Mental Bitcoin Wallet: I have real bitcoins stored in my head.

[goodlord666]

You could generate the wallet from a fingerprint or retina scan.

Don't forget to throw in some of those cyborg patrols and self-aware laser turrets and we're set.

Well, I'm off to the hologram theatre now, see ya later folks!

[1714178467]

1714178467

[1714178467]

1714178467

[1714178467]

1714178467

[1714178467]

1714178467

[1714178467]

1714178467

[1714178467]

1714178467

[ctoon6]

the use of biometrics as security (and sometimes identification for that matter) is typically a bad idea.

[TiagoTiago]

Some biometric locks are surprisingly easy to crack

[Big Time Coin]

83 posts and only one post about how using this method can lose all your bitcoins because the change gets sent to a different address that gets stored in the wallet.dat that is generated when using the paper/wetware-stored key in the client. 

Or is that just FUD, 'cause it seems an important detail and shouldn't be glossed over.  How about a disclaimer at the top of the thread like: Warning using this technique improperly, even once, could result in a loss of all your bitcoins

Am I totally off base here?  It seems rather scary to attempt this technique with any large amount of btc.

[Mageant]

Well, the web site would have to be trusted to at least SOME extent... to:

• Not have been rooted and be serving malicious content placed there by a hacker
• Serve the javascript client that it claims it serves, rather than serving something that collects the password...
• Tell the truth about what transactions are in the block chain when asked

• A server that lied about the value of a particular input transaction (by understating it) could convince a client to sign off a transaction that was actually worth more than the client thought it was... assuming the client had a check to confirm it was signing a transaction for the amount it was told, the extra funds could still be concealed as a large transaction fee
• A server could lie to the client about how many bitcoins he really has, making him think he has more than he does, by telling the client about past transactions that have already been spent, without telling the client about the transactions that spent them... the client will be convinced and have no way to verify, it just won't be able to produce a valid transaction to spend those coins

[/list]

I agree about the javascript. It could cost you your coin. Maybe you should get your client from a trusted source. (Wait! circular logic here. Are we saying the only trusted client is the original one?)

The rest is just maliciousness for the sake of evil. The site can't steal your coins if you're careful and would quickly lose credibility if it tried those things.

Still, much better than the e-wallet solutions that are out there today.

I think the key advantage is that hackers could not break into the website and steal Bitcoins (like in the MyBitcoin case). Yes, the could install malicious code, but that would be noticed quickly and the damage would be far less. Also the website could go down and no bitcoins would be lost (like in the bitomat case).

[Mageant]

In the case of memorizing it is better to have a simpler but longer passphase than to have a shorter but complex one. The idea is to pad your passphrase to a long length with a certain character.

So you could have easy to remember passphrase like:
buzz123$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

which is quite simple but strong simply because it is so long.

[RodeoX]

Nice job man!
Correct me if I'm wrong, but it would further increase security to use numbers and special characters.  This could avoid a cracking algorithm that tests patterns based on a dictionary.

[ctoon6]

In the case of memorizing it is better to have a simpler but longer passphase than to have a shorter but complex one. The idea is to pad your passphrase to a long length with a certain character.

So you could have easy to remember passphrase like:
buzz123$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

which is quite simple but strong simply because it is so long.

eh, id use a pattern like

password314password314314314314314314314

easy to remember, and is long, with padding that is also easy to remember.

[casascius]

83 posts and only one post about how using this method can lose all your bitcoins because the change gets sent to a different address that gets stored in the wallet.dat that is generated when using the paper/wetware-stored key in the client. 

Or is that just FUD, 'cause it seems an important detail and shouldn't be glossed over.  How about a disclaimer at the top of the thread like: Warning using this technique improperly, even once, could result in a loss of all your bitcoins

As a safety measure, I edited the original post to include this warning.

[casascius]

buzz123$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

password314password314314314314314314314

easy to remember, and is long, with padding that is also easy to remember.

These aren't very good.  They lack entropy and are relatively easy to crack.  Rather than being a strong password, these are merely passwords that depend on the cracker simply omitting trying these low entropy passwords.  Imagine I chose "β" as a password.  It's arguably super-strong if I depend on the assumption that crackers won't think to try Greek letters, but very weak if I turn out to be wrong.

[Jan]

I have been working on a java library for some time now, which allows you to create a bitcoin client that works along the lines you describe.
The technique of spending CPU cycles on deriving a seed is also called key stretching. I am using Scrypt (http://www.tarsnap.com/scrypt/scrypt.pdf) for this purpose, which not only requires CPU cycles, but also demands a certain amount of memory for its calculations. This makes hardware based brute force attacks much more expensive and less practical, as the chip will require too much cache memory.

I am expecting to have the first version of the library publicly available within a week.

The BCCAPI is now available: https://bitcointalk.org/index.php?topic=36892.msg453652#msg453652

It's a Java library for making secure lightweight bitcoin clients. All keys are deterministically generated from a passphrase and a salt. There is no wallet.dat to backup.

[Ten98]

Owning your own wallet.dat and having the bitcoin client running on your own machine is absolutely fine for the technologically inclined, but this methodology is totally at odds with the mainstream.

Normal people have big problems with security on their home PCs, they routinely forget even basic passwords or write them down and stick them on the fridge. Most have trojans of some kind installed, and email phishing scams frequently work because the general public is too dumb to realise when they are being scammed. Having mainstream users look after their own wallet.dat and be completely responsible for the security of it is a recipe for disaster.

