Bitcoin Forum
December 09, 2016, 02:19:43 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 [5] 6 »  All
  Print  
Author Topic: Mental Bitcoin Wallet: I have real bitcoins stored in my head.  (Read 11597 times)
goodlord666
Sr. Member
****
Offline Offline

Activity: 434


100%


View Profile
August 12, 2011, 03:01:29 PM
 #81

You could generate the wallet from a fingerprint or retina scan.

Don't forget to throw in some of those cyborg patrols and self-aware laser turrets and we're set.

Well, I'm off to the hologram theatre now, see ya later folks!

1481249983
Hero Member
*
Offline Offline

Posts: 1481249983

View Profile Personal Message (Offline)

Ignore
1481249983
Reply with quote  #2

1481249983
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481249983
Hero Member
*
Offline Offline

Posts: 1481249983

View Profile Personal Message (Offline)

Ignore
1481249983
Reply with quote  #2

1481249983
Report to moderator
1481249983
Hero Member
*
Offline Offline

Posts: 1481249983

View Profile Personal Message (Offline)

Ignore
1481249983
Reply with quote  #2

1481249983
Report to moderator
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
August 12, 2011, 03:22:05 PM
 #82

the use of biometrics as security (and sometimes identification for that matter) is typically a bad idea.

TiagoTiago
Hero Member
*****
Offline Offline

Activity: 616


Firstbits.com/1fg4i                :Ƀ


View Profile
August 13, 2011, 10:22:04 PM
 #83

Some biometric locks are surprisingly easy to crack

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
Big Time Coin
Sr. Member
****
Offline Offline

Activity: 332



View Profile
August 14, 2011, 08:07:53 AM
 #84

83 posts and only one post about how using this method can lose all your bitcoins because the change gets sent to a different address that gets stored in the wallet.dat that is generated when using the paper/wetware-stored key in the client. 

Or is that just FUD, 'cause it seems an important detail and shouldn't be glossed over.  How about a disclaimer at the top of the thread like: Warning using this technique improperly, even once, could result in a loss of all your bitcoins

Am I totally off base here?  It seems rather scary to attempt this technique with any large amount of btc.

Big time, I'm on my way I'm making it, big time, oh yes
- Peter Gabriel
Mageant
Legendary
*
Offline Offline

Activity: 1082



View Profile WWW
August 14, 2011, 02:01:10 PM
 #85

    Well, the web site would have to be trusted to at least SOME extent... to:
    • Not have been rooted and be serving malicious content placed there by a hacker
    • Serve the javascript client that it claims it serves, rather than serving something that collects the password...
    • Tell the truth about what transactions are in the block chain when asked
    • A server that lied about the value of a particular input transaction (by understating it) could convince a client to sign off a transaction that was actually worth more than the client thought it was... assuming the client had a check to confirm it was signing a transaction for the amount it was told, the extra funds could still be concealed as a large transaction fee
    • A server could lie to the client about how many bitcoins he really has, making him think he has more than he does, by telling the client about past transactions that have already been spent, without telling the client about the transactions that spent them... the client will be convinced and have no way to verify, it just won't be able to produce a valid transaction to spend those coins
    [/list]

    I agree about the javascript. It could cost you your coin. Maybe you should get your client from a trusted source. (Wait! circular logic here. Are we saying the only trusted client is the original one?)

    The rest is just maliciousness for the sake of evil. The site can't steal your coins if you're careful and would quickly lose credibility if it tried those things.

    Still, much better than the e-wallet solutions that are out there today.

    I think the key advantage is that hackers could not break into the website and steal Bitcoins (like in the MyBitcoin case). Yes, the could install malicious code, but that would be noticed quickly and the damage would be far less. Also the website could go down and no bitcoins would be lost (like in the bitomat case).

