BTCapsule is a Bitcoin Time Capsule to leave your private keys as an inheritance

[BTCapsule]

***

This version of BTCapsule is no longer available. Please see the new thread here:

https://bitcointalk.org/index.php?topic=5420600.0

***




I have created a program that allows you to leave your private keys as an inheritance, or it can replace Timelock by allowing you to hide your private keys until a specific year.

The program is very simple. Move it to a thumb drive, turn off your internet, and enter a future year and your private keys. You can give the thumb drive to a loved one, and when the year arrives, they will have access to your keys.

There is no need to trust lawyers or any third party.

https://btcapsule.com

Please let me know what you think. Thanks!


EDIT

I have worked very hard on my program, and I hope I have addressed all concerns.

More sources for UTC time

I have added multiple sources for checking UTC time online. I will now post them, as I’m not concerned about them being hacked. Time is now coming from the Network Time Protocol from various sources. These are the sources, in order of possible failure:

time.google.com

time-a-g.nist.gov (United States government servers)

pool.ntp.org (a mostly decentralized pool on distributed networks. Used by major Linux distributions)

Keys are NEVER online

I have added a feature that can keep your private keys from ever seeing the internet. Basically, you turn off the internet and move the keys.txt file to another thumb drive. Then turn the internet back on to check the date. If successful, it will create another encrypted file. Turn the internet off, move the keys.txt back into the folder with BTCapsule, and your private keys will be available. You can read the directions here:

https://btcapsule.com/offline.html

The only concern I haven’t addressed is making the program Open Source. I am considering this, but I fear Open Source will make it easier to exploit. I am thinking about providing the code without sensitive data, but I’m not sure yet.

[1714812201]

1714812201

[1714812201]

1714812201

[1714812201]

1714812201

[1714812201]

1714812201

[1714812201]

1714812201

[joniboini]

What's the benefit of this instead of locking your BTC while giving the keys and stuff to the loved ones directly? If it just adds a password I don't see the benefits. Timelocking also guarantees that it will stay there until the date arrives, while software might fail to hide the keys completely if a bug was exploited.

[BTCapsule]

What's the benefit of this instead of locking your BTC while giving the keys and stuff to the loved ones directly? If it just adds a password I don't see the benefits. Timelocking also guarantees that it will stay there until the date arrives, while software might fail to hide the keys completely if a bug was exploited.

If you give the keys to a loved one, then you are trusting them not to lose or expose them. BTCapsule doesn’t require your loved one to remember a password. The year that you choose is the password, and when it arrives, they have access to your keys.

[ABCbits]

The program is very simple. Move it to a thumb drive, turn off your internet, and enter a future year and your private keys. You can give the thumb drive to a loved one, and when the year arrives, they will have access to your keys.

How does the program protect the private key locally when it doesn't ask for password/PIN? What'll happen if website used to check UTC time already gone by year 2XXX?

Please let me know what you think. Thanks!

Personally i would avoid closed source software.

[BTCapsule]

How does the program protect the private key locally when it doesn't ask for password/PIN? What'll happen if website used to check UTC time already gone by year 2XXX?

The private key is encrypted in a text file, and cannot be decrypted until the year arrives. It is possible the website used to check the UTC will be gone, but it is an established website that has been online for a very long time. In other words, you’re not trusting me to keep the UTC time online.

Personally i would avoid closed source software.

I agree, but I chose to keep the software closed so that it is harder to hack. Ledger has never been hacked, but Trezor has. Both are great options for Bitcoin wallets, but my program uses some unique methods to ensure protection.

[o_e_l_e_o]

The private key is encrypted in a text file, and cannot be decrypted until the year arrives. It is possible the website used to check the UTC will be gone, but it is an established website that has been online for a very long time. In other words, you’re not trusting me to keep the UTC time online.

Encrypted how? With what algorithm?
Which website? How can you be sure it won't be offline? If it is offline, are the keys permanently inaccessible?
How can we be sure the program doesn't send off the encrypted file when it accesses the internet, and how can we be sure you don't know the encryption key it is using and can steal the funds?

This is entirely based on trust, and has multiple completely unnecessary points of failure. There is zero benefit over a timelocked transaction. I wouldn't touch it.

[BTCapsule]

The private key is encrypted in a text file, and cannot be decrypted until the year arrives. It is possible the website used to check the UTC will be gone, but it is an established website that has been online for a very long time. In other words, you’re not trusting me to keep the UTC time online.

