Bitcoin Forum
December 09, 2016, 06:18:26 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: most secure savings wallet: NO wallet  (Read 4337 times)
molecular
Donator
Legendary
*
Offline Offline

Activity: 2142



View Profile
August 02, 2011, 01:16:10 PM
 #1

I'm sure a lot of you know of this, but let me explain a method for storing your savings that is quite secure and hard to screw up:

The idea is to use no wallet. All you need to "store" bitcoins is an address. To use these coins, you need the associated private key.

So why not do away with all the wallet.dat securing and fiddling with swapping wallets, securely deleting plaintext versions and all that and just generate a key using vanitygen (https://bitcointalk.org/index.php?topic=25804.0)?

Quote
#> ./vanitygen 1
Address: 1JBhAaDAFHRuUjyVrjte6XwSwXpTmGsCSt
Privkey: 5HyBZhJu2UgjA2nUVSF9infL8KMEeCgSguEz8FXoP2FZGG76NiW

Now simply send your savings to that Address (1JBhAaDAFHRuUjyVrjte6XwSwXpTmGsCSt)

All you need to store is the Privkey (5HyBZhJu2UgjA2nUVSF9infL8KMEeCgSguEz8FXoP2FZGG76NiW). You need to do this securely, of course (print it out, write down, encrypt and mail to friends, put on super-secret usb-drive, or use some other method)

Now when you want to get at your savings later (or verify it's working), you can import the key into any wallet.dat using either the importprivkey rpc command of the bitcoin client (currently still sipa:showwallet patch necessary) or using pywallet.

Additional measure for enhanced security: generate the address(es) on a secure machine with no network connection, known to be non-infiltrated.

Any problems with that approach?

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
1481264306
Hero Member
*
Offline Offline

Posts: 1481264306

View Profile Personal Message (Offline)

Ignore
1481264306
Reply with quote  #2

1481264306
Report to moderator
1481264306
Hero Member
*
Offline Offline

Posts: 1481264306

View Profile Personal Message (Offline)

Ignore
1481264306
Reply with quote  #2

1481264306
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481264306
Hero Member
*
Offline Offline

Posts: 1481264306

View Profile Personal Message (Offline)

Ignore
1481264306
Reply with quote  #2

1481264306
Report to moderator
1481264306
Hero Member
*
Offline Offline

Posts: 1481264306

View Profile Personal Message (Offline)

Ignore
1481264306
Reply with quote  #2

1481264306
Report to moderator
1481264306
Hero Member
*
Offline Offline

Posts: 1481264306

View Profile Personal Message (Offline)

Ignore
1481264306
Reply with quote  #2

1481264306
Report to moderator
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
August 02, 2011, 01:28:04 PM
 #2

sounds good but will be even better once the mainline client can import the privkey Smiley

would be funny if your privkey only existed as a hand-written note.

actually, given 10 or 15 minutes you could probably just memorize it.
jackjack
Hero Member
*****
Offline Offline

Activity: 882


May Bitcoin be touched by his Noodly Appendage


View Profile
August 02, 2011, 01:28:29 PM
 #3

Really smart, I love it
Just one thing: the priv key has been written somewhere

[NSFNewbies]

Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv

Or if you prefer learn sentences: md5('I love bitcoin').md5('Paypal suxxx') for 1G1b4mbjaCYNxsZJyaWV9qyE5cFVhZxBcy

Or even substr(md5('I love bitcoin'), 0, 14).md5('Paypal suxxx').substr(md5('I love bitcoin'), 14, 18)  Grin

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
BTC_Junkie
Member
**
Offline Offline

Activity: 97


View Profile
August 02, 2011, 01:41:22 PM
 #4

Wouldn't getting your private key stolen be the same as getting your wallet.dat stolen?

