Bitcoin Forum
October 31, 2024, 03:49:14 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: The biggest problem with cold storage wallets is making sure that your address..  (Read 5921 times)
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
December 08, 2013, 01:58:45 AM
 #21

Can you sign transactions offline with Bitcoin-Qt?

Yes of course you can - it's called "signrawtransaction" (I use it with the CIYAM Safe which is a 100% air-gapped offline tx signing system).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
go1111111
Full Member
***
Offline Offline

Activity: 187
Merit: 162


View Profile
December 08, 2013, 09:27:29 PM
 #22

Can you sign transactions offline with Bitcoin-Qt?

You can using the command line, but it's cumbersome: https://people.xiph.org/~greg/signdemo.txt
keystroke
Hero Member
*****
Offline Offline

Activity: 900
Merit: 1014


advocate of a cryptographic attack on the globe


View Profile
December 10, 2013, 03:06:37 PM
 #23

What's wrong with QT? It has been audited to an extreme. Armory is great with the paper wallets but putting a wallet.dat into cold storage should be ok.
Can you sign transactions offline with Bitcoin-Qt?
It should be possible with the API. Then just use sendrawtransaction with the online client.

"The difference between a castle and a prison is only a question of who holds the keys."
coastermonger
Sr. Member
****
Offline Offline

Activity: 367
Merit: 250

Find me at Bitrated


View Profile
December 10, 2013, 10:12:31 PM
 #24

How do you think the "input mouse movement" for bitaddress.org stacks up for randomness?

Bitrated user: Rees.
deepceleron
Legendary
*
Offline Offline

Activity: 1512
Merit: 1036



View Profile WWW
December 11, 2013, 03:41:29 AM
 #25

How do you think the "input mouse movement" for bitaddress.org stacks up for randomness?

I just have a guess, do you have one?

<script type="text/javascript">
ninja.seeder = {
   // number of mouse movements to wait for
   seedLimit: (function () {
      var num = Crypto.util.randomBytes(12)[11];
      return 50 + Math.floor(num);
   })(),

   seedCount: 0, // counter

   // seed function exists to wait for mouse movement to add more entropy before generating an address
   seed: function (evt) {
      if (!evt) var evt = window.event;

      // seed a bunch (minimum seedLimit) of times based on mouse moves
      SecureRandom.seedTime();
      // seed mouse position X and Y
      if (evt) SecureRandom.seedInt((evt.clientX * evt.clientY));

      ninja.seeder.seedCount++;
      // seeding is over now we generate and display the address
      if (ninja.seeder.seedCount == ninja.seeder.seedLimit) {
         ninja.wallets.singlewallet.open();
         // UI
         document.getElementById("generate").style.display = "none";
         document.getElementById("menu").style.visibility = "visible";
      }
   },

   // If user has not moved the mouse or if they are on a mobile device
   // we will force the generation after a random period of time.
   forceGenerate: function () {
      // if the mouse has not moved enough
      if (ninja.seeder.seedCount < ninja.seeder.seedLimit) {
         SecureRandom.seedTime();
         ninja.seeder.seedCount = ninja.seeder.seedLimit - 1;
         ninja.seeder.seed();
      }
   }
};


How does it "stack up", I guess that depends on how secure you find seeding RC4 with some mouse positions.
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
December 12, 2013, 08:34:17 AM
 #26

I found this news somehow relevant to the discussion we had at the previous page, so I will post it here.


“We cannot trust” Intel and Via’s chip-based crypto, FreeBSD developers say

Developers of the FreeBSD operating system will no longer allow users to trust processors manufactured by Intel and Via Technologies as the sole source of random numbers needed to generate cryptographic keys that can't easily be cracked by government spies and other adversaries.

The change, which will be effective in the upcoming FreeBSD version 10.0, comes three months after secret documents leaked by former National Security Agency (NSA) subcontractor Edward Snowden said the US spy agency was able to decode vast swaths of the Internet's encrypted traffic. Among other ways, The New York Times, Pro Publica, and The Guardian reported in September, the NSA and its British counterpart defeat encryption technologies by working with chipmakers to insert backdoors, or cryptographic weaknesses, in their products.

more: http://arstechnica.com/security/2013/12/we-cannot-trust-intel-and-vias-chip-based-crypto-freebsd-developers-say/

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Jace
Sr. Member
****
Offline Offline

Activity: 288
Merit: 251


View Profile
December 12, 2013, 01:16:24 PM
 #27

What is the best way to be absolutely sure my address is random|?
Has anyone ever thought about this issue?
Same here, I am extremely paranoia about this.

Almost 100% secure: just create them as brainwallets from very long random input strings. Obviously you don't need to remember these, they're meant for cold storage so they're not actual 'brainwallets'. They're just created in the same way as brainwallets, i.e. the private keys are hashes from strings. This rules out any dependency from random generators with possible weaknesses.

When I say 'very long random input strings', I mean garbage like this: (just typing a bunch of gibberish characters)
Code:
fY72^og(fU FO!MNxTL/rwA q2kd#plv0ni40X.e4 7n7*4nv5^3u 2_14h D!IQZD6k3L7n

For this particular example, the private key would be Sha256("fY72^og(fU FO!MNxTL/rwA q2kd#plv0ni40X.e4 7n7*4nv5^3u 2_14h D!IQZD6k3L7n") = eab9498f0c866509a2ff09fa40b556776f54b78f941f36cc69bdbf7832f45473, or expressed in more common Bitcoin format: 5KbfHWM9R2AKhoAtkcTDv6agnzJoPCHZkrEnSy8t8bnVTUHJnND and its corresponding address is 1FtUbMx47zhF3AUWTWCULQzDyRJgVDV23G.

