Bitcoin Forum
December 10, 2016, 09:23:20 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 »  All
  Print  
Author Topic: Mental Bitcoin Wallet: I have real bitcoins stored in my head.  (Read 11603 times)
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 07, 2011, 03:30:21 AM
 #1

I have successfully transferred bitcoins into my head.  They can't be hacked.  They exist nowhere but in my head.  If I die, they die with me.

As crazy as this sounds, it's true.

I simply picked a passphrase, and turned it into a bitcoin address with my open source Casascius Bitcoin Utility (available from github).  When I want to spend the funds, I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.

What's my purpose in making this point?  While the entire Bitcoin community is reeling over the loss of Mybitcoin.com - not just the site, but the realization that keeping bitcoins in a web wallet is fundamentally flawed - I really want to pound in the idea that bitcoins can be kept on paper and in the form of codes or passphrases.  And when people do this, the bitcoins cannot be hacked.

Every sentence you can think of, corresponds to a Bitcoin address.  The bitcoin address can be given out freely, the sentence is the password that allows spending of bitcoins.  Once upon a time, I stored 0.25 bitcoins in the sentence "This string contains 0.25 BTC hidden in plain sight."... others were successfully able to retrieve the 0.25 BTC given the sentence.

The future of practicing safe Bitcoin is for people to be able to keep their private keys offline.  If you operate a Bitcoin-based website or exchange or are working on client code, please, for the future of Bitcoin, include the ability for people to enter and redeem the funds off of hand-typed private keys.

EDIT: Added, per suggestion, a reminder that any time you import Bitcoins from a private key into the current Satoshi client and spend less than all of them, you should spend the rest to new addresses, or at least back-up the wallet.dat.  This is because the portion you didn't spend (the change) gets sent to a brand new address that exists only in wallet.dat, and will be lost if you don't keep it safe.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
1481361800
Hero Member
*
Offline Offline

Posts: 1481361800

View Profile Personal Message (Offline)

Ignore
1481361800
Reply with quote  #2

1481361800
Report to moderator
1481361800
Hero Member
*
Offline Offline

Posts: 1481361800

View Profile Personal Message (Offline)

Ignore
1481361800
Reply with quote  #2

1481361800
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481361800
Hero Member
*
Offline Offline

Posts: 1481361800

View Profile Personal Message (Offline)

Ignore
1481361800
Reply with quote  #2

1481361800
Report to moderator
1481361800
Hero Member
*
Offline Offline

Posts: 1481361800

View Profile Personal Message (Offline)

Ignore
1481361800
Reply with quote  #2

1481361800
Report to moderator
1481361800
Hero Member
*
Offline Offline

Posts: 1481361800

View Profile Personal Message (Offline)

Ignore
1481361800
Reply with quote  #2

1481361800
Report to moderator
hugolp
Hero Member
*****
Offline Offline

Activity: 742



View Profile
August 07, 2011, 03:32:40 AM
 #2

I dont trust my memory. At all.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 07, 2011, 03:36:59 AM
 #3

I dont trust my memory. At all.

Not even to remember the opening line to your favorite childhood cartoon?  Or the motto of a group you belonged to?  Simply take a sentence you already know from memory, and add a few words to it (like "big fat ____" or "____ in the bed" or the name of a favorite artist etc.)

If not your memory, certainly you can use a piece of paper, or whatever you do to keep track of your regular passwords!

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
jackjack
Hero Member
*****
Offline Offline

Activity: 882


May Bitcoin be touched by his Noodly Appendage


View Profile
August 07, 2011, 03:41:57 AM
 #4

Only on Windows
*nix users, look at pp2k.py http://github.com/jackjack-jj/pp2k

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1302


Bitcoin: An Idea Worth Spending


View Profile
August 07, 2011, 03:43:46 AM
 #5

iwearcoloredcodedbvdssize34to36

mygirlfriendlikesto(insert your own words here)withme

ithinkmywifeischeatingonmehencethisbitcoinstash

if2plus2equals4thenwhyisthegrassgreen

ilikeu238special3doorsdownandb52s

And you say this idea is sound? I agree!

It's useless without the key!

ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
August 07, 2011, 03:47:51 AM
 #6

are private and public keys case sensitive? if they are not then i could probably eventually memorize 1 key pair.

FlipPro
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
August 07, 2011, 04:20:19 AM
 #7

Nice, just wait till a "Mind Reader" gets a hold of it  Grin.

Tweet For Coins http://uptweet.com
EricJ2190
Full Member
***
Offline Offline

Activity: 134


View Profile
August 07, 2011, 04:27:20 AM
 #8

This XKCD strip comes to mind.
markm
Legendary
*
Offline Offline

Activity: 1792



View Profile WWW
August 07, 2011, 04:30:56 AM
 #9

"I want a big mac and large fries to go, but only if you accept bitcoins via passphrases like this"

"oh wait, double that order, please"

"yes its me again. still accepting bitcoins via passphrases like this?"

"the usual, please and thank you"

etc

-MarkM- (Darn, I forgot the password from Saberhagen's "Octagon". Chapel Perilous? Something related to that...)

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
KFed
Newbie
*
Offline Offline

Activity: 20


View Profile
August 07, 2011, 04:58:56 AM
 #10

I put a bomb in the blockchain, prepare to be stricken with alzheimer's
Eli
Full Member
***
Offline Offline

Activity: 128



View Profile
August 07, 2011, 06:36:46 AM
 #11

I have successfully transferred bitcoins into my head.  They can't be hacked.  They exist nowhere but in my head.  If I die, they die with me.

As crazy as this sounds, it's true.

I simply picked a passphrase, and turned it into a bitcoin address with my open source Casascius Bitcoin Utility (available from github).  When I want to spend the funds, I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.