Encrypted how? With what algorithm?
Which website? How can you be sure it won't be offline? If it is offline, are the keys permanently inaccessible?
How can we be sure the program doesn't send off the encrypted file when it accesses the internet, and how can we be sure you don't know the encryption key it is using and can steal the funds?

This is entirely based on trust, and has multiple completely unnecessary points of failure. There is zero benefit over a timelocked transaction. I wouldn't touch it.

The encryption is built into the executable, so that is how you’re able to encrypt without using the internet. BTCapsule uses AES 128-bit encryption. I won’t say what website is used to check the time, because if BTCapsule becomes popular, then nobody wants the website to be hacked and the time changed. If the website is ever offline, then I will use another website. BTCapsule is not a hardware wallet, so it should never be your only storage of your private keys.

When using a cold wallet, if you want to spend your Bitcoin, then it must be connected to the internet. That means we’re trusting Ledger not to steal our coins. This can be avoided by immediately moving the coins to another wallet the moment they are exposed to the internet, so it’s impossible for me to steal any Bitcoin.

And how do you store the password/private key which used to encrypt the text file?

The encryption key is built into the executable. I have added other unique security features, so it will be extremely hard to find.

Even if the website still online in the future (e.g. on year 2045), there are different concern such as your software unable to communicate with the website due to various reason such as,
- They change their domain.
- Use newer TLS protocol.
- Use newer HTTP protocol (i refer to HTTP/2 or HTTP/3, not HTML4 or HTML5).

If the website is offline, then I will change the website and the program can easily be updated.

[moderator's note: consecutive posts merged]

[o_e_l_e_o]

The encryption is built into the executable, so that is how you’re able to encrypt without using the internet.

I mean the website you are using to pull the time from. If that website no longer exists, then your product no longer functions. That's a single point of failure and requires complete trust in a third party.

BTCapsule uses AES 128-bit encryption. I won’t say what website is used to check the time, because if BTCapsule becomes popular, then nobody wants the website to be hacked and the time changed.

So again you are admitting a single point of failure.

If the website is ever offline, then I will use another website.

And how do the people with keys locked in the current version using a defunct website overcome this issue? And again, here is another single point of failure - you updating the code.

When using a cold wallet, if you want to spend your Bitcoin, then it must be connected to the internet.

This is incorrect. I have multiple cold wallets which I spend from without them ever touching the internet. That's the whole point of a cold wallet.

This can be avoided by immediately moving the coins to another wallet the moment they are exposed to the internet, so it’s impossible for me to steal any Bitcoin.

It would be trivial for you to set up a bot which automatically sweeps any coins in a second or two, far quicker than any normal user would be able to spend their coins.

Again, I wouldn't touch this ever. 100% trust based and multiple points of failure. And you are charging $12 for something anyone can do themselves 100% trustless, for free, via timelocked transactions?

[BTCapsule]

It would be trivial for you to set up a bot which automatically sweeps any coins in a second or two, far quicker than any normal user would be able to spend their coins.

I can see a concern here. I will temporarily make the download link unavailable until I fix this. What I will do is allow you to move the text file that has the private keys to another folder or device. Then you can check if the year has occurred, and when it’s ready, the program will notify you to move the private keys into the same directory. Then you can turn off the internet, and your private keys will be available without ever being online.

[examplens]

And how do you store the password/private key which used to encrypt the text file?

The encryption key is built into the executable. I have added other unique security features, so it will be extremely hard to find.

How can be you sure that is your features extremely hard to find? have you ever had a third party do the test?
I'm not going to cast doubt on your ability, but I have seen serious systems with a lot of hard work behind them, and yet they had certain flaws.

If the website is offline, then I will change the website and the program can easily be updated.

therefore, anyone who decides on your application must also take care of your health and willingness to change things after 20 years.

[o_e_l_e_o]

-snip-

And yet, this still does not solve any of the other issues. How do we know the encryption is secure when you keep it closed source? How do we know that when the time limit is up, even if everything is done offline, the user isn't instead shown a message from you asking for a ransom payment before decrypting their back up? How do you address the multiple points of failure?

[BlackHatCoiner]

Closed source. Single point of failure. Costs $12. And you've spent the time to develop such "service" acknowledging the existence of Timelock, which is transparent, requires no third party, is free, and has already been used for this very purpose effectively? Tell me one reason why I should trust you.

