Bitcoin Forum
December 14, 2024, 10:56:51 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Publicly released some of the magic potion that goes into physical bitcoins!  (Read 9240 times)
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1026



View Profile
December 06, 2012, 11:13:40 PM
 #21

Mike, you're awesome.  I've already used the two factor in your newest utility to do an escrow transaction with somebody.  This is awesome.

casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 06, 2012, 11:18:38 PM
 #22

I have been doing a mix of the following (working on making it more consistent)

1 - Using SecureRandom from the BouncyCastle dependency
2 - Using SecureRandom from .NET's System.Security.Cryptography
3 - Doing both of the above while XORing the bytes with "extra entropy", formed mainly from hashing a buffer that grows when the app receives events (mouse moves, timer ticks, etc. cause the system tick count to be appended to the buffer) and gets chopped down when it gets too big, by being replaced with a hash of itself.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 06, 2012, 11:21:32 PM
 #23

Mike, you're awesome.  I've already used the two factor in your newest utility to do an escrow transaction with somebody.  This is awesome.

How did that work?  I am guessing you sent funds to an address neither of you had access to, until one of you ceded your key material to the other?

Just curious, did your deal involve checking the confirmation code to verify the address was indeed encumbered?

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
enmaku
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile
December 06, 2012, 11:24:12 PM
 #24

I have been doing a mix of the following (working on making it more consistent)

1 - Using SecureRandom from the BouncyCastle dependency
2 - Using SecureRandom from .NET's System.Security.Cryptography
3 - Doing both of the above while XORing the bytes with "extra entropy", formed mainly from hashing a buffer that grows when the app receives events (mouse moves, timer ticks, etc. cause the system tick count to be appended to the buffer) and gets chopped down when it gets too big, by being replaced with a hash of itself.


Started to post exactly this myself. You're too fast for me mike!

Code:
        private void Walletgen_Shown(object sender, EventArgs e) {
            const int phraselength = 80;

            RandomNumberGenerator rng = RandomNumberGenerator.Create();
            Byte[] byte8 = new byte[phraselength];
            rng.GetBytes(byte8);
            string randomphrase = "";
            string junk64 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz*#_%+!";
            for (int i = 0; i < phraselength; i++) {
                randomphrase += junk64.Substring(byte8[i] & 63, 1);
            }
            txtPassphrase.Text = randomphrase;
        }
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756
Merit: 522



View Profile
December 07, 2012, 09:18:56 AM
 #25

Pretty cool.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
bitcats
Legendary
*
Offline Offline

Activity: 1015
Merit: 1001



View Profile
December 07, 2012, 11:32:40 AM
 #26

There seems to be a bug, but im not sure:

I start the program, enter an (encrypted) key: 6PfRj9PLSPfGW9z5iKKyaVyKFvWScDhxvYjhtghhi9dVk8vAUngZD9RL6V
I click for details: the address utility opens.
I enter the passphrase "topsecret", and it calculates the hex/hash
Everything ok so far.
Now i click "Print Banknote" an i get an error message    
Code:
System.InvalidOperationException: Address is not available
    BtcAddress.EncryptedKeyPair.GetAddress()
    BtcAddress.KeyCollectionItem.GetAddressBase58()
    BtcAddress.QRPrint.OnPrintPage(PrintPageEventArgs e)
    System.Drawing.Printing.PrintDocument._OnPrintPage(PrintPageEventArgs e)
    System.Drawing.Printing.PrintController.PrintLoop(PrintDocument document)
    System.Drawing.Printing.PrintController.Print(PrintDocument document)
    System.Drawing.Printing.PrintDocument.Print()
    BtcAddress.Forms.PrintVouchers.button1_Click(Object sender, EventArgs e)
    System.Windows.Forms.Control.OnClick(EventArgs e)
    System.Windows.Forms.Button.OnClick(EventArgs e)
    System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
    System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
    System.Windows.Forms.Control.WndProc(Message& m)
    System.Windows.Forms.ButtonBase.WndProc(Message& m)
    System.Windows.Forms.Button.WndProc(Message& m)
    System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
    System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
    System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

The same when i try to safe the "Address List" i get the message: Address not available

"Unser Problem ist nicht ziviler Ungehorsam, unser Problem ist ziviler Gehorsam."  - Howard Zinn
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1026



View Profile
December 07, 2012, 02:36:49 PM
Last edit: December 07, 2012, 03:16:55 PM by luv2drnkbr
 #27

Mike, you're awesome.  I've already used the two factor in your newest utility to do an escrow transaction with somebody.  This is awesome.

How did that work?  I am guessing you sent funds to an address neither of you had access to, until one of you ceded your key material to the other?

Just curious, did your deal involve checking the confirmation code to verify the address was indeed encumbered?

I don't know what the word "encumbered" means in this sense.  We both just verified that we did indeed got the same public address, then I sent funds to that address.  He performed agreed upon service.  Then I sent him the private key for my address (a throwaway created just for that transaction).

I still don't know the private key for the "escrow" address, but the money was moved out of it, so I know he got it.

Edit:  Oh, we used the Key Combiner, not the confirmation thingy.

