Bitcoin Forum
December 30, 2024, 06:53:28 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Using serial numbers on notes for private keys  (Read 2379 times)
Bitcoin Oz (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
August 14, 2012, 02:26:05 AM
 #1



Has anyone used the serial numbers that are on fiat notes to generate bitcoin addresses ? Then you dont need to remember the passphrase to unlock your coins you just pull a $5 note out of your vault  and redeem it Smiley

If you attached $5 worth of bitcoins to a $5 note would that mean you could exchange it for $10 in a bitcoin trade and the other person would then have 50% insurance against a double spend of the coins since they can still spend the cash ?

The next question is are the serial numbers on cash available to the public or are they kept in a  government database only ? My concern is someone writing a script that checks all the known serial numbers  Cheesy

edd
Donator
Legendary
*
Offline Offline

Activity: 1414
Merit: 1002



View Profile WWW
August 14, 2012, 02:31:12 AM
 #2



Has anyone used the serial numbers that are on fiat notes to generate bitcoin addresses ? Then you dont need to remember the passphrase to unlock your coins you just pull a $5 note out of your vault  and redeem it Smiley

If you attached $5 worth of bitcoins to a $5 note would that mean you could exchange it for $10 in a bitcoin trade and the other person would then have 50% insurance against a double spend of the coins since they can still spend the cash ?

The next question is are the serial numbers on cash available to the public or are they kept in a  government database only ? My concern is someone writing a script that checks all the known serial numbers  Cheesy

I did check a bunch of new dollar bills I received as change once and the serial numbers were indeed sequential.

But you're talking about addresses, right? Not private keys? In any case, I don't think you could generate enough pairs in a lifetime to match a random serial number exactly.

Still around.
jothan
Full Member
***
Offline Offline

Activity: 184
Merit: 100


Feel the coffee, be the coffee.


View Profile
August 14, 2012, 02:32:17 AM
 #3

Yes, serial numbers would be quite silly as a private key. They are predictable, they are sequential and anybody who handles a bill has the serial number and could empty out the bitcoins.

Hence the old mafia movie saying "bills, used, non-sequential".

Bitcoin: the only currency you can store directly into your brain.

What this planet needs is a good 0.0005 BTC US nickel.
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1009


firstbits:1MinerQ


View Profile WWW
August 14, 2012, 02:32:43 AM
 #4

That's cool. We could replace dollar bills one by one. Convert to Bitcoin and destroy. Smiley Kidding.
Don't know about serial #s but you can salt it with some private text to circumvent.

kayrice
Member
**
Offline Offline

Activity: 104
Merit: 11


View Profile
August 14, 2012, 03:10:00 AM
 #5

As others have pointed out the numbers on the bill won't make a good private key without a decent amount of information from another source, which probably destroys any utility this would have. Also there is nothing to stop the Bitcoin wallet from not having $10 later so the relationship between BTC and USD would require upkeep or trust - possible even both.
unclemantis
Member
**
Offline Offline

Activity: 98
Merit: 10


(:firstbits => "1mantis")


View Profile
August 15, 2012, 02:25:34 AM
 #6

I don't think that is a good idea. One could just brain wallet sequential numbers and check the public key balance against the chain.

BZZZ!!!! Try again!

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
unclemantis
Member
**
Offline Offline

Activity: 98
Merit: 10


(:firstbits => "1mantis")


View Profile
August 15, 2012, 02:28:29 AM
 #7

Well for one thing www.bitaddress.org tells me that my passphrase is too short and won't allow a brainwallet to be generated.

LETTER LETTER NUMBER NUMBER NUMBER NUMBER NUMBER NUMBER NUMBER NUMBER LETTER

Try again hippie!

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 15, 2012, 02:33:32 AM
 #8

Using a passphrase this short would result in about a 100% probability of being stolen from eventually.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
unclemantis
Member
**
Offline Offline

Activity: 98
Merit: 10


(:firstbits => "1mantis")


View Profile
August 15, 2012, 02:54:27 AM
 #9

I for one think that brain wallets are a recipe for disaster. I still believe AES encrypting a private key and storing the encrypted key in multiple places is far more secure.

I have found a place that charges $15 per line. Depends on the font size and size of the piece of metal that is.

FYI Things Remembered is a fucking rip off, try and find someone local, they all ship it out.

