Bitcoin Forum
December 13, 2017, 04:39:51 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: Bitcoin Wallet generation by hand  (Read 6415 times)
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1890



View Profile
September 16, 2013, 07:48:33 AM
 #41

paid the bounty, now how can i get a public key with not using a computer, nearly impossible I gather?

Your best bet is to take your private key into an offline computer to calculate it for you.

That's what I've been saying. Offline computer to calculate it for you. Can be an offline Android smartphone or tablet. Dice is your entropy source.

.5 btc bounty for a program that will hash working bitcoin addresses and works on a TI-83+

Where can I get one of those? Is that a calculator? On googling, it is a discontinued model. Can you update your request to something I can get today?

And if you include today's smart phones, then we have the solution already. Grab the cheapest model, put bitaddress.org on it, then zap out the antenna or SIM card. Store it in the refrigerator. Cold storage.

http://www.thediceshoponline.com/dice/4411/Hexidice-D16-Hexadecimal-Dice

Hexadecimal Dice. 16 sided. Roll 64 times. Private key.

What am I, chopped liver?  Wink

An alternative is to use your camera and take a picture of the dice, take a picture of the sky and some random things. Then download those pictures and run it through sha256sum.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
1513139991
Hero Member
*
Offline Offline

Posts: 1513139991

View Profile Personal Message (Offline)

Ignore
1513139991
Reply with quote  #2

1513139991
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513139991
Hero Member
*
Offline Offline

Posts: 1513139991

View Profile Personal Message (Offline)

Ignore
1513139991
Reply with quote  #2

1513139991
Report to moderator
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1890



View Profile
September 16, 2013, 07:56:55 AM
 #42

Quote
Although graphing calculators have been called inexpensive in education reform research,[4] the TI-84 Plus Silver Edition costs $139.00 as of 2013 on the TI online store.

I think I'm better off getting the cheapest android unit that can run bitaddress or some app that does the same thing.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
dserrano5
Legendary
*
Offline Offline

Activity: 1848



View Profile
September 16, 2013, 08:08:53 AM
 #43

An alternative is to use your camera and take a picture of the dice, take a picture of the sky and some random things. Then download those pictures and run it through sha256sum.

Actually a single dark picture (cover the lens with your hand) is good enough. The resulting noise and hot pixels in the image are a good source of entropy, coming directly from the sensor (ie hardware).

digit
Legendary
*
Offline Offline

Activity: 1442



View Profile
September 19, 2013, 02:18:17 PM
 #44

Hashes are impossible by hand...
Wouldn't a LiveCD on an offline HDD-less PC enough?

I haven't looked at the details of the hashing algorithm used to generate the public address from the private key.  However, I don't think impossible is correct.  I mean, everything a computer does can (in principle) be simulated using a very long tape and a pencil (see universal Turing machine).

Im just saying, difficult/tedious != impossible.

You want to play with semantics?

Ok, let's play.

Let's take a human, the super-hero kind, who can:
 a/ Calculate a 32-bit operation in 10 seconds
 b/ Work from midnight to midnight everyday
 c/ Calculate a 32-bit operation without any errors

A hash takes about 5000 32-bit operations. So make it 10000 for ripemd160(sha256()).
That makes (10*10000) = 100k seconds = 38.4 hours = 1.6 day non-stop.
Possible.

Now here comes the fun.



This time we take a real human, the super smart kind.

A/ He calculates a 32-bit operation in 30 seconds (please try a 32-bit addition and tell me how much time it took)
This raises the total time to calculate one hash to 115.2 hours

B/ The guy must sleep, so he can "only" work from 8am to midnight.
This makes the total time to calculate one hash equal to 4.8 days.
Still possible.

