Bitcoin Forum
April 19, 2018, 07:40:48 PM
 News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 Home Help Search Donate Login Register
 Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [32] 33 34 35 36 37 38 39 40 41 42
smoothie
Legendary

Offline

Activity: 2100
Merit: 1002

LEALANA Monero Physical Silver Coins

 April 28, 2014, 05:03:35 AM

How would you equate this with the dice roll method in the Wallet Detail tab of the html utility?
In principle, no difference.  But when the average person takes a deck of card and gives it a few shuffles, the deck may have some residual order.  I don't think a fair die exhibits the same potential weakness.  Physical intuition tells me that as long as the die bounces a few times before settling down, the result is essentially unpredictable.  So in this respect, cards may be the weaker choice.

Having said that, I still think that cards are quite adequate for generating entropy, as long as you know what you're doing.  Start by reading the wikipedia page on card shuffling:

http://en.wikipedia.org/wiki/Shuffling
I find this sentence particularly interesting:
"seven shuffles of a new deck leaves an 81% probability of winning New Age Solitaire where the probability is 50% with a uniform random deck"

Considering the sophistication of hackers and the computing power at their command, having any residual pattern to the arrangement of the cards poses a risk.  If cards become a commonly used technique for generating passphrases, the hackers will know about it and tailor their cracking techniques to any pattern known to result from weak shuffling.  Therefore

Good shuffling is critically important.

I don't limit my shuffling to riffles.  I also use an overhand shuffle where I hold the deck in my right hand and slide a few cards at a time off the top of the deck into my left hand.  This is a very easy shuffle.  I guess a dozen overhand shuffles alternating with a dozen riffles would do it, but considering how easy and quick it is to shuffle a deck of cards, it wouldn't hurt you to do more.

Each passphrase only uses a couple of dozen cards, so you can generate two passphrases from a shuffled deck.

Thanks. I find it interesting that in this day of the digitalization of money, we find ourselves resorting to physical means for maximum security, ie, RNGs and paper wallets.

How is a RNG a physical means for maximum security? Am I missing something?

 ███████████████████████████████████████            ,╓p@@███████@╗╖,                    ,p████████████████████N,              d█████████████████████████b          d██████████████████████████████æ      ,████²█████████████████████████████,   ,█████  ╙████████████████████╨  █████y  ██████    `████████████████`    ██████ ║██████       Ñ███████████`      ██████████████         ╩██████Ñ         ██████████████    ▐▄     ²██╩     a▌    ███████╢██████    ▐▓█▄          ▄█▓▌    ███████ ██████    ▐▓▓▓▓▌,     ▄█▓▓▓▌    ██████─           ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌                      ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌               ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─        ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩             ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀                   ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀`                              ²²²                  ███████████████████████████████████████ . ★☆ WWW.LEALANA.COM        My PGP fingerprint is A764D833.        SMOOTHIE'S HEALTH AND FITNESS JOURNAL          History of Monero development Visualization ★☆ .LEALANA  PHYSICAL MONERO COINS 999 FINE SILVER.
1524166848
Hero Member

Offline

Posts: 1524166848

Ignore
 1524166848

1524166848
 Report to moderator
1524166848
Hero Member

Offline

Posts: 1524166848

Ignore
 1524166848

1524166848
 Report to moderator
1524166848
Hero Member

Offline

Posts: 1524166848

Ignore
 1524166848

1524166848
 Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1524166848
Hero Member

Offline

Posts: 1524166848

Ignore
 1524166848

1524166848
 Report to moderator
cypherdoc
Legendary

Offline

Activity: 1764
Merit: 1000

 April 28, 2014, 06:44:06 AM

How would you equate this with the dice roll method in the Wallet Detail tab of the html utility?
ft
In principle, no difference.  But when the average person takes a deck of card and gives it a few shuffles, the deck may have some residuual order.  I don't think a fair die exhibits the same potential weakness.  Physical intuition tells me that as long as the die bounces a few times before settling down, the result is essentially unpredictable.  So in this respect, cards may be the weaker choice.