12jAZVfnCjKmPUXTszwmoji9S4NmY26Qvu
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
August 02, 2011, 01:44:06 PM
 #5

Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv

just for fun i sent you 0.02 btc to that imaginary address Cheesy ...you'll have to now import it quick before someone else does Wink
iamzill
Full Member
***
Offline Offline

Activity: 139


View Profile
August 02, 2011, 02:14:28 PM
 #6

Really smart, I love it
Just one thing: the priv key has been written somewhere

Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv

Or if you prefer learn sentences: md5('I love bitcoin').md5('Paypal suxxx') for 1G1b4mbjaCYNxsZJyaWV9qyE5cFVhZxBcy

Or even substr(md5('I love bitcoin'), 0, 14).md5('Paypal suxxx').substr(md5('I love bitcoin'), 14, 18)  Grin

This is very dangerous and very stupid, and I'm talking about sending BTC to an anonyomus Nevis LLC level stupid here.

The current bitcoin market cap is $90 million USD. Even if just 1% of bitcoiners take your advice, that's still $900,000 USD free money for anyone capable of setting up a GPU farm (a rare talent, I might add Grin). Human chosen passwords only have 1.0 to 1.5 bits of entropy per letter. Your examples contain less than 30 bits of entropy, and that's not taking into account the hacker will populate their dictionary with frequently appearing words from this forum. Compared to the ~256 bits of entropy in real Bitcoin keys, your method would generate private keys that are 2^226 ~= 1.07839787 × 10^68 times easier to brute-force.
jackjack
Hero Member
*****
Offline Offline

Activity: 882


May Bitcoin be touched by his Noodly Appendage


View Profile
August 02, 2011, 02:26:17 PM
 #7

Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv

just for fun i sent you 0.02 btc to that imaginary address Cheesy ...you'll have to now import it quick before someone else does Wink

I nearly lost them, just figured out my wallets seem broken Grin I had to pay fees for not being stolen but thanks Smiley

Really smart, I love it
Just one thing: the priv key has been written somewhere

Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv

Or if you prefer learn sentences: md5('I love bitcoin').md5('Paypal suxxx') for 1G1b4mbjaCYNxsZJyaWV9qyE5cFVhZxBcy

Or even substr(md5('I love bitcoin'), 0, 14).md5('Paypal suxxx').substr(md5('I love bitcoin'), 14, 18)  Grin

This is very dangerous and very stupid, and I'm talking about sending BTC to an anonyomus Nevis LLC level stupid here.

The current bitcoin market cap is $90 million USD. Even if just 1% of bitcoiners take your advice, that's still $900,000 USD free money for anyone capable of setting up a GPU farm (a rare talent, I might add Grin). Human chosen passwords only have 1.0 to 1.5 bits of entropy per letter. Your examples contain less than 30 bits of entropy, and that's not taking into account the hacker will populate their dictionary with frequently appearing words from this forum. Compared to the ~256 bits of entropy in real Bitcoin keys, your method would generate private keys that are 2^226 ~= 1.07839787 × 10^68 times easier to brute-force.
That's why I added the substr trick...
If people are stupid enough to just use md5.md5 that's their problem...
Everyone who is savvy enough to know how to concatenate two md5's know they MUST use salts and tricks like that too...
1KJvYREkZxEgDczTKoEtvrhfkALsFsWKRa: my two passphrases are 'jackjack' and 'iamzill', come at me bro

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2142



View Profile
August 02, 2011, 02:28:21 PM
 #8

Wouldn't getting your private key stolen be the same as getting your wallet.dat stolen?

Yes.


PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
kwukduck
Legendary
*
Offline Offline

Activity: 1566


View Profile
August 02, 2011, 02:33:19 PM
 #9

This is a great possible addition to secure bitcoins 'offline', problem is, it's very user-unfriendly.
These functions should be in the normal client, using a nice interface, instead of the need for 2 or more different command-line tools.

14b8PdeWLqK3yi3PrNHMmCvSmvDEKEBh3E
jackjack
Hero Member
*****
Offline Offline

Activity: 882


May Bitcoin be touched by his Noodly Appendage


View Profile
August 02, 2011, 02:52:21 PM
 #10

This is a great possible addition to secure bitcoins 'offline', problem is, it's very user-unfriendly.
These functions should be in the normal client, using a nice interface, instead of the need for 2 or more different command-line tools.
For your post, the message of iamzill does apply
If it's integrated in the client, the functions will be known by attackers and bruteforce will be far more easy
So either the client integrates thousands of different functions of the passphrases and user must learn which one he used, or that great idea will be reserved for people willing to study a little bit