Edit 2: oohhh I was using an old version.  this confirmation code thing is super awesome.

Edit 3:  Is there a way to get the confirmation code without printing the physical coin insert?  I can't find any other way.

casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 07, 2012, 03:10:25 PM
 #28

There seems to be a bug, but im not sure:

I start the program, enter an (encrypted) key: 6PfRj9PLSPfGW9z5iKKyaVyKFvWScDhxvYjhtghhi9dVk8vAUngZD9RL6V
I click for details: the address utility opens.

This is a bug in the sense that I'm mishandling what to do when this happens, but there's a fundamental problem: the key is encrypted and the program doesn't know the address.

Despite you decrypting it in the address utility, the program doesn't hold on to the password for the benefit of the printing part.  The print utility does not know the address of an encrypted private key unless you actually generated it within the program.  I would either have to add a prompt to collect that from you, or refuse to print at least the address.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 07, 2012, 03:16:48 PM
 #29

I don't know what the word "encumbered" means in this sense.

By this, I just mean that the funds themselves are unmovable until the restriction is satisfied.  I might have been more clear had I just said "restricted".

I suppose it's confidence building for the sending side to be able to have something tell him, in green bold print, "yes this address is safe and is half yours".  The "intermediate" and "confirmation" are little more than the same operations of the multiplying key combiner itself, wrapped in a pretty container with salt, some encryption, and some self-defense against typos. 

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1026



View Profile
December 07, 2012, 03:17:56 PM
 #30

Is there an easy way to get the confirmation code or do I just have to print the insert?

casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 07, 2012, 03:23:30 PM
 #31

Is there an easy way to get the confirmation code or do I just have to print the insert?

I will have to add one, now that I'm aware of this as a suitable application.  There isn't any way currently exposed other than that.

As a stop gap, if you're able to print to PDF, do that.  But I'm sure it'll get added soon enough.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1026



View Profile
December 07, 2012, 03:25:26 PM
 #32

Yeah, that's exactly what I did, PDF then just text copy.  Worked just fine, just a minor pain.  Still, friggin awesome!!!!!

bitcats
Legendary
*
Offline Offline

Activity: 1015
Merit: 1001



View Profile
December 07, 2012, 04:48:56 PM
 #33

Despite you decrypting it in the address utility, the program doesn't hold on to the password for the benefit of the printing part.  The print utility does not know the address of an encrypted private key unless you actually generated it within the program.  I would either have to add a prompt to collect that from you, or refuse to print at least the address.
I'd like to import my (encrypted) keys and print them with the utility. Will you add this option to the next release?

"Unser Problem ist nicht ziviler Ungehorsam, unser Problem ist ziviler Gehorsam."  - Howard Zinn
Tuxavant
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1010

Bitcoin Mayor of Las Vegas


View Profile WWW
December 07, 2012, 05:35:40 PM
 #34

This is ridiculously cool crypto! Some requests:

* help | about, version

* a viewable dir index showing all previous versions and a symlink from btcaddress.zip to the latest version.

* some way to automate notifications of all future updates: rss blog feed, official forum thread, etc.

* a bitcoin donation address 8D

Will there ever be support for these functions in linux, either gui or text?

bitcats
Legendary
*
Offline Offline

Activity: 1015
Merit: 1001



View Profile
December 08, 2012, 11:52:29 AM
Last edit: December 08, 2012, 12:02:37 PM by bitcats
 #35

The print utility does not know the address of an encrypted private key unless you actually generated it within the program.  I would either have to add a prompt to collect that from you, or refuse to print at least the address.
    I'd like to import my (encrypted) keys and print them with the utility. Will you add this option to the next release?

(Thanks a lot for that useful utility. Donation is coming)

"Unser Problem ist nicht ziviler Ungehorsam, unser Problem ist ziviler Gehorsam."  - Howard Zinn
John Kirk
Member
**
Offline Offline

Activity: 65
Merit: 10



View Profile WWW
December 08, 2012, 02:29:53 PM
 #36

This is very generous, Casascius.  Thanks!

I'm not seeing a license file anywhere. What license is the source code released under?
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 08, 2012, 03:40:25 PM
 #37

This is very generous, Casascius.  Thanks!

I'm not seeing a license file anywhere. What license is the source code released under?


GPLv3

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 16, 2012, 07:54:32 PM
 #38

A version for Mac would be awesome

It will run with Mono or Parallels

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
phelix
Legendary
*
Offline Offline

Activity: 1708
Merit: 1020



View Profile
February 03, 2013, 04:59:32 PM
 #39

Is it generally possible to generate the corresponding namecoin public key from a bitcoin public key?
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 03, 2013, 05:03:21 PM
 #40

Is it generally possible to generate the corresponding namecoin public key from a bitcoin public key?

I assume you mean namecoin address vs Bitcoin address (public keys are the same for both)

Use my Utility, the Address Utility screen

Put the Bitcoin address in the bottom box and hit the up arrow to get the Hash160

Then switch the selection dropdown from Bitcoin to Namecoin. Then hit the opposite arrow to go from hash160 to address and you will get the namecoin address.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!