gravitate (OP)
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
September 10, 2013, 10:07:19 AM |
|
Hi Basically I would like to open my own savings wallets without worrying about it. These will be cold storage with the private key written in code that only myself or family know. I only have a mac laptop that I have used for many many things that I could not trust 100% in order to generate an address on. Without actually buying a new laptop and using an off line www.bitaddress.org to generate an address please can someone tell me the most secure way of generating an address and private key for cold storage please?
|
To peel or not to peel.
|
|
|
Rannasha
|
|
September 10, 2013, 10:23:51 AM |
|
Hi Basically I would like to open my own savings wallets without worrying about it. These will be cold storage with the private key written in code that only myself or family know. I only have a mac laptop that I have used for many many things that I could not trust 100% in order to generate an address on. Without actually buying a new laptop and using an off line www.bitaddress.org to generate an address please can someone tell me the most secure way of generating an address and private key for cold storage please? Create a bootable Linux USB stick, use that to boot your laptop, open bitaddress.org, disconnect from the internet, generate the address and write it down / print it in whatever way you want.
|
|
|
|
gravitate (OP)
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
September 10, 2013, 10:46:57 AM |
|
Rannesha I would have to wipe my os on my mac then right? Maybe I could do this with my pi
|
To peel or not to peel.
|
|
|
Rannasha
|
|
September 10, 2013, 11:49:43 AM |
|
Rannesha I would have to wipe my os on my mac then right? Maybe I could do this with my pi
You don't need to wipe your Mac. Linux USB installations allow you to boot and run the full operating system from a USB stick. The harddisk with your Mac installation on it isn't touched (and any malware on it isn't started). Once you're done, restart the machine, remove the USB stick and it'll boot right back to your regular OS. Of course, using a RPi works just as well.
|
|
|
|
pc
|
|
September 10, 2013, 01:22:52 PM |
|
Well, you seem to want hardware you can trust, but say that you don't trust any of your hardware. So, you need to get your hardware into a state where you trust it, or you need to acquire new hardware that you do trust. Something like a Raspberry Pi may be great for this sort of thing, though on "embedded" kinds of devices you want to make sure that your random number generator has enough entropy to work with.
Or to be completely offline, you can flip a coin 256 times to make the private key and have a calculator and pencil and paper to calculate the public key and address. I want to do it one of these days just to show that it's possible.
|
|
|
|
gravitate (OP)
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
September 10, 2013, 05:02:02 PM |
|
Wow doing it with a coin is fascinating! Can you post a guide on this? It will give everyone a greater understanding of bitcoins too! Wow that really is intriguing
|
To peel or not to peel.
|
|
|
pc
|
|
September 10, 2013, 05:49:05 PM |
|
Wow doing it with a coin is fascinating! Can you post a guide on this? It will give everyone a greater understanding of bitcoins too! Wow that really is intriguing A private key is just a 256-bit random number. (Well, a number between 1 and hex value FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141.) All your computer does to make a new address is pick a new random number, and then do some math that calculates the public key from that number. There isn't any magic to it; it's just math. So, any way that randomly picks 256 bits will work. Computers tend to use fancy cryptographic libraries that find good sources of randomness from the information available to a computer, since they tend to be poor at flipping literal coins. My comment was a probably-too-long offhand remark that you need some technology that you trust to keep your private key private. Sometimes simple technology is best, since you can see how it works and if it's sending your data elsewhere easily. But even if you were to literally flip coins, you'd want to make sure there wasn't a camera or somebody watching you that would compromise your random number generation. Really it's an analogy for what you need your key generating computer to be doing: picking good-quality random numbers that nobody else can end up knowing.
|
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
September 10, 2013, 06:21:38 PM |
|
Or to be completely offline, you can flip a coin 256 times to make the private key and have a calculator and pencil and paper to calculate the public key and address. I want to do it one of these days just to show that it's possible.
Calculating the public key would require a crazy amount of motivation Calculating the address is impossible https://bitcointalk.org/index.php?topic=286534.0
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
pc
|
|
September 10, 2013, 06:32:04 PM |
|
Or to be completely offline, you can flip a coin 256 times to make the private key and have a calculator and pencil and paper to calculate the public key and address. I want to do it one of these days just to show that it's possible.
Calculating the public key would require a crazy amount of motivation Calculating the address is impossible https://bitcointalk.org/index.php?topic=286534.0Heh, I hadn't realized it was a recent topic on the forum. I did say one could use "a calculator". Presumably, one could balance it being fancy enough to be able to handle EC math, while not being fancy enough that one had to worry about it storing ones key for a long time or getting compromised in some fashion. And one would probably be more willing to enter one's public key on a "real" computer to hash to generate the address, though you'd probably want to use multiple systems to make extra sure that the address one generated actually corresponded to the public key. The network allows payments straight to public keys instead of addresses just fine, though I don't know of any wallet software that makes doing so simple.
|
|
|
|
J35st3r
|
|
September 11, 2013, 07:27:37 AM |
|
I did say one could use "a calculator". Presumably, one could balance it being fancy enough to be able to handle EC math, while not being fancy enough that one had to worry about it storing ones key for a long time or getting compromised in some fashion.