Also, no need for command line: http://www.miraclesalad.com/webtools/md5.php

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
RaTTuS
Hero Member
*****
Offline Offline

Activity: 792


Bite me


View Profile
August 02, 2011, 02:55:38 PM
 #11

or :-
1) get 2 or more 8GB USB stick and install a fresh copy of ubuntu 11.04
2) install the bitcoin client
3) download the blockchain and generate a couple of addresses
4) unmount and duplicate the USB stick [a couple of times]
5) store sticks somewhere physically safe
6) send coins to the address you have generated in #3
....

when you need to access coins
1) clean boot the usb stick
2) download the blockchain [either let the client do it or do it the sneaky way]
3) send coins to your current useful address [make sure you get it confirmed]
4) shutdown USB version and store it away safe
...

installing security patches for Ubuntu etc and testing to see that it works on a few machines may be useful
YMMV

In the Beginning there was CPU , then GPU , then FPGA then ASIC, what next I hear to ask ....

1RaTTuSEN7jJUDiW1EGogHwtek7g9BiEn
iamzill
Full Member
***
Offline Offline

Activity: 139


View Profile
August 02, 2011, 03:11:13 PM
 #12

Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv

just for fun i sent you 0.02 btc to that imaginary address Cheesy ...you'll have to now import it quick before someone else does Wink

I nearly lost them, just figured out my wallets seem broken Grin I had to pay fees for not being stolen but thanks Smiley

Really smart, I love it
Just one thing: the priv key has been written somewhere

Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv

Or if you prefer learn sentences: md5('I love bitcoin').md5('Paypal suxxx') for 1G1b4mbjaCYNxsZJyaWV9qyE5cFVhZxBcy

Or even substr(md5('I love bitcoin'), 0, 14).md5('Paypal suxxx').substr(md5('I love bitcoin'), 14, 18)  Grin

This is very dangerous and very stupid, and I'm talking about sending BTC to an anonyomus Nevis LLC level stupid here.

The current bitcoin market cap is $90 million USD. Even if just 1% of bitcoiners take your advice, that's still $900,000 USD free money for anyone capable of setting up a GPU farm (a rare talent, I might add Grin). Human chosen passwords only have 1.0 to 1.5 bits of entropy per letter. Your examples contain less than 30 bits of entropy, and that's not taking into account the hacker will populate their dictionary with frequently appearing words from this forum. Compared to the ~256 bits of entropy in real Bitcoin keys, your method would generate private keys that are 2^226 ~= 1.07839787 × 10^68 times easier to brute-force.
That's why I added the substr trick...
If people are stupid enough to just use md5.md5 that's their problem...
Everyone know they MUST use salts and tricks like that too...
1KJvYREkZxEgDczTKoEtvrhfkALsFsWKRa: my two passphrases are 'jackjack' and 'iamzill', come at me bro

I'm sorry but that trick only adds a negligible amount of entropy, which is negligible. It doesn't matter what kind of tricks you use, whether you end up with 20 bits of entropy or 200 bits of entropy, you're still greatly weaking the system. Suppose by using lots of passwords, lots of substr, repeated hashes, and salts and you end up with 250 bits of entropy, that's still only 1.5% of the entropy of a real key. Is it worth it to go through all that custom code and memorization just to end up with a private key that's 64 times weaker? Isn't it much safer just printing out the key pair like OP suggested or burning the wallet.dat on a CD?

As for your challenge, you missed my point about mentioning the $900,000 USD reward money. I'm not saying it's possible for an attacker to target your specific password. In fact, I can almost gurantee your address 1KJvYREkZxEgDczTKoEtvrhfkALsFsWKRa won't be brute-forced. I was claiming that if enough people saw your post and adopted your method, the attacker can steal from those people collectively, since they all share the same tiny keyspace.

Sorry if I come off as too critical, but I'm just trying to make sure bitcoin stays secure. If lots of people spoke out critically against mybitcoin in the first place then it wouldn't have ended up the way it did. I believe the only to way to ensure the collective security of the bitcoin eco-system is to harshly criticize any non-secure algorithm, organizational structure, and business practice that gets suggested. Every security compromise and every fraud devalues everyone's bitcoins, and more importantly threaten the future of this cryptographic currency.  

