BTC up for grabs - a BOTG experiment - just claim the BTC!

[bitlotto]

Game change....

It's a little experiment for testing BOTG (Bitcoin Off-The-Grid).
https://forum.bitcoin.org/index.php?topic=23081.0

For testing purposes the script does not need to be run on a Live CD -it's only a tiny amount of BTC- any popular current Linux distribution should be able to handle it. This will help test the algorithms.

What is does is:
-creates a secure address along with a key by which you can get your money back
-nothing is saved on the computer if it's done using a live CD - all the information to get Bitcoin is "Off-The-Grid" -no internet risks and no way anyone else can know the key!!
-if the script is run on a popular live CD it's immune to viruses, spyware, malware, and keyloggers, etc.
-source code can be read to eliminate doubt about what the script does and since there is no internet, nothing can be shared with another party
-the only method of getting the money back is using the key you manually wrote down -unless some hardware was recording your computer or a camera was recording you, baring having someone take the piece of paper from you, no one can get your BTC

Tip: Using blockexplorer.com can help to see if the BTC is still in that address or not.

To help test this I'm just giving the money away....

To get:
-import private key using sipa's import key function
-re-send the BTC to another address before anyone else claims it (this is only required because many people know the private key - in real life usage only one person will have the key)

I kind of want this tested so I have a really simple way to VERY safely store BTC with no chance of viruses, malware, etc taking it.

So if an address contains BTC take it! casascius- you can take some. LOL. Just leave a bit for the experimenter!

[1713906169]

1713906169

[1713906169]

1713906169

[bitlotto]

Not sure how long this one will stay in the game but:

Address:
1819MYYLmV8S6hgtcKErZ1FUcUAz5cn9S2
Private Key:
5JE6Wk3v9wMCBEdwZC5CNuYY4y68S1TSkGKCvY9zyysFU7xL3q3

[proudhon]

This just gave me an idea, and I don't really know why this popped into my head when I read the OP, but it might be fun to start putting bitcoin wallets (printed private keys) in geocache locations with a few bitcoins in the wallet.  If you hid it in a good spot, and it isn't found for a long time, the person who ultimately finds it could be very, very lucky (or just end up with a worthless piece of paper, depending on the future value).

[bitlotto]

This just gave me an idea, and I don't really know why this popped into my head when I read the OP, but it might be fun to start putting bitcoin wallets (printed private keys) in geocache locations with a few bitcoins in the wallet.

Yes! I'd geocache for Bitcoins! The ability to print out/write out an address and private key will allow many ways of giving money out and having prizes, scratch tickets, redeemable coupons, etc. You can use physical objects that give the codes needed to get BTC. There could actually be a lot of uses for this.

[bitlotto]

Which reminds me. Any *good* source for a compiled and patched linux version of Bitcoin that can import private keys. I don't know how many will be able to add this experimental feature and compile it themselves...

[casascius]

Not sure how long this one will stay in the game but:

Address:
1819MYYLmV8S6hgtcKErZ1FUcUAz5cn9S2
Private Key:
5JE6Wk3v9wMCBEdwZC5CNuYY4y68S1TSkGKCvY9zyysFU7xL3q3

Grabbed it (into 1Fa5i8FrZBNecib45SPaaRDLA8EZrbzx3H, combined it with 100.00 from elsewhere to avoid a transaction fee)... thanks for the bitcent!  The 100 BTC came from an address off my Paper Bitcoin Wallet, so I started with a fresh wallet, imported two keys (mine and yours), and then sent the balance to another address (also on my Paper Bitcoin Wallet).

How did you generate the private key?  Did anyone find/fix the bug in my script addition that results in invalid private keys that start with K? (this happens 50% of the time because the leading 00 byte needs to be removed)

By the way, since it is clear not very many people can redeem private keys... I will redeem anyone's private key who is rated, in exchange for ratings, until doing this becomes much easier for everyone else.  It is really easy for me, but it would be nice if MyBitcoin/trading sites allowed you to enter a private key to make a deposit.  If sending me a private key, please encrypt with my PGP key on bitcoin-otc "casascius" and don't forget to send me another address where the BTC should go.

[bitlotto]

Cool it worked. I just added into the script to watch for a hex that starts with 00. If it does then re-run the script. It would be hard to miss. The PROPER way is to do a loop until that condition is met...If you want to attempt it, feel free then message me, and I'll add it into the script. I'm WAY to tired to mess with code right now.

