Bitcoin Forum
November 03, 2024, 11:49:12 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Use of countries to grab more entropy for brain wallets  (Read 3476 times)
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
September 07, 2012, 06:50:32 PM
Last edit: September 07, 2012, 07:06:16 PM by jim618
 #1

I was playing around today with the easiest way to remember 128 bits for a private key.

The nicest way I have seen so far is from etotheipi (IIRC) which was:

Choose 8 words from a vocab list of 2^16 (= 65536) words.

This gives 8 * 16 = 128 bits of entropy.


I looked at various sets of things and how easy they were to remember and think countries is quite useful.
It is a little nebulous the definition of a country but let's use the US State department's list of 195 countries. This gives 7.6 bits per country choice.

To get 128 bits of entropy you can then use:

6 choices of a country plus a word from a vocab list of around 13700.

You can have a simpler vocab list, which could concentrate more on concrete things.
To remember the full 128 bits for a private key you might have to memorise a list:

cat from Benin
umbrella from Guatemala
pomegranate from Canada
brick from Malaysia
sausage from Australia
roof from Mongolia

To make best use that our memories are associative, you would first remember:

cat
umbrella
pomegranate
brick
sausage
roof

These have to be remembered in order. I suggest these are just remembered by rote or by a little 'nonsense story'. (The cat walked past the umbrella and saw a pomegranate sat on a brick. Then some sausages fell off the roof).

And then you would need to remember:
What country was the cat/ umbrella/ pomegranate/ brick/ sausage/ roof from?
You could do this be imagining, say,  a shocked Canadian mounty holding a pomegranate, the Sydney harbour bridge made out of sausages or whatever.

Do people think this is an easier way to remember 128 bits?

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
September 07, 2012, 07:00:05 PM
 #2

Nice idea, but I think it's better to use words in a more meaningful context even if that in theory might mean loosing entropy.
For example, get 10 words from a wordlist until you can make a sentence out of it and drop one or two if necessary.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
September 07, 2012, 07:04:11 PM
 #3

Tripped on a pomegranate from Botswana and broke my ulna and lost reticulocytes while harpooning in the desert.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
September 07, 2012, 07:07:25 PM
 #4

Tripped on a pomegranate from Botswana and broke my ulna and lost reticulocytes while harpooning in the desert.

 Grin
phatsphere
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500


View Profile
September 07, 2012, 07:11:41 PM
 #5

if it is easy to remember, by any standards, it's poor. that's basically a by-product of the kolmogorov complexity.

nobody knows how good word-based attacks will work in 10 years, hence better don't rely on such simplifications.
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
September 07, 2012, 07:14:44 PM
 #6

It still has the full 128 bits of entropy.

The 6 'concrete words' list is shorter and hence easier to remember.

Then each 'concrete word' you visualise in a country specific setting which is the sort of thing humans are good at.

Try it yourself - it is a lot easier than trying to remember:

1101101101010011101110111011100010100101010101110001011001110101011011011010100 111011101110101000101001000101011100010110111101010

(that should be 128 bits!)


MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
ribuck
Donator
Hero Member
*
Offline Offline

Activity: 826
Merit: 1060


View Profile
September 07, 2012, 07:38:01 PM
 #7

Country names are not a good choice because they become obsolete. No-one talks anymore about Ceylon, Bechuanaland, Rhodesia, Siam etc anymore - yet these country names were all in use when I was at school.
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
September 07, 2012, 07:40:40 PM
 #8

Good point. And they do not even rename 1-to-1. e.g. Sudan -> North Sudan + South Sudan.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1073



View Profile
September 07, 2012, 07:50:47 PM
 #9

Do people think this is an easier way to remember 128 bits?
Jim, are you, by chance, a monolingual person? Are you capable of reading any other script than Latin?

Just lay off this problem. It tends to become a paranoidal obsession, similar to the one exhibited in other thread where very intelligent people assume that Internet is operational but all sources of time are compromised.

As far as your software: just make sure that Unicode and various Input Method Editors are operational.

Really just lay it off for a while: it isn't a technical issue and really a behavioral health issue.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
September 07, 2012, 07:54:59 PM
 #10

Good advice there 2112!

:-)

I am not really monolingual no. Whilst my mother tongue is English I speak reasonable Spanish and have lived in Germany and China.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
September 07, 2012, 08:03:23 PM
 #11

Country names are not a good choice because they become obsolete. No-one talks anymore about Ceylon, Bechuanaland, Rhodesia, Siam etc anymore - yet these country names were all in use when I was at school.

I guess names of food items aren't a good choice either because food spoils?

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1073



View Profile
September 07, 2012, 08:12:12 PM
 #12

Good advice there 2112!

