grondilu (OP)
Legendary
 Offline
Activity: 1288
Merit: 1076
|
 |
November 26, 2011, 01:31:02 PM
Last edit: November 26, 2011, 03:09:03 PM by grondilu |
|
This could be in technical, but it does have a "psychological" aspect too so I put it in the general discussion forum.
I have written a set of bash functions to handle bitcoin addresses: https://github.com/grondilu/bitcoin-bash-tools. I added a few functions to turn a private key into a bunch of english words, inspired from RFC-1751.
My aim with this is to help people memorizing at least one bitcoin private key. Such a key could be used in case the FBI threatens to seize your computer, if you want an extremely low tech solution to hoard bitcoins, if you don't trust any physical support, or whatever ...
I have no idea if it is easy or even possible to memorize 27 english words but I guess it should if one uses a method such as the [url=http://en.wikipedia.org/wiki/Method_of_loci]loci method[/url]
Here is an example of a generated address. You'll recognize the public key, the private key in WIF format, the 27 english words and the key in openssl's PEM format.
[code]
1ArPXGu8H3PhKduTamJ5Dj5uPtdpubFuaA, 5JUL6oXMMrgo4MC31oWySDpdH65qLuSNaCdV97i3DekWPyRrJtU
THE BLOT SET TWIT BARE LEER WAGE LILT LIND CORK GOAL OFT REAR VOTE FLEW
WAD KEYS GAVE SEES WAGE EAR YOGA VAST POT BIRD FAKE BEE
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIFZh3PHqWrJ6+vNfmtRtLtmz1kFEP0yihsf14g//ecNMoAcGBSuBBAAK
oUQDQgAEmblPqTIy9lhU5U/UW97j/FLFYra5VSol4AX1avdVitR5n6pxcvyAB4BX
/HjeTsZZdxBK127h9zVk0N4Df9dxzw==
-----END EC PRIVATE KEY-----
Notice that, conveniently enough, the leading 5 in the WIF format makes the sentence often start with 'THE'. If you have other ideas about how to memorize a private key, please share.[/code] |
|
|
|
|
|
|
|
|
|
|
|
|
It is a common myth that Bitcoin is ruled by a majority of miners. This is not true. Bitcoin miners "vote" on the ordering of transactions, but that's all they do. They can't vote to change the network rules.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
grondilu (OP)
Legendary
Offline
Activity: 1288
Merit: 1076
|
|
November 26, 2011, 03:09:59 PM |
|
This looks awesome. The bitcoin forum has become so huge that it gets difficult to learn about cool stuffs. Thanks. |
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1131
All paid signature campaigns should be banned.
|
|
November 27, 2011, 12:39:39 AM |
|
I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated! |
|
|
|
sebastian
|
|
November 27, 2011, 02:11:13 AM |
|
bwagner: Actually a good idea. Then these live-CD-systems with bitcoin could work more well, and you have access to your coins on *any* computer with bitcoin, as long as you know your passphrase.
Like this:
When you start the bitcoin client, you enter a passphrase/password, like:
"HereIAm".
Then, it would generate SHA hash for HereIAm.(number from 1 to 10 000) to generate a new adress. Note that the number 1-10000 is random to increase anonymity, and it will never use any other number, since then some coins would be unspendable. No track of used adresses should occur, the client is simply allowed to "reuse" adresses if its just lucky to pick the same number.
(For webshops/exchanges, the webshop/exhange just check that a adress is "settled" before reusing it for a another customer. With "settled", I mean that goods have been delivered for that adress and all payments have been received for that adress)
To find out coins, it could generate adresses from hash of HereIAm.1 to like hash of HereIAm.10000 and check which coins belong to these, while downloading blockchain. Then it simply saves it to RAM (this takes only 2,4 Mb)
Then you would never need to save any wallet.dat, you simply enter your password/passphrase at startup, in any bitcoin client.
Of course, if 2 people use same passphrase/password, they would share the same wallet, and spend each other's coins.
|
|
|
|
|
FreeMoney
Legendary
Offline
Activity: 1246
Merit: 1014
Strength in numbers
|
|
November 27, 2011, 05:35:17 AM |
|
I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.
Anyone doing this or similar should really add just a bit of unique and random data. If a lot of people are choosing keys this way people are going to be trying everything remotely common. Adding your name and bank pin ought lock it up tight I think. |
Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone. |
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
November 27, 2011, 05:40:36 AM |
|
I have done this before:
rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key. this is way easier.
as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase. sha256(yourname + passphrase) for example
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
grondilu (OP)
Legendary
Offline
Activity: 1288
Merit: 1076
|
|
November 27, 2011, 02:10:28 PM |
|
I have done this before:
rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key. �this is way easier.
as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase.� sha256(yourname + passphrase) for example
I had no idea that any random number up to 2^256 could be used as a private key. I guess I should learn more about ECDSA. |
|
|
|
|
BTCurious
|
|
November 27, 2011, 02:18:35 PM |
|
I have done this before:
rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key. �this is way easier.
as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase.� sha256(yourname + passphrase) for example
I had no idea that any random number up to 2^256 could be used as a private key. I guess I should learn more about ECDSA. Technically, not quite any random number up to 2^256, but nearly every number anyway. If you're gonna read up on EC, then it's every number smaller than the field size Fp. |
|
|
|
ThomasV
Legendary
Offline
Activity: 1896
Merit: 1353
|
|
November 27, 2011, 02:45:38 PM |
|
I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.
The first version of Electrum worked just like that. However, this was not secure enough, because some users might not provide enough entropy. The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that. |
Electrum: the convenience of a web wallet, without the risks
|
|
|
|
dunand
|
|
November 27, 2011, 05:36:42 PM |
|
If you want a code example in Java you can look at SimpleClient.java from the bccapi project. This SimpleClient generate a private key and public keys from a seed. That seed is generated from a passphrase and a salt. More info here : http://code.google.com/p/bccapi/wiki/SimpleClient |
|
|
|
|
jothan
Full Member
Offline
Activity: 184
Merit: 100
Feel the coffee, be the coffee.
|
|
November 27, 2011, 05:48:27 PM |
|
I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.
The first version of Electrum worked just like that. However, this was not secure enough, because some users might not provide enough entropy. The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that. Something like PBKDF2 should be perfect with SHA-2 256. http://en.wikipedia.org/wiki/PBKDF2 |
Bitcoin: the only currency you can store directly into your brain.
What this planet needs is a good 0.0005 BTC US nickel.
|
|
|
ThomasV
Legendary
Offline
Activity: 1896
Merit: 1353
|
|
November 27, 2011, 06:07:11 PM |
|
I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.
The first version of Electrum worked just like that. However, this was not secure enough, because some users might not provide enough entropy. The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that. Something like PBKDF2 should be perfect with SHA-2 256. http://en.wikipedia.org/wiki/PBKDF2This is exactly what Electrum does with its seed, except there is no salt. Using a salt stored on a server would make users dependent on that server, which is clearly not acceptable; we want users to be able to recover their wallet in any situation. |
Electrum: the convenience of a web wallet, without the risks
|
|
|
|
