Bitcoin Forum
December 11, 2019, 04:49:56 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Bitcoin Visual private key generator  (Read 630 times)
MrFreeDragon
Full Member
***
Offline Offline

Activity: 126
Merit: 105


View Profile
September 25, 2019, 06:09:21 AM
Last edit: October 13, 2019, 02:45:36 AM by MrFreeDragon
Merited by LoyceV (8), ETFbitcoin (5), suchmoon (4), vapourminer (3), Royse777 (3), pooya87 (2), serjent05 (2), Ucy (2), Halab (2), mocacinno (1), A-Bolt (1), Saint-loup (1), Baofeng (1), zenrol28 (1), bitmover (1), fillippone (1)
 #1

This is the visual bitcoin private key generator.

The square 16x16 (=256) is used for generation purposes, where each cell represents one bit. The idea is that the filled cell represents "1" bit in the key, and not filled cell represents "0" bit in the key. Such presentation allows creating visual keys which could be easily memorized by human, but hardly understood by machines. You can draw pictures, logos, figures, favorite symbols and so on. You can also make your own patterns and designs and use them as your key. The benefit from such presentation is that you can "store" this key in your memory, just remembering the way you made the drawings.

There is also the option to generate the key in coin mode. It is known that the most secure way to generate bitcoin key is to flip a coin 256 times, and write down each outcome as 1 or 0 depending on the coin side. Visual private key generator can assist you in doing it. Just start flipping the coin and filling the cells line by line from 1x1 to 16x16 and after 256 outcomes you will have a nonsense "picture" represented your unique private key. You can be sure that nobody in the world have ever generated the same key or would generate in the future. The probability of such collision is so small that it is really equal to 0 for all of us and many other future generations.

All the private keys are generated on client side, in the browser. The site does not copy or store the generated information. But for better securitty it is recommended to download the whole site and generate the key offline.


Visual private key generator: https://btckeygen.com

Video instruction (private key generation by flipping a coin 256 times): https://youtu.be/WyBdYhwweaE
Educational visual pattern keys: https://youtu.be/0Ug4YBEyRFQ

Project structure:

Code:
1) index.html               ---> main  HTML file with the objects and references to scripts and styles
2) css/visualPrivKey.css    ---> Styles sheet
3) js/visualPrivKeyMain.js  ---> Main script with canvas calculations and object functions
4) js/bitcoinJS-lib.js      ---> BitcoinJS-lib v0.1.3-default (ECDSA formulas)
5) js/QRcode.js             ---> QR Code Generator for JavaScript

GitHub repository: https://github.com/MrFreeDragon/VisualBTC

Some screenshot examples of the keys and their visualization from the project:

1) Pattern 1 and the corresponding key + address (compressed):


2) Pattern 2 (heart) and its key + address (uncompressed):


3) Visualization of custom HEX key (the key was taken from the public internet, and it corresponds to the uncompressed BTC address with the transactions):


WARNING: The pattern/logo/figure used in bitcoin key generation could be vulnerable, so use these keys only for educational purposes, for fun or for small gifts to others. For real money storage employ a physical coin to fill every bit of your key flipping it 256 times.
1576082996
Hero Member
*
Offline Offline

Posts: 1576082996

View Profile Personal Message (Offline)

Ignore
1576082996
Reply with quote  #2

1576082996
Report to moderator
1576082996
Hero Member
*
Offline Offline

Posts: 1576082996

View Profile Personal Message (Offline)

Ignore
1576082996
Reply with quote  #2

1576082996
Report to moderator
Best ratesfor crypto
EXCHANGE
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1576082996
Hero Member
*
Offline Offline

Posts: 1576082996

View Profile Personal Message (Offline)

Ignore
1576082996
Reply with quote  #2

1576082996
Report to moderator
Royse777
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1081


Exchange Bitcoin quickly-https://blockchain.com.do


View Profile WWW
September 25, 2019, 11:07:06 AM
 #2

Is this a tool you developed or you have just posted for the site? Just curious to know about the author. It seems a very good job.

.Have Your Ad Here!.
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
  
MrFreeDragon
Full Member
***
Offline Offline

Activity: 126
Merit: 105


View Profile
September 25, 2019, 11:22:05 AM
 #3

Is this a tool you developed or you have just posted for the site? Just curious to know about the author. It seems a very good job.

