Bitcoin Forum
December 04, 2016, 12:39:50 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Incomplete Private Keys in Wallet?  (Read 634 times)
Mageant
Legendary
*
Offline Offline

Activity: 1079



View Profile WWW
July 04, 2011, 08:55:57 PM
 #1

How about having incomplete private keys in the wallet for more security?

Every time you make a transfer using a certain key you would need to add missing characters using a printout that you make when the wallet is created. The program would let you choose the number of missing digits depending on the level of security that you want. The program would then also transfer any difference in BTC to a new private key so that effectively each private key is only used once. You could also store the "printout" in some file of your own choosing in case you lose the printout.

  ►  NEW ECONOMY MOVEMENT  ◄ 
  100% built from scratch • revolutionary forging mechanism • fairly distributed

BIETCOIN.DE - Kleinanzeigenmarkt für Bitcoin
1480855190
Hero Member
*
Offline Offline

Posts: 1480855190

View Profile Personal Message (Offline)

Ignore
1480855190
Reply with quote  #2

1480855190
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Yeti
Member
**
Offline Offline

Activity: 112

Firstbits: 1yetiax


View Profile
July 04, 2011, 09:19:27 PM
 #2

I love it how everybody brainstorms on security...
But, seriously. Do you think you are much smarter than Gavin and Jeff and all the others?!

Here are my 0.02 BTC on this:

Flaw #1: "Let the user decide the level of security"... Users, and I know you are familiar with the term "DAU", want maximum comfort and don't care about security. As evidenced by the Mt. Gox hack apparently "123456", your birthday or any 5-6 character dictionary password are enough to secure $1000+. The first request would be an option to "store" the missing characters in the wallet.

Flaw #2: Forcing people to use a new private key after every transaction is asking for trouble. I regularly use my wallet on three different computers and I am very happy that my day-to-day transfers are done from one account (apart from the safely stored "savings" account). If I would have to sync all of them all of the time I would go crazy.

Flaw #3: If you ever lose those missing characters you will not ever be able to recover your funds! Unlike with a bank that can issue new passwords and TANs, you are effectively screwed. Admitted, that would also happen with a not backed-up wallet, but now you have two things to worry about: Your wallet and the "printout" (hardcopy or not). I doubt that most people have fire-proof safes to store valuable paper like this.


Let's face it: "More security" can only be accomplished by educating users. It's already possible to have a safe wallet, even though it is not encrypted and password-protected. And it will also be possible to be unsafe once everything is super-safe and tenfold-encrypted. People will just keep using "secret" as their password!

Apart from that: Germans FDG!! (für den Gewinn)

1YetiaXeuRzX9QJoQNUW84oX2EiXnHgp3 or http://payb.tc/yeti

Since Bitcoin Randomizer is dead, join the Bitcoin Pyramid (referrer id #203)! Be quick, be on top! Instant payout as soon as one of your referrals deposits!
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
July 04, 2011, 09:21:32 PM
 #3

If only a few characters are missing they can just be brute forced.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!