MrJoshua
Member
Offline
Activity: 76
Merit: 12
|
|
August 07, 2011, 09:50:32 AM |
|
Yeah, I have some bitcoins in my head too. This is what I talked about with ThoughtCoins a few weeks ago: https://bitcointalk.org/index.php?topic=29187.0Just remember that the entropy (read: cryptographic strength) of even a long passphrase with numbers and symbols is quite a bit lower then an actual private key. In other words where it is impractically to search the entire key space of private keys it is possible to search the passphrase keyspace looking for valid wallets. Whereas the encryption of your wallet file with a passphrase requires access to your encrypted wallet to try to brute force your passphrase, a passphrase only wallet or ThoughtCoins as I called it requires nothing, anyone can start brute forcing that keyspace right now. Nevertheless, choose a good passphrase, and bitcoins in your head have some very interesting properties, as I discussed in my thread. Information on the entropy of passphrases: http://en.wikipedia.org/wiki/Passphrasej
|
The value of bitcoins is not a theory, predictions of it's failure are what is theoretical.
|
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
August 07, 2011, 09:53:56 AM |
|
Absolutely. You want at least 128-bits of entropy in the passphrase to provide security comparable to what ECDSA is already providing. Note that you can increase the number of effective bits by using a more complex algorithm, such as multiple iterations. You'd still be vulnerable to rainbow tables.
To be clear though, if your passphrase has 128-bits of entropy in it, such that an attacker would need to try on the order of 2^128 passphrases to hit on yours, this scheme is no less secure than straight ECDSA. (Except that both people know the private key, so either can claim the funds.)
|
I am an employee of Ripple. Follow me on Twitter @JoelKatz 1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
fennec
|
|
August 07, 2011, 11:26:15 AM |
|
So who takes the prize for being the first person in history to store money in their mind?
|
Preev – simple Bitcoin converter with live exchange rates
|
|
|
kwukduck
Legendary
Offline
Activity: 1937
Merit: 1001
|
|
August 07, 2011, 01:45:48 PM |
|
Say HI to address collisions.
|
14b8PdeWLqK3yi3PrNHMmCvSmvDEKEBh3E
|
|
|
kloinko1n
|
|
August 07, 2011, 02:40:06 PM |
|
After some trying I found a SHA256 hash generator for Linux: $ gpg --print-md sha256 < /dev/stdin<Enter> <your passphrase><Enter> <Ctrl-D><Ctrl-D> which gives the same results as $ gpg --print-md sha256 <file><Enter> where <file> is a file containing <your passphrase> and also the same results as http://www.xorbin.com/tools/sha256-hash-calculator in which you type: <your passphrase><Enter>
|
|
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
August 07, 2011, 03:48:05 PM |
|
Say HI to address collisions. Only if two people use the same passphrase. Obviously, if someone you can't trust knows or can guess your passphrase, you are doomed.
|
I am an employee of Ripple. Follow me on Twitter @JoelKatz 1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
August 07, 2011, 03:53:34 PM |
|
Absolutely. You want at least 128-bits of entropy in the passphrase to provide security comparable to what ECDSA is already providing. Note that you can increase the number of effective bits by using a more complex algorithm, such as multiple iterations. You'd still be vulnerable to rainbow tables.
I am not sure rainbow tables would be a concern. Rainbow tables would help someone get your passphrase from your 32-byte private key, but they don't even have that. They don't even have your public key either if you have never sent funds from the address.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
payb.tc
|
|
August 07, 2011, 03:59:49 PM |
|
Say HI to address collisions. Only if two people use the same passphrase. '123456' is pretty common
|
|
|
|
markm
Legendary
Offline
Activity: 2968
Merit: 1102
|
|
August 07, 2011, 06:28:13 PM |
|
Say HI to address collisions. Only if two people use the same passphrase. '123456' is pretty common Sure, but good luck grabbing a large number of coins out of that one's resulting address, what is its average time until next checked for coins by rainbow corp or whoever does the rainbow stuff? -MarkM- Edit so anyway, obviously we need to use "123456" (or whatever we manage to memorise as our hash type cypher passphrase) to generate a table of 256 distinct hash routines, so that our hash type selection phrase's hash can be used to look up hash routines to use to hash our actual phrase. Thus forcing users to use 123456 three times in a row, which would result in...
|
|
|
|
Trader Steve
|
|
August 07, 2011, 10:41:20 PM |
|
Exactly.
Every private key is just a 32-byte hex number. Every 32-byte hex number can be used as a private key. And hence, every 32-byte hex number has a corresponding Bitcoin address.
Just by coincidence (or perhaps not), the SHA256 hash algorithm can produce a 32-byte hex number from any text input. And while the output isn't predictable, it always produces the same output given the same input text.
So the idea is just to pair these two ideas. Pick a passphrase, compute the SHA256 of it, use that as a private key.