Not only do I not trust you for your intentions, but according to your main page, I'm questioning your developing skills as well. The following sentences reveal you don't know much about security.

However, the chances of someone hacking your BTCapsule are very small. First, they would have to steal your USB, which is not a likely target of thievery.

In the event your BTCapsule is stolen, simply move your Bitcoin to a new wallet and start over.

To veiw the private keys, BTCapsule will have to temporarily connect to the internet. This will not expose your private keys online. It is needed to check the UTC date, because a computer's system date can easily be changed.

I want to believe these 5 merits from NotATether were sent very generously, without much study of the case here. I'm almost convinced this BTCapsule will rip you off the moment you leave a private key.

[Lucius]

This is entirely based on trust, and has multiple completely unnecessary points of failure. There is zero benefit over a timelocked transaction. I wouldn't touch it.

I can't say anything more than that I think the same, and that this kind of idea is problematic in itself if we know what kind of sensitive information is involved. Perhaps, in a technical sense, this idea could be refined to be more decentralized, and one of the things would be to add more sources of UTC time and not rely on just one source.

Ledger has never been hacked, but Trezor has. Both are great options for Bitcoin wallets, but my program uses some unique methods to ensure protection.

As far as I know, both HW that you mention had vulnerabilities detected in the past, but we cannot talk about hacking in the literal sense, especially about someone successfully hacking such devices remotely. No matter how much you think that these are similar things, these are still companies that are public and would suffer serious consequences if they betrayed the trust of clients in this way - while you are a private person who would not bear any responsibility for anything which would lead to the financial loss of people who would use your software.

No hard feelings, you must understand that we are extremely cautious people and have very high standards when it comes to safety.

[r_victory]

It's an interesting way to guarantee some kind of "inheritance" to a particular family member. But devices such as flash drives can be lost or damaged due to incorrect storage, oxidation, and other external and unpredictable factors. As said before, we can't just store it in one place, we must have copies and use other ways to keep this information safe as well.

[dkbit98]

If you give the keys to a loved one, then you are trusting them not to lose or expose them. BTCapsule doesn’t require your loved one to remember a password. The year that you choose is the password, and when it arrives, they have access to your keys.

How does program knows the exact year that was selected before?
There is a big chance of getting around this if time is based on operating system, or any outside time calculation.
I know there are programs that can hack and change time  for specific application to unlock it or remove some restrictions.
This was usually used before to use trial program version without any restrictions forever, and someone could create crack for your program.

Closed source. Single point of failure. Costs $12.

Enough said.
I don't know a single bitcoiner who would pay for this closed source stuff, even if it was cheaper than $12.

[o_e_l_e_o]

I know there are programs that can hack and change time  for specific application to unlock it or remove some restrictions.

This is a good point actually. There is nothing stopping an attacker with access to your encrypted file using a man-in-the-middle type attack to feed spoof data to the program to make it think it has connected to whatever site it is pointed at and the date is actually 100 years in the future.

There is also nothing stopping the program from storing whatever keys you enter while offline and later transmitting them to a third party when internet access is re-established.

[BTCapsule]

I know there are programs that can hack and change time  for specific application to unlock it or remove some restrictions.

This is a good point actually. There is nothing stopping an attacker with access to your encrypted file using a man-in-the-middle type attack to feed spoof data to the program to make it think it has connected to whatever site it is pointed at and the date is actually 100 years in the future.

There is also nothing stopping the program from storing whatever keys you enter while offline and later transmitting them to a third party when internet access is re-established.

Please see my updated OP. The private keys are no longer required to be on the same computer to check the date, and then they can be decrypted offline. If there is a way to steal the private keys while they are offline, then I definitely don’t know how to do it. I should also say that if anyone still doesn’t trust this, they can use the program without inputting their private keys. You can type anything into the text field to try it out, and when you feel comfortable, you can delete the generated files and start over.

[BlackHatCoiner]

You can type anything into the text field to try it out, and when you feel comfortable, you can delete the generated files and start over.

You can never feel confident in a closed-source environment. I can't know whether your program does what you're confusedly saying or whether it checks for my keys' balance until I deposit some good amount, or even if it spies on my whole computer. And there's absolutely no reason to trust you. Not only because I don't trust strangers who try to have their closed-source software installed in the place I keep my money, but because you haven't shown you have a technical competence of the subject either.