[casascius]

Cool it worked. I just added into the script to watch for a hex that starts with 00. If it does then re-run the script. It would be hard to miss. The PROPER way is to do a loop until that condition is met...If you want to attempt it, feel free then message me, and I'll add it into the script. I'm WAY to tired to mess with code right now.

PS You know from the instructions to be on the "good" side you have to run the script then send the 0.01 to a new address for the taking! LOL.

There is still a problem with 00.  A private key could legitimately start with 00, you don't want a special case where 1 in 256 private keys are unusable and result in someone's bitcoins going into the ether.  The only time you want to shave off 00 is when you have more than 32 bytes (64 characters).

There is a wee bit of difficulty playing ping pong with 0.01 BTC, as a transaction fee must be paid each time it gets swatted to another address... because the system rightfully classifies it as potential penny spam.

[bitlotto]

Another 0.01 to move around in the game...

Address:
1FhANknfz5k4g3X3mLcekpwxikRKJavKbF
Private Key:
5J2PLx7Bu8hBAEjpJ3pzJ2wo2DVVrymZN7Jtqo1MBFsF3EzD4v3

[bitlotto]

Cool it worked. I just added into the script to watch for a hex that starts with 00. If it does then re-run the script. It would be hard to miss. The PROPER way is to do a loop until that condition is met...If you want to attempt it, feel free then message me, and I'll add it into the script. I'm WAY to tired to mess with code right now.

PS You know from the instructions to be on the "good" side you have to run the script then send the 0.01 to a new address for the taking! LOL.

There is still a problem with 00.  A private key could legitimately start with 00, you don't want a special case where 1 in 256 private keys are unusable and result in someone's bitcoins going into the ether.  The only time you want to shave off 00 is when you have more than 32 bytes (64 characters).

There is a wee bit of difficulty playing ping pong with 0.01 BTC, as a transaction fee must be paid each time it gets swatted to another address... because the system rightfully classifies it as potential penny spam.

Ok. As it is the user just re-runs the script to avoid the problem for now. They are told not to use the key if it starts with 00 as it's not working right now...how much should I spend to move around?

[casascius]

Here are two new 0.01's sent into addresses generated by your script:

 
5JPrWUqLodNbyN8Xt2qfX4tgVcSjC9u6kh6QAS5nNsJMuDfH7PN
1DvXZ7Uc1Gsk5rqZENvcJd2p5YUF8ya68K
 
5JcrEEsm5v6KL9zFAh6UAy1QqaNrV4j1XtZczWbLEY5YhMKL6Uz
1K7nQP7qWy58jhtuHVHsCmgNoJaEoZrjtQ

[casascius]

Ok. As it is the user just re-runs the script to avoid the problem for now. They are told not to use the key if it starts with 00 as it's not working right now...how much should I spend to move around?

There's still a problem, in that any private key that legitimately starts with 0000 thru 007F will still get misprocessed, because it will be spit out as a 62-character string.

The criterion you need to look for is not whether the private key starts with 00, but rather, whether it is exactly 64 characters long.  This HAS to work 100% of the time; having it make people lose funds, even if rarely, is inviting disaster and liability.

[johanatan]

-the only method of getting the money back is using the key you manually wrote down -unless some hardware

Or a low-level rootkit.

was recording your computer or a camera was recording you, baring having someone take the piece of paper from you, no one can get your BTC

LiveCD is *not* enough!  You should re-flash the BIOS/mb firmware/EFI firmware/etc if you want to be really certain of a secure system (or start with pristine hardware from a trusted (and competent) manufacturer [which is still no guarantee]).

Read this:
http://www.awgh.org/archives/27

Also, access to source is not enough either if the compiler or interpreter (or any layer under them or your program) is compromised:
http://cm.bell-labs.com/who/ken/trust.html

[casascius]

LiveCD is *not* enough!  You should re-flash the BIOS/mb firmware/EFI firmware/etc if you want to be really certain of a secure system (or start with pristine hardware from a trusted (and competent) manufacturer [which is still no guarantee]).

Read this:
http://www.awgh.org/archives/27

Also, access to source is not enough either if the compiler or interpreter (or any layer under them or your program) is compromised:
http://cm.bell-labs.com/who/ken/trust.html

This is overkill and totally unnecessary.  If the computer doesn't have a network connection, there's no way for the malware to get the stolen keys off the system.