C/ The lower brain failure rate in the best conditions is 5%. As he's super smart his is only 1%.
The probability of him finding the correct hash on one try is P = 1/2^(100000*1%) = 1/2^1000 ~ 1/10^300

D/ He starts the hashing calculation at birth and will stop at 100 years old.
This is (100*365) = 36500 days of calculation.
One try is 4.8 days, so he has 7604 tries available.
The odd of our super smart guy FINDING AT LEAST ONCE the correct hash in his entire lifetime is then:
  R = 1-Q where Q = (1-P)^7604 = ( 1 - 1/2^1000 )^7604

Basic maths gives that Q > 1 - 7604/2^1000 = 1 - 10^(-297.149) > 1 - 10^(-297)
So R < 10^(-297) < 1/2^986
Yes, R < 1/2^986



TLDR

It's easier to crack 6 different bitcoin addresses with only 6 guesses than to a human to calculate a correct bitcoin address hash in his lifetime
Yes, I call that impossible

well the math is above me lol, but couldn't your 'super-smart' be a little smarter and instead of doing the math himself, be allocated to to the of task simply breaking it up into easier micro chunks of math to be distributed amongst an army of mental sweatshop laborers and then supersmart guy checks over for errors and does the final math on it?  assuming a low amount of errors, it would reduce the time significantly would it not? In some countries right just paying the workers with food (some economical high protein stuff like peanut butter!) would be incentive enough.

note i'm am conscious of 3rd world war/global poverty issues and don't mean to be insensitive here, so please don't interpret as that.

CryptopiaTux Exchange
TiPS: BTC:1DigitwteXwFcRAaWpVDRp6eKqzC6y9tgm ■ ŁTC:LKMcEHoFWHAUoRscqW1cwjhLgFrk7MgCWU ■ BLK:BR4WG59FjQYiQNVR3Ftn9EYgs4kJE1YLUK ■ CBX:5hdeaXvJbqA1yxRVe5NuJtogyGAy2af9Rz
HostFat
Staff
Legendary
*
Offline Offline

Activity: 2660


I support freedom of choice


View Profile WWW
September 19, 2013, 11:08:07 PM
 #45

Is there some kind of "hash" that can be easily "calculated" from an human (even if takes some hours...) but not from computer?

NON DO ASSISTENZA PRIVATA - The Rock Trading (ref): A good exchange / gateway Ripple, with support for multisig, since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
September 19, 2013, 11:45:26 PM
 #46

Is there some kind of "hash" that can be easily "calculated" from an human (even if takes some hours...) but not from computer?

Do you mean a hash that a computer can't perform or one that it would take longer than a human?  It would probably have to involve some sort of riddle.  Though the computer in the van in midnight madness could do it quickly...

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
chriswen
Hero Member
*****
Offline Offline

Activity: 756


View Profile
September 19, 2013, 11:56:59 PM
 #47

I am offering a 1btc bounty for someone who can demonstrate a repeatable method for calculating a private key using only paper pencil and brain

Bounty noted.  I am actually working on it right now.

EDIT: Okay, I am ready to claim.  Since you said private key, and not a WIF key or public key, its actually pretty easy.

Here is the method, which requires two dice or any other randomizing method.  Roll the two six sided dice 64 times.  Right down the numbers like this:

If the number is 0-9 right now the number.  If the number is 10-12 right now a-c.  Do this with each roll of the dice and you will get a valid hex private key, such as A9 87 3C 79 B6 D8 70  A0 1B 61 57 78 63 33 89 B4 45 32 13 30 3A A6 1C 20 CC 67 2C 23 36 B3 32 62

This is a valid bitcoin private key.  Note that this does not use all the hex characters, and as such can not generate all possible private keys, but its easy to do with just two dice.

You could also buy a 16 sided dice or something and use 0-F which would be more proper.  If you do it this way, the max address you can use is FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141



I don't think this qualifies for a claim.
chriswen
Hero Member
*****
Offline Offline

Activity: 756


View Profile
September 19, 2013, 11:57:13 PM
 #48

I am offering a 1btc bounty for someone who can demonstrate a repeatable method for calculating a private key using only paper pencil and brain

Bounty noted.  I am actually working on it right now.

EDIT: Okay, I am ready to claim.  Since you said private key, and not a WIF key or public key, its actually pretty easy.

Here is the method, which requires two dice or any other randomizing method.  Roll the two six sided dice 64 times.  Right down the numbers like this:

If the number is 0-9 right now the number.  If the number is 10-12 right now a-c.  Do this with each roll of the dice and you will get a valid hex private key, such as A9 87 3C 79 B6 D8 70  A0 1B 61 57 78 63 33 89 B4 45 32 13 30 3A A6 1C 20 CC 67 2C 23 36 B3 32 62

This is a valid bitcoin private key.  Note that this does not use all the hex characters, and as such can not generate all possible private keys, but its easy to do with just two dice.