Thank you. Yes, it was developed by me.
Royse777
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1081


Exchange Bitcoin quickly-https://blockchain.com.do


View Profile WWW
September 25, 2019, 11:28:53 AM
 #4

Awesome work. Sent you 3 sMerits and I think this is a wrong board for the discussion about your project. I suggest you to move the topic top the Project Development section. You will find other experts to share your knowledge to improvise the project.

Do you know how to move a topic? Feel free to ask if you need any assistance.

.Have Your Ad Here!.
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
  
MrFreeDragon
Full Member
***
Offline Offline

Activity: 126
Merit: 105


View Profile
September 25, 2019, 01:05:51 PM
 #5

Awesome work. Sent you 3 sMerits and I think this is a wrong board for the discussion about your project. I suggest you to move the topic top the Project Development section. You will find other experts to share your knowledge to improvise the project.

Do you know how to move a topic? Feel free to ask if you need any assistance.

Yes, you are right about the board topic. Done.
bitmover
Hero Member
*****
Offline Offline

Activity: 686
Merit: 1156



View Profile
September 25, 2019, 05:20:18 PM
Merited by MrFreeDragon (1)
 #6

Nice job OP.

I believe your private key generator is fantastic for educational purposes, however I certainly would not recommend anyone using the generated keys to store bitcoin, for security reasons of course. Anyway, it is very interesting

Your website reminded me of an interesting video (https://www.youtube.com/watch?v=ieHoQ4sGuEY), which is inspired in a idea that Antonopoulos had in his book mastering bitcoin. He suggests that we can create private keys just by flipping a coin 256 times, and taking note 0 or 1.
And that guy made a video doing that. Very boring lol

Another very visual private key generation method.

Congrats on your project.

mocacinno
Legendary
*
Offline Offline

Activity: 1792
Merit: 1853


https://unblur.ninja =>lightning network testsite


View Profile WWW
September 25, 2019, 05:30:14 PM
Merited by LoyceV (1), hatshepsut93 (1)
 #7

You use Javascript's math.random function for generating random keys.... Please, don't do this... I'm not a JavaScript Dev, but I'm pretty sure that's not cryptographic secure...



https://www.google.com/search?q=javascript+math.random+vulnerability

MrFreeDragon
Full Member
***
Offline Offline

Activity: 126
Merit: 105


View Profile
September 25, 2019, 06:06:20 PM
Merited by LoyceV (4), o_e_l_e_o (2), vapourminer (1)
 #8

You use Javascript's math.random function for generating random keys.... Please, don't do this... I'm not a JavaScript Dev, but I'm pretty sure that's not cryptographic secure...

https://www.google.com/search?q=javascript+math.random+vulnerability

Thank you for the comment. You probably right that the math.random is not secure. However actually my project doesn not need this function.

The idea is to create the private key manually, putting each bit to the cell of square 16x16 (256 bit in total). The most secure way is to flip a coin 256 times and fill every cell to receive the final 256 digit bin number. This 256bit number is immediately converted to the public key and bitcoin address with corresponding QR codes and WIF for private key.

math.random is used once to randomly fill all the 256 cells; it is also used in coin mode (0 or 1 for every cell). But of course I do not recommend to generate private keys with this random way (random function of the project). It was added just for educational purposes, or for more convinence making the starting point for key creation.

So the recommended ways to generate the key are:

1) Flip the coin 256 times and write down each outcome by filling the cell of the 16x16 square;
2) Use random, but with later manual intervention: received the filled square of the bits, manually change any cell you like to the opposite value, and do it manual changing as many times as you want.
3) Manually fill all the cells randomly chaning the cell and clicking the mouse to fill/unfill the cell.
4) Use visual patterns (visual in the context of bits presentation in the form of 16x16 square). This way could be done also for gift pusposes: for example draw a heart, generate the key with the address using this pattern, transfer some BTC to this address and present such key to the person you like.
Theb
Sr. Member
****
Offline Offline

Activity: 1134
Merit: 460



View Profile
September 25, 2019, 08:54:07 PM
 #9

I'm with bitmover on this one, I'll rather suggest this site for education purposes only but I wouldn't recommend anyone using it to create their private keys. 256 outcomes for a hacker is like an hour or two of his life before he can crack an operating wallet which the outcomes for the private keys will come directly from your website. I would rather prefer the private keys being generated by the wallet itself because I know that I'm the only one who have seen or now the combination of my own private key.