Having said that, I still think that cards are quite adequate for generating entropy, as long as you know what you're doing.  Start by reading the wikipedia page on card shuffling:

http://en.wikipedia.org/wiki/Shuffling
I find this sentence particularly interesting:
"seven shuffles of a new deck leaves an 81% probability of winning New Age Solitaire where the probability is 50% with a uniform random deck"

Considering the sophistication of hackers and the computing power at their command, having any residual pattern to the arrangement of the cards poses a risk.  If cards become a commonly used technique for generating passphrases, the hackers will know about it and tailor their cracking techniques to any pattern known to result from weak shuffling.  Therefore

Good shuffling is critically important.

I don't limit my shuffling to riffles.  I also use an overhand shuffle where I hold the deck in my right hand and slide a few cards at a time off the top of the deck into my left hand.  This is a very easy shuffle.  I guess a dozen overhand shuffles alternating with a dozen riffles would do it, but considering how easy and quick it is to shuffle a deck of cards, it wouldn't hurt you to do more.

Each passphrase only uses a couple of dozen cards, so you can generate two passphrases from a shuffled deck.

Thanks. I find it interesting that in this day of the digitalization of money, we find ourselves resorting to physical means for maximum security, ie, RNGs and paper wallets.

How is a RNG a physical means for maximum security? Am I missing something?

Normally they aren't but with the recent vulnerabilities in PRNGs seen in the android and DBRG curve and potentially in other hardware with the NSA revelations, here we have people turning to dice and card shuffling as the optimum and safest means to generate random seeds.
birr
Hero Member

Online

Activity: 708
Merit: 502

 May 01, 2014, 01:02:41 AM

It occurs to me that if one wants to go to the trouble of generating truly random strings, then you don't have to go through bitaddress.org to make your key.
Bitaddress.org uses a hash to generate a 256 bit number from your passphrase.  But if you are going to generate entropy legitimately, you can just cut straight to the chase.  Skip the hash.  Generate a 256 bit random number and use the number itself as the payload.  This 256 bits is your real private key; you just have to encode it in base58check (Wallet Import Format) to make a key you can use.  There's a fairly simple process to do that, involving a couple of hashes to generate the checksum (this is built into Bitaddress.org, but you are skipping the passphrase hashing step so you have to do the encoding yourself).
Any linux distro ought to be able to do the hashes.
cypherdoc
Legendary

Offline

Activity: 1764
Merit: 1000

 May 01, 2014, 01:08:21 AM

It occurs to me that if one wants to go to the trouble of generating truly random strings, then you don't have to go through bitaddress.org to make your key.
Bitaddress.org uses a hash to generate a 256 bit number from your passphrase.  But if you are going to generate entropy legitimately, you can just cut straight to the chase.  Skip the hash.  Generate a 256 bit random number and use the number itself as the payload.  This 256 bits is your real private key; you just have to encode it in base58check (Wallet Import Format) to make a key you can use.  There's a fairly simple process to do that, involving a couple of hashes to generate the checksum (this is built into Bitaddress.org, but you are skipping the passphrase hashing step so you have to do the encoding yourself).
Any linux distro ought to be able to do the hashes.

did you mean "Skip the passphrase"?
birr
Hero Member

Online

Activity: 708
Merit: 502

 May 01, 2014, 01:32:11 AM

Yes.
By generating a random 256 bit number you are skipping the first step of making a passphrase, and the second step of hashing the passphrase to get a 256 bit number.
I just generated a 256 bit number by going to random.org and telling it to generate a random number in the range of 0 to 65535.  That's 65536 possibilities, which is 16^4 or four hex characters.  So if you do this 16 times, you can get 64 hex characters, which is a private key.  Random.org generates decimal numbers, so you convert 16 numbers from random.org into hex and you get sixteen four-digit hex numbers that you can concatenate for the private key.  Then you can encode it into base58check.  Brainwallet.org will do that for you, but for the paranoid, it can be done at the linux command line.
cypherdoc
Legendary

Offline

Activity: 1764
Merit: 1000

 May 01, 2014, 01:54:54 AM

Yes.
By generating a random 256 bit number you are skipping the first step of making a passphrase, and the second step of hashing the passphrase to get a 256 bit number.
I just generated a 256 bit number by going to random.org and telling it to generate a random number in the range of 0 to 65535.  That's 65536 possibilities, which is 16^4 or four hex characters.  So if you do this 16 times, you can get 64 hex characters, which is a private key.  Random.org generates decimal numbers, so you convert 16 numbers from random.org into hex and you get sixteen four-digit hex numbers that you can concatenate for the private key.  Then you can encode it into base58check.  Brainwallet.org will do that for you, but for the paranoid, it can be done at the linux command line.

