At first glance, this could sound like a great way to store your money: pick an easy-to-remember, passphrase-like private key and you're done. Better yet, come up with an algorithm for hashing any ASCII string as a [1234567890abcdef]{64} string and you can literally store your money in your mind.
The problem with this approach is that your private key wouldn't be so random anymore, which reduces dangerously the number of possibilities, bringing it down to a brute-forceable set.
Taking it the other way round: if people start to generate addresses based on easy-to-remember private keys, then a group of people can start to pre-calculate the most obvious ones (the amount will depend on my computing power and how much time I spend doing it), check their balance regularly and take their coins.
This is only an impression, though – I didn't do any maths and might be totally wrong (which would be nice!). It would be interesting to check this assertion with actual numbers.
In this guide there are no passphrases, just 64 hex characters randomly chosen by the user
To use passphrases you can use
this, but the passphrase isn't enough to retrieve the coins. The program also prints a 10-digits number which is like an additional key, but much more practical because you can store it anywhere (mobile, postit) without being noticed as a 10-digits number is rather common
You can also use the
sha256 of one of your file to get a priv key
Jackjack,
WOuld you be willing to update pywallet to support the import of the 22-character private keys I will be using on my physical bitcoins? I would like to encourage this (or a similar format) for other applications... 22 characters fits well on a small QR code without being ridiculously dense, yet still provides a decent amount of entropy (around 128 bits).
My codes are 22 characters, and the private key is simply the sha256 of the 22 characters as a string, with the following constraints:
1. the first character is always 'S'
2. all the characters come from the base58 alphabet
3. as a guard against typos, all my codes conform to the following rule: the sha256 of (string + "?") will be a hash that begins with eight zero bits (so, first byte is 00 hex). That is, the string with a question mark appended, so 23 characters.
4. they are printed in the coins in four groups - five,six,six,five characters so they fit on a circle. There are no separators or spaces between the groups for the purpose of the hash calculation, but the user might enter them anyway. Respond gracefully.
Why don't you use the privatekey format used by sipa's fork/vanitygen/pywallet/bitbills/etc which is a
de facto standard?