      ▄ ▄█▄ ▄█ ▄
     ▄▐██▀▀▀▀▀▀
      ▀▄▄████▄ █▄
   ▄ ██▄█▀▀   ▀▀ ▀
  ▄██▄██▄ ▀██▄▀ ▀█▄
 ▀███████▄▄▄▄▄█▄▄▄██
▐███████████▀▀  ▀█▀ █
█▀███████████  ▄▄█▄ ██
 ▐█████████████▀   ███
  ████▀██████████▄███
  ▐█▀  ████████████ ▀
   ▀  ▐███████████
     ▄██████▀▀ █▀
.
JACKMATE'S
MAJESTIC

  ███████████████████
 ███████████████████
███████████████████
         █████████
        █████████
       █████████
      █████████
     █████████
    █████████
   █████████
  █████████
 █████████
████████
██
██
██
██
██
██
██
██
██
██
██
████████
██████████████████████████████████████████████████████████████████████████████████████████████     ███
.
WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY
.
███     ██████████████████████████████████████████████████████████████████████████████████████████████
████████
██
██
██
██
██
██
██
██
██
██
██
████████
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
.
JOIN US - IT'S FREE!
██████
██
██
██
██
██
██
██
██
██
██
██
██████
MrFreeDragon
Full Member
***
Offline Offline

Activity: 126
Merit: 105


View Profile
September 25, 2019, 10:21:09 PM
Merited by LoyceV (2)
 #10

256 outcomes for a hacker is like an hour or two of his life before he can crack an operating wallet which the outcomes for the private keys will come directly from your website.

It is not.

Nobody could crack 256 independent outcomes generated by a physical coin fliped offline. It is 2^256 possible combinations - you can not imagine how much is it! It is the most secure way for paper wallet creation, as it does not use any computer random algorithms.

This way is suitable for long term BTC storage. Because as soon as you decide to make spendings from such paper wallet there are 2 events that decrease the security: you should import the key to your favourite wallet ([1] the key become open for the wallet software),  and [2] while making the transaction you make the public key open to blockchain
bitmover
Hero Member
*****
Offline Offline

Activity: 686
Merit: 1156



View Profile
September 25, 2019, 10:39:14 PM
 #11

Nobody could crack 256 independent outcomes generated by a physical coin fliped offline. It is 2^256 possible combinations - you can not imagine how much is it! It is the most secure way for paper wallet creation, as it does not use any computer random algorithms.

2^256 is the security of the bitcoin network, all keys are generated within that range.

Your way may not be most the most secure I think.
You still need a computer to convert private key in HEX to other formats and to a public address as well (a computer is needed in those operations).

MrFreeDragon
Full Member
***
Offline Offline

Activity: 126
Merit: 105


View Profile
September 25, 2019, 11:46:52 PM
 #12

Nobody could crack 256 independent outcomes generated by a physical coin fliped offline. It is 2^256 possible combinations - you can not imagine how much is it! It is the most secure way for paper wallet creation, as it does not use any computer random algorithms.

2^256 is the security of the bitcoin network, all keys are generated within that range.

Your way may not be most the most secure I think.
You still need a computer to convert private key in HEX to other formats and to a public address as well (a computer is needed in those operations).

Yes, every private key is within the range 2^256. So, the security - is to generate this number very very random, without any computer dependencies. I suggest to flip the coin in order to receive a number within the range - actually this number is all you need for your BTC.

All the subsequent operations to convert the private key to bitcoin address could be performed ONLY in one possible way, so you receive ONLY one specific bitcoin address from the certain private key. And you do not need any random operations or random entropy to perform these transformations. Yes, these calcualtions are made by my project (by computer), and nothing secret in these operations because such calculations could be performed ONLY in one possible way. Take any number X withing the range 1 - 2^256, and there is ONLY one corresponding BTC address to this X; so it does not matter who and how performs the transormations.