      ►  NEW ECONOMY MOVEMENT  ◄ 
      100% built from scratch • revolutionary forging mechanism • fairly distributed

    BIETCOIN.DE - Kleinanzeigenmarkt für Bitcoin
    Mageant
    Legendary
    *
    Offline Offline

    Activity: 1082



    View Profile WWW
    August 14, 2011, 02:03:51 PM
     #86

    In the case of memorizing it is better to have a simpler but longer passphase than to have a shorter but complex one. The idea is to pad your passphrase to a long length with a certain character.

    So you could have easy to remember passphrase like:
    buzz123$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

    which is quite simple but strong simply because it is so long.

      ►  NEW ECONOMY MOVEMENT  ◄ 
      100% built from scratch • revolutionary forging mechanism • fairly distributed

    BIETCOIN.DE - Kleinanzeigenmarkt für Bitcoin
    RodeoX
    Legendary
    *
    Offline Offline

    Activity: 2114


    The revolution will be monetized!


    View Profile
    August 14, 2011, 02:30:29 PM
     #87

    Nice job man!
    Correct me if I'm wrong, but it would further increase security to use numbers and special characters.  This could avoid a cracking algorithm that tests patterns based on a dictionary.

    The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

    Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
    ctoon6
    Sr. Member
    ****
    Offline Offline

    Activity: 350



    View Profile
    August 14, 2011, 03:26:20 PM
     #88

    In the case of memorizing it is better to have a simpler but longer passphase than to have a shorter but complex one. The idea is to pad your passphrase to a long length with a certain character.

    So you could have easy to remember passphrase like:
    buzz123$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

    which is quite simple but strong simply because it is so long.

    eh, id use a pattern like

    password314password314314314314314314314

    easy to remember, and is long, with padding that is also easy to remember.

    casascius
    Mike Caldwell
    VIP
    Legendary
    *
    Offline Offline

    Activity: 1344


    The Casascius 1oz 10BTC Silver Round (w/ Gold B)


    View Profile WWW
    August 14, 2011, 05:32:14 PM
     #89

    83 posts and only one post about how using this method can lose all your bitcoins because the change gets sent to a different address that gets stored in the wallet.dat that is generated when using the paper/wetware-stored key in the client. 

    Or is that just FUD, 'cause it seems an important detail and shouldn't be glossed over.  How about a disclaimer at the top of the thread like: Warning using this technique improperly, even once, could result in a loss of all your bitcoins

    As a safety measure, I edited the original post to include this warning.

    Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
    casascius
    Mike Caldwell
    VIP
    Legendary
    *
    Offline Offline

    Activity: 1344


    The Casascius 1oz 10BTC Silver Round (w/ Gold B)


    View Profile WWW
    August 14, 2011, 05:34:45 PM
     #90

    Quote
    buzz123$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

    password314password314314314314314314314

    easy to remember, and is long, with padding that is also easy to remember.

    These aren't very good.  They lack entropy and are relatively easy to crack.  Rather than being a strong password, these are merely passwords that depend on the cracker simply omitting trying these low entropy passwords.  Imagine I chose "β" as a password.  It's arguably super-strong if I depend on the assumption that crackers won't think to try Greek letters, but very weak if I turn out to be wrong.

    Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
    Jan
    Legendary
    *
    Offline Offline

    Activity: 1042



    View Profile
    August 14, 2011, 05:43:50 PM
     #91


    I have been working on a java library for some time now, which allows you to create a bitcoin client that works along the lines you describe.
    The technique of spending CPU cycles on deriving a seed is also called key stretching. I am using Scrypt (http://www.tarsnap.com/scrypt/scrypt.pdf) for this purpose, which not only requires CPU cycles, but also demands a certain amount of memory for its calculations. This makes hardware based brute force attacks much more expensive and less practical, as the chip will require too much cache memory.

    I am expecting to have the first version of the library publicly available within a week.


    The BCCAPI is now available: https://bitcointalk.org/index.php?topic=36892.msg453652#msg453652

    It's a Java library for making secure lightweight bitcoin clients. All keys are deterministically generated from a passphrase and a salt. There is no wallet.dat to backup.

