Bitcoin Forum
November 05, 2024, 01:16:54 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 [6]  All
  Print  
Author Topic: Mental Bitcoin Wallet: I have real bitcoins stored in my head.  (Read 12741 times)
netrin
Sr. Member
****
Offline Offline

Activity: 322
Merit: 251


FirstBits: 168Bc


View Profile
August 25, 2011, 01:52:11 PM
 #101

...or the last letter of every line. Assume every page of this book is a potential key and you don't write anything down at all. History is littered with similarly cracked methods. No matter your method, if you can't trust your friends, family or self, your bitcoins will die with you.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
jtimon
Legendary
*
Offline Offline

Activity: 1372
Merit: 1002


View Profile WWW
August 25, 2011, 02:41:11 PM
 #102

...or the last letter of every line. Assume every page of this book is a potential key and you don't write anything down at all. History is littered with similarly cracked methods. No matter your method, if you can't trust your friends, family or self, your bitcoins will die with you.

Yes, but if your family doesn't know what your printed QR-code in your drawer is, your bitcoins are also going to disappear if you die.

2 different forms of free-money: Freicoin (free of basic interest because it's perishable), Mutual credit (no interest because it's abundant)
netrin
Sr. Member
****
Offline Offline

Activity: 322
Merit: 251


FirstBits: 168Bc


View Profile
August 25, 2011, 03:54:05 PM
 #103

Yes, but if your family doesn't know what your printed QR-code in your drawer is, your bitcoins are also going to disappear if you die.

Exactly. I think a memorized 'travel wallet' is perfectly fine. But one really needs to print a deterministic 'savings wallet' and including it in the will (or a ceramic piggie bank).

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
Boussac
Legendary
*
Offline Offline

Activity: 1221
Merit: 1025


e-ducat.fr


View Profile WWW
August 25, 2011, 10:48:11 PM
 #104


Yes, but if your family doesn't know what your printed QR-code in your drawer is, your bitcoins are also going to disappear if you die.

I kind of like the idea that the bitcoins disappear with their owner: it's like a donation to the bitcoin community since the value of the remaining bitcoins is increased in proportion of the lost coins.
That's the beauty of a limited money supply combined with infinite divisibility.

JoelKatz
Legendary
*
Offline Offline

Activity: 1596
Merit: 1012


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 26, 2011, 12:05:09 AM
 #105

83 posts and only one post about how using this method can lose all your bitcoins because the change gets sent to a different address that gets stored in the wallet.dat that is generated when using the paper/wetware-stored key in the client. 

Or is that just FUD, 'cause it seems an important detail and shouldn't be glossed over.  How about a disclaimer at the top of the thread like: Warning using this technique improperly, even once, could result in a loss of all your bitcoins

Am I totally off base here?  It seems rather scary to attempt this technique with any large amount of btc.
The technique is only appropriate for holding coins to be transferred whole. Once the coins are claimed, they are no longer stored in a "mental wallet", period.

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
netrin
Sr. Member
****
Offline Offline

Activity: 322
Merit: 251


FirstBits: 168Bc


View Profile
August 26, 2011, 02:05:16 AM
 #106

The technique is only appropriate for holding coins to be transferred whole. Once the coins are claimed, they are no longer stored in a "mental wallet", period.

That is true for the current implementation of the C++ client, which, considering it's still beta is not a trivial point. Alternate change output is an unintuitive hack which fails to create anonymity but successfully creates confusion and lost coins.

EDIT: Demonstrating the point are 3 of 4 posters on this page with a presumably static bitcoin address in their signature.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246
Merit: 1016


Strength in numbers


View Profile WWW
August 26, 2011, 02:22:19 AM
 #107


EDIT: Demonstrating the point are 3 of 4 posters on this page with a presumably static bitcoin address in their signature.

Are you saying that sending change to a fresh address is useless because some people will publicly announce their address and reuse it?

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
JoelKatz
Legendary
*
Offline Offline

Activity: 1596
Merit: 1012


Democracy is vulnerable to a 51% attack.


View Profile WWW
August 26, 2011, 03:31:06 AM
 #108


EDIT: Demonstrating the point are 3 of 4 posters on this page with a presumably static bitcoin address in their signature.

