casascius
Mike Caldwell
VIP
Legendary
 Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
 |
October 03, 2011, 04:00:31 AM |
|
5 BTC donation sent as promised...thanks! I now use your paper wallets.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 03, 2011, 11:41:30 AM |
|
5 BTC donation sent as promised...thanks! I now use your paper wallets.
Thanks!! |
|
|
|
|
BkkCoins
|
|
October 05, 2011, 02:16:25 PM |
|
I see that now MtGox has a new feature allowing importing a private key into your MtGox wallet.
Sounds like this should work really nicely with bitaddress paper wallets for new users to get going without needing a client/blockchain or anything more than just printing a paper wallet. Nice!
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 06, 2011, 02:14:54 AM |
|
I see that now MtGox has a new feature allowing importing a private key into your MtGox wallet.
Sounds like this should work really nicely with bitaddress paper wallets for new users to get going without needing a client/blockchain or anything more than just printing a paper wallet. Nice!
Screenshot:  |
|
|
|
|
BkkCoins
|
|
October 06, 2011, 02:24:50 AM |
|
I have an idea for you that was prompted by the thread about printing plastic cards with QR codes on them to use in offline exchanges or promoting Bitcoin.
I think it would be pretty easy to create a tab on your site that would take the QR codes, text and some background image supplied and lay them out in a card format for saving/printing.
It would just take an SVG object element that refers to the QR codes and text with <image /> and <text /> tags. I think I could work that out and give you some sample HTML/JS code if you would be interested. I have worked with SVG before and it works quite well in browsers, though how it could be embedded with JS I'm not 100% sure.
My thought was to right click and save the SVG graphic to print out as a 4"x6" photo since this would allow nice colour graphics and design work to shine. With a background image embed option some really nice card designs could be created that allowed embedding the QR codes right on your page. I could see a user contributed library as possible. (The private key would be a separate element so that it can be printed separately).
Another idea I had was to incorporate Shamir Secret sharing to break the private key into several QR codes for printing. You would need several QR codes to re-combine a usable private key. This might be on a "Multi-Key" tab perhaps.
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 06, 2011, 03:47:35 AM
Last edit: October 06, 2011, 01:21:37 PM by pointbiz |
|
I have an idea for you that was prompted by the thread about printing plastic cards with QR codes on them to use in offline exchanges or promoting Bitcoin.
I think it would be pretty easy to create a tab on your site that would take the QR codes, text and some background image supplied and lay them out in a card format for saving/printing.
It would just take an SVG object element that refers to the QR codes and text with <image /> and <text /> tags. I think I could work that out and give you some sample HTML/JS code if you would be interested. I have worked with SVG before and it works quite well in browsers, though how it could be embedded with JS I'm not 100% sure.
My thought was to right click and save the SVG graphic to print out as a 4"x6" photo since this would allow nice colour graphics and design work to shine. With a background image embed option some really nice card designs could be created that allowed embedding the QR codes right on your page. I could see a user contributed library as possible. (The private key would be a separate element so that it can be printed separately).
Another idea I had was to incorporate Shamir Secret sharing to break the private key into several QR codes for printing. You would need several QR codes to re-combine a usable private key. This might be on a "Multi-Key" tab perhaps.
Ahhh.... Brain food. I'll think about that. I'm still thinking about the private key redeem at MtGox and how awesome that is. I can't even imagine all the possibilities  I find that Private Key formats can be a source of confusion. I found this article on the wiki: https://en.bitcoin.it/wiki/Private_keyIt does not describe the "Standard Private Key" that MtGox defines as: Standard Private Key: The private key must be 32 bytes encoded in base58 Also, MtGox has a secondary private key format labelled "SHA-256 Private Key (E.g. Casascius Coins)" which appears to be the option if you want to redeem a private key in hex format (Mtgox accepted the 64 character 0-9 A-F sequence... I'm waiting to see if the deposit of BTC works). Also, Casascius Coins use a the mini-private key format. So to use this option with a mini-private key you have to first SHA256(MiniPrivateKey). This is making me think I should create a tab to convert between different private key formats. I like just showing one private key format on bitaddress to keep things simple otherwise people might think they need both private keys and not realize the two private keys are equivalent and just being shown in a different format. Although, I'd rather contact MtGox and have them add the Sipa Wallet Import Format (WIF), I had to do some manual JavaScript work to convert from WIF to HEX to redeem at MtGox. |
|
|
|
|
nmat
|
|
October 06, 2011, 03:59:49 AM |
|
This is making me think I should create a tab to convert between different private key formats. I like just showing one private key format on bitaddress to keep things simple otherwise people might think they need both private keys and not realize the two private keys are equivalent and just being shown in a different format. Although, I'd rather contact MtGox and have them add the Sipa Wallet Import Format (WIF), I had to do some manual JavaScript work to convert from WIF to HEX to redeem at MtGox.
Couldn't you just make a few checkboxes or something? |
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
October 06, 2011, 04:04:46 AM |
|
Also, MtGox has a secondary private key format labelled "SHA-256 Private Key (E.g. Casascius Coins)" which appears to be the option if you want to redeem a private key in hex format (Mtgox accepted the 64 character 0-9 A-F sequence... I'm waiting to see if the deposit of BTC works). Also, Casascius Coins use a the mini-private key format. So to use this option with a mini-private key you have to first SHA256(MiniPrivateKey).
