Bitcoin Forum
December 12, 2017, 06:19:39 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4]  All
  Print  
Author Topic: New blog post: Hiding Bitcoins in Your Brain  (Read 6962 times)
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1372


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
January 30, 2013, 03:34:53 PM
 #61

Here is another idea: split your funds across 10 or 20 brainwallets whose passphrases don't easily lead to one another.

Admittedly though, this is far easier said than done.

I have long thought that being able to have 10 or 20 distinct brainwallets would be a killer application for Bitcoin.  The catch is that each of those brainwallets must not be clues as to how to hack the other ones, otherwise someone will do it.

The prototypical application for such a thing would be an activist in prison, or someone stuck in another country and robbed of everything but their underwear.  The prisoner would want the ability to have a brainwallet so that he could reliably secure legal counsel and pay bills, but without being stuck with the choice of giving access to nothing or everything.  He could use brainwallet #1 for his retainer (if in prison) and release the remaining ones to pay bills as they came due.  The robbery victim could call somebody back home and ask for fiat via Western Union (assuming no way to sell BTC locally), without the risk that the person could rip them off for more than 10% of their brain money (and have it 1/10 the temptation at the same time).

Of course, the problem is that it's bad enough just learning a single passphrase with sufficient entropy, let alone a dozen.  For someone really interested in it, they'd probably have to learn some sort of algorithm that they could sort out in their head or with nothing more than a pencil and paper, so they could derive their own private keys by hand.  (In this case, it's safe to assume they've got relatively unlimited time on their hands)

For example if one memorized the SHA256 algorithm and could compute a SHA256 hash on paper with unlimited time, he could remember "n bottles of beer on the wall in my grandmother's basement at 20205 poppy lane in Witchita" where n was a number he could increment.  He could hand-hash in his prison cell without divulging his passphrase (assuming he had a way to not get his notes confiscated).

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513102779
Hero Member
*
Offline Offline

Posts: 1513102779

View Profile Personal Message (Offline)

Ignore
1513102779
Reply with quote  #2

1513102779
Report to moderator
1513102779
Hero Member
*
Offline Offline

Posts: 1513102779

View Profile Personal Message (Offline)

Ignore
1513102779
Reply with quote  #2

1513102779
Report to moderator
1513102779
Hero Member
*
Offline Offline

Posts: 1513102779

View Profile Personal Message (Offline)

Ignore
1513102779
Reply with quote  #2

1513102779
Report to moderator
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736

Let's talk governance, lipstick, and pigs.


View Profile
January 30, 2013, 03:56:37 PM
 #62

How secure is this type of brainwallet?
1. Memorize a short phrase like a song lyric or quotation.
2. Make an algorithm that converts the letters to numbers.
3. Use those numbers to find words in a book making sure of the exact edition.
4. Use those words as the actual brainwallet passphrase.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
mpfrank
Sr. Member
****
Offline Offline

Activity: 247


Cosmic Cubist


View Profile
January 30, 2013, 04:44:08 PM
 #63

How secure is this type of brainwallet?
1. Memorize a short phrase like a song lyric or quotation.
2. Make an algorithm that converts the letters to numbers.
3. Use those numbers to find words in a book making sure of the exact edition.
4. Use those words as the actual brainwallet passphrase.

As long as the code used is obscure, it might be OK, but the need to have access to the book makes it unsuitable for some scenarios (e.g. you're on the run and have to quickly access your stash, you don't have the book w. you, and there's no time to visit the library).

If all the sovereign non-cryptocurrencies will eventually collapse from hyperinflation, you can't afford *not* to invest in Bitcoin...  See my blog at http://minetopics.blogspot.com/ .

Donations accepted at:  17twYNyqTiCTM2gJmumkytvhZh4sCVSKNH
UncleBobs
Member
**
Offline Offline

Activity: 103


It From Bit


View Profile WWW
January 30, 2013, 04:50:41 PM
 #64


Though time consuming, this is probably the most secure way to set up a brain wallet:

http://www.extremetech.com/extreme/133067-unbreakable-crypto-store-a-30-character-password-in-your-brains-subconscious-memory

There was a discussion of this on HN a few months ago:
https://news.ycombinator.com/item?id=4266115

Disobey the Thought Police.  Resist Totalitarian Humanism.
http://attackthesystem.com/?s=totalitarian+humanism
mpfrank
Sr. Member
****
Offline Offline

Activity: 247


Cosmic Cubist


View Profile
January 31, 2013, 12:00:08 AM
 #65


Well, in addition to all the critiques on that thread, it seems rather cumbersome and unwieldy.  And I think it's unlikely to be widely adopted.  Also, I would be nervous that maybe my subconscious wouldn't meet expectations when I need it to the most.