I'll stress it again, it's almost perfectly for safe for jackjack to use his method for himself. But if somehow this method ends up being implemented in the official client and thousands of people start using it, then the bruteforcing will begin and people will lose money and see it as a bitcoin security hole when it clearly isn't. I'm only criticizing it so that this worst case scenario doesn't happen. You're more than welcome to use it on your own.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
August 02, 2011, 03:14:58 PM
 #13

@jackjack:

Your method's issue is about collisions. With people choosing password eventually some will pick the same password set. (even if a guy just testing password: password).

molecular
Donator
Legendary
*
Offline Offline

Activity: 2142



View Profile
August 02, 2011, 03:32:58 PM
 #14

Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv

just for fun i sent you 0.02 btc to that imaginary address Cheesy ...you'll have to now import it quick before someone else does Wink


imaginary? it's quite real.

importing is not sufficient, I'd also have to send the coins on.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
jackjack
Hero Member
*****
Offline Offline

Activity: 882


May Bitcoin be touched by his Noodly Appendage


View Profile
August 02, 2011, 03:36:30 PM
 #15

I'm sorry but that trick only adds a negligible amount of entropy, which is negligible. It doesn't matter what kind of tricks you use, whether you end up with 20 bits of entropy or 200 bits of entropy, you're still greatly weaking the system. Suppose by using lots of passwords, lots of substr, repeated hashes, and salts and you end up with 250 bits of entropy, that's still only 1.5% of the entropy of a real key. Is it worth it to go through all that custom code and memorization just to end up with a private key that's 64 times weaker? Isn't it much safer just printing out the key pair like OP suggested or burning the wallet.dat on a CD?

As for your challenge, you missed my point about mentioning the $900,000 USD reward money. I'm not saying it's possible for an attacker to target your specific password. In fact, I can almost gurantee your address 1KJvYREkZxEgDczTKoEtvrhfkALsFsWKRa won't be brute-forced. I was claiming that if enough people saw your post and adopted your method, the attacker can steal from those people collectively, since they all share the same tiny keyspace.

Sorry if I come off as too critical, but I'm just trying to make sure bitcoin stays secure. If lots of people spoke out critically against mybitcoin in the first place then it wouldn't have ended up the way it did. I believe the only to way to ensure the collective security of the bitcoin eco-system is to harshly criticize any non-secure algorithm, organizational structure, and business practice that gets suggested. Every security compromise and every fraud devalues everyone's bitcoins, and more importantly threaten the future of this cryptographic currency.  

I'll stress it again, it's almost perfectly for safe for jackjack to use his method for himself. But if somehow this method ends up being implemented in the official client and thousands of people start using it, then the bruteforcing will begin and people will lose money and see it as a bitcoin security hole when it clearly isn't. I'm only criticizing it so that this worst case scenario doesn't happen. You're more than welcome to use it on your own.
Sure it's less secure but at least people using that won't lose/delete/formatc:/etc their wallets definitely and cry "I deleted my wallet.dat, I can't recover my coins, it's Bitcoin's fault" anymore
I think that if each person choses his own function and knows they are weakening his safety, it's remains mostly ok
The problem is indeed if people use it without understanding what they do or if the functions are in implemented in the client
I didn't understand your first post like that

I'll add a NSFNewbies tag in my post Smiley

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
August 02, 2011, 03:42:56 PM
 #16

Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv

just for fun i sent you 0.02 btc to that imaginary address Cheesy ...you'll have to now import it quick before someone else does Wink


imaginary? it's quite real.

importing is not sufficient, I'd also have to send the coins on.

i just meant that the private key was created using his imagination, and yes you're right it's a race to spend, not a race to import. jackjack has now spent the 20 millies anyway.
iamzill
Full Member
***
Offline Offline

Activity: 139


View Profile
August 02, 2011, 03:51:34 PM
 #17

I'm sorry but that trick only adds a negligible amount of entropy, which is negligible. It doesn't matter what kind of tricks you use, whether you end up with 20 bits of entropy or 200 bits of entropy, you're still greatly weaking the system. Suppose by using lots of passwords, lots of substr, repeated hashes, and salts and you end up with 250 bits of entropy, that's still only 1.5% of the entropy of a real key. Is it worth it to go through all that custom code and memorization just to end up with a private key that's 64 times weaker? Isn't it much safer just printing out the key pair like OP suggested or burning the wallet.dat on a CD?