MtGox takes the 22-character mini string directly. No conversion is needed. If you give it hex, it probably took the sha256 of the hex you entered, resulting in no funds. |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
BkkCoins
|
|
October 06, 2011, 04:06:11 AM |
|
I kind of like the mini-key format but I think the base58 is more universal. I've snapped QR codes on my notebook webcam and they converted back to text fine (using Ubuntu zbarimg tool).
I think a drop-down with key format choices would be a nice way but every option does add confusion for newbies... If the base58 key works with MtGox then I'd think that is best when no options.
|
|
|
|
|
BkkCoins
|
|
October 06, 2011, 04:08:01 AM |
|
Also, MtGox has a secondary private key format labelled "SHA-256 Private Key (E.g. Casascius Coins)" which appears to be the option if you want to redeem a private key in hex format (Mtgox accepted the 64 character 0-9 A-F sequence... I'm waiting to see if the deposit of BTC works). Also, Casascius Coins use a the mini-private key format. So to use this option with a mini-private key you have to first SHA256(MiniPrivateKey).
MtGox takes the 22-character mini string directly. No conversion is needed. If you give it hex, it probably took the sha256 of the hex you entered, resulting in no funds. Maybe that's why someone was complaining their btc hadn't arrived after 8 confirms. MtGox should probably call it "Mini-Key format" as that makes more sense since it's so short. |
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 06, 2011, 01:14:57 PM |
|
"SHA-256 Private Key (E.g. Casascius Coins)"
So, I was NOT successful in depositing a HEX private key using that option at MtGox.
They have removed that option, now there are two options that say "Standard Private Key" and it now says it can take up to 2 hours to deposit and before it said 24 hours.
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
October 06, 2011, 07:54:46 PM |
|
Would you put the page you serve into a repo (e.g., GitHub) so that a specific revision can get a closer security review and then each change can be easily identified and scrutinized individually?
This will help assure that the html/js being served has been reviewed.
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
October 06, 2011, 07:58:09 PM |
|
It would be helpful if MtGox autodetected the key type based on the length. I'm sure they will at some point, I assume they're monitoring this thread. It is pretty easy...
Wallet Import Format... 51 base58 characters, always starts with '5'
Hex... 64 characters [0-9A-F]...
Casascius Coins... 22 base58 characters, always starts with 'S'...
The javascript in the page could be the agent that converts all these forms to a single format accepted by MtGox's API call...
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 08, 2011, 01:21:47 PM |
|
Would you put the page you serve into a repo (e.g., GitHub) so that a specific revision can get a closer security review and then each change can be easily identified and scrutinized individually?
This will help assure that the html/js being served has been reviewed.
I'll think about it. More scrutiny is definitely a good thing. |
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
|
|
October 08, 2011, 01:58:09 PM |
|
It would be helpful if MtGox autodetected the key type based on the length. I'm sure they will at some point, I assume they're monitoring this thread. It is pretty easy...
Wallet Import Format... 51 base58 characters, always starts with '5'
Hex... 64 characters [0-9A-F]...
Casascius Coins... 22 base58 characters, always starts with 'S'...
The javascript in the page could be the agent that converts all these forms to a single format accepted by MtGox's API call...
The Mt. Gox site now autodetects the private key format. It is working for hex keys and mini private keys but there currently is a bug in the WIF conversion. See: https://bitcointalk.org/index.php?topic=46908.msg561163#msg561163https://bitcointalk.org/index.php?topic=46908.msg561803#msg561803 |
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
phathash
Member
Offline
Activity: 75
Merit: 10
|
|
October 10, 2011, 09:28:46 AM |
|
Is there any known reason why this does not work in mobile safari? The gen key function seems to be called and the CPU seems to be chugging along for 4-5s but nothing is displayed past "move your mouse". I tried to step through the js execution and think the script halted at one one of underlying crypto functions.
|
|
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 10, 2011, 11:58:16 AM |
|
Is there any known reason why this does not work in mobile safari? The gen key function seems to be called and the CPU seems to be chugging along for 4-5s but nothing is displayed past "move your mouse". I tried to step through the js execution and think the script halted at one one of underlying crypto functions.
Mobile Safari has relatively slow JavaScript performance and a timeout occurs while trying to do the math to generate an address. It does not work for me on my iPhone3G but it does work for Casascius on his iPhone4. |
|
|
|
pointbiz (OP)
Sr. Member
Offline
Activity: 437
Merit: 415
1ninja
|
|
October 11, 2011, 01:41:01 AM |
|
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
October 11, 2011, 02:03:30 AM |
|
I don't think there exists such thing as a "standard format" in base58 that's < 51 characters. The standard base58 format is the sipa wallet import format. I also wouldn't offer it in base64 unless something else uses it prominently (e.g. OpenSSL, but OpenSSL uses hex). These unused formats will just serve to confuse people. Also, hexadecimal is misspelled on the actual website. |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
BkkCoins
|
|
October 11, 2011, 02:35:19 AM |
|
Cool. Another way to convert. I don't have a "mini-key" to test but if you put that in will it also give you the other formats? |
|
|
|
|