P.S. Ok, BTC is developing and actually there are 4 known different bitcoin addresses to the number X: (1) Legacy uncompressed; (2) Legacy compressed; (3) Segwit legacy; (4) Segwit bech32; Legacy 1 and 2 start with "1"i in the beginning, Segwit legacy starts with "3" and Segwit bech32 starts with "bc1". But these different formats is not topic here (my project works with legacy addresses - compressed and uncompressed). If you need legacy commpressed address, where is ONLY ONE way to convert the number X to it, and there is nothing unsecure in this convertation.
The most vulnerable point in bitcoin address creation is the number generation, i.e. selection of 256 bits (digits 1 or 0), and of course the private key storage (but key storage is offtopic here as well).
pooya87
Legendary
*
Offline Offline

Activity: 1848
Merit: 2110


Remember tonight for it's the beginning of forever


View Profile
September 26, 2019, 04:31:19 AM
 #13

1) Flip the coin 256 times and write down each outcome by filling the cell of the 16x16 square;
2) Use random, but with later manual intervention: received the filled square of the bits, manually change any cell you like to the opposite value, and do it manual changing as many times as you want.
3) Manually fill all the cells randomly chaning the cell and clicking the mouse to fill/unfill the cell.
4) Use visual patterns (visual in the context of bits presentation in the form of 16x16 square). This way could be done also for gift pusposes: for example draw a heart, generate the key with the address using this pattern, transfer some BTC to this address and present such key to the person you like.

it is interesting to "visualize" a private key in binary and also if you use the first method (coin flip) to create it but it is not a good idea to use it in any other way such as manual selecting the squares, using random button,... if the key is to be used for funds.

you also should add the warning to your site explaining the insecurity of the random function used, and warn about manual selection since people are never a good entropy source.

additionally i see a zip file link at the bottom. is your project open source? if it is, sharing it on GitHub and linking it there is a better idea.

mocacinno
Legendary
*
Offline Offline

Activity: 1792
Merit: 1853


https://unblur.ninja =>lightning network testsite


View Profile WWW
September 26, 2019, 05:56:20 AM
Merited by suchmoon (4), LoyceV (4), MrFreeDragon (2)
 #14

Sorry, i'm a bit late with my reply about math.random(). I'm a big fan of your site, but i'd like to see a warning banner: "for educational purposes only" on the very top.

The "problem" when people would use this site to create an "actual" private key goes further than the cryptographic insecure javascript function... Your site is (more or less) a new brainwallet.
Sure, a completely random pattern is impossible to bruteforce... A random pattern created with math.random is *allmost* impossible to bruteforce (actually, i believe it's still impossible, even with the weak math.random function, but still...). BUT, a brain is a terrible source of entropy (i don't know who first came up with this quote, but i really like it).

This basically means that IF your site becomes popular, and a million people use it to "draw" their private keys, i can pretty much guarantee that if I would generate a dictionary of the one million most popular images and shapes, convert it into 16x16 pixels, convert it to a private key => public key => address and check the address for unspent outputs, i'd find several dozen of funded addresses i'd be able to rob.

Don't get me wrong, you wrote a nice learning tool, it's fun to see and it can teach people about the basics of key and address generation... However, i would NOT recommand to "draw" a drawing you can easily remember, and fund the address that was actually generated as a result of this drawing, nor would i use the random function due to the cryptographic weakness.

Conclusion: nice tool, nice for learning, nice for visualising a pregenerated private key on an offline machine, nice for playing, not ideal for actual production key generation

Royse777
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1081


Exchange Bitcoin quickly-https://blockchain.com.do


View Profile WWW
September 26, 2019, 09:47:12 AM
 #15

~snip~
Yes, you are right about the board topic. Done.
Glad to see you moved it here and getting right kind of discussions. Again very good work however it's very much clear to me that there is a message needed in the website that users are advised not to use the addresses generated in the site to hold BTC. It's okay for educational purpose.

When it comes to visualization and it has boundary limitation then human mind are limited and ends up with very common images. For example: heart, 0, 7. And it's very possible to find the keys if two person visualize the same pattern.

I am 100% with the following quote:
This basically means that IF your site becomes popular, and a million people use it to "draw" their private keys, i can pretty much guarantee that if I would generate a dictionary of the one million most popular images and shapes, convert it into 16x16 pixels, convert it to a private key => public key => address and check the address for unspent outputs, i'd find several dozen of funded addresses i'd be able to rob.

.Have Your Ad Here!.
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
  
MrFreeDragon
Full Member
***
Offline Offline

Activity: 126
Merit: 105


View Profile
September 26, 2019, 01:14:03 PM
Last edit: September 26, 2019, 01:37:16 PM by MrFreeDragon
 #16

additionally i see a zip file link at the bottom. is your project open source? if it is, sharing it on GitHub and linking it there is a better idea.