What's my purpose in making this point?  While the entire Bitcoin community is reeling over the loss of Mybitcoin.com - not just the site, but the realization that keeping bitcoins in a web wallet is fundamentally flawed - I really want to pound in the idea that bitcoins can be kept on paper and in the form of codes or passphrases.  And when people do this, the bitcoins cannot be hacked.

Every sentence you can think of, corresponds to a Bitcoin address.  The bitcoin address can be given out freely, the sentence is the password that allows spending of bitcoins.  Once upon a time, I stored 0.25 bitcoins in the sentence "This string contains 0.25 BTC hidden in plain sight."... others were successfully able to retrieve the 0.25 BTC given the sentence.

The future of practicing safe Bitcoin is for people to be able to keep their private keys offline.  If you operate a Bitcoin-based website or exchange or are working on client code, please, for the future of Bitcoin, include the ability for people to enter and redeem the funds off of hand-typed private keys.

Could you explain the process behind those apps?

I'm thinking of using a different type of wallet along with my Safebit wallet, one that will allow users to move addresses from place to place rather than them being attached to a singular wallet file, which I find extremely inefficient and quite simply a stupid idea in the first place when you can store individual addresses and manipulate them directly.
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 07, 2011, 06:42:19 AM
 #12

are private and public keys case sensitive? if they are not then i could probably eventually memorize 1 key pair.
You don't memorize the keys themselves. You memorize a string whose hash is the private key. You can use any algorithm to convert the string to a key that you like, case sensitive or case insensitive.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 07, 2011, 06:56:22 AM
 #13

Exactly.

Every private key is just a 32-byte hex number.  Every 32-byte hex number can be used as a private key.  And hence, every 32-byte hex number has a corresponding Bitcoin address.

Just by coincidence (or perhaps not), the SHA256 hash algorithm can produce a 32-byte hex number from any text input.  And while the output isn't predictable, it always produces the same output given the same input text.

So the idea is just to pair these two ideas.  Pick a passphrase, compute the SHA256 of it, use that as a private key.

All the Casascius Bitcoin Utility does, is calculate the Bitcoin address that corresponds to your 32 bytes as the matching private key.

You aren't remembering the private key itself, you're merely remembering the text that will produce your private key when plugged back into the SHA256 hash algorithm.  Which is good enough.

(When using Casascius Bitcoin Utility / SHA256, the passphrases ARE case sensitive by the way)

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
kloinko1n
Full Member
***
Offline Offline

Activity: 177


View Profile
August 07, 2011, 07:14:03 AM
 #14

I'm sure one of bitcoinporn's private keys will be generated by inputting Canticles 1:13 into this key generator.  Grin
BBanzai
Member
**
Offline Offline

Activity: 84



View Profile
August 07, 2011, 07:17:43 AM
 #15

That is bloody brilliant.  I mean, really, really, really.

Bloody brilliant!  Given a popular and accessible conversion utility and interface...well.  I have to go outside and breath slowly now.
kloinko1n
Full Member
***
Offline Offline

Activity: 177


View Profile
August 07, 2011, 07:18:44 AM
 #16

[snip>
... I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.
<snip]
Too bad that your hacked computer immediately after putting your keys in the 'real wallet.dat' already has transferred all your bitcoins to the thief's wallet before you were able to touch any key!
 Tongue
kloinko1n
Full Member
***
Offline Offline

Activity: 177


View Profile
August 07, 2011, 07:39:15 AM
 #17

If you'd temporarily store your passphrase in a file and execute (in Linux) the following

gpg --print-md sha256 <file with passphrase>

would that do the trick also?
I'm not sure how to input the passphrase through the keyboard into gpg, but that would be much better.
BBanzai
Member
**
Offline Offline

Activity: 84



View Profile
August 07, 2011, 07:43:29 AM
 #18

Anyone that understands the principle involved here isn't likely to be the kind of person to have insecure interfaces.
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
August 07, 2011, 08:50:51 AM
 #19

Exactly.

Every private key is just a 32-byte hex number.  Every 32-byte hex number can be used as a private key.  And hence, every 32-byte hex number has a corresponding Bitcoin address.

Just by coincidence (or perhaps not), the SHA256 hash algorithm can produce a 32-byte hex number from any text input.  And while the output isn't predictable, it always produces the same output given the same input text.

So the idea is just to pair these two ideas.  Pick a passphrase, compute the SHA256 of it, use that as a private key.

All the Casascius Bitcoin Utility does, is calculate the Bitcoin address that corresponds to your 32 bytes as the matching private key.

You aren't remembering the private key itself, you're merely remembering the text that will produce your private key when plugged back into the SHA256 hash algorithm.  Which is good enough.

(When using Casascius Bitcoin Utility / SHA256, the passphrases ARE case sensitive by the way)

Did you run that past a cryptographer first?  I haven't read FIPS 186-3 in detail, but I seem to recall that ECDSA keypair generation involved more than tossing a bunch of bits together.

Also, did you test this?

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 07, 2011, 09:44:11 AM
 #20

Did you run that past a cryptographer first?  I haven't read FIPS 186-3 in detail, but I seem to recall that ECDSA keypair generation involved more than tossing a bunch of bits together.
It is a well-known and well-understood property. Yes, ECDSA keypair generation does involve more than tossing a bunch of bits together. You follow the normal ECDSA keypair generation process except instead of generating a random private key, you use a hash.

To an attacker who does not know the input to a hash algorithm, the output of that hash algorithm is effectively random.

Quote
Also, did you test this?
It's a well-known property of ECDSA. It has been used to transfer bitcoins. (You can actually do it with RSA as well, it's just more complicated. You must use the hash to seed an agreed-upon PRNG.)

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
Pages: [1] 2 3 4 5 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!