As for your challenge, you missed my point about mentioning the $900,000 USD reward money. I'm not saying it's possible for an attacker to target your specific password. In fact, I can almost gurantee your address 1KJvYREkZxEgDczTKoEtvrhfkALsFsWKRa won't be brute-forced. I was claiming that if enough people saw your post and adopted your method, the attacker can steal from those people collectively, since they all share the same tiny keyspace.

Sorry if I come off as too critical, but I'm just trying to make sure bitcoin stays secure. If lots of people spoke out critically against mybitcoin in the first place then it wouldn't have ended up the way it did. I believe the only to way to ensure the collective security of the bitcoin eco-system is to harshly criticize any non-secure algorithm, organizational structure, and business practice that gets suggested. Every security compromise and every fraud devalues everyone's bitcoins, and more importantly threaten the future of this cryptographic currency.  

I'll stress it again, it's almost perfectly for safe for jackjack to use his method for himself. But if somehow this method ends up being implemented in the official client and thousands of people start using it, then the bruteforcing will begin and people will lose money and see it as a bitcoin security hole when it clearly isn't. I'm only criticizing it so that this worst case scenario doesn't happen. You're more than welcome to use it on your own.
Sure it's less secure but at least people using that won't lose/delete/formatc:/etc their wallets definitely and cry "I deleted my wallet.dat, I can't recover my coins, it's Bitcoin's fault" anymore
I think that if each person choses his own function and knows they are weakening his safety, it's remains mostly ok
The problem is indeed if people use it without understanding what they do or if the functions are in implemented in the client
I didn't understand your first post like that

I'll add a NSFNewbies tag in my post Smiley

Take the polish exchange for example. The owner basically said "Amazon lost my wallet.dat, I can't recover my coins". Then someone suggested to take Amazon harddrive offline and recover wallet.dat.

When people use "Sorry guys, I kinda forgot my exact password, hashing algorithm, and substr offset during my vacation.", I'm afraid someone will suggest taking the owner offline and water-board him until the password, hashing algorithm, and substr offset is recovered.
bitplane
Sr. Member
****
Offline Offline

Activity: 321

Firstbits: 1gyzhw


View Profile WWW
August 03, 2011, 09:38:58 AM
 #18

This is very dangerous and very stupid, and I'm talking about sending BTC to an anonyomus Nevis LLC level stupid here.

What about a sufficiently long password? For example: "Twas brillig, and the slithy toves Did gyre and gimble in the wabe; All mimsy were the borogoves, And the mome raths outgrabe" contains more than enough entropy (if I'm doing it right)
nmat
Hero Member
*****
Offline Offline

Activity: 602


View Profile
August 03, 2011, 10:04:58 AM
 #19

I think the solution to the "secure your wallet problem" is to have a real device. A real virtual wallet. It would be a small device with wifi, a screen and a few buttons with the unique purpose of running a bitcoin client.

Has anyone thought of this? I think it would be really cool if someone starts manufacturing a device like this.

OP's method works, but it will never be user friendly enough...
wareen
Millionaire
Hero Member
*****
Offline Offline

Activity: 742

bitcoin-austria.at


View Profile
August 03, 2011, 10:17:53 AM
 #20

What about a sufficiently long password? For example: "Twas brillig, and the slithy toves Did gyre and gimble in the wabe; All mimsy were the borogoves, And the mome raths outgrabe" contains more than enough entropy (if I'm doing it right)
I wouldn't recommend a full quote from a very famous piece of literature either - might have enough entropy word-wise if you make it long enough but it would no doubt be ranked among much lower entropy passwords in any sensibly crafted password cracking wordlist. An adversary having some knowledge about your person might even limit the genres of possible literature etc...
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!