Mike, any thoughts?

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
unclemantis
Member
**
Offline Offline

Activity: 98
Merit: 10


(:firstbits => "1mantis")


View Profile
August 15, 2012, 02:59:52 AM
 #10

http://www.onlinemetals.com/merchant.cfm?pid=12626&step=4&showunits=inches&id=322&top_cat=1353

I am trying to find a credit card sized piece of Titanium.

Thoughts folks? Is titanium really needed? Can I get away with several dog tag sized peaces of metal? Hell if there is a fire in one location that i have the key stored in and it melts I still have the key in the other locations, right?

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
unclemantis
Member
**
Offline Offline

Activity: 98
Merit: 10


(:firstbits => "1mantis")


View Profile
August 15, 2012, 03:07:05 AM
 #11

I am really sorry for trolling but here is a site that does dogtags. The problem is they don't allow the equal sign, plus they only allow 15 characters a line and 5 lines per dog tag.

The AES code that is generated is 108 characters, and even if i leave off the trailing equal sign that is still too many.

Thoughts folks? Is there an AES code COMPRESSOR? Like Zip is to files?

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
unclemantis
Member
**
Offline Offline

Activity: 98
Merit: 10


(:firstbits => "1mantis")


View Profile
August 15, 2012, 03:11:09 AM
 #12

http://stackoverflow.com/questions/93451/does-aes-128-or-256-encryption-expand-the-data-if-so-by-how-much

Looks to me like I would need to compress the private key before encrypting.

How do you compress a private key such as 5Jv2WzF1ZMBWpaVAYZEsRqXCo2zkqDpYkgrHm1AJUm6fiQgU8QU

FYI for you funny people. I have not funded this key.

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 15, 2012, 04:09:03 AM
Last edit: August 15, 2012, 04:25:48 AM by casascius
 #13

http://stackoverflow.com/questions/93451/does-aes-128-or-256-encryption-expand-the-data-if-so-by-how-much

Looks to me like I would need to compress the private key before encrypting.

How do you compress a private key such as 5Jv2WzF1ZMBWpaVAYZEsRqXCo2zkqDpYkgrHm1AJUm6fiQgU8QU

FYI for you funny people. I have not funded this key.

I actually have a proposal in the works for doing exactly that.  It avoids expanding the private key by too large a margin (currently adds about 4-5 characters).

I have released a draft Casascius Bitcoin Address Utility that WORKS (in the sense that it will encrypt and decrypt keys), but the spec will be revised to make the passphrase more resistant to brute-forcing, before the specification ever becomes any official part of Bitcoin.  If/when it does, any keys generated by the utility NOW won't work.  The current version generates private keys that start with "6p" and are only a few characters longer than the "5J" one above.

The AES algorithm itself doesn't add any overhead, something in comes out the same size.  But using AES securely requires some random "initialization" bytes to help the cipher start out in a scrambled state - this adds a fixed 16 or 32 bytes of overhead to any usage of it.  And Base64encoding binary data incurs an automatic 25% overhead all by itself, encrypted or not.

I avoid bulking up my encrypted private key while still using AES by taking a shortcut and skipping the initial scrambling bytes (aka an "initialization vector").  I can sort of get away with it because the data to be encrypted is already totally random to begin with, making some attacks (e.g. known plaintext attack) not an issue.  But I'm likely to need to use a much stronger algorithm for converting the password to a key than I'm using now (SHA256) before it will be considered reasonably secure against cracking.

When it's all said and done, the final algorithm will probably produce AES-encrypted Base58-like private keys that are 57 characters in length and also start with "6p".

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1009


firstbits:1MinerQ


View Profile WWW
August 15, 2012, 05:28:41 AM
 #14

I am really sorry for trolling but here is a site that does dogtags. The problem is they don't allow the equal sign, plus they only allow 15 characters a line and 5 lines per dog tag.

The AES code that is generated is 108 characters, and even if i leave off the trailing equal sign that is still too many.

Thoughts folks? Is there an AES code COMPRESSOR? Like Zip is to files?
If you're willing to split it on several tags and store in several places then you can use Shamir Secret Encoding. You split the 51 char key into several parts using Shamir (eg. 3 of 4). Put each part on a tag. Now you need 3 out of 4 tags to come together to regain the original key. So if one melts you're ok. Someone wanting to gain your key has to find at least 3 out of 4 tags. (You can use whatever M of N you please). To the best of my knowledge Shamir is provably secure.