why isn't the 99 dice roll method better than this?
birr
Hero Member

Online

Activity: 708
Merit: 502

 May 01, 2014, 02:07:38 AM

Yes.
By generating a random 256 bit number you are skipping the first step of making a passphrase, and the second step of hashing the passphrase to get a 256 bit number.
I just generated a 256 bit number by going to random.org and telling it to generate a random number in the range of 0 to 65535.  That's 65536 possibilities, which is 16^4 or four hex characters.  So if you do this 16 times, you can get 64 hex characters, which is a private key.  Random.org generates decimal numbers, so you convert 16 numbers from random.org into hex and you get sixteen four-digit hex numbers that you can concatenate for the private key.  Then you can encode it into base58check.  Brainwallet.org will do that for you, but for the paranoid, it can be done at the linux command line.

why isn't the 99 dice roll method better than this?
I didn't know bitaddress.org had a place where you could input a raw number as a key, and have it do the WIF conversion for you.
Whether you use random.org, dice or cards, it's the same thing.  You generate a 256 bit number (randomly).  That's your key.
Actually, 6^99 = 2^255.9112876 so it's not ezackly 256 bits.
cypherdoc
Legendary

Offline

Activity: 1764
Merit: 1000

 May 01, 2014, 02:12:07 AM

Yes.
By generating a random 256 bit number you are skipping the first step of making a passphrase, and the second step of hashing the passphrase to get a 256 bit number.
I just generated a 256 bit number by going to random.org and telling it to generate a random number in the range of 0 to 65535.  That's 65536 possibilities, which is 16^4 or four hex characters.  So if you do this 16 times, you can get 64 hex characters, which is a private key.  Random.org generates decimal numbers, so you convert 16 numbers from random.org into hex and you get sixteen four-digit hex numbers that you can concatenate for the private key.  Then you can encode it into base58check.  Brainwallet.org will do that for you, but for the paranoid, it can be done at the linux command line.

why isn't the 99 dice roll method better than this?
I didn't know bitaddress.org had a place where you could input a raw number as a key, and have it do the WIF conversion for you.
Whether you use random.org, dice or cards, it's the same thing.  You generate a 256 bit number (randomly).  That's your key.
Actually, 6^99 = 2^255.9112876 so it's not ezackly 256 bits.

Yep, not ezackly

But I think it's better because it's a physical method not susceptible to a website compromise.
cypherdoc
Legendary

Offline

Activity: 1764
Merit: 1000

 May 01, 2014, 02:34:18 AM

For instance, why do these 2 urls go to the same apparent website?

https://www.random.org/
http://www.random.org/
birr
Hero Member

Online

Activity: 708
Merit: 502

 May 03, 2014, 05:57:45 PM

For instance, why do these 2 urls go to the same apparent website?

https://www.random.org/
http://www.random.org/
Touche'
Looks like both url's go to www.random.org, the difference is whether you use SSL, am I right about that?

Depending on what you want to use it for, you might want to make sure you get the one that uses SSL.
cypherdoc
Legendary

Offline

Activity: 1764
Merit: 1000

 May 03, 2014, 06:05:24 PM

For instance, why do these 2 urls go to the same apparent website?

https://www.random.org/
http://www.random.org/
Touche'
Looks like both url's go to www.random.org, the difference is whether you use SSL, am I right about that?

Depending on what you want to use it for, you might want to make sure you get the one that uses SSL.

yes, https is an encrypted tunnel that should be your default whenever possible.

you don't want the NSA accusing you of generating Bitcoin keys now do you?

plus, i wonder if http://www.random.org/ a monitored site?
birr
Hero Member

Online

Activity: 708
Merit: 502

 May 03, 2014, 06:19:36 PM

you don't want the NSA accusing you of generating Bitcoin keys now do you?

plus, i wonder if http://www.random.org/ a monitored site?
You are so harshing my mellow!
Time to get a VPN?  Or use a live USB with tails, which goes through tor.  But the tor exit node might just be run by the NSA.
bruter
Newbie

Offline

Activity: 14
Merit: 0

 May 16, 2014, 08:07:15 AM

pointbiz

SHA1 is compromised and it is possible to make file with the same SHA1 hash like published here in the first page.