    Mycelium let's you hold your private keys private.
    Ten98
    Full Member
    ***
    Offline Offline

    Activity: 201



    View Profile
    August 15, 2011, 12:26:35 AM
     #92

    Owning your own wallet.dat and having the bitcoin client running on your own machine is absolutely fine for the technologically inclined, but this methodology is totally at odds with the mainstream.

    Normal people have big problems with security on their home PCs, they routinely forget even basic passwords or write them down and stick them on the fridge. Most have trojans of some kind installed, and email phishing scams frequently work because the general public is too dumb to realise when they are being scammed. Having mainstream users look after their own wallet.dat and be completely responsible for the security of it is a recipe for disaster.

    In addition to that, the home desktop is becoming a thing of the past. More and more people just have a home laptop, a work desktop, a smartphone and maybe a tablet too where they access the internet, so the idea of a computer which is always on is totally alien to many, let alone one that has to be on so they can access their bitcoins and spend them.

    People are getting used to having their Gmail wherever they are, and being able to log into their online banking, Paypal account and so on from any device, regardless of whether there is a particular service running on their home network at that particular moment.

    If we are to make Bitcoin a mainstream success, the only way to do so is with web-based or cloud-based wallets (accounts) which users sign in and out of like their Gmail or Paypal accounts. We must have sites like mybitcoin, but ones which are trustworthy and secure.

    One setback should not deter us from the goal of simple to use, web based Bitcoin wallets. We must not shy away from learning from the mistakes of others.
    Big Time Coin
    Sr. Member
    ****
    Offline Offline

    Activity: 332



    View Profile
    August 16, 2011, 03:51:03 AM
     #93

    Owning your own wallet.dat and having the bitcoin client running on your own machine is absolutely fine for the technologically inclined, but this methodology is totally at odds with the mainstream.

    Normal people have big problems with security on their home PCs, they routinely forget even basic passwords or write them down and stick them on the fridge. Most have trojans of some kind installed, and email phishing scams frequently work because the general public is too dumb to realise when they are being scammed. Having mainstream users look after their own wallet.dat and be completely responsible for the security of it is a recipe for disaster.

    In addition to that, the home desktop is becoming a thing of the past. More and more people just have a home laptop, a work desktop, a smartphone and maybe a tablet too where they access the internet, so the idea of a computer which is always on is totally alien to many, let alone one that has to be on so they can access their bitcoins and spend them.

    People are getting used to having their Gmail wherever they are, and being able to log into their online banking, Paypal account and so on from any device, regardless of whether there is a particular service running on their home network at that particular moment.

    If we are to make Bitcoin a mainstream success, the only way to do so is with web-based or cloud-based wallets (accounts) which users sign in and out of like their Gmail or Paypal accounts. We must have sites like mybitcoin, but ones which are trustworthy and secure.

    One setback should not deter us from the goal of simple to use, web based Bitcoin wallets. We must not shy away from learning from the mistakes of others.

    No Shit Sherlock. 
    Your post is totally off-topic. 
    Problem is in personnel, funding, and insurance for such a project.  For starters. 
    But please go find another thread among the many that are already discussing this, like in Project + Technical Development.  If you can code, it is open source.  There has been an outstanding 1000 btc bounty for an android bitcoin app for a long time. 

    OP is talking about something totally different for very advanced users.  Keeping an off-computer piece of information that can be used to store bitcoins.  Joe six-pack is never, ever going to use this technique, so don't worry about it.