:-)

I am not really monolingual no. Whilst my mother tongue is English I speak reasonable Spanish and have lived in Germany and China.
Thank you very much for not getting offended. I wrote my post above with trepidation that somebody will start another deletion campaign against my posts.

If anyone is worried about the entropy of your password/passphrase/passpoem: just make friends with people speaking other languages or at the minimum research the roots of your family. Who knows, you may really be 1/16 Navajo?

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
September 07, 2012, 08:22:38 PM
 #13

@2112 - my brother has taken our family tree back a couple of centuries and we are completely UK+Irish. :-)

On your point on IMEs - from Java's point of view this is mainly in the OS and Java *should* pick up any unicode text that is put into any text field. (Java understands unicode natively)

From your post - are you saying this is NOT the case ? I.e can you not use the IME you normally use for Chinese/ Korean/ whatever ? If so, I need to look into that.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1013



View Profile
September 07, 2012, 08:26:46 PM
 #14

The biggest concern I have with using a brain wallet is chance of forgetting the passphrase.

In order to get high entropy you needs a unique phrase that does not appear anywhere in media, literature or popular culture. How easy is that to remember for long periods of time, especially if you don't compromise security by writing it down? Surely no one would use a brain wallet for addresses which they frequently withdraw from, so how would one remember a random set of words accurately across a period of years?
FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
September 07, 2012, 08:39:29 PM
 #15

Imagine if you had "Siam" in your password and then one day it was gone!

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1073



View Profile
September 07, 2012, 08:42:03 PM
 #16

@2112 - my brother has taken our family tree back a couple of centuries and we are completely UK+Irish. :-)

On your point on IMEs - from Java's point of view this is mainly in the OS and Java *should* pick up any unicode text that is put into any text field. (Java understands unicode natively)

From your post - are you saying this is NOT the case ? I.e can you not use the IME you normally use for Chinese/ Korean/ whatever ? If so, I need to look into that.
I haven't tried your software in a long while. But I do have plentitude of general experience with Java (and other languages supposed to use Unicode natively). One of the most common errors are related to incorrectly supporting the "supplementary characters", the ones beyond the "base plane" of 64kilo-characters.

As to your Irish heritage: one of the best scenes in the movie "The Guard" is where Irish people cooperate with the police by speaking Gaelic. Talk about sufficient entropy...

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
jim618 (OP)
Legendary
*
Offline Offline

Activity: 1708
Merit: 1066



View Profile WWW
September 07, 2012, 08:47:42 PM
 #17

@2112 - yes - will have to look at IMEs a bit more closely.

RE: Irish heritage - our family found out recently that we are all eligible for Irish passports (in addition to UK ones) so are all applying!


@FreeMoney - yes I think the variability of countries over time means this idea is a non-starter.

MultiBit HD   Lightweight desktop client.                    Bitcoin Solutions Ltd   Bespoke software. Consultancy.
d'aniel
Sr. Member
****
Offline Offline

Activity: 461
Merit: 251


View Profile
September 07, 2012, 10:39:48 PM
Last edit: September 08, 2012, 12:10:20 AM by d'aniel
 #18

Just lay off this problem. It tends to become a paranoidal obsession, similar to the one exhibited in other thread where very intelligent people assume that Internet is operational but all sources of time are compromised.
Haha, good advice.  I learned it the hard way.

I figured I'd do something similar: build a directed graph with adjectives and nouns as the nodes, and increment the weight of a directed edge from an adjective to a noun whenever the adjective was found preceding the noun in a sentence while scanning through a huge pile of text, e.g. Project Gutenberg.  Then I ranked the adjectives by their weighted degree and pruned all but the top A adjectives from the graph.  Then I ranked the nouns by weighted degree and pruned all but the top N = 2^(128/6) / A nouns.  Then any 6 randomly chosen pairs would give 128 bits of entropy.

Turned out to be a lot of work, and didn't seem to be yielding anything that was much better than ThomasV's solution.
phatsphere
Hero Member
*****
Offline Offline

Activity: 763
Merit: 500


View Profile
September 07, 2012, 10:44:20 PM
 #19

It still has the full 128 bits of entropy.
shannon != kolmogorov. e.g. "the first 128 digits of pi" has a high entropy but isn't very complex. you really don't know what the next 10-20 years will bring.
Gavin Andresen
Legendary
*
Offline Offline

Activity: 1652
Merit: 2301


Chief Scientist


View Profile WWW
September 07, 2012, 11:32:31 PM
 #20

See http://dl.acm.org/citation.cfm?id=2335366 for recent research on passphrase usability; results do not look good. http://scholar.google.com/scholar?q=passphrase to see what other researchers have tried.

How often do you get the chance to work on a potentially world-changing project?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!