Can you change verification algorithm with some more secure, please?
Newar
Legendary

Offline

Activity: 1316
Merit: 1000

https://gliph.me/hUF

 June 02, 2014, 11:03:56 AM

Would it be possible (make sense) to let us use our own generated private keys for the split wallet? I.e. a box on that tab to paste a private key?

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
silversurfer1958
Full Member

Offline

Activity: 233
Merit: 100

 June 13, 2014, 12:46:58 PM

I understand that Devs don't like Brainwallets because they know people are going to resort to the same sort of easy to remember  passwords that they already use.
What's needed is a way of hardening private keys generated by Brainwallets from attack from Rainbow table generation.

I understand that the way brainwallets are created now is   Sha256(Pswd)

Wouldn't a simple way to slow down the creation of rainbow tables be to use Sha256(Bcrypt(Pswd))

spiccioli
Legendary

Offline

Activity: 1376
Merit: 1000

nec sine labore

 July 03, 2014, 06:49:47 AM

Hi,

I'm trying to create a BIP38 password protected paper wallet on windows XP 32bit using firefox 30 but it never completes the task, opening the web console I see an out of memory exception a few seconds after it starts making them.

See attached image.

http://imgur.com/BNjhW2r

Normal paper wallets are created without problems.

Best regards.

spiccioli
Legendary

Offline

Activity: 960
Merit: 1000

WWW.HOMETOWNARMS.COM

 July 21, 2014, 11:05:10 AM

Is there a way to take this website offline and put it on a thumb drive or a external hard drive. Maybe even a smart phone?

maxmint
Hero Member

Offline

Activity: 700
Merit: 500

 July 21, 2014, 11:06:04 AM

Is there a way to take this website offline and put it on a thumb drive or a external hard drive. Maybe even a smart phone?

My PGP-Key: 462D02D8
Verify my messages using keybase: https://keybase.io/maxmint
ljpravnik
Newbie

Offline

Activity: 1
Merit: 0

 July 26, 2014, 10:19:23 PM

Would it be possible (make sense) to let us use our own generated private keys for the split wallet? I.e. a box on that tab to paste a private key?

Of course it makes sense. I was so annoyed because of this feature missing that I decided to start learning javascript. Because I am not a programmer it took me one whole day to figure it out.

Under "splitKey: function" replace the line:
var key = new Bitcoin.ECKey(false)

with this line:
var mykey = document.getElementById("combineinput").value.replace(/^\s+|\s+\$/g, "").toString();
if ("combineinput" == "") {var key = new Bitcoin.ECKey(false)} else {var key = new Bitcoin.ECKey(mykey)};

Now you can enter your private key into the box under "Enter Available Shares (whitespace separated)" and press the generate button. If you leave the box empty it will generate (and split) new private key.

1CqhMG8fFrtrRJ6kAzJaiaRX7f4KS4EofM
Newar
Legendary

Offline

Activity: 1316
Merit: 1000

https://gliph.me/hUF

 July 28, 2014, 02:36:18 AM

Would it be possible (make sense) to let us use our own generated private keys for the split wallet? I.e. a box on that tab to paste a private key?

Of course it makes sense. I was so annoyed because of this feature missing that I decided to start learning javascript. Because I am not a programmer it took me one whole day to figure it out.

Under "splitKey: function" replace the line:
var key = new Bitcoin.ECKey(false)

with this line:
var mykey = document.getElementById("combineinput").value.replace(/^\s+|\s+\$/g, "").toString();
if ("combineinput" == "") {var key = new Bitcoin.ECKey(false)} else {var key = new Bitcoin.ECKey(mykey)};

Now you can enter your private key into the box under "Enter Available Shares (whitespace separated)" and press the generate button. If you leave the box empty it will generate (and split) new private key.

Excellent effort! I will give it a go.

Did you submit a pull request?

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
 Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [32] 33 34 35 36 37 38 39 40 41 42