DannyHamilton
Legendary
 Online
Activity: 3388
Merit: 4615
|
 |
October 18, 2013, 02:32:00 PM |
|
I wasn't having a pop at you earlier
No worries. I didn't think you were. It is extremely difficult to offend or upset me. I simply don't invest enough emotional energy into the opinions of complete strangers on the internet. It is entirely an intellectual pursuit for me. Anyone who has read more than a few of my posts must be able to tell that I always enjoy a spirited intellectual debate. just putting forward an alternative to a full hard disk install (which has its own security implications for one-off key generation).
Certainly, and your alternative seems to fit the needs of many who are looking for a reasonable way to protect their private keys from many avenues of attack. The private key to address conversion is actually quite easy (pywallet has some very readable code for the ECDSA algorithm, and converting the resulting public key to an address is straightforward).
Quite easy for a reasonably capable programmer, but perhaps not for the average user. The thing that is difficult to be certain of is the random number generation for the 256 bit private key, and I would baulk at coding this (you're generally relying on the OS for a good implementation of /dev/random). For a professional setup a hardware RNG is to be preferred.
Agreed. Which explains my suggestion to: Use measurements of radioactive decay to generate your private keys.
Which I suppose is one of the few sources of truly random data. Of course you'd have to find a way to shield your radio active material such that someone external to the room you are working in can't remotely make useful measurements. |
|
|
|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
kramble
|
|
October 18, 2013, 03:06:17 PM |
|
Hello If some of you have rewieved piper wallet http://piper.pw source code there is a raspberry in, and the raspberry pi has a hardware RNG So if the source code is safe, and the implementation of RNG is nice, should be a low cost solution for offline wallet You will have to burn sd card at the end for high end security I would be interested by your feeling for this solution, has it's the one I use  Nice looking piece of kit, though a bit on the pricey side, but at least its an all-in-one solution for the non-technically minded. You're using vanitygen to generate the keys (wrapped in a python script). I was unaware that the raspi had a hardware RNG, but it appears that the kernel drivers have only just been released (its not enabled in my raspi by default) http://vk5tu.livejournal.com/43059.htmlBest of luck (and say hi to the cat  ) |
|
|
|
Abdussamad
Legendary
 Offline
Activity: 3612
Merit: 1564
|
|
October 18, 2013, 03:12:17 PM |
|
I have used this before and it's great: https://github.com/grondilu/bitcoin-bash-toolsAll you need is a linux installation. No Internet access required. But I don't know how safe it is. Anyone here who is experienced in Bash wants to take a look and review the code? |
|
|
|
|
|
accord01
|
|
October 18, 2013, 03:37:01 PM |
|
I honestly don't understand what is going on in this thread. I've been away from bitcoins for awhile. Why not just receive the bitcoins in a new wallet, save the wallet.dat in several places, and delete your wallet.dat from computer?
|
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2324
Merit: 1125
|
|
October 18, 2013, 03:46:23 PM |
|
I honestly don't understand what is going on in this thread. I've been away from bitcoins for awhile. Why not just receive the bitcoins in a new wallet, save the wallet.dat in several places, and delete your wallet.dat from computer?
Digital media (especially flash) degrade relatively quickly and can be stolen when connected to a device which has an active internet connection. |
|
|
|
|
|
accord01
|
|
October 18, 2013, 04:14:19 PM |
|
I honestly don't understand what is going on in this thread. I've been away from bitcoins for awhile. Why not just receive the bitcoins in a new wallet, save the wallet.dat in several places, and delete your wallet.dat from computer?
Digital media (especially flash) degrade relatively quickly and can be stolen when connected to a device which has an active internet connection. wouldn't paper degrade faster then metal? |
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2324
Merit: 1125
|
|
October 18, 2013, 04:30:32 PM |
|
I honestly don't understand what is going on in this thread. I've been away from bitcoins for awhile. Why not just receive the bitcoins in a new wallet, save the wallet.dat in several places, and delete your wallet.dat from computer?
Digital media (especially flash) degrade relatively quickly and can be stolen when connected to a device which has an active internet connection. wouldn't paper degrade faster then metal? It's not the metal that degrades. |
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
October 29, 2013, 08:02:31 AM |
|
Someone proposed that I offer a service where I generate paper wallets and keep them stored for you under lock and key, and guarded. You get the bitcoin addresses, I keep the private keys secure, offline.
Because there are people out there with hundreds or thousands of bitcoins but aren't good with computers. (or they are drug dealers and practice poor OPSEC.)
Dunno if that's viable, but hey, it's an idea.
