Bitcoin Forum
December 04, 2016, 08:30:02 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Memorizing a private key  (Read 5373 times)
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
November 26, 2011, 01:31:02 PM
 #1

Code:
This could be in technical, but it does have a "psychological" aspect too so I put it in the general discussion forum.

I have written a set of bash functions to handle bitcoin addresses:  https://github.com/grondilu/bitcoin-bash-tools.   I added a few functions to turn a private key into a bunch of english words, inspired from RFC-1751.

My aim with this is to help people memorizing at least one bitcoin private key.  Such a key could be used in case the FBI threatens to seize your computer, if you want an extremely low tech solution to hoard bitcoins, if you don't trust any physical support, or whatever ...

I have no idea if it is easy or even possible to memorize 27 english words but I guess it should if one uses a method such as the [url=http://en.wikipedia.org/wiki/Method_of_loci]loci method[/url]

Here is an example of a generated address.  You'll recognize the public key, the private key in WIF format, the 27 english words and the key in openssl's PEM format.

[code]
1ArPXGu8H3PhKduTamJ5Dj5uPtdpubFuaA, 5JUL6oXMMrgo4MC31oWySDpdH65qLuSNaCdV97i3DekWPyRrJtU
THE BLOT SET TWIT BARE LEER WAGE LILT LIND CORK GOAL OFT REAR VOTE FLEW
WAD KEYS GAVE SEES WAGE EAR YOGA VAST POT BIRD FAKE BEE
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIFZh3PHqWrJ6+vNfmtRtLtmz1kFEP0yihsf14g//ecNMoAcGBSuBBAAK
oUQDQgAEmblPqTIy9lhU5U/UW97j/FLFYra5VSol4AX1avdVitR5n6pxcvyAB4BX
/HjeTsZZdxBK127h9zVk0N4Df9dxzw==
-----END EC PRIVATE KEY-----

Notice that, conveniently enough, the leading 5 in the WIF format makes the sentence often start with 'THE'.

If you have other ideas about how to memorize a private key, please share.[/code]
1480840202
Hero Member
*
Offline Offline

Posts: 1480840202

View Profile Personal Message (Offline)

Ignore
1480840202
Reply with quote  #2

1480840202
Report to moderator
1480840202
Hero Member
*
Offline Offline

Posts: 1480840202

View Profile Personal Message (Offline)

Ignore
1480840202
Reply with quote  #2

1480840202
Report to moderator
1480840202
Hero Member
*
Offline Offline

Posts: 1480840202

View Profile Personal Message (Offline)

Ignore
1480840202
Reply with quote  #2

1480840202
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480840202
Hero Member
*
Offline Offline

Posts: 1480840202

View Profile Personal Message (Offline)

Ignore
1480840202
Reply with quote  #2

1480840202
Report to moderator
1480840202
Hero Member
*
Offline Offline

Posts: 1480840202

View Profile Personal Message (Offline)

Ignore
1480840202
Reply with quote  #2

1480840202
Report to moderator
1480840202
Hero Member
*
Offline Offline

Posts: 1480840202

View Profile Personal Message (Offline)

Ignore
1480840202
Reply with quote  #2

1480840202
Report to moderator
ThomasV
Legendary
*
Offline Offline

Activity: 1722



View Profile WWW
November 26, 2011, 02:19:24 PM
 #2

Electrum uses a 1600-word dictionary to provide mnemonic codes:
https://bitcointalk.org/index.php?topic=51397.0

Electrum: the convenience of a web wallet, without the risks
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
November 26, 2011, 03:09:59 PM
 #3

Electrum uses a 1600-word dictionary to provide mnemonic codes:
https://bitcointalk.org/index.php?topic=51397.0

This looks awesome.

The bitcoin forum has become so huge that it gets difficult to learn about cool stuffs.  Thanks.

BurtW
Legendary
*
Offline Offline

Activity: 1778

All paid signature campaigns should be banned.


View Profile WWW
November 27, 2011, 12:39:39 AM
 #4

I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator.  So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase.  As long as I keep my phrase secret (oops) I can get access to my coins.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
sebastian
Member
**
Offline Offline

Activity: 119


View Profile
November 27, 2011, 02:11:13 AM
 #5

bwagner: Actually a good idea. Then these live-CD-systems with bitcoin could work more well, and you have access to your coins on *any* computer with bitcoin, as long as you know your passphrase.

