TERA (OP)
|
|
May 12, 2014, 05:37:16 AM |
|
Sorry about the grammar in the title - it was due to space constraints.
Lately I have been creating secure cold storage cold storage wallets using offline key generation and either paper or brain to store the key. It is kind of a scary process because deep down I think there's a chance I might generate an invalid key or mess up somehow and then later I won't be able to retrieve the bitcoins I send to the address. So I go through the tedious process of testing the new address by going through all of the secure/offline methods to send a small amount of coins to and from the address, and verify that it works, before I start sending tons of coins there. Well, as this process is tedious and seems to add an unnecessary layer of risk, I was wondering if it is even necessary.
Is it at all possible to create an invalid private key? Of all 256-bit hex numbers, is each and every one a valid key? Also, is it possible for the algorithm that converts the private key into the public key to mess up somehow? If I wrote down any random 256 bit number, and use (offline) brainwallet to derive the public key, is that sufficient enough and can I start sending my coins to it right away without having to 'test' it first?
|
|
|
|
phillipsjk
Legendary
Offline
Activity: 1008
Merit: 1001
Let the chips fall where they may.
|
|
May 12, 2014, 05:42:04 AM |
|
"testing" an off-line wallet is like testing a match to see if it works or not.
Yes, the are 256bit numbers that are not valid keys (somebody can chime in with the exact range). As a user you don't really have to worry because the software handles it for you.
The method suggested by armory is to try the process a few times with a test wallet, then make a new wallet once you are comfortable with the process.
|
James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE 0A2F B3DE 81FF 7B9D 5160
|
|
|
cp1
|
|
May 12, 2014, 05:59:48 AM |
|
Don't use a brainwallet. That's terrible. Use a real wallet, armory or electrum offline.
|
|
|
|
TERA (OP)
|
|
May 12, 2014, 06:28:57 AM |
|
Don't use a brainwallet. That's terrible. Use a real wallet, armory or electrum offline.
Can you tell me what is bad about a brainwallet or a paper wallet assuming I am using it offline on tails and creating the key in a much more complicated way than their SHA256(passphrase).
|
|
|
|
spring.yu
Member
Offline
Activity: 115
Merit: 10
Cryptocurrencies is future
|
|
May 12, 2014, 06:52:09 AM |
|
The method suggested by armory is to try the process a few times with a test wallet, then make a new wallet once you are comfortable with the process.
|
|
|
|
openyourmind
Member
Offline
Activity: 83
Merit: 10
|
|
May 12, 2014, 07:26:28 AM |
|
of course it's neccessary. testing an off-line wallet shows does it work or not.
|
|
|
|
fryarminer
|
|
May 12, 2014, 09:48:27 AM |
|
I've made several cold storage keys (Well not nearly as many as Casascius!) and several of the ones I have made were duds. The way I test them (there's probably a better way) is to send a few microbitcoins to them and then look up the address on the blockchain. If you find the address on the blockchain it's usually good. If it doesn't show up then it's not.
|
|
|
|
CoolStoryBro
Member
Offline
Activity: 89
Merit: 10
|
|
May 12, 2014, 10:21:19 AM |
|
and creating the key in a much more complicated way than their SHA256(passphrase).
can you eleborate?
|
|
|
|
TERA (OP)
|
|
May 12, 2014, 10:22:11 AM |
|
and creating the key in a much more complicated way than their SHA256(passphrase).
can you eleborate? passing through multiple hashes and using salts for example my key could be sha256('phrase1'+sha256('phrase2'+sha256('phrase3'))) or something more creative than that where portions of the hashes are removed. I've made several cold storage keys (Well not nearly as many as Casascius!) and several of the ones I have made were duds. The way I test them (there's probably a better way) is to send a few microbitcoins to them and then look up the address on the blockchain. If you find the address on the blockchain it's usually good. If it doesn't show up then it's not.
Is there a chance that this could work but then when you go to send, sending would not work?
|
|
|
|
franky1
Legendary
Offline
Activity: 4438
Merit: 4820
|
|
May 12, 2014, 10:33:54 AM |
|
Don't use a brainwallet. That's terrible. Use a real wallet, armory or electrum offline.
