Test writing mistakes: please write down these private keys for me

[Pmalek]

How can they mistakenly write a 0 instead of an O if both do not ever exist in a base58check encoded string? There is no way they can swap these 2 even if they have no idea that neither is part of the base58check alphabet. They don't need to know to be protected, I hope it's cleared up a bit

You are writing the private key by hand. It's possible to write down the lowercase "o" bigger than it should be on your piece of paper. When you attempt to recover your wallet and you type in the private key, when you get to the part where there is an lowercase "o", you might think it's an uppercase "O" or the number "0" because you wrote it down in a weird way. A wallet like Electrum won't let you proceed and isn't telling you that your private key contains unsupported characters. The person doing the recovery wouldn't know where the mistake is.

I just noticed I made a mistake in my previous post and I corrected it after I saw this reply of yours.

This would be a great feature for Electrum to add: automatically replace non-existing characters by the likely equivalent instead of graying out the Next button.

Either that or adding some feedback that the user has added a non-supported character in his private key and display the characters on screen which aren't supported. Maybe someone with a GitHub account can suggest such a feature to Electrum devs?

Back to the private key. I wrote down the 2nd hey key like this:
L4on7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g

I just compared it to the one in OP. They match. I tried to create a new wallet in Electrum by importing the key, and it works.
I only had problems with the last letter. Had to think a bit whether it's a "g" or a "q", but I went for the correct one.

Interesting test!

[1714576170]

1714576170

[1714576170]

1714576170

[1714576170]

1714576170

[1714576170]

1714576170

[1714576170]

1714576170

[1714576170]

1714576170

[NeuroticFish]

I haven't seen any QWERTZ keyboards these days, but perhaps a more common problem is if you are attempting to type on a compact laptop keyboard, or some keypad on a mobile device, as opposed to a regular keyboard.

I had that problem in the past when changing typing language from EN-US to DE-DE or RO-RO. Indeed, now it's no longer that common (maybe the newer OSes are smarter).

I hate writing

Me too, still, I didn't make any error:

Code:

orig: L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpyYS7nrBLzv9K
mine: L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpyYS7nrBLzv9K

[Coding Enthusiast]

(the hand written key I received 3 years ago still has a substantial amount of money in it).

Do you have the corresponding public key (it starts with G and is 56 chars long)?

[BlackHatCoiner]

Wrote them down. I had forgotten how awful it is to write WIFs. I think that writing them in hex format would be much less tedious.

Check the keys below and tell me which one is easier to read.

Code:

WIF: L2HrVcnLMGssHzXYd1cqoyUB3JJZasJf1WR3ZQujcspzEUHYWf7M
HEX: 9751 8525 1452 acc5 8b06 a490 0f27 e40a 847c ceb1 ca3a f083 f41a 215c 4e40 c77b

When you attempt to recover your wallet and you type in the private key, when you get to the part where there is an lowercase "o", you might think it's an uppercase "O" or the number "0" because you wrote it down in a weird way.

May I propose an idea? Why not allowing 0 and O, but counting them as o? Same thing for I and l; counting both as i. You could avoid searching what you've written wrong this way.

[slaman29]

OK I did this yesterday, but about 16 hours ago I think it still counts:) and I made only 1 mistake in the first address, where the "1" I wrote down as "l".

I normally am a slow and careful writer, my 7s have a cross, my 5 and S are very distinct, and my zero has a cross also, but I guess this is a common mistake, because the 1 does look like the letter l. I can't really say if this was because I "saw" a letter, or if I saw the number but my brain forgot to add the top down-dash to make it look like 1.

Very interesting and thanks for sharing, it makes me think a lot now.

[Pmalek]

Neat idea, but it's a bit difficult to implement on few window such as window on below image. The reasons are,
1. You need to know whether user entering private key or address.
2. Bech32 uses different set of character.

I am certainly not in a position to propose to Electrum developers what should be included and how because I don't have the underlying skills or knowledge to do so. But I do believe that it can be done.

The software knows whether you are entering an address or a private key already. It doesn't happen that someone imports a private key and the software recovers a watch-only wallet like if you imported an address. Probably based on the length, checksums, and whatnot. Once it recognizes that the imported/entered string is a private key, the new feature could check if the entered string contains characters that don't belong there, such as "O" or "0". If discovered, a notification would inform the user of the non-allowed characters. With that, it would be easier to recognize mistakes if you know you entered a "0", for example, and you shouldn't have.

[n0nce]

When you attempt to recover your wallet and you type in the private key, when you get to the part where there is an lowercase "o", you might think it's an uppercase "O" or the number "0" because you wrote it down in a weird way.

