Bitcoin Forum
November 19, 2017, 05:37:49 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: GUIDE: Securely storing large amounts of bitcoin (brain wallet/paper wallet)  (Read 13775 times)
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
March 16, 2014, 06:19:01 PM
 #21

Wouldn't you need all those libraries installed on your computer too?

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
1511069869
Hero Member
*
Offline Offline

Posts: 1511069869

View Profile Personal Message (Offline)

Ignore
1511069869
Reply with quote  #2

1511069869
Report to moderator
1511069869
Hero Member
*
Offline Offline

Posts: 1511069869

View Profile Personal Message (Offline)

Ignore
1511069869
Reply with quote  #2

1511069869
Report to moderator
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
quakefiend420
Legendary
*
Offline Offline

Activity: 784


View Profile
March 16, 2014, 06:39:33 PM
 #22

Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

This, 1000X this.  Brain wallets should never be used, humans suck at coming up with something a computer can't guess.
Pente
Hero Member
*****
Offline Offline

Activity: 492



View Profile WWW
March 16, 2014, 08:00:00 PM
 #23

Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

I totally disagree and I am sick of hearing people say that brainwallets aren't safe. Sufficient length & randomness should suffice. Create a salt phrase that you use with every password.
Your salt phrase should include something long (can be public) & something private.
Examples:
"Pi=3.14159265358979323846&MyFirstPhoneNumber=800-555-1222"
"10!=3628800(Base10)=375F00(Hex)&I_LOVE_PATTAYA"
"InverseNaturalLogSeven=1096.6331584284585992637202382881&Starcraft>Chess>Checkers"
"Thanks:Danke:Asante:Salamat:ขอบคุณ:Gracias&I_WAS_BORN_ON_A_MONDAY"

You might want to write this part down somewhere safe if you have ever forgotten anything in your life.

Now when you create your brainwallet, just add a password to your standard salt phrase.

"Thanks:Danke:Asante:Salamat:ขอบคุณ:Gracias&I_WAS_BORN_ON_A_MONDAY"Alpha
Public Key:1EXLETbRDmwsB4gJimQhprvktZDXLkoDWT
Private Key:5KPgmne3z4vo8uPwKHDF6gZbDJpiXALLY9fipEuKtMLH9pbdbi7

"Thanks:Danke:Asante:Salamat:ขอบคุณ:Gracias&I_WAS_BORN_ON_A_MONDAY"Bravo
Public Key:1AxTsiWDsMu3ijy2s3NTF6kk1zJRUGjNyh
Private Key:5KEcUhqeSP4WAvaRRytXD3ChcnLUheaUX5yVLen244q8wHtGmxR

I keep a list of passwords with their public keys. The salt portion is only in my head and I mentally review fairly often. I never store the private keys. I actually store my public keys in a HTML file online so that I can easily access them from anywhere in the world with internet.

Alpha:1EXLETbRDmwsB4gJimQhprvktZDXLkoDWT
Bravo:1AxTsiWDsMu3ijy2s3NTF6kk1zJRUGjNyh

In summary, create your own system (including punctuation) that involves a long complex phrase (but possibly public) with a simple private phrase to make a consistant salt phrase (you can even write it down & store it somewhere safe). Now you just add different passwords to your salt phrase to create a safe list of addresses & public keys. I keep a bunch of brainwallets this way so that I can use one without compromising the rest.

If I need some more bitcoins, I just use brainwallet offline (and in safe mode) to re-create my private key, save that, then restart my computer, go online and add it to my blockchain.info account.




fimp
Sr. Member
****
Offline Offline

Activity: 304



View Profile WWW
September 21, 2014, 05:25:32 PM
 #24

I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

bitpop
Legendary
*
Offline Offline

Activity: 2184


https://keybase.io/bitpop


View Profile WWW
September 22, 2014, 01:34:55 AM
 #25

I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
fimp
Sr. Member
****
Offline Offline

Activity: 304



View Profile WWW
September 22, 2014, 07:20:15 AM
 #26

I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline
I did as in OP's guide which is using Brainwallet.org offline to sign a transaction.

bitpop
Legendary
*
Offline Offline

Activity: 2184


https://keybase.io/bitpop


View Profile WWW
September 22, 2014, 07:37:07 AM
 #27

I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline
I did as in OP's guide which is using Brainwallet.org offline to sign a transaction.

Try http://eligius.st/~wizkid057/newstats/pushtxn.php

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
fimp
Sr. Member
****
Offline Offline

Activity: 304



View Profile WWW
September 22, 2014, 07:38:23 AM
 #28

I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline
I did as in OP's guide which is using Brainwallet.org offline to sign a transaction.