Primarily I decided to post the project here to discuss the topic and idea with the the subject specialists. If it is interesting, of course I will share it on GitHub for subsequent code discussions. The is no need to discuss the code for thing of naught.
MrFreeDragon
Full Member
***
Offline Offline

Activity: 126
Merit: 105


View Profile
September 26, 2019, 01:36:30 PM
Merited by LoyceV (1), Royse777 (1)
 #17

Thank you all for your comments regarding the security. I added the warning message to the initial post of this topic. Latter add it to the site project as well.

I agree that patterns used in key generation could be not secure. And there are many reasons for it: attackers could guess and brutforce the pattern using the list of commmon picture/figure patterns, some attackers also could use hypnosis or other skills to find out the pattern (if the key is only written on the paper, or recorded within the hardware ledger it is impossible to hear it from the user as the user does not know it himself  Grin)

However I retained the physical coin flip methond as a secure way for key generation. I'm sure that the tossing (coin flip) is the most secure way to generate the private key. So, for this way my project is a very nice tool to use. Physycal coin is used as the entropy, my project is used just only for common transformation to the address.

it is interesting to "visualize" a private key in binary and also if you use the first method (coin flip) to create
r idea.

So, what do you think about the key generation through the 256 coin flips? [my opinion - is is the most secure way nowadays]
LoyceV
Legendary
*
Online Online

Activity: 1694
Merit: 5319


ArtIst > AI rtst


View Profile WWW
September 26, 2019, 02:47:43 PM
 #18

So, what do you think about the key generation through the 256 coin flips? [my opinion - is is the most secure way nowadays]
As long as you're certain the software you use actually creates a private key from your coin flips, this could be very secure.
I'm saying this because of the paper wallet website that was compromised recently: it generated pre-defined private keys, even when used offline, and people are still losing funds because of it.
If you're using coin flips, it doesn't hurt to create the private key with different software on independent systems, and ensure they're the same (and always on air-gapped hardware that won't ever go online again).

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 770
Merit: 3053


Decent


View Profile
September 26, 2019, 03:34:39 PM
Merited by LoyceV (2), MrFreeDragon (1)
 #19

Fun site. I've been playing around with it for 10 minutes or so, generating some common patterns - checkerbox, vertical stripes, horizontal stripes, diagonal stripes, boxes, etc., - and haven't found a single address which has ever had any funds in it. This is in contrast to brain wallets dependent on a password or phrase, where most of the commonly used words/phrases lead to wallets which have been used multiple times and have all been emptied/hacked long ago. So it seems like this kind of method for generating private keys has never been used before, so kudos for that.

Having said that, I agree with all the posts above that no one should seriously use this to generate their private keys. Brain wallets are a notoriously poor method for storing your coins. Your 256 bit number should be truly random, and not based on some words, phrases, (or now) pictures which a user has chosen/drawn and could be easily brute forced or forgotten.

I'm also a little concerned about the function to "Visualize my own HEX private key (tick here to input your key)". Many newbies often fall for scams (not saying you are a scammer by any means) where they input their private key or seed in to a website and all their coins get stolen. I would like to see a warning here stating that if anyone does want to use this function, they should be downloading the site and running it on an airgapped machine.

MrFreeDragon
Full Member
***
Offline Offline

Activity: 126
Merit: 105


View Profile
September 26, 2019, 05:40:50 PM
 #20

Fun site. I've been playing around with it for 10 minutes or so, generating some common patterns - checkerbox, vertical stripes, horizontal stripes, diagonal stripes, boxes, etc., - and haven't found a single address which has ever had any funds in it. This is in contrast to brain wallets dependent on a password or phrase, where most of the commonly used words/phrases lead to wallets which have been used multiple times and have all been emptied/hacked long ago. So it seems like this kind of method for generating private keys has never been used before, so kudos for that.

Thank you for your feedback.

I'm also a little concerned about the function to "Visualize my own HEX private key (tick here to input your key)". Many newbies often fall for scams (not saying you are a scammer by any means) where they input their private key or seed in to a website and all their coins get stolen. I would like to see a warning here stating that if anyone does want to use this function, they should be downloading the site and running it on an airgapped machine.

This is a very valuable comment. Absolutely agree with you. I will add the warning for this function not to use real private keys with the funds for their visualization. Actually there is no need in the random private key visualizaition, because the user will find nothing interesting in it - just a couple of bits randomly spread across the square.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!