May I propose an idea? Why not allowing 0 and O, but counting them as o? Same thing for I and l; counting both as i. You could avoid searching what you've written wrong this way.

I just checked the wiki again and it turns out that lowercase i and lowercase o are indeed part of the alphabet. I thought they were omitted as well for some reason.

From the software perspective, I think that's a great idea: since 0 and O don't exist, they can be remapped to lowercase o automatically, otherwise indeed a user needs to know that these are not part of the alphabet.

In Electrum, this function, or actually the lambda expression in the first line of it, checks if the input is valid.

The functions is_address_list and is_private_key_list specify what is classified as valid and what isn't, so I added some code that replaces the keys there and also where they're saved. I don't have enough knowledge about the Electrum codebase, but as a PoC it seems to work and I submitted a pull request.

Neat idea, but it's a bit difficult to implement on few window such as window on below image. The reasons are,
1. You need to know whether user entering private key or address.
2. Bech32 uses different set of character.

I am certainly not in a position to propose to Electrum developers what should be included and how because I don't have the underlying skills or knowledge to do so. But I do believe that it can be done.

The software knows whether you are entering an address or a private key already. It doesn't happen that someone imports a private key and the software recovers a watch-only wallet like if you imported an address. Probably based on the length, checksums, and whatnot. Once it recognizes that the imported/entered string is a private key, the new feature could check if the entered string contains characters that don't belong there, such as "O" or "0". If discovered, a notification would inform the user of the non-allowed characters. With that, it would be easier to recognize mistakes if you know you entered a "0", for example, and you shouldn't have.

The logic how it decides between address list or private key list is very trivial: it checks first that it's not a list of addresses (link) and if not, it checks if it's a list of private keys.
My proposal just replaces the characters which are out of the alphabet with the ones that are (0 => o, O => o, I => i, l => i).

[LoyceV]

I am certainly not in a position to propose to Electrum developers what should be included and how because I don't have the underlying skills or knowledge to do so. But I do believe that it can be done.

When entering a mnemonic, Electrum shows a small list of possible words. Something similar could work for private key characters. It should even be possible to instantly brute-force 1 or even 2 incorrect characters in the background, but that may be a bit too much to ask from a wallet.

(the hand written key I received 3 years ago still has a substantial amount of money in it).

Do you have the corresponding public key (it starts with G and is 56 chars long)?

Yes.

[Dabs]

Sorry I could not participate in this kind of testing, but private keys in that format are not meant to be written down by hand. If you do write it down, you must make sure there are no mistakes. The trick is to be extra careful and make sure to distinguish lowercase and uppercase letters, maybe an extra line or dot or something when writing it down.

Since you might end up printing it anyway, I would include a QR code as well. (all done offline, of course).

Seed phrases are meant to be written down by hand, so that's why they are so much easier to write, stamp, engrave, etch.

[Pmalek]

From the software perspective, I think that's a great idea: since 0 and O don't exist, they can be remapped to lowercase o automatically, otherwise indeed a user needs to know that these are not part of the alphabet.

I don't know if automatically changing unsupported characters to supported ones should be done without also providing an explanation to the user of what is going on. I would assume that you are paying attention to what you are entering into the software. If you type in a "0", and Electrum changes it to an "o" the user might think there is a bug in the wallet or something wrong with his keyboard. But if he knows that the wallet is doing that itself and the reason, then I am all for it.

[n0nce]

Since I have pretty good number memory I waited a bit longer; here is what I wrote down for key 2 and 3, didn't bother to do 1

Code:

L4on7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g

L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpqYS7nrBLzv9K

Damn second one has an error. I wrote the 'y' so weird that it looks more like 'q'. If I would have written it more carefully maybe I had fixed it up a bit, it doesn't look like all my 'y's but I purposely did it quick and without double check or anything to give a good result for this writing test.

L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpqYS7nrBLzv9K

[BlackHatCoiner]

So, here's the private key written by me:

Code:

KyHmMbp1TvBNBzi6uAAekb6DwtCsUJyYXG5CDrKDv2sCc8h4UfmD

And that's the first private key copied from page 1:

Code:

KyHmMbp1TvBNBzi6uAAekb6DwtCsUJyYXG5CDrKDv2sCc8h4UfmD

Bingo! Same keys.

I tried to mess up with the letters. Task failed successfully. 

[LoyceV]

Task failed successfully.  

That nicely summarizes my little experiment. I have no idea how people manage to write down useless private keys.