Try http://eligius.st/~wizkid057/newstats/pushtxn.php
Code:
Trying to send...
array(3) {
  ["result"]=>
  NULL
  ["error"]=>
  array(2) {
    ["code"]=>
    int(-22)
    ["message"]=>
    string(11) "TX rejected"
  }
  ["id"]=>
  string(1) "1"
}
Response = 0

Oscilson
Sr. Member
****
Offline Offline

Activity: 434



View Profile
September 22, 2014, 07:44:09 AM
 #29

Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

This, 1000X this.  Brain wallets should never be used, humans suck at coming up with something a computer can't guess.

If we use "sank thou" instead of "thank you", would that avoid dictionary attack?
fimp
Sr. Member
****
Offline Offline

Activity: 304



View Profile WWW
September 22, 2014, 07:53:59 AM
 #30

Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

This, 1000X this.  Brain wallets should never be used, humans suck at coming up with something a computer can't guess.

If we use "sank thou" instead of "thank you", would that avoid dictionary attack?
If anyone else ever did the same and their password was part of a leak, then that password would probably become part of cracking dictionaries.

fimp
Sr. Member
****
Offline Offline

Activity: 304



View Profile WWW
September 22, 2014, 07:55:13 AM
 #31

Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

This, 1000X this.  Brain wallets should never be used, humans suck at coming up with something a computer can't guess.

If we use "sank thou" instead of "thank you", would that avoid dictionary attack?
If anyone else ever did the same and their password was part of a leak, then that password would probably become part of cracking dictionaries.
Also, both "sank" and "thou" are real English words, so they are part of any dictionary. Smiley

Oscilson
Sr. Member
****
Offline Offline

Activity: 434



View Profile
September 22, 2014, 08:14:28 AM
 #32


If we use "sank thou" instead of "thank you", would that avoid dictionary attack?
If anyone else ever did the same and their password was part of a leak, then that password would probably become part of cracking dictionaries.
Also, both "sank" and "thou" are real English words, so they are part of any dictionary. Smiley

If we mix English, Chinese, French and many other languages, the dictionary will be huge.
bitpop
Legendary
*
Offline Offline

Activity: 2184


https://keybase.io/bitpop


View Profile WWW
September 22, 2014, 10:26:44 PM
 #33

I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline
I did as in OP's guide which is using Brainwallet.org offline to sign a transaction.

Try http://eligius.st/~wizkid057/newstats/pushtxn.php
Code:
Trying to send...
array(3) {
  ["result"]=>
  NULL
  ["error"]=>
  array(2) {
    ["code"]=>
    int(-22)
    ["message"]=>
    string(11) "TX rejected"
  }
  ["id"]=>
  string(1) "1"
}
Response = 0

Then your inputs must be wrong. Blockchain has been having issues. If it's a small amount you can get away with doing it online.

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1246


Core dev leaves me neg feedback #abuse #political


View Profile
September 23, 2014, 12:06:54 AM
 #34

Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

This, 1000X this.  Brain wallets should never be used, humans suck at coming up with something a computer can't guess.

huh?   The distinction was just made that brainwallets with human generated passphrases shouldn't be used,
NOT that brainwallets of any sort are unsafe.  The whole point is that you can use a brainwallet with a computer
generated
passphrase.

Even certain human generated passphrases might be safe, but the issue is that the entropy cannot be measured
so you are better off letting the computer do it.


fimp
Sr. Member
****
Offline Offline

Activity: 304



View Profile WWW
September 23, 2014, 09:50:43 AM
 #35

I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline
I did as in OP's guide which is using Brainwallet.org offline to sign a transaction.

Try http://eligius.st/~wizkid057/newstats/pushtxn.php
Code:
Trying to send...
array(3) {
  ["result"]=>
  NULL
  ["error"]=>
  array(2) {
    ["code"]=>
    int(-22)
    ["message"]=>
    string(11) "TX rejected"
  }
  ["id"]=>
  string(1) "1"
}
Response = 0

Then your inputs must be wrong. Blockchain has been having issues. If it's a small amount you can get away with doing it online.
The inputs were collected from http://blockexplorer.com/q/mytransactions/ as described by OP. Is there another way I can save inputs?