[BTCapsule]

If you give the keys to a loved one, then you are trusting them not to lose or expose them. BTCapsule doesn’t require your loved one to remember a password. The year that you choose is the password, and when it arrives, they have access to your keys.

How does program knows the exact year that was selected before?
There is a big chance of getting around this if time is based on operating system, or any outside time calculation.
I know there are programs that can hack and change time  for specific application to unlock it or remove some restrictions.
This was usually used before to use trial program version without any restrictions forever, and someone could create crack for your program.

I have updated my OP to explain where the time comes from. It doesn’t come from the OS because that can easily be changed.

BTCapsule creates two encrypted text files called year.txt and keys.txt that are stored in the same folder. The year.txt is encrypted, so that nobody can change the year after it’s created. When you run the program a second time, it checks to see if these files exists, decrypts the year.txt, checks the year, and then encrypts it again.

You can move the keys.txt to another thumb drive so that it is never online. This allows BTCapsule to check the year.txt file online, and generate another encrypted file called offline.txt that can be used to decrypt your private keys without the internet.

This is entirely based on trust, and has multiple completely unnecessary points of failure. There is zero benefit over a timelocked transaction. I wouldn't touch it.

I can't say anything more than that I think the same, and that this kind of idea is problematic in itself if we know what kind of sensitive information is involved. Perhaps, in a technical sense, this idea could be refined to be more decentralized, and one of the things would be to add more sources of UTC time and not rely on just one source.

I have added more sources of UTC time, and posted them here for everyone to see. I’m actually glad this was brought up, because I found pool.ntp.org which is a semi-decentralized time protocol. I have also added a method to protect the private keys from ever needing to be exposed to the internet.

It's an interesting way to guarantee some kind of "inheritance" to a particular family member. But devices such as flash drives can be lost or damaged due to incorrect storage, oxidation, and other external and unpredictable factors. As said before, we can't just store it in one place, we must have copies and use other ways to keep this information safe as well.

Yes, I did not create BTCapsule to be a hardware wallet. So long as the user is still alive, they would still have access to their actual wallet and the responsibility to secure their Bitcoin. If they later decide they don’t want to leave their Bitcoin to whoever possesses the BTCapsule, they can simply move their Bitcoin to another wallet.

I realize thumb drives are not the best, and that is why BTCapsule doesn’t have a license key that makes it dependent on a single device. I was thinking we may not even have USB in the future, so BTCapsule can be moved and copied wherever it’s needed. If the future brings us unrecognizable technology, I figure it won’t be too hard to find an old laptop if it means you’ll have access to Bitcoin. I have an old NES game system, so even if technology changes, we can still find and use what we need from the past.

You can type anything into the text field to try it out, and when you feel comfortable, you can delete the generated files and start over.

You can never feel confident in a closed-source environment. I can't know whether your program does what you're confusedly saying or whether it checks for my keys' balance until I deposit some good amount, or even if it spies on my whole computer. And there's absolutely no reason to trust you. Not only because I don't trust strangers who try to have their closed-source software installed in the place I keep my money, but because you haven't shown you have a technical competence of the subject either.

I have been looking into open source, and I’m wondering if you would be willing to tell me which open source model you would like to see. I found this website that goes over the various models:

https://www.karllhughes.com/posts/open-source-companies

I believe in capitalism, and would love to use the money I make to constantly upgrade BTCapsule and make it a better product. I also want to make wise business decisions, and if open source would offer the trust needed to sell my product, then I would be willing to do that. However, there is also a concern with security. I have read this other article that describes the problems with making software open source:

https://www.writeclick.co.il/practical-strategies-for-securing-open-source-code/

I could make the basic code open source, and then offer to sell my program with the extra security features I have added; but then it seems like those who do not trust anything that is closed source wouldn’t trust to buy my upgraded option anyway. Would you agree?

[moderator's note: consecutive posts merged]

[dkbit98]

BTCapsule creates two encrypted text files called year.txt and keys.txt that are stored in the same folder. The year.txt is encrypted, so that nobody can change the year after it’s created. When you run the program a second time, it checks to see if these files exists, decrypts the year.txt, checks the year, and then encrypts it again.

I understand that program creates this files but what sources it uses to fetch exact time information for year.txt file?
Even if it is encrypted it has to use computer time (either from BIOS or from system) or something that is coming from internet connection.
I can't trust this until I see some proof, since this is closed source and it can't be verified in any way.