    Big time, I'm on my way I'm making it, big time, oh yes
    - Peter Gabriel
    jago25_98
    Hero Member
    *****
    Offline Offline

    Activity: 871


    http://moneybutnofixedabode.blogspot.com


    View Profile WWW
    August 24, 2011, 02:05:51 PM
     #94

    I flicked to a page about Kevin Mitnicks life on the run and it mentioning `tweaking the hash` ... tweaking a md5sum so that the hash remains the same even after alteration...  might this effect this somehow?
    netrin
    Sr. Member
    ****
    Offline Offline

    Activity: 322


    FirstBits: 168Bc


    View Profile
    August 24, 2011, 02:16:10 PM
     #95

    I flicked to a page about Kevin Mitnicks life on the run and it mentioning `tweaking the hash` ... tweaking a md5sum so that the hash remains the same even after alteration...  might this effect this somehow?

    You mean accidental collision of distinct passphrases? Not in your lifetime.

    Given a KNOWN hash, it has been shown in very specific circumstances that some carefully modified plaintext message can generate the same hash result. But that is not relevant here, simply because the target hash is unknown. If it were known, you'd already have control of the bitcoin balance.

    Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
    Ten98
    Full Member
    ***
    Offline Offline

    Activity: 201



    View Profile
    August 25, 2011, 10:05:54 AM
     #96

    Mental wallets are probably the worst idea I've ever heard. There is no less reliable way to store data than a human memory other than writing it in chalk on the sidewalk. A simple memory lapse is all it takes for you to lose your coins, and you'll literally go crazy trying to remember.

    And what happens if you die? Your wife / kids / girlfriend or whatever can't access your Bitcoins, they are lost forever! You have to strike a balance between absolute security and accessibility.

    I think the old ways of security are often the best. If I had a significant number of Bitcoins, I'd have passwords, hashes, private keys and so on with full instructions on how to access the funds that anyone could follow both printed out on paper & stored on a couple of USB keys and locked in a safe, with backups held in a safety deposit box in a bank somewhere in case my house burned down.
    jtimon
    Legendary
    *
    Offline Offline

    Activity: 1246


    View Profile WWW
    August 25, 2011, 10:45:51 AM
     #97

    I would prefer to use this passphrase generation and write it in a paper that I store somewhere. People have to know:

    1) That text contains bitcoins
    2) How many times you do the hash to obtain the private key.

    Seems better than bitbill's bitbank.
    You could even write: "Old testament chapter X line Y", or "bitcoin whitepaper, last 210 characters". And then read in the book/text to redeem the coins. Or just take some random book at home and underline a paragraph.

    I like the idea, but I don't like to memorize.

    2 different forms of free-money: Freicoin (free of basic interest because it's perishable), Mutual credit (no interest because it's abundant)
    sje397
    Newbie
    *
    Offline Offline

    Activity: 23


    View Profile
    August 25, 2011, 10:50:00 AM
     #98

    Some people can remember a lot very accurately. I don't have the best memory myself, but I reckon I could manage a phrase or two pretty easily.
    jtimon
    Legendary
    *
    Offline Offline

    Activity: 1246


    View Profile WWW
    August 25, 2011, 11:06:53 AM
     #99

    Some people can remember a lot very accurately. I don't have the best memory myself, but I reckon I could manage a phrase or two pretty easily.

    What about remembering a chapter number of a book you have and using the first paragraph?
    The passphrase would be much secure.

    2 different forms of free-money: Freicoin (free of basic interest because it's perishable), Mutual credit (no interest because it's abundant)
    Ten98
    Full Member
    ***
    Offline Offline

    Activity: 201



    View Profile
    August 25, 2011, 12:32:54 PM
     #100

    Some people can remember a lot very accurately. I don't have the best memory myself, but I reckon I could manage a phrase or two pretty easily.

    What about remembering a chapter number of a book you have and using the first paragraph?
    The passphrase would be much secure.

    That's quite clever. You could have "Page 3 Paragraph 5 Sentence 4" written down on a piece of paper, and even if someone found the paper they wouldn't be able to crack your password unless they knew which book you were referring to...
    Pages: « 1 2 3 4 [5] 6 »  All
      Print  
     
    Jump to:  

    Sponsored by , a Bitcoin-accepting VPN.
    Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!