Bitcoin Forum
December 06, 2016, 02:26:28 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
Author Topic: Mental Bitcoin Wallet: I have real bitcoins stored in my head.  (Read 11590 times)
MrJoshua
Member
**
Offline Offline

Activity: 76


View Profile
August 07, 2011, 09:50:32 AM
 #21

Yeah, I have some bitcoins in my head too.  This is what I talked about with ThoughtCoins a few weeks ago:

https://bitcointalk.org/index.php?topic=29187.0

Just remember that the entropy (read: cryptographic strength) of even a long passphrase with numbers and symbols is quite a bit lower then an actual private key.  In other words where it is impractically to search the entire key space of private keys it is possible to search the passphrase keyspace looking for valid wallets.  Whereas the encryption of your wallet file with a passphrase requires access to your encrypted wallet to try to brute force your passphrase, a passphrase only wallet or ThoughtCoins as I called it requires nothing, anyone can start brute forcing that keyspace right now.  Nevertheless, choose a good passphrase, and bitcoins in your head have some very interesting properties, as I discussed in my thread.

Information on the entropy of passphrases: http://en.wikipedia.org/wiki/Passphrase

j


The value of bitcoins is not a theory, predictions of it's failure are what is theoretical.
1481034388
Hero Member
*
Offline Offline

Posts: 1481034388

View Profile Personal Message (Offline)

Ignore
1481034388
Reply with quote  #2

1481034388
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481034388
Hero Member
*
Offline Offline

Posts: 1481034388

View Profile Personal Message (Offline)

Ignore
1481034388
Reply with quote  #2

1481034388
Report to moderator
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 07, 2011, 09:53:56 AM
 #22

Absolutely. You want at least 128-bits of entropy in the passphrase to provide security comparable to what ECDSA is already providing. Note that you can increase the number of effective bits by using a more complex algorithm, such as multiple iterations. You'd still be vulnerable to rainbow tables.

To be clear though, if your passphrase has 128-bits of entropy in it, such that an attacker would need to try on the order of 2^128 passphrases to hit on yours, this scheme is no less secure than straight ECDSA. (Except that both people know the private key, so either can claim the funds.)

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
fennec
Member
**
Offline Offline

Activity: 76



View Profile WWW
August 07, 2011, 11:26:15 AM
 #23

So who takes the prize for being the first person in history to store money in their mind?

Grin

Preev – simple Bitcoin converter with live exchange rates
kwukduck
Legendary
*
Offline Offline

Activity: 1564


View Profile
August 07, 2011, 01:45:48 PM
 #24

Say HI to address collisions. Smiley

14b8PdeWLqK3yi3PrNHMmCvSmvDEKEBh3E
kloinko1n
Full Member
***
Offline Offline

Activity: 177


View Profile
August 07, 2011, 02:40:06 PM
 #25

After some trying I found a SHA256 hash generator for Linux:

$ gpg --print-md sha256 < /dev/stdin<Enter>
   <your passphrase><Enter>
   <Ctrl-D><Ctrl-D>

which gives the same results as

$ gpg --print-md sha256 <file><Enter>

where <file> is a file containing <your passphrase>

and also the same results as

http://www.xorbin.com/tools/sha256-hash-calculator in which you type:

<your passphrase><Enter>
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 07, 2011, 03:48:05 PM
 #26

Say HI to address collisions. Smiley
Only if two people use the same passphrase. Obviously, if someone you can't trust knows or can guess your passphrase, you are doomed.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 07, 2011, 03:53:34 PM
 #27

Absolutely. You want at least 128-bits of entropy in the passphrase to provide security comparable to what ECDSA is already providing. Note that you can increase the number of effective bits by using a more complex algorithm, such as multiple iterations. You'd still be vulnerable to rainbow tables.


I am not sure rainbow tables would be a concern. Rainbow tables would help someone get your passphrase from your 32-byte private key, but they don't even have that. They don't even have your public key either if you have never sent funds from the address. 

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
August 07, 2011, 03:59:49 PM
 #28

Say HI to address collisions. Smiley
Only if two people use the same passphrase.

'123456' is pretty common Cheesy

markm
Legendary
*
Offline Offline

Activity: 1778



View Profile WWW
August 07, 2011, 06:28:13 PM
 #29

Say HI to address collisions. Smiley
Only if two people use the same passphrase.

'123456' is pretty common Cheesy



Sure, but good luck grabbing a large number of coins out of that one's resulting address, what is its average time until next checked for coins by rainbow corp or whoever does the rainbow stuff?

-MarkM-

Edit so anyway, obviously we need to use "123456" (or whatever we manage to memorise as our hash type cypher passphrase) to generate a table of 256 distinct hash routines, so that our hash type selection phrase's hash can be used to look up hash routines to use to hash our actual phrase. Thus forcing users to use 123456 three times in a row, which would result in...


Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
Trader Steve
Hero Member
*****
Offline Offline

Activity: 725


"How do you eat an elephant? One bit at a time..."


View Profile
August 07, 2011, 10:41:20 PM
 #30

Exactly.

Every private key is just a 32-byte hex number.  Every 32-byte hex number can be used as a private key.  And hence, every 32-byte hex number has a corresponding Bitcoin address.

Just by coincidence (or perhaps not), the SHA256 hash algorithm can produce a 32-byte hex number from any text input.  And while the output isn't predictable, it always produces the same output given the same input text.

