - I think a "shartk" attack would be a very scary thing indeed!

Cheesy

5778  Bitcoin / Bitcoin Discussion / Re: Another riddle - guess script win 10BTC on: December 29, 2012, 03:01:44 PM
How did you come up with these? As posted above password is not only numbers.

Didn't know that until after I had come up with that and posted. Sad

For the earlier stuff I was assuming that "cozz" was hashed with MD5 (with another 5 rounds?) which is then base64'd?

And I also thought that Maryland (MD) was another reference to MD5.

Got confused about the whole stuff about richer (although was guessing SHA1 followed by SHA256) and then the stuff about getting the "coins" to make 500 Euros I thought meant "adding up all the digits" from the SHA256 hash.

Actually as I hadn't even heard of "whirlpool" before I think I probably have pretty much zero chance at this (although now have "hashdeep' installed which is where the "78911616" came from) - but I like the cleverness of it. Smiley
5779  Bitcoin / Bitcoin Discussion / Re: Another riddle - guess script win 10BTC on: December 29, 2012, 02:13:01 PM
Well I thought I might have got somewhere with one of these - but unfortunately no cigar:

Code:
88812553199616078911616500
88812553789116161996160500
88812553789116161601996500
88812553199678911616160500
88812553160199678911616500
88812553160789116161996500
88816012553199678911616500
88816012553789116161996500
88819961255316078911616500
88819961255378911616160500
88816019961255378911616500
88816019967891161612553500
88816019967891161612553500
88878911616125531996160500
88878911616125531601996500
88819961255316078911616500
88819961255378911616160500
88819961601255378911616500
88819961607891161612553500
88878911616199616012553500
88878911616160199612553500
88819967891161616012553500
88819961607891161612553500

Sad
5780  Bitcoin / Bitcoin Discussion / Re: Idea for a UI that "grandmas" could use in order to create entropy for salting on: December 29, 2012, 07:34:11 AM
I was thinking of using this as an input mechanism for creating salt for a secure offline GPG key pair actually but I guess it could have a number of similar applications.
Pages: « 1 ... 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 [289] 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!