Mental Bitcoin Wallet: I have real bitcoins stored in my head.

[casascius]

I have successfully transferred bitcoins into my head.  They can't be hacked.  They exist nowhere but in my head.  If I die, they die with me.

As crazy as this sounds, it's true.

I simply picked a passphrase, and turned it into a bitcoin address with my open source Casascius Bitcoin Utility (available from github).  When I want to spend the funds, I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.

What's my purpose in making this point?  While the entire Bitcoin community is reeling over the loss of Mybitcoin.com - not just the site, but the realization that keeping bitcoins in a web wallet is fundamentally flawed - I really want to pound in the idea that bitcoins can be kept on paper and in the form of codes or passphrases.  And when people do this, the bitcoins cannot be hacked.

Every sentence you can think of, corresponds to a Bitcoin address.  The bitcoin address can be given out freely, the sentence is the password that allows spending of bitcoins.  Once upon a time, I stored 0.25 bitcoins in the sentence "This string contains 0.25 BTC hidden in plain sight."... others were successfully able to retrieve the 0.25 BTC given the sentence.

The future of practicing safe Bitcoin is for people to be able to keep their private keys offline.  If you operate a Bitcoin-based website or exchange or are working on client code, please, for the future of Bitcoin, include the ability for people to enter and redeem the funds off of hand-typed private keys.

EDIT: Added, per suggestion, a reminder that any time you import Bitcoins from a private key into the current Satoshi client and spend less than all of them, you should spend the rest to new addresses, or at least back-up the wallet.dat.  This is because the portion you didn't spend (the change) gets sent to a brand new address that exists only in wallet.dat, and will be lost if you don't keep it safe.

[1714134155]

1714134155

[1714134155]

1714134155

[1714134155]

1714134155

[hugolp]

I dont trust my memory. At all.

[casascius]

I dont trust my memory. At all.

Not even to remember the opening line to your favorite childhood cartoon?  Or the motto of a group you belonged to?  Simply take a sentence you already know from memory, and add a few words to it (like "big fat ____" or "____ in the bed" or the name of a favorite artist etc.)

If not your memory, certainly you can use a piece of paper, or whatever you do to keep track of your regular passwords!

[jackjack]

Only on Windows
*nix users, look at pp2k.py http://github.com/jackjack-jj/pp2k

[Phinnaeus Gage]

iwearcoloredcodedbvdssize34to36

mygirlfriendlikesto(insert your own words here)withme

ithinkmywifeischeatingonmehencethisbitcoinstash

if2plus2equals4thenwhyisthegrassgreen

ilikeu238special3doorsdownandb52s

And you say this idea is sound? I agree!

It's useless without the key!

[ctoon6]

are private and public keys case sensitive? if they are not then i could probably eventually memorize 1 key pair.

[FlipPro]

Nice, just wait till a "Mind Reader" gets a hold of it  .

[EricJ2190]

This XKCD strip comes to mind.

[markm]

"I want a big mac and large fries to go, but only if you accept bitcoins via passphrases like this"

"oh wait, double that order, please"

"yes its me again. still accepting bitcoins via passphrases like this?"

"the usual, please and thank you"

etc

-MarkM- (Darn, I forgot the password from Saberhagen's "Octagon". Chapel Perilous? Something related to that...)

[KFed]

I put a bomb in the blockchain, prepare to be stricken with alzheimer's

[Eli]

I have successfully transferred bitcoins into my head.  They can't be hacked.  They exist nowhere but in my head.  If I die, they die with me.

As crazy as this sounds, it's true.

I simply picked a passphrase, and turned it into a bitcoin address with my open source Casascius Bitcoin Utility (available from github).  When I want to spend the funds, I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.

What's my purpose in making this point?  While the entire Bitcoin community is reeling over the loss of Mybitcoin.com - not just the site, but the realization that keeping bitcoins in a web wallet is fundamentally flawed - I really want to pound in the idea that bitcoins can be kept on paper and in the form of codes or passphrases.  And when people do this, the bitcoins cannot be hacked.

Every sentence you can think of, corresponds to a Bitcoin address.  The bitcoin address can be given out freely, the sentence is the password that allows spending of bitcoins.  Once upon a time, I stored 0.25 bitcoins in the sentence "This string contains 0.25 BTC hidden in plain sight."... others were successfully able to retrieve the 0.25 BTC given the sentence.