In addition to that, the home desktop is becoming a thing of the past. More and more people just have a home laptop, a work desktop, a smartphone and maybe a tablet too where they access the internet, so the idea of a computer which is always on is totally alien to many, let alone one that has to be on so they can access their bitcoins and spend them.

People are getting used to having their Gmail wherever they are, and being able to log into their online banking, Paypal account and so on from any device, regardless of whether there is a particular service running on their home network at that particular moment.

If we are to make Bitcoin a mainstream success, the only way to do so is with web-based or cloud-based wallets (accounts) which users sign in and out of like their Gmail or Paypal accounts. We must have sites like mybitcoin, but ones which are trustworthy and secure.

One setback should not deter us from the goal of simple to use, web based Bitcoin wallets. We must not shy away from learning from the mistakes of others.

[Big Time Coin]

Owning your own wallet.dat and having the bitcoin client running on your own machine is absolutely fine for the technologically inclined, but this methodology is totally at odds with the mainstream.

Normal people have big problems with security on their home PCs, they routinely forget even basic passwords or write them down and stick them on the fridge. Most have trojans of some kind installed, and email phishing scams frequently work because the general public is too dumb to realise when they are being scammed. Having mainstream users look after their own wallet.dat and be completely responsible for the security of it is a recipe for disaster.

In addition to that, the home desktop is becoming a thing of the past. More and more people just have a home laptop, a work desktop, a smartphone and maybe a tablet too where they access the internet, so the idea of a computer which is always on is totally alien to many, let alone one that has to be on so they can access their bitcoins and spend them.

People are getting used to having their Gmail wherever they are, and being able to log into their online banking, Paypal account and so on from any device, regardless of whether there is a particular service running on their home network at that particular moment.

If we are to make Bitcoin a mainstream success, the only way to do so is with web-based or cloud-based wallets (accounts) which users sign in and out of like their Gmail or Paypal accounts. We must have sites like mybitcoin, but ones which are trustworthy and secure.

One setback should not deter us from the goal of simple to use, web based Bitcoin wallets. We must not shy away from learning from the mistakes of others.

No Shit Sherlock. 
Your post is totally off-topic. 
Problem is in personnel, funding, and insurance for such a project.  For starters. 
But please go find another thread among the many that are already discussing this, like in Project + Technical Development.  If you can code, it is open source.  There has been an outstanding 1000 btc bounty for an android bitcoin app for a long time. 

OP is talking about something totally different for very advanced users.  Keeping an off-computer piece of information that can be used to store bitcoins.  Joe six-pack is never, ever going to use this technique, so don't worry about it.

[jago25_98]

I flicked to a page about Kevin Mitnicks life on the run and it mentioning `tweaking the hash` ... tweaking a md5sum so that the hash remains the same even after alteration...  might this effect this somehow?

[netrin]

I flicked to a page about Kevin Mitnicks life on the run and it mentioning `tweaking the hash` ... tweaking a md5sum so that the hash remains the same even after alteration...  might this effect this somehow?

You mean accidental collision of distinct passphrases? Not in your lifetime.

Given a KNOWN hash, it has been shown in very specific circumstances that some carefully modified plaintext message can generate the same hash result. But that is not relevant here, simply because the target hash is unknown. If it were known, you'd already have control of the bitcoin balance.

[Ten98]

Mental wallets are probably the worst idea I've ever heard. There is no less reliable way to store data than a human memory other than writing it in chalk on the sidewalk. A simple memory lapse is all it takes for you to lose your coins, and you'll literally go crazy trying to remember.

And what happens if you die? Your wife / kids / girlfriend or whatever can't access your Bitcoins, they are lost forever! You have to strike a balance between absolute security and accessibility.

I think the old ways of security are often the best. If I had a significant number of Bitcoins, I'd have passwords, hashes, private keys and so on with full instructions on how to access the funds that anyone could follow both printed out on paper & stored on a couple of USB keys and locked in a safe, with backups held in a safety deposit box in a bank somewhere in case my house burned down.

[jtimon]

I would prefer to use this passphrase generation and write it in a paper that I store somewhere. People have to know:

1) That text contains bitcoins
2) How many times you do the hash to obtain the private key.

Seems better than bitbill's bitbank.
You could even write: "Old testament chapter X line Y", or "bitcoin whitepaper, last 210 characters". And then read in the book/text to redeem the coins. Or just take some random book at home and underline a paragraph.

I like the idea, but I don't like to memorize.

[sje397]

Some people can remember a lot very accurately. I don't have the best memory myself, but I reckon I could manage a phrase or two pretty easily.

[jtimon]

Some people can remember a lot very accurately. I don't have the best memory myself, but I reckon I could manage a phrase or two pretty easily.

What about remembering a chapter number of a book you have and using the first paragraph?
The passphrase would be much secure.

[Ten98]

Some people can remember a lot very accurately. I don't have the best memory myself, but I reckon I could manage a phrase or two pretty easily.

What about remembering a chapter number of a book you have and using the first paragraph?
The passphrase would be much secure.

That's quite clever. You could have "Page 3 Paragraph 5 Sentence 4" written down on a piece of paper, and even if someone found the paper they wouldn't be able to crack your password unless they knew which book you were referring to...