Should this one work with Brainwallet? http://blockchain.info/address/$bitcoin_address?format=json

TheButterZone
Legendary
*
Offline Offline

Activity: 1960


Nemo me impune lacessit


View Profile WWW
September 23, 2014, 06:06:17 PM
 #36

Submit bugs: https://github.com/brainwallet/brainwallet.github.io/issues

silversurfer1958
Full Member
***
Offline Offline

Activity: 234


View Profile WWW
April 06, 2015, 01:04:57 AM
 #37

Brainwallets can be mined because SHa256 is a fast hash.
An option might be to use your password, hashed with a slower hash function like BCrypt, then use the output of that as the input of your Brainwallet.
Someone has gone along this path by creating Warpwallet


https://keybase.io/warp/warp_1.0.6_SHA256_e68d4587b0e2ec34a7b554fbd1ed2d0fedfaeacf3e47fbb6c5403e252348cbfc.html
fdylstyx
Full Member
***
Offline Offline

Activity: 158



View Profile
April 06, 2015, 05:09:59 AM
 #38

From Pente "In summary, create your own system (including punctuation) that involves a long complex phrase (but possibly public) with a simple private phrase to make a consistant salt phrase (you can even write it down & store it somewhere safe). Now you just add different passwords to your salt phrase to create a safe list of addresses & public keys. I keep a bunch of brainwallets this way so that I can use one without compromising the rest."


Regarding a brain wallet using obscure phrases. Would I be safe in assuming that using two or three obscure phrases that I am confident in remembering yet could save/store as the basis from which I uses a formula from those phrases?

Such as rather than complete words use not too complicated designated 1st, 2nd, 3rd or even last letter in each word for each different phrase. ie; Show unread posts since last visit. Show new replies to your posts. Watchlist can break down to hnoiai*WWSORS*W

In above sample the second, last and first letters of each separate phrase or sentence is capitalized which is easy enough to remember as is separating each phrase with some character. This way you could have a favorite collection of phrases or sentences, phone numbers, even family members and their birth dates and phone numbers.

There's a SHA-512 converter online (really don't know if it's something anyone would want to use) http://hash.online-convert.com/sha512-generator but using that converter gives my broken down phrases these results.

hex: 096d323baf815c52868889dd9c3f4f228c739c9e903f9d3a46126890a3295c2c89c2fb3bc2822eb 6dcaee35c324ea5498c5b2a678dc7c89602b565a78d74360f

HEX: 096D323BAF815C52868889DD9C3F4F228C739C9E903F9D3A46126890A3295C2C89C2FB3BC2822EB 6DCAEE35C324EA5498C5B2A678DC7C89602B565A78D74360F

h:e:x: 09:6d:32:3b:af:81:5c:52:86:88:89:dd:9c:3f:4f:22:8c:73:9c:9e:90:3f:9d:3a:46:12:68:90:a3:29:5c:2c:89:c2:fb:3b:c2:82:2e:b6:dc:ae:e3:5c:
32:4e:a5:49:8c:5b:2a:67:8d:c7:c8:96:02:b5:65:a7:8d:74:36:0f

base64: CW0yO6+BXFKGiIndnD9PIoxznJ6QP506RhJokKMpXCyJwvs7woIuttyu41wyTqVJjFsqZ43HyJYCtWWnjXQ2Dw==

Am I correct in assuming I could take any of these results and run it through again. For example the hex result 096d323baf815c52868889dd9c3f4f228c739c9e903f9d3a46126890a3295c2c89c2fb3bc2822eb 6dcaee35c324ea5498c5b2a678dc7c89602b565a78d74360f   thus acquiring this base64: Z1VlNplzyxJhNStJRqmiKq2TnK4/e8Hjv15pVvoaYGSZRHZjhKG994W9ouL6KkK8OE/y1Vddy/Ee7UvPrEfaBA==  

Just wanting to get some feedback as to whether I'm getting close to figuring out a brain wallet that I only need to remember the sequence of letters chosen from each individual word. The phrases or sentences can be hidden in plain sight on the web or in some familiar books on a shelf. I wouldn't even need to highlight them.

I'd like to think that, as already mentioned, two to four unrelated phrases might generate a base for procuring a comparatively easy way to create and remember a brainwallet. Or can I possibly just use my own generated (above sample-hnoiai*WWSORS*W) result? Does it really need to be a minimum number of letters numbers and characters to be strong? And is using a converter, online or offline, an absolute must?

Maybe I'm missing something here but I've pretty much sold myself on brain wallets for long term storage and easily generated short term use.

edited punctuation for clarity
fdylstyx
Full Member
***
Offline Offline

Activity: 158



View Profile
April 06, 2015, 09:54:43 PM
 #39

I was taught that there weren't any stupid questions.

Then again I was taught a penny saved was a penny earned. Then they went and took them out of circulation because they cost 1.6 cents to make. Anyone figure out what it costs to make a Bitcoin yet?
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!