Now, to compensate that last bit of paranoia (and just in case some day an entropy weakness is discovered in Sha256 or something), I took this one step further, and created the private keys for my 'big savings' addresses as three xorred hashes:
(1) Some generated (pseudo?)random private key (using bitcoind or bitaddress.org or whatever)
(2) The Sha256 hash of some long random garbage string
(3) The Sha3-256 hash of some different long random garbage string

So for example:
(1) = 5K2F4Ng3ZYx9s98yEj1ukm1boGEHrAt5rMxXy2cnRdMuQtgTVE7 = 9ed845749f418efc834f1b9b5fd0c1765e7ace2177153a59dc818d6ac5df6232
(2) = Sha256("wP7fB2-fo#90wZ7d 4p6.Z1Ug5r H!0tI6*gp7!zcn)V bw4!Qib") = 7220f93d3a8059d19a3a1be4a2e1c3294185ffcae61aece0d02d73d43f9840d2
(3) = Sha3-256("v5!0ZF%kv 2p0isI*yWJ dky3R7Q#en!4X6;UGS-v35r U#aw/5{61ca") = b6783aadb56f8228feb9673eaf15184417ecc3a1e854ed75bf26de1b126c1c26

Xorring these three gives 5a8086e410ae5505e7cc674152241a1b0813f24a795b3bccb38a20a5e82b3ec6 which results in 5JW9LPbpY1b8aLd8MHkZBCtSCbmA29oaHA1jmpf5dWAEntfYo58 / 13wCBWBnQ86kKHBztMm3j44wb53RYP8LuQ.

I'm quite convinced it doesn't get any more secure than this, in terms of private key 'randomness'.

Feel free to send your life savings to 1JhrfA12dBMUhcgh85wYan6HL2uLQdB6z9
dre_2ooo
Member
**
Offline Offline

Activity: 69
Merit: 10


View Profile
March 02, 2014, 04:39:08 PM
 #28

What is the best way to be absolutely sure my address is random|?
Has anyone ever thought about this issue?
Same here, I am extremely paranoia about this.

Almost 100% secure: just create them as brainwallets from very long random input strings. Obviously you don't need to remember these, they're meant for cold storage so they're not actual 'brainwallets'. They're just created in the same way as brainwallets, i.e. the private keys are hashes from strings. This rules out any dependency from random generators with possible weaknesses.

When I say 'very long random input strings', I mean garbage like this: (just typing a bunch of gibberish characters)
Code:
fY72^og(fU FO!MNxTL/rwA q2kd#plv0ni40X.e4 7n7*4nv5^3u 2_14h D!IQZD6k3L7n

For this particular example, the private key would be Sha256("fY72^og(fU FO!MNxTL/rwA q2kd#plv0ni40X.e4 7n7*4nv5^3u 2_14h D!IQZD6k3L7n") = eab9498f0c866509a2ff09fa40b556776f54b78f941f36cc69bdbf7832f45473, or expressed in more common Bitcoin format: 5KbfHWM9R2AKhoAtkcTDv6agnzJoPCHZkrEnSy8t8bnVTUHJnND and its corresponding address is 1FtUbMx47zhF3AUWTWCULQzDyRJgVDV23G.

Now, to compensate that last bit of paranoia (and just in case some day an entropy weakness is discovered in Sha256 or something), I took this one step further, and created the private keys for my 'big savings' addresses as three xorred hashes:
(1) Some generated (pseudo?)random private key (using bitcoind or bitaddress.org or whatever)
(2) The Sha256 hash of some long random garbage string
(3) The Sha3-256 hash of some different long random garbage string

So for example:
(1) = 5K2F4Ng3ZYx9s98yEj1ukm1boGEHrAt5rMxXy2cnRdMuQtgTVE7 = 9ed845749f418efc834f1b9b5fd0c1765e7ace2177153a59dc818d6ac5df6232
(2) = Sha256("wP7fB2-fo#90wZ7d 4p6.Z1Ug5r H!0tI6*gp7!zcn)V bw4!Qib") = 7220f93d3a8059d19a3a1be4a2e1c3294185ffcae61aece0d02d73d43f9840d2
(3) = Sha3-256("v5!0ZF%kv 2p0isI*yWJ dky3R7Q#en!4X6;UGS-v35r U#aw/5{61ca") = b6783aadb56f8228feb9673eaf15184417ecc3a1e854ed75bf26de1b126c1c26

Xorring these three gives 5a8086e410ae5505e7cc674152241a1b0813f24a795b3bccb38a20a5e82b3ec6 which results in 5JW9LPbpY1b8aLd8MHkZBCtSCbmA29oaHA1jmpf5dWAEntfYo58 / 13wCBWBnQ86kKHBztMm3j44wb53RYP8LuQ.

I'm quite convinced it doesn't get any more secure than this, in terms of private key 'randomness'.


How long would you say the random garbage string needs to be?  100 char?  200?

This intuitively seems more secure than 100 rolls of dice since that would make a string of numbers, whereas these garbage strings are full of numbers, letters, characters, and spaces. 

Do you just make a new text document, mash your keyboard, then copy/paste the string into a brain wallet in bitaddress?  Assuming this is all done on a computer that will never and has never seen the internet and on wired peripherals, of course.
dunand
Hero Member
*****
Offline Offline

Activity: 637
Merit: 502



View Profile
March 02, 2014, 10:11:32 PM
 #29

I made a python script to generate a private key using anything you have under your hand to generate randomness. You can use a coin, a dice, bingo balls... At the beginning you choose the base you want to use. The script will ask you to pick numbers until you have the most secure private key possible.

https://github.com/dunand/bingowallet
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!