2weiX
Legendary
*
Offline Offline

Activity: 2086
Merit: 1006

this space intentionally left blank


View Profile
August 15, 2012, 06:51:38 AM
 #15

so for the cryptologically impaired:

- if i took 10 1$ bills  (20 5$ bills...)
- chained their serial numbers
- did a magic salt thingy with "holyholydollarbillholdmybitcoinifyouwill"
- and then use that to generate a privkey
- funded that with 10BTC (100 BTC...)
..
..
-put the dollars in my vault
..
..
- take em out, reverse the process above


this could work, yes?
aq
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
August 15, 2012, 10:14:23 AM
 #16

so for the cryptologically impaired:

- if i took 10 1$ bills  (20 5$ bills...)
- chained their serial numbers
- did a magic salt thingy with "holyholydollarbillholdmybitcoinifyouwill"
- and then use that to generate a privkey
- funded that with 10BTC (100 BTC...)
..
..
-put the dollars in my vault
..
..
- take em out, reverse the process above


this could work, yes?
Yes, that would work perfectly. I believe that it is not even necessary to use 10 serials.
BTW, it would be way cooler to make this multi-currency. Use a dollar note, a euro note, a pound note, a swiss franc note and, I am sure you still have one, a DM note.
Paranoid mode:
Use some secret chaining text containing symbols in between, like "-!-", otherwise you would end up having only numbers and letters in your pass phrase.
While I like "holyholydollarbillholdmybitcoinifyouwill", you have to come up with something else, as this is now known.
ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
August 15, 2012, 10:24:29 AM
 #17

If you really wanna attach bitcoins to a bank note you can do this:

All banknotes contain UV active security features, from my knowledge these are just a bunch of flakes inside the paper distributed randomly. In order to generate the private key you need to photograph the note and write some software to derive a fingerprint of the note. This fingerprint can then be used to derive a private key.

Alternatively you can take a macro of the note and use the irregularities in the paint and so on. But this can be done with almost any physical object using sufficient resolution.
mistfpga
Member
**
Offline Offline

Activity: 86
Merit: 13


View Profile
August 15, 2012, 12:09:43 PM
Last edit: August 15, 2012, 12:20:07 PM by mistfpga
 #18

so for the cryptologically impaired:

- if i took 10 1$ bills  (20 5$ bills...)
- chained their serial numbers
- did a magic salt thingy with "holyholydollarbillholdmybitcoinifyouwill"
- and then use that to generate a privkey
- funded that with 10BTC (100 BTC...)
..
..
-put the dollars in my vault
..
..
- take em out, reverse the process above


this could work, yes?

It might work, but why bother? why not just print out the private key and store that?

if you really must over complicate things, you can AES encrypt the key, then your holyholy... would be the passphrase to decrypt the private key.

I am not sure what you are trying to achive, the OP was trying to find a mechanism for hedging against loss of the bitcoins, you are just making things overly complicated for no gain.

re:op,

you would have to have a function (like a hash function) that could be run over the serial number to 'scramble' it.  bcrypt would be a good idea for this, with the key being a part function of the required to caclulate the amount of times to run the algo to encrypt and another part as an 'init' vector, this could be a filter or a keyword. ideally you would like to be able to make both of these public and it still be cost/time prohibitive to brute force all serial numbers.

I quite like the idea, but I am not sure of the pratical application, for safty you are better off storing encrypted private paper wallets. but for the prevention of double spends you would need to demostrate that the funds are there and the wallet can be derived from the serial number, both of these things are non trivial to do properly... you have got me thinking though...

edit: removed an obtuse comment not meant for the reply, i though someone else wrote the reply. sorry about that
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500

I am the one who knocks


View Profile
August 15, 2012, 03:56:35 PM
 #19

One could just brain wallet sequential numbers and check the public key balance against the chain.
For some reason this reminded me of johnny mnemonic where the 'password' was three pictures.

Have a bill that has three images on it that you have to type in.  (like a picture of a rabbit and you have to type in bunny).

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Bitcoin Oz (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
August 16, 2012, 04:16:50 AM
 #20

I probably wouldnt store my life savings in a $5 note  Tongue

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!