If all the sovereign non-cryptocurrencies will eventually collapse from hyperinflation, you can't afford *not* to invest in Bitcoin...  See my blog at http://minetopics.blogspot.com/ .

Donations accepted at:  17twYNyqTiCTM2gJmumkytvhZh4sCVSKNH
dooglus
Legendary
*
Offline Offline

Activity: 2366



View Profile
January 31, 2013, 12:25:27 AM
 #66

To make a truly secure brainwallet passphrase take the output of
Code:
dd bs=32 count=1 if=/dev/random | hexdump -e '"%x"'
and convert it to PGP words

That hexdump format drops leading zeros, so you don't always get the same length output.  Use %08x instead:

Code:
$ for i in . . .; do dd bs=32 count=1 if=/dev/random 2>/dev/null | hexdump -e '"%x"'; echo; done
16a1e01aab6de7fe6e8e5e8f28420f0d8cf1d12256321054f57f6973b6e6b2
23db86401bea1e3ac5c089fa1a5333f2403448314a15e3d724995a328e31bee6
e8dbc73fcab648562843757bf32ce6a5ee685689e40a6818ed65f3c1623a00e
$ for i in . . .; do dd bs=32 count=1 if=/dev/random 2>/dev/null | hexdump -e '"%08x"'; echo; done
3e2b8050eba7507b02f8e92e4d046f2e8b77b37914eb33a190bbaec26e589e0b
140b7e3f8ec3d995b8c84c79a1aad8dae792a7da13bbb457432c1543440237a3
ea6ca2eb010fbd8044ea907398308bb4643f23114f5c935162736623cdec6f94

Also note that /dev/random won't always have 32 bytes of random data available, so you might get a much shorter output.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
January 31, 2013, 02:53:20 AM
 #67

Also note that /dev/random won't always have 32 bytes of random data available, so you might get a much shorter output.
It should block until it has enough data.
thezerg
Legendary
*
Offline Offline

Activity: 1246


View Profile
January 31, 2013, 03:57:52 AM
 #68

It would be unfortunate to make brainwallets inconvenient to generate because they won't hold coins securely for decades when some people may desperately need them for just a few hours or days during periods of travel or social unrest...

ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
January 31, 2013, 04:21:19 AM
 #69

OR.. OR....  use a random wallet and store the private key / recovery code in LastPass or keepass.

I understand the 'attractiveness' of brainwallets is that your computer could go away and you can still get your bitcoins back.

HOWEVER usb drives / paper wallets / safe deposit boxes / mom's houses are very effective and cheap. 

This reminds me of a conversation we had at work.  We currently backup on-site and ti our data center, which happens to be about two blocks away from us.  We had the opportunity to add another city to that list.  Whilst discussing it I brought up the good question "if our building is destroyed AND the datacenter is destroyed will we still be in business?"

if you PGP encrypt your wallet and give your mom a copy and put a copy in your safe deposit box and all those are destroyed then most likely your primary concern is going to be running from zombies and not where your magic internet money went.

Just Sayin.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Ukigo
Hero Member
*****
Offline Offline

Activity: 938


View Profile
Re:
February 02, 2013, 09:21:42 AM
 #70

For those of you, who have spare unneeded coins Wink
I have new toy in Google Go :

https://bitbucket.org/mmanchaild/brainqeyz.git

This SAVING brainwallet generator has
some quite secure properties.

On average PC EVERY brute-force attempt of a passphrase will take ~ 90 minutes to perform.
It comes with a cost: application will
 run about 2..3 hours for one launch.
You will need to launch it at least 2 times
(or MORE) for safety reasons.
And then you must compare results.
They must be the same.
 
 

"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
Re:
February 02, 2013, 11:24:42 PM
 #71

For those of you, who have spare unneeded coins Wink
I have new toy in Google Go :

https://bitbucket.org/mmanchaild/brainqeyz.git

This SAVING brainwallet generator has
some quite secure properties.