BIOS/firmware viruses are extremely unlikely to take hold.  Every different kind of motherboard and computer has a different BIOS and there is no practical way for a virus writer to make a virus compatible with very many of them, let alone all of them.  If someone were to try, more than likely they would damage a few systems (like CIH virus from ~2000) and would definitely get noticed and made extinct quickly.

tl;dr - this is NOT a concern.

As a close second however, if a binary of OpenSSL on a rigged disc image were modified to generate random numbers that appear random, but are in fact are rigged to be predictable by an algorithm known by the scammer in advance.  Or if the kernel were modified to offer predictable numbers through /dev/random.  This COULD BE a concern.  A mitigating solution would be to have the user mash a long random string (hundreds of characters) on the keyboard and have the keypair generated based off a hash of that string, so someone could test the same string on a known reference build and ensure the same input results in the same output when run on a known clean build.  At which point they could vouch for the hash of the ISO file as being safe.

[johanatan]

LiveCD is *not* enough!  You should re-flash the BIOS/mb firmware/EFI firmware/etc if you want to be really certain of a secure system (or start with pristine hardware from a trusted (and competent) manufacturer [which is still no guarantee]).

Read this:
http://www.awgh.org/archives/27

Also, access to source is not enough either if the compiler or interpreter (or any layer under them or your program) is compromised:
http://cm.bell-labs.com/who/ken/trust.html

This is overkill and totally unnecessary.  If the computer doesn't have a network connection, there's no way for the malware to get the stolen keys off the system.

BIOS/firmware viruses are extremely unlikely to take hold.  Every different kind of motherboard and computer has a different BIOS and there is no practical way for a virus writer to make a virus compatible with very many of them, let alone all of them.  If someone were to try, more than likely they would damage a few systems (like CIH virus from ~2000) and would definitely get noticed and made extinct quickly.

tl;dr - this is NOT a concern.

As a close second however, if a binary of OpenSSL on a rigged disc image were modified to generate random numbers that appear random, but are in fact are rigged to be predictable by an algorithm known by the scammer in advance.  Or if the kernel were modified to offer predictable numbers through /dev/random.  This COULD BE a concern.  A mitigating solution would be to have the user mash a long random string (hundreds of characters) on the keyboard and have the keypair generated based off a hash of that string, so someone could test the same string on a known reference build and ensure the same input results in the same output when run on a known clean build.  At which point they could vouch for the hash of the ISO file as being safe.

Are you saying that it is possible to generate private bitcoin keys totally offline and only bring them online when ready to recover the funds?  It was my understanding previously that the client had to be brought online at least once to download the blockchain and only then could the client create new 'valid' keys which the bitcoin network would recognize (based on a HOWTO guide I saw a few days ago for creating an offline wallet).

Also, while yes, the EFI rootkit or compiler/interpreter hacks are highly unlikely, with a sufficiently motivated attacker and a sufficiently high-value target it is not out of the question (just take Stuxnet for example).

[casascius]

Are you saying that it is possible to generate private bitcoin keys totally offline and only bring them online when ready to recover the funds?

Yep...

[johanatan]

Are you saying that it is possible to generate private bitcoin keys totally offline and only bring them online when ready to recover the funds?

Yep...

Sweet! :-)

[iya]

Are you saying that it is possible to generate private bitcoin keys totally offline and only bring them online when ready to recover the funds?

Yep...

Sweet! :-)

You don't even have to bring private keys online to recover the funds. You could sign transactions offline and then publish them from a different computer.

[billyjoeallen]

This just gave me an idea, and I don't really know why this popped into my head when I read the OP, but it might be fun to start putting bitcoin wallets (printed private keys) in geocache locations with a few bitcoins in the wallet.  If you hid it in a good spot, and it isn't found for a long time, the person who ultimately finds it could be very, very lucky (or just end up with a worthless piece of paper, depending on the future value).

I really like this idea.

[bitlotto]

Someone should grab all three:

5J2PLx7Bu8hBAEjpJ3pzJ2wo2DVVrymZN7Jtqo1MBFsF3EzD4v3
1FhANknfz5k4g3X3mLcekpwxikRKJavKbF

5JPrWUqLodNbyN8Xt2qfX4tgVcSjC9u6kh6QAS5nNsJMuDfH7PN
1DvXZ7Uc1Gsk5rqZENvcJd2p5YUF8ya68K
 
5JcrEEsm5v6KL9zFAh6UAy1QqaNrV4j1XtZczWbLEY5YhMKL6Uz
1K7nQP7qWy58jhtuHVHsCmgNoJaEoZrjtQ

and put the 0.03 BTC somewhere all together...