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2324
Merit: 1125
|
|
October 29, 2013, 12:59:58 PM |
|
Someone proposed that I offer a service where I generate paper wallets and keep them stored for you under lock and key, and guarded. You get the bitcoin addresses, I keep the private keys secure, offline.
Because there are people out there with hundreds or thousands of bitcoins but aren't good with computers. (or they are drug dealers and practice poor OPSEC.)
Dunno if that's viable, but hey, it's an idea.
If people offer this to you it's their call, but why would anyone trust you with that? I'd offer the service personally. So I go to their house, create the paper wallet on their HW, sell them a safe and put the paper wallet in there. If they need to money (and need my help) they need to make an appointment and I'll come around and help them. That is at least something I'd consider purchasing if I was "bad with computers" (w/e that means exactly). |
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
October 30, 2013, 12:33:44 AM |
|
It was just an idea thrown at me a couple of days ago. What with the FBI being able to seize wallets and anything that is physically located within the United States.
Bad guys, or governments can't torture the password or private key out of you if you don't know it.
I think the idea is to offer the key generation and safe at an off-shore location.
But, that does not prevent bad guys from holding your family ransom while they demand that you withdraw your offline bitcoins from me. (I think that scenario is also applicable to whatever off-shore secret swiss bank account you may have.)
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2324
Merit: 1125
|
|
October 30, 2013, 12:59:14 AM |
|
It was just an idea thrown at me a couple of days ago. What with the FBI being able to seize wallets and anything that is physically located within the United States.
Bad guys, or governments can't torture the password or private key out of you if you don't know it.
I think the idea is to offer the key generation and safe at an off-shore location.
But, that does not prevent bad guys from holding your family ransom while they demand that you withdraw your offline bitcoins from me. (I think that scenario is also applicable to whatever off-shore secret swiss bank account you may have.)
The above are all a lot less likely than the person you are paying to keep your money safe, ending up stealing it. |
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
October 30, 2013, 02:39:19 AM |
|
Of course, we have to make some assumptions, that anyone offering such a kind of service is not the type of person to steal it and disappear.
I can only state that for my case, personally. I don't know about anyone else, although it's likely that the top escrows (John K.?), and securities people (bitfunder?) and investment gambling people (just-dice), and even the hosted wallet providers (inputs.io, blockchain) are candidates.
If you can't trust the provider - whether that's due to lack of integrity or to incompetence -, do not send them your bitcoins; goes without saying.
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2324
Merit: 1125
|
|
October 30, 2013, 01:34:54 PM |
|
Of course, we have to make some assumptions, that anyone offering such a kind of service is not the type of person to steal it and disappear.
I can only state that for my case, personally. I don't know about anyone else, although it's likely that the top escrows (John K.?), and securities people (bitfunder?) and investment gambling people (just-dice), and even the hosted wallet providers (inputs.io, blockchain) are candidates.
If you can't trust the provider - whether that's due to lack of integrity or to incompetence -, do not send them your bitcoins; goes without saying.
I'm just saying: There is not a person in the world I find that trustworthy that it outweighs the long shot chance of any of the other eventualities occurring. Of course, this is a estimation made by me, but I'm highly confident I'm correct. Let me note I'm just replying to try and help you. That's why I gave constructive feedback for an alternative for which I do see added value (and therefore a business opportunity). |
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
October 31, 2013, 12:15:38 AM |
|
I'm just saying: There is not a person in the world I find that trustworthy that it outweighs the long shot chance of any of the other eventualities occurring. Of course, this is a estimation made by me, but I'm highly confident I'm correct.
Let me note I'm just replying to try and help you. That's why I gave constructive feedback for an alternative for which I do see added value (and therefore a business opportunity).
Thanks. I guess we have to make the exceptions, that some people might be trustworthy, and by default, almost everyone is not, as a sort of rule. In this world, it all boils down to reputation and identity or persona, and how valuable it is perceived to be compared to what is going to be secured or deposited. The question turns into, how much bitcoins will you entrust in this service? With this particular operator? Your alternative turns into a local service. Which means the paper wallet is stored at the owners location. They just need help to withdraw their secured bitcoins. That could work. They can go to you, or the ones near me can go to me (although I find that unlikely, but hey, I do know some people with money who don't know a thing about computers.) Everyone else around the world can come to me and others like me who might be offering a similar service. I see this as something like the localbitcoins thing, where a bunch of individuals located all over will be offering something like this. Again, it boils down to how much you'd trust that person. Thanks for the feedback. I'd like to poke as much holes as possible, and then see if this can actually work. My guess is that people in the US will want an "offshore" bitcoin paper wallet service or something along those lines. And of course, everyone else who knows what they are doing don't need this service. |
|
|
|
|