You could also buy a 16 sided dice or something and use 0-F which would be more proper.  If you do it this way, the max address you can use is FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141



I don't think this qualifies for the bounty.
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1890



View Profile
September 20, 2013, 06:13:16 AM
 #49

well the math is above me lol, but couldn't your 'super-smart' be a little smarter and instead of doing the math himself, be allocated to to the of task simply breaking it up into easier micro chunks of math to be distributed amongst an army of mental sweatshop laborers and then supersmart guy checks over for errors and does the final math on it?  assuming a low amount of errors, it would reduce the time significantly would it not? In some countries right just paying the workers with food (some economical high protein stuff like peanut butter!) would be incentive enough.

note i'm am conscious of 3rd world war/global poverty issues and don't mean to be insensitive here, so please don't interpret as that.
You risk all those workers will somehow know the private keys. Someone will take notes and eventually figure out what they are used for.

Just use an offline computer or an offline smartphone.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
Abdussamad
Legendary
*
Offline Offline

Activity: 1582



View Profile WWW
September 20, 2013, 10:41:17 AM
 #50

Is there some kind of "hash" that can be easily "calculated" from an human (even if takes some hours...) but not from computer?

captcha

BombaUcigasa
Legendary
*
Offline Offline

Activity: 1442



View Profile
September 20, 2013, 10:47:33 AM
 #51

I was going to write the order of operations to be made on paper, then I got to RIPEMD-160. No way someone can complete the process (EC generation, EC point conversion, RIPEMD-160 hashing, SHA-256 hashing, base58 conversion and address building) and remain sane.

You would need something like 100-200 pages of paper with boxes printed of them to help you complete the operations, and many many hours...
jackjack
Legendary
*
Offline Offline

Activity: 1134


May Bitcoin be touched by his Noodly Appendage


View Profile
September 20, 2013, 10:50:58 AM
 #52

I was going to write the order of operations to be made on paper, then I got to RIPEMD-160. No way someone can complete the process (EC generation, EC point conversion, RIPEMD-160 hashing, SHA-256 hashing, base58 conversion and address building) and remain sane.

You would need something like 100-200 pages of paper with boxes printed of them to help you complete the operations, and many many hours...
The EC part seems possible if you are really motivated

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1442



View Profile
September 20, 2013, 11:08:23 AM
 #53

I was going to write the order of operations to be made on paper, then I got to RIPEMD-160. No way someone can complete the process (EC generation, EC point conversion, RIPEMD-160 hashing, SHA-256 hashing, base58 conversion and address building) and remain sane.

You would need something like 100-200 pages of paper with boxes printed of them to help you complete the operations, and many many hours...
The EC part seems possible if you are really motivated
There are less operations but the operands are bigger. The hashing though, it will take some time to complete. I will try again later to see if I can write the operations in order.
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1890



View Profile
September 20, 2013, 11:22:21 AM
 #54

Write an Android / iOS version of it. Publish source code or make it open source. Problem solved for most people.

If you really want to do it on paper ... Good luck.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
flatfly
Legendary
*
Offline Offline

Activity: 1008


View Profile
November 08, 2013, 05:33:50 AM
 #55

Given that doing it purely by hand is practically unfeasible, how about this as a next best option: using our NoBrainr python script (only 25-30 lines of code) on an offline raspberry pi? This can be used with or without dice.

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
Abdussamad
Legendary
*
Offline Offline

Activity: 1582



View Profile WWW
November 08, 2013, 06:21:48 AM
 #56

Given that doing it purely by hand s practically unfeasible, how about this as a next best option: using our NoBrainr python script (only 25-30 lines of code) on an offline raspberry pi? This can be used with or without dice.

Can I ask why you promote nobrainr so much? Lots of people share scripts on this site but I've never seen someone promote their opensource script quite as much as you do.

flatfly
Legendary
*
Offline Offline

Activity: 1008


View Profile
November 08, 2013, 06:55:16 AM
 #57

Given that doing it purely by hand s practically unfeasible, how about this as a next best option: using our NoBrainr python script (only 25-30 lines of code) on an offline raspberry pi? This can be used with or without dice.

Can I ask why you promote nobrainr so much? Lots of people share scripts on this site but I've never seen someone promote their opensource script quite as much as you do.

Because I think it can help users and hits a sweet spot between security and transparency? Also, I only mention it when it's appropriate to.