On average PC EVERY brute-force attempt of a passphrase will take ~ 90 minutes to perform.
It comes with a cost: application will
 run about 2..3 hours for one launch.
You will need to launch it at least 2 times
(or MORE) for safety reasons.
And then you must compare results.
They must be the same.
 
 

I am interested in how you calculated that every brute force attempt would take 2.5 hours.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1372


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 03, 2013, 12:17:55 AM
 #72

A brainwallet generator that has an option that can be cranked up to 90+ minutes might be useful.  But one that requires people to wait 90 minutes to do their first brainwallet, is one that probably hasn't been properly thought through.

A 90-minute or 900-minute brainwallet has useful properties from the perspective of robbery/duress prevention.  Teaching someone that a brainwallet is something that requires at least 90 minutes to access, on the other hand, is going to sound ridiculous.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Ukigo
Hero Member
*****
Offline Offline

Activity: 938


View Profile
February 03, 2013, 06:29:44 AM
 #73

@ErebusBat
It was an ETA for my PC for one try of
P & S combination.
On your box the time needed could be different.

Look at the source code.
Application simply discards first 300 found keys.First key "in the money" will be
301st key.

So that "anti brute-force time barrier"
is the sum of : the time for calculating
 scrypt pre-key and the time for calculating
 all those 300 keys, that will be discarded.

one can adjust this "time barrier" simply
 by changing the count of discarded keys
 to bigger number.It will give him more safety.

@casascius
Yes, it can be tuned to 900-minute or even
1-week Wink mode of operation.

This is just simple utility for people,
who know , what they are doing, and NOT
 for newbies.
Even passphrases provided with the source
 code should prevent newbie from playing
 with "brainqeyz" Wink

This is a usual trade-off between time and security.

Also note, that only generating keys(several times for safety) will take a long time.
But then you will simply have a bunch of keys,
which can be imported as always into any *coin
 client capable for key import.
One can store "ready for use" keys in the truecrypt container.

"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
February 03, 2013, 02:19:25 PM
 #74

I am not sure I see the point in this vs truly random keys?

My thought behind brainwallets were so that they could not be lost or destroyed?  The idea behind just using a simple SHA256 was that it was not complicated or hard, you can even find (non bitcoin) related sites to do it for you.

If you require a special program to generate your address then does that leave the realm of brainwallet and enter the realm of super-duper wallet generator?

Don't get me wrong, I really like the idea, but it would be very hard for me to loose anything digital.  But for your average user I am not so sure?

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Ukigo
Hero Member
*****
Offline Offline

Activity: 938


View Profile
February 03, 2013, 03:12:17 PM
 #75

>>>My thought behind brainwallets were so that they could not be lost or destroyed?
Yes,this is a main reason.

My "brainkeyz" is not so "special".
In fact almost everyone (well, every coder) can memorize
this( or similar to this) algo directly in his/her
 brain( thanks to expressiveness of Go ).

The best part of the story :
there is NO average user.
Even after disclosure of the source code,
99,99%% of potential users will
be scared enough and won't use this stuff.


"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1890



View Profile
March 12, 2013, 06:49:28 AM
 #76

How about a SHA256 hash of a picture or video from your own camera? The photo or video is of the sky, or of the ground, or something weird; something no one else is going to take a picture of; in the dark, with highest ISO speed for grainiest photo. Or a bunch of photos. Of course, add salt and iterate a few hundred times.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
Ukigo
Hero Member
*****
Offline Offline

Activity: 938


View Profile
March 12, 2013, 07:54:55 AM
 #77

> How about...
Then you will depend on that photo/video file(s)
quality/validity etc.
So this will not be any different from
holding of
 standard wallet backup. Wink

"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
aliaser
Newbie
*
Offline Offline

Activity: 14


View Profile
Re:
April 08, 2013, 01:03:36 AM
 #78

For those of you, who have spare unneeded coins Wink
I have new toy in Google Go :

https://bitbucket.org/mmanchaild/brainqeyz.git
404, do you have a working link of the souce code?
Ukigo
Hero Member
*****
Offline Offline

Activity: 938


View Profile
April 08, 2013, 05:18:15 AM
 #79

https://bitbucket.org/mmanchaild/brainqeyz/src

Maybe, we have test.go there )
Bitbucket iface is somewhat confusing.

Play with care ! Wink

"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
Pages: « 1 2 3 [4]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!