The future of practicing safe Bitcoin is for people to be able to keep their private keys offline.  If you operate a Bitcoin-based website or exchange or are working on client code, please, for the future of Bitcoin, include the ability for people to enter and redeem the funds off of hand-typed private keys.

Could you explain the process behind those apps?

I'm thinking of using a different type of wallet along with my Safebit wallet, one that will allow users to move addresses from place to place rather than them being attached to a singular wallet file, which I find extremely inefficient and quite simply a stupid idea in the first place when you can store individual addresses and manipulate them directly.

[JoelKatz]

are private and public keys case sensitive? if they are not then i could probably eventually memorize 1 key pair.

You don't memorize the keys themselves. You memorize a string whose hash is the private key. You can use any algorithm to convert the string to a key that you like, case sensitive or case insensitive.

[casascius]

Exactly.

Every private key is just a 32-byte hex number.  Every 32-byte hex number can be used as a private key.  And hence, every 32-byte hex number has a corresponding Bitcoin address.

Just by coincidence (or perhaps not), the SHA256 hash algorithm can produce a 32-byte hex number from any text input.  And while the output isn't predictable, it always produces the same output given the same input text.

So the idea is just to pair these two ideas.  Pick a passphrase, compute the SHA256 of it, use that as a private key.

All the Casascius Bitcoin Utility does, is calculate the Bitcoin address that corresponds to your 32 bytes as the matching private key.

You aren't remembering the private key itself, you're merely remembering the text that will produce your private key when plugged back into the SHA256 hash algorithm.  Which is good enough.

(When using Casascius Bitcoin Utility / SHA256, the passphrases ARE case sensitive by the way)

[kloinko1n]

I'm sure one of bitcoinporn's private keys will be generated by inputting Canticles 1:13 into this key generator. 

[BBanzai]

That is bloody brilliant.  I mean, really, really, really.

Bloody brilliant!  Given a popular and accessible conversion utility and interface...well.  I have to go outside and breath slowly now.

[kloinko1n]

[snip>
... I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.
<snip]

Too bad that your hacked computer immediately after putting your keys in the 'real wallet.dat' already has transferred all your bitcoins to the thief's wallet before you were able to touch any key!
 

[kloinko1n]

If you'd temporarily store your passphrase in a file and execute (in Linux) the following

gpg --print-md sha256 <file with passphrase>

would that do the trick also?
I'm not sure how to input the passphrase through the keyboard into gpg, but that would be much better.

[BBanzai]

Anyone that understands the principle involved here isn't likely to be the kind of person to have insecure interfaces.

[kjj]

Exactly.

Every private key is just a 32-byte hex number.  Every 32-byte hex number can be used as a private key.  And hence, every 32-byte hex number has a corresponding Bitcoin address.

Just by coincidence (or perhaps not), the SHA256 hash algorithm can produce a 32-byte hex number from any text input.  And while the output isn't predictable, it always produces the same output given the same input text.

So the idea is just to pair these two ideas.  Pick a passphrase, compute the SHA256 of it, use that as a private key.

All the Casascius Bitcoin Utility does, is calculate the Bitcoin address that corresponds to your 32 bytes as the matching private key.

You aren't remembering the private key itself, you're merely remembering the text that will produce your private key when plugged back into the SHA256 hash algorithm.  Which is good enough.

(When using Casascius Bitcoin Utility / SHA256, the passphrases ARE case sensitive by the way)

Did you run that past a cryptographer first?  I haven't read FIPS 186-3 in detail, but I seem to recall that ECDSA keypair generation involved more than tossing a bunch of bits together.

Also, did you test this?

[JoelKatz]

Did you run that past a cryptographer first?  I haven't read FIPS 186-3 in detail, but I seem to recall that ECDSA keypair generation involved more than tossing a bunch of bits together.

It is a well-known and well-understood property. Yes, ECDSA keypair generation does involve more than tossing a bunch of bits together. You follow the normal ECDSA keypair generation process except instead of generating a random private key, you use a hash.

To an attacker who does not know the input to a hash algorithm, the output of that hash algorithm is effectively random.

Also, did you test this?

It's a well-known property of ECDSA. It has been used to transfer bitcoins. (You can actually do it with RSA as well, it's just more complicated. You must use the hash to seed an agreed-upon PRNG.)