Although now you mention it, you may be right, I seem to be a little obsessed with it!  Probably due to the fact that I have a little too much free time on my hands right now. Won't last for long, though...

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
November 08, 2013, 07:02:18 AM
 #58

There seems to be some confusion between ADDRESS and PUBLIC KEY.

The PUBLIC KEY is computed from the PRIVATE KEY using ECDSA.

The ADDRESS is the PUBLIC KEY triple hashed and checksumed.

It is utterly impossible for a human in any reasonable amount of time and with any reasonable accuracy (don't want to be sending funds to the wrong address) to perform the hashing necessary to create the ADDRESS.

However the OP asked about the PUBLIC KEY.  It would seem difficulty but possible to compute the PUBLIC KEY from the PRIVATE KEY.  Then transfer only the PUBLIC KEY to a computer and use a simple program to compute the full ADDRESS.

Sorry for the annoying caps but seems many people can't grasp the difference between PRIVATE KEY, PUBLIC KEY, and ADDRESS.  If you are one of them they are three distinct things. ADDRESS =/= PUBLIC KEY.
tspacepilot
Legendary
*
Offline Offline

Activity: 1400


I may write code in exchange for bitcoins.


View Profile
November 08, 2013, 08:50:07 PM
 #59

There seems to be some confusion between ADDRESS and PUBLIC KEY.

The PUBLIC KEY is computed from the PRIVATE KEY using ECDSA.

The ADDRESS is the PUBLIC KEY triple hashed and checksumed.

It is utterly impossible for a human in any reasonable amount of time and with any reasonable accuracy (don't want to be sending funds to the wrong address) to perform the hashing necessary to create the ADDRESS.

However the OP asked about the PUBLIC KEY.  It would seem difficulty but possible to compute the PUBLIC KEY from the PRIVATE KEY.  Then transfer only the PUBLIC KEY to a computer and use a simple program to compute the full ADDRESS.

Sorry for the annoying caps but seems many people can't grasp the difference between PRIVATE KEY, PUBLIC KEY, and ADDRESS.  If you are one of them they are three distinct things. ADDRESS =/= PUBLIC KEY.

Yes, I needed this education.  I thank you death and taxes.

blub
Member
**
Offline Offline

Activity: 88


View Profile
November 17, 2013, 03:43:29 PM
 #60

your math is flawed:
assuming 5% error rate per step and 30 secs per step, it takes about 800hours to finish the hashing, doing as following:
calculate each step 5 times, if the 5 results match continue, else start the step again.
the probability to get the right result from this is:
99.999999%,

You want to play with semantics?

Ok, let's play.

Let's take a human, the super-hero kind, who can:
 a/ Calculate a 32-bit operation in 10 seconds
 b/ Work from midnight to midnight everyday
 c/ Calculate a 32-bit operation without any errors

A hash takes about 5000 32-bit operations. So make it 10000 for ripemd160(sha256()).
That makes (10*10000) = 100k seconds = 38.4 hours = 1.6 day non-stop.
Possible.

Now here comes the fun.



This time we take a real human, the super smart kind.

A/ He calculates a 32-bit operation in 30 seconds (please try a 32-bit addition and tell me how much time it took)
This raises the total time to calculate one hash to 115.2 hours

B/ The guy must sleep, so he can "only" work from 8am to midnight.
This makes the total time to calculate one hash equal to 4.8 days.
Still possible.

C/ The lower brain failure rate in the best conditions is 5%. As he's super smart his is only 1%.
The probability of him finding the correct hash on one try is P = 1/2^(100000*1%) = 1/2^1000 ~ 1/10^300

D/ He starts the hashing calculation at birth and will stop at 100 years old.
This is (100*365) = 36500 days of calculation.
One try is 4.8 days, so he has 7604 tries available.
The odd of our super smart guy FINDING AT LEAST ONCE the correct hash in his entire lifetime is then:
  R = 1-Q where Q = (1-P)^7604 = ( 1 - 1/2^1000 )^7604

Basic maths gives that Q > 1 - 7604/2^1000 = 1 - 10^(-297.149) > 1 - 10^(-297)
So R < 10^(-297) < 1/2^986
Yes, R < 1/2^986



TLDR

It's easier to crack 6 different bitcoin addresses with only 6 guesses than to a human to calculate a correct bitcoin address hash in his lifetime
Yes, I call that impossible

Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!