So the idea is just to pair these two ideas.  Pick a passphrase, compute the SHA256 of it, use that as a private key.

All the Casascius Bitcoin Utility does, is calculate the Bitcoin address that corresponds to your 32 bytes as the matching private key.

You aren't remembering the private key itself, you're merely remembering the text that will produce your private key when plugged back into the SHA256 hash algorithm.  Which is good enough.

(When using Casascius Bitcoin Utility / SHA256, the passphrases ARE case sensitive by the way)

This sounds pretty awesome. Do you have a direct link to this utility?

Thanks!
TiagoTiago
Hero Member
*****
Offline Offline

Activity: 616


Firstbits.com/1fg4i                :Ƀ


View Profile
August 07, 2011, 11:16:25 PM
 #31

Are people really gonna be imaginative enough with the phrases for the risk of collision to be negligible?

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
TeaRex
Member
**
Offline Offline

Activity: 78


View Profile
August 07, 2011, 11:37:47 PM
 #32

So who takes the prize for being the first person in history to store money in their mind?


<smartalec>
That prize was probably awarded centuries ago. Early stock markets worked that way, traders just kept the transactions of the day in their heads. They'd be written down and/or directly executed only after the market closed.
</smartalec>

*Image Removed*
I'm not asking for donations, but if you think YOUR post is deserving a donation FROM me, send me a message.
jackjack
Hero Member
*****
Offline Offline

Activity: 868


May Bitcoin be touched by his Noodly Appendage


View Profile
August 08, 2011, 12:06:13 AM
 #33

Are people really gonna be imaginative enough with the phrases for the risk of collision to be negligible?
My program refuses passphrases below 40 characters or 7 words, casascius should do that too...

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
TiagoTiago
Hero Member
*****
Offline Offline

Activity: 616


Firstbits.com/1fg4i                :Ƀ


View Profile
August 08, 2011, 12:10:06 AM
 #34

But it's not just random jibberish with good variety of low and high caps, numbers, symbols etc, people are gonna use words and phrases that tend to make sense

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
RandyFolds
Sr. Member
****
Offline Offline

Activity: 434



View Profile
August 08, 2011, 12:10:44 AM
 #35

Obviously, if someone you can't trust knows or can guess your passphrase, you are doomed.

That and you have to wear a tinfoil hat so the government can't read your thoughts from space...

▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
▓▓ ONEDICE.ME ▓▓▓▓▓ BEST DICE EXPERIENCE ▓▓▓▓ PLAY OR INVEST ▓▓▓▓▓▓
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
jackjack
Hero Member
*****
Offline Offline

Activity: 868


May Bitcoin be touched by his Noodly Appendage


View Profile
August 08, 2011, 12:15:48 AM
 #36

But it's not just random jibberish with good variety of low and high caps, numbers, symbols etc, people are gonna use words and phrases that tend to make sense
Yep
I will force users to use some special characters

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
shotgun
Member
**
Offline Offline

Activity: 98



View Profile
August 08, 2011, 12:47:57 AM
 #37

After some trying I found a SHA256 hash generator for Linux:

$ gpg --print-md sha256 < /dev/stdin<Enter>
   <your passphrase><Enter>
   <Ctrl-D><Ctrl-D>

which gives the same results as

$ gpg --print-md sha256 <file><Enter>

where <file> is a file containing <your passphrase>

and also the same results as

http://www.xorbin.com/tools/sha256-hash-calculator in which you type:

<your passphrase><Enter>



Cool, so am I to believe that I can use this method to generate a bitcoin address and then use it for transactions? If so... you win the internet for the day and I will donate 0.05btc to you (hey it's better than nothing).

<luke-jr> Catholics do not believe in freedom of religion.
JoelKatz
Legendary
*
Offline Offline

Activity: 1386


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 08, 2011, 12:52:29 AM
 #38

I am not sure rainbow tables would be a concern. Rainbow tables would help someone get your passphrase from your 32-byte private key, but they don't even have that. They don't even have your public key either if you have never sent funds from the address. 
That's not the way they would do the attack. They would build a rainbow table of a few trillion passphrases and the corresponding bitcoin addresses. Everytime a new bitcoin address appeared in the hash chain, they would check that address against the rainbow table. If they found a match, they would derive the private key again and claim the funds immediately.

I am an employee of Ripple.
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 08, 2011, 03:09:18 AM
 #39

Are people really gonna be imaginative enough with the phrases for the risk of collision to be negligible?
My program refuses passphrases below 40 characters or 7 words, casascius should do that too...
Yeah, mine does that too.
The rules aren't exactly the same, but close.  And if you mix symbols, uppercase, and lowercase, and numbers together, it will let you do a somewhat shorter phrase.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
August 08, 2011, 03:11:41 AM
 #40

I am not sure rainbow tables would be a concern. Rainbow tables would help someone get your passphrase from your 32-byte private key, but they don't even have that. They don't even have your public key either if you have never sent funds from the address. 
That's not the way they would do the attack. They would build a rainbow table of a few trillion passphrases and the corresponding bitcoin addresses. Everytime a new bitcoin address appeared in the hash chain, they would check that address against the rainbow table. If they found a match, they would derive the private key again and claim the funds immediately.

While I wouldn't put it past anyone, that rainbow table is going to be ridiculously slow to build to the point of near infeasibility.  The operation of deriving the public key from the private key, as I'm sure you know, is super expensive in CPU time.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!