All the Casascius Bitcoin Utility does, is calculate the Bitcoin address that corresponds to your 32 bytes as the matching private key.
You aren't remembering the private key itself, you're merely remembering the text that will produce your private key when plugged back into the SHA256 hash algorithm. Which is good enough.
(When using Casascius Bitcoin Utility / SHA256, the passphrases ARE case sensitive by the way)
This sounds pretty awesome. Do you have a direct link to this utility? Thanks!
|
|
|
|
TiagoTiago
|
|
August 07, 2011, 11:16:25 PM |
|
Are people really gonna be imaginative enough with the phrases for the risk of collision to be negligible?
|
(I dont always get new reply notifications, pls send a pm when you think it has happened) Wanna gimme some BTC/BCH for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!
|
|
|
TeaRex
Member
Offline
Activity: 78
Merit: 10
|
|
August 07, 2011, 11:37:47 PM |
|
So who takes the prize for being the first person in history to store money in their mind?
<smartalec> That prize was probably awarded centuries ago. Early stock markets worked that way, traders just kept the transactions of the day in their heads. They'd be written down and/or directly executed only after the market closed. </smartalec>
|
*Image Removed* I'm not asking for donations, but if you think YOUR post is deserving a donation FROM me, send me a message.
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1257
May Bitcoin be touched by his Noodly Appendage
|
|
August 08, 2011, 12:06:13 AM |
|
Are people really gonna be imaginative enough with the phrases for the risk of collision to be negligible?
My program refuses passphrases below 40 characters or 7 words, casascius should do that too...
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
TiagoTiago
|
|
August 08, 2011, 12:10:06 AM |
|
But it's not just random jibberish with good variety of low and high caps, numbers, symbols etc, people are gonna use words and phrases that tend to make sense
|
(I dont always get new reply notifications, pls send a pm when you think it has happened) Wanna gimme some BTC/BCH for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!
|
|
|
RandyFolds
|
|
August 08, 2011, 12:10:44 AM |
|
Obviously, if someone you can't trust knows or can guess your passphrase, you are doomed.
That and you have to wear a tinfoil hat so the government can't read your thoughts from space...
|
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1257
May Bitcoin be touched by his Noodly Appendage
|
|
August 08, 2011, 12:15:48 AM |
|
But it's not just random jibberish with good variety of low and high caps, numbers, symbols etc, people are gonna use words and phrases that tend to make sense
Yep I will force users to use some special characters
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
shotgun
Member
Offline
Activity: 98
Merit: 11
|
|
August 08, 2011, 12:47:57 AM |
|
After some trying I found a SHA256 hash generator for Linux: $ gpg --print-md sha256 < /dev/stdin<Enter> <your passphrase><Enter> <Ctrl-D><Ctrl-D> which gives the same results as $ gpg --print-md sha256 <file><Enter> where <file> is a file containing <your passphrase> and also the same results as http://www.xorbin.com/tools/sha256-hash-calculator in which you type: <your passphrase><Enter> Cool, so am I to believe that I can use this method to generate a bitcoin address and then use it for transactions? If so... you win the internet for the day and I will donate 0.05btc to you (hey it's better than nothing).
|
<luke-jr> Catholics do not believe in freedom of religion.
|
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
August 08, 2011, 12:52:29 AM |
|
I am not sure rainbow tables would be a concern. Rainbow tables would help someone get your passphrase from your 32-byte private key, but they don't even have that. They don't even have your public key either if you have never sent funds from the address.
That's not the way they would do the attack. They would build a rainbow table of a few trillion passphrases and the corresponding bitcoin addresses. Everytime a new bitcoin address appeared in the hash chain, they would check that address against the rainbow table. If they found a match, they would derive the private key again and claim the funds immediately.
|
I am an employee of Ripple. Follow me on Twitter @JoelKatz 1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
August 08, 2011, 03:09:18 AM |
|
Are people really gonna be imaginative enough with the phrases for the risk of collision to be negligible?
My program refuses passphrases below 40 characters or 7 words, casascius should do that too... Yeah, mine does that too. The rules aren't exactly the same, but close. And if you mix symbols, uppercase, and lowercase, and numbers together, it will let you do a somewhat shorter phrase.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
August 08, 2011, 03:11:41 AM |
|
I am not sure rainbow tables would be a concern. Rainbow tables would help someone get your passphrase from your 32-byte private key, but they don't even have that. They don't even have your public key either if you have never sent funds from the address.
That's not the way they would do the attack. They would build a rainbow table of a few trillion passphrases and the corresponding bitcoin addresses. Everytime a new bitcoin address appeared in the hash chain, they would check that address against the rainbow table. If they found a match, they would derive the private key again and claim the funds immediately. While I wouldn't put it past anyone, that rainbow table is going to be ridiculously slow to build to the point of near infeasibility. The operation of deriving the public key from the private key, as I'm sure you know, is super expensive in CPU time.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|