Are you saying that sending change to a fresh address is useless because some people will publicly announce their address and reuse it?
I think his point is that people will continue to use the same receiving address even after they've transferred some coins from it, leaving some coins at their known account and some at various accounts unknown to them. This makes it very hard for human beings to know what they need to protect in order to be assured of not losing their coins.

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
netrin
Sr. Member
****
Offline Offline

Activity: 322
Merit: 251


FirstBits: 168Bc


View Profile
August 26, 2011, 04:03:43 AM
Last edit: August 26, 2011, 04:36:51 AM by netrin
 #109

I think his point is that people will continue to use the same receiving address even after they've transferred some coins from it (Clearly), leaving some coins at their known account and some at various accounts unknown to them (Ideally, not by default). This makes it very hard for human beings to know what they need to protect in order to be assured of not losing their coins (Bingo).

I think he applauds the mental bitcoin idea. He's only bitching that the 'might lose coins after spending' problem is a problem with the client, not with mental bitcoin wallets. Rather than warn people about the numerous ways they might lose coins after sending, the client might instead return change to the sending address by default, just as anyone would intuitively expect.


EDIT: Demonstrating the point are 3 of 4 (4 of 5) posters on this page with a presumably static bitcoin address in their signature.
Are you saying that sending change to a fresh address is useless because some people will publicly announce their address and reuse it (and it does not provide the originally intended anonymity anyway)?

In order for mental bitcoin wallets to be well supported, standard clients will need to (a) return change to the same address or (b) deterministic wallets where the 'key' is really a seed or (c) some other brilliant yet unknown to me feature or (d) continually explain the 100 key pool problem to users after they've lost their fortune polish bitomat style.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
jtimon
Legendary
*
Offline Offline

Activity: 1372
Merit: 1002


View Profile WWW
August 26, 2011, 07:03:07 AM
 #110

Yes, but if your family doesn't know what your printed QR-code in your drawer is, your bitcoins are also going to disappear if you die.

Exactly. I think a memorized 'travel wallet' is perfectly fine. But one really needs to print a deterministic 'savings wallet' and including it in the will (or a ceramic piggie bank).

You're right.
For the piggie bank you can leave precise instructions so family can redeem the bitcoins.

2 different forms of free-money: Freicoin (free of basic interest because it's perishable), Mutual credit (no interest because it's abundant)
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1026



View Profile
September 12, 2011, 12:01:52 AM
 #111

casascius, is there any way you could compile a Windows binary for your bitcoin address utility.  :-D  I am not a techie, and although I MIGHT be able to figure out how to compile it myself, there's a good chance I'd fuck it up.  Similarly, I have to wait until bitcoin v0.4 comes out before I can take advantage of the import/export private keys patch (assuming it's included in that build).  But when the official client does have the capability to import new keys, having your program so that I could create addresses out of my own password would be very very handy!  I'm just not enough of a computer guy to do it myself--even though I see that the ability is out there...

casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
September 12, 2011, 12:08:03 AM
 #112

Sure.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

btcaddress.zip SHA256 hash: 6475b20ab235ea685b73ef117283aaf0c8d9f021dd0a3434dfc6e7ab7f0da3d5

http://www.casascius.com/btcaddress.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJObU1dAAoJEFou6PHxF1ojUqIIAInIKSS8aitXDHANGtBfeQbi
SUejbeqsiVtLZsPzSeC4jdWCYfOSXfAMbo0Lg3IXMgHLZjlJCTSK7tRElMwBYAwm
zscUPpJnA7mv9fziAZjAzcluJ+WMuHiINvZeiTWEFVhZdSXnWdm1T1kLO7gJdjww
4wVD+fiZJkTqi6Asgs0nreDDNTv051e+U9gnEkBfB+k8kJedFiUGsmiFQZGyPTVd
lnRMursoWX9wHnZ6C/7xsJKf/nW6++9Y8YIVHdjiMvC6UE/Ai7Pi6vh2BQNSEatk
iazs6w7htVcUlo0OMX1AxTN1R4JDNHak6F/ueEOgOZEeyaMDjoECj7tlPFM532A=
=xzg7
-----END PGP SIGNATURE-----


Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1026



View Profile
September 12, 2011, 01:55:54 AM
 #113

Sure.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

btcaddress.zip SHA256 hash: 6475b20ab235ea685b73ef117283aaf0c8d9f021dd0a3434dfc6e7ab7f0da3d5

http://www.casascius.com/btcaddress.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJObU1dAAoJEFou6PHxF1ojUqIIAInIKSS8aitXDHANGtBfeQbi
SUejbeqsiVtLZsPzSeC4jdWCYfOSXfAMbo0Lg3IXMgHLZjlJCTSK7tRElMwBYAwm
zscUPpJnA7mv9fziAZjAzcluJ+WMuHiINvZeiTWEFVhZdSXnWdm1T1kLO7gJdjww
4wVD+fiZJkTqi6Asgs0nreDDNTv051e+U9gnEkBfB+k8kJedFiUGsmiFQZGyPTVd
lnRMursoWX9wHnZ6C/7xsJKf/nW6++9Y8YIVHdjiMvC6UE/Ai7Pi6vh2BQNSEatk
iazs6w7htVcUlo0OMX1AxTN1R4JDNHak6F/ueEOgOZEeyaMDjoECj7tlPFM532A=
=xzg7
-----END PGP SIGNATURE-----



Words cannot describe how grateful I am, so here's a picture accurately representing it.


PrintCoins
Hero Member
*****
Offline Offline

Activity: 533
Merit: 501


View Profile
December 05, 2011, 10:38:41 PM
 #114

Assuming a dumb user who uses a simple password (this is always a starting condition for designing any system) this means that when they pick their bad password, they will eventually lose all their money to someone who just brute forces it.

I could see just using a large random alphanumeric string for the seed for the wallet, so in essence a user could just copy their entire wallet by just copying that string.

You could have a client that when it starts up it generates the string, or asks if you already have one. At that point, bang, you have any number of addresses at your disposal. If you want to backup, all you need is the seed string for the client. If you want to move (or keep in sync) with another client, you just copy the string into it. A client could handle multiple wallets, each with their own string. Your wife and you (or a group of people in an organization) could share a joint wallet that both have the same string, but you would each also have your individual wallets.

Your wallet becomes a minuscule line of text. The only thing that might add some weight is if you use an address book.

phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
December 05, 2011, 11:42:05 PM
 #115

Assuming a dumb user who uses a simple password (this is always a starting condition for designing any system) this means that when they pick their bad password, they will eventually lose all their money to someone who just brute forces it.

This is a valid concern, even for the example passphrases given.

If the passphrase has ever been published on the Internet, it may cost a suprisingly small amount to determine if any substrings on the the Internet (of limited complexity) correspond to a public address in the block-chain when hashed. If you use a dictionary word, you have no chance: it does not take any special hardware to check.

You only need 3 things:
Now the SHA-2 function is likely expenive enough, as is the address conversion, that simple queries will likely cost more than $100. However, I would be surprised it the cost rose more than an order of magnitude larger (Read: $10,000 budget, not including coding time).

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
PrintCoins
Hero Member
*****
Offline Offline

Activity: 533
Merit: 501


View Profile
December 06, 2011, 12:19:22 AM
 #116

Assuming a dumb user who uses a simple password (this is always a starting condition for designing any system) this means that when they pick their bad password, they will eventually lose all their money to someone who just brute forces it.

This is a valid concern, even for the example passphrases given.

If the passphrase has ever been published on the Internet, it may cost a suprisingly small amount to determine if any substrings on the the Internet (of limited complexity) correspond to a public address in the block-chain when hashed. If you use a dictionary word, you have no chance: it does not take any special hardware to check.

You only need 3 things:
Now the SHA-2 function is likely expenive enough, as is the address conversion, that simple queries will likely cost more than $100. However, I would be surprised it the cost rose more than an order of magnitude larger (Read: $10,000 budget, not including coding time).


That is why the passcode itself shouldn't be something the user created, and is some very long string. Though this isn't a mental bitcoin wallet, it makes for a very easy to copy, sync, backup, and even printout and archive wallet.

Just for fun I may eventually take a common top 1000 passwords list create addresses based up them, and see if they ever pop up as being funded.

bitjet
Hero Member
*****
Offline Offline

Activity: 696
Merit: 500



View Profile
December 06, 2011, 07:16:00 AM
 #117



If the blockchain gets any bigger you might get a nose bleed!
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736
Merit: 1014

Let's talk governance, lipstick, and pigs.


View Profile
December 06, 2011, 09:45:07 AM
 #118

If the blockchain gets any bigger you might get a nose bleed!

Then your head explodes.


Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
Pages: « 1 2 3 4 5 [6]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!