Like this:
When you start the bitcoin client, you enter a passphrase/password, like:
"HereIAm".
Then, it would generate SHA hash for HereIAm.(number from 1 to 10 000) to generate a new adress. Note that the number 1-10000 is random to increase anonymity, and it will never use any other number, since then some coins would be unspendable. No track of used adresses should occur, the client is simply allowed to "reuse" adresses if its just lucky to pick the same number.

(For webshops/exchanges, the webshop/exhange just check that a adress is "settled" before reusing it for a another customer. With "settled", I mean that goods have been delivered for that adress and all payments have been received for that adress)

To find out coins, it could generate adresses from hash of HereIAm.1 to like hash of HereIAm.10000 and check which coins belong to these, while downloading blockchain. Then it simply saves it to RAM (this takes only 2,4 Mb)

Then you would never need to save any wallet.dat, you simply enter your password/passphrase at startup, in any bitcoin client.

Of course, if 2 people use same passphrase/password, they would share the same wallet, and spend each other's coins.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
November 27, 2011, 05:35:17 AM
 #6

I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator.  So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase.  As long as I keep my phrase secret (oops) I can get access to my coins.

Anyone doing this or similar should really add just a bit of unique and random data. If a lot of people are choosing keys this way people are going to be trying everything remotely common. Adding your name and bank pin ought lock it up tight I think.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
November 27, 2011, 05:40:36 AM
 #7

I have done this before:

rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key.  this is way easier.

as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase.  sha256(yourname + passphrase) for example

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
grondilu
Legendary
*
Offline Offline

Activity: 1134


View Profile
November 27, 2011, 02:10:28 PM
 #8

I have done this before:

rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key. this is way easier.

as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase. sha256(yourname + passphrase) for example

I had no idea that any random number up to 2^256 could be used as a private key.  I guess I should learn more about ECDSA.
 
BTCurious
Hero Member
*****
Offline Offline

Activity: 714


^SEM img of Si wafer edge, scanned 2012-3-12.


View Profile
November 27, 2011, 02:18:35 PM
 #9

I have done this before:

rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key. this is way easier.

as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase. sha256(yourname + passphrase) for example

I had no idea that any random number up to 2^256 could be used as a private key.  I guess I should learn more about ECDSA.
 
Technically, not quite any random number up to 2^256, but nearly every number anyway. If you're gonna read up on EC, then it's every number smaller than the field size Fp.

ThomasV
Legendary
*
Offline Offline

Activity: 1722



View Profile WWW
November 27, 2011, 02:45:38 PM
 #10

I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator.  So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase.  As long as I keep my phrase secret (oops) I can get access to my coins.

The first version of Electrum worked just like that.
However, this was not secure enough, because some users might not provide enough entropy.
The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that.

Electrum: the convenience of a web wallet, without the risks
dunand
Hero Member
*****
Offline Offline

Activity: 625



View Profile
November 27, 2011, 05:36:42 PM
 #11

If you want a code example in Java you can look at SimpleClient.java from the bccapi project. This SimpleClient generate a private key and public keys from a seed. That seed is generated from  a passphrase and a salt.

More info here : http://code.google.com/p/bccapi/wiki/SimpleClient
jothan
Full Member
***
Offline Offline

Activity: 184


Feel the coffee, be the coffee.


View Profile
November 27, 2011, 05:48:27 PM
 #12

I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator.  So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase.  As long as I keep my phrase secret (oops) I can get access to my coins.

The first version of Electrum worked just like that.
However, this was not secure enough, because some users might not provide enough entropy.
The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that.

Something like PBKDF2 should be perfect with SHA-2 256.

http://en.wikipedia.org/wiki/PBKDF2

Bitcoin: the only currency you can store directly into your brain.

What this planet needs is a good 0.0005 BTC US nickel.
ThomasV
Legendary
*
Offline Offline

Activity: 1722



View Profile WWW
November 27, 2011, 06:07:11 PM
 #13

I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator.  So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase.  As long as I keep my phrase secret (oops) I can get access to my coins.

The first version of Electrum worked just like that.
However, this was not secure enough, because some users might not provide enough entropy.
The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that.

Something like PBKDF2 should be perfect with SHA-2 256.

http://en.wikipedia.org/wiki/PBKDF2

This is exactly what Electrum does with its seed, except there is no salt.
Using a salt stored on a server would make users dependent on that server, which is clearly not acceptable; we want users to be able to recover their wallet in any situation.

Electrum: the convenience of a web wallet, without the risks
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!