The EC algorithm is actually fairly simple (see JackJack's pywallet for an implementation), but relies on bigints (arbitary percision integers) which may or may not be available on a stand-alone "calculator". As has been said elsewhere, this is an ideal application for a raspberry pi. You don't even need to connect it to the internet. Just download bitaddress.org from the github, transfer it to the pi via a memory stick (or load it onto the boot partition of the OS SD card) and you're good to go. Attach a printer, and your key has never been exposed to the outside world. You should reflash the SD card afterwards, to be sure nothing remains that can be exposed later, destroy it if you're paranoid, and the printer too, you never know what's stored inside the modern ones, but an ancient text-only line printer should be safe
|
1Jest66T6Jw1gSVpvYpYLXR6qgnch6QYU1 NumberOfTheBeast ... go on, give it a try
|
|
|
gravitate (OP)
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
September 11, 2013, 10:46:03 AM |
|
I managed to use VMware free trial to run ubuntu withough having to boot from a usb. Then erased application and wiped my free space. Will I be safe?
|
To peel or not to peel.
|
|
|
J35st3r
|
|
September 11, 2013, 11:28:45 AM |
|
I managed to use VMware free trial to run ubuntu withough having to boot from a usb. Then erased application and wiped my free space. Will I be safe?
If you ran it as a live-CD (no disk image) you should be fine, otherwise you need to secure-delete the disk image (use sdelete from SysInternals ... EDIT OOPS that's Microsoft, mac must have an equivalent utility). There may be some residual data in your pagefile, so probably best to reboot your mac too (not hibernate as this just makes it worse). [/paranoia_mode]
|
1Jest66T6Jw1gSVpvYpYLXR6qgnch6QYU1 NumberOfTheBeast ... go on, give it a try
|
|
|
gravitate (OP)
Legendary
Offline
Activity: 1372
Merit: 1000
|
|
September 11, 2013, 11:39:52 AM |
|
lol thanks
|
To peel or not to peel.
|
|
|
Abdussamad
Legendary
Offline
Activity: 3682
Merit: 1580
|
|
September 11, 2013, 10:23:41 PM |
|
I managed to use VMware free trial to run ubuntu withough having to boot from a usb. Then erased application and wiped my free space. Will I be safe?
Running linux in a VM is pointless if your are worried about the safety of your host system. If someone has access to your host system they have access to everything you are running on it including VMs. You should boot from a live USB or DVD.
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
September 11, 2013, 10:36:20 PM |
|
A private key is just a 256-bit random number. (Well, a number between 1 and hex value FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141.)
Where did you get that God awful number? The actual value of p for secp256k1 is: p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F = 2 256 - 2 32 - 2 9 - 2 8 - 2 7 -2 6 - 2 4 - 1 Oh, I see, that is the order n of G. You just copied the wrong number. So yes, you could flip a coin 256 times and copy down the results into a 256 bit number and as long as your number is less than the (prime) number p shown above it is a valid private key.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1434
|
|
September 12, 2013, 12:04:57 AM |
|
So yes, you could flip a coin 256 times and copy down the results into a 256 bit number and as long as your number is less than the (prime) number p shown above it is a valid private key.
A coin is a really bad source of entropy though.
|
|
|
|
Zeek_W
|
|
September 12, 2013, 12:56:09 AM |
|
So yes, you could flip a coin 256 times and copy down the results into a 256 bit number and as long as your number is less than the (prime) number p shown above it is a valid private key.
A coin is a really bad source of entropy though. Use 512 coins, and drop them from a height. Unleash a dog/kid into the room to scatter and or lose some coins. Then pick up 256 coins randomly
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
September 12, 2013, 01:33:39 AM |
|
So yes, you could flip a coin 256 times and copy down the results into a 256 bit number and as long as your number is less than the (prime) number p shown above it is a valid private key.
A coin is a really bad source of entropy though. Use 512 coins, and drop them from a height. Unleash a dog/kid into the room to scatter and or lose some coins. Then pick up 256 coins randomly I did say "valid", not "good" or "random" or "secure". Still, flipping a coin 256 times and then directly using the value obtained would be much better than using "stfu!" as your pass phrase to a brain wallet
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3472
Merit: 4801
|
|
September 12, 2013, 12:38:26 PM |
|
So yes, you could flip a coin 256 times and copy down the results into a 256 bit number and as long as your number is less than the (prime) number p shown above it is a valid private key.
A coin is a really bad source of entropy though. You're suggesting that a typical coin is not "fair" and will tend to land on one side more often than the other? I would think there would be enough events adding entropy to the action (flip rotation speed, flip initial height, maximum height, resting height, air flow around the coin, initial side up, axis of rotation, horizontal velocity, etc) that the bias in the coin would have to be pretty significant to have a discernible effect in 256 trials. Is there a better source of entropy available to the average person that could be used to mechanically generate a private key?
|
|
|
|
pc
|
|
September 12, 2013, 12:45:57 PM |
|
A private key is just a 256-bit random number. (Well, a number between 1 and hex value FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141.)
Where did you get that God awful number? The actual value of p for secp256k1 is: p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F I got it from the Private Key page on the Bitcoin wiki. I don't know whether the number is right or wrong, but feel free to update the wiki (perhaps it should have a citation, even?) if the value there is wrong. I apologize for not checking my sources more thoroughly, or at least citing where I was getting my info from. In any event, it's rather unlikely that a random 256-bit number won't be in the range. If somebody gets heads a ton of times in a row, they may want to double-check the upper bound before using it. (Or, perhaps more likely, check that their coin is fair…)
|
|
|
|
|