Can you tell me what is bad about a brainwallet or a paper wallet assuming I am using it offline on tails and creating the key in a much more complicated way than their SHA256(passphrase). using a brain wallet involves turning natural words into a code. before then encrypting it using standard bitcoin encryption protocols. this brain wallet convertion method may change, or you may mis-spell the words (EG Some instead of some). the best solution is to put a verified/clean bitcoin software onto a memory stick. then install onto a clean computer without the internet. and generate private keys from this. DO NOT rely on brain wallets or wallets that your a keyphrase/seed to generate private keys. as i said before the conversion from phrases into a private key may change in the future. ONLY store actual proper bitcoin private keys.
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
TERA (OP)
|
|
May 12, 2014, 10:40:02 AM |
|
Don't use a brainwallet. That's terrible. Use a real wallet, armory or electrum offline.
Can you tell me what is bad about a brainwallet or a paper wallet assuming I am using it offline on tails and creating the key in a much more complicated way than their SHA256(passphrase). using a brain wallet involves turning natural words into a code. before then encrypting it using standard bitcoin encryption protocols. this brain wallet convertion method may change, or you may mis-spell the words (EG Some instead of some). the best solution is to put a verified/clean bitcoin software onto a memory stick. then install onto a clean computer without the internet. and generate private keys from this. DO NOT rely on brain wallets or wallets that your a keyphrase/seed to generate private keys. as i said before the conversion from phrases into a private key may change in the future. ONLY store actual proper bitcoin private keys. The idea here is that I do NOT want to maintain any hardware or anything physical to hold my bitcoins. I want to know that if there is a nuclear explosion or everything of mine is stolen/hacked/deleted/seized/etc, hardware is lost/stolen/fried, or i go into a coma for the next 5 years, I will still have my bitcoins. I want to have no worries at all. That is why I am going for a brain-wallet-type solution. What is wrong with using sha256? If the hashing algorithm on brainwallet.org changes to something else, I can still use a sha256 script from somewhere else. It is a fairly common hashing algorithm and I dont have to rely on the tool on brainwallet.org.
|
|
|
|
Light
|
|
May 12, 2014, 11:09:32 AM |
|
The idea here is that I do NOT want to maintain any hardware or anything physical to hold my bitcoins. I want to know that if there is a nuclear explosion or everything of mine is stolen/hacked/deleted/seized/etc, hardware is lost/stolen/fried, or i go into a coma for the next 5 years, I will still have my bitcoins. I want to have no worries at all. That is why I am going for a brain-wallet-type solution.
What is wrong with using sha256? If the hashing algorithm on brainwallet.org changes to something else, I can still use a sha256 script from somewhere else. It is a fairly common hashing algorithm and I dont have to rely on the tool on brainwallet.org.
I'm hoping that you're meaning to somehow memorise the private key right? If you're planning on using random words jumbled together to form the basis of it then I would highly recommend reconsidering. Unless you're willing to take the risk that your coins get stolen because you didn't have enough entropy or you used a line from a movie/poem/song then I would stay clear of a brain wallet. Having a soft copy in the cloud (encrypted of course) and a hard copy in meatspace (preferably with BIP38) should more than suffice - your pretty much screwed if you get nuked or get knocked into a coma. There are bigger things to worry about in those scenarios than money (you'll either be dead or won't be able to use those coins till you wake up and still remember everything).
|
|
|
|
cr1776
Legendary
Offline
Activity: 4256
Merit: 1313
|
|
May 12, 2014, 11:12:29 AM |
|
Don't use a brainwallet. That's terrible. Use a real wallet, armory or electrum offline.
Can you tell me what is bad about a brainwallet or a paper wallet assuming I am using it offline on tails and creating the key in a much more complicated way than their SHA256(passphrase). using a brain wallet involves turning natural words into a code. before then encrypting it using standard bitcoin encryption protocols. this brain wallet convertion method may change, or you may mis-spell the words (EG Some instead of some). the best solution is to put a verified/clean bitcoin software onto a memory stick. then install onto a clean computer without the internet. and generate private keys from this. DO NOT rely on brain wallets or wallets that your a keyphrase/seed to generate private keys. as i said before the conversion from phrases into a private key may change in the future. ONLY store actual proper bitcoin private keys. The idea here is that I do NOT want to maintain any hardware or anything physical to hold my bitcoins. I want to know that if there is a nuclear explosion or everything of mine is stolen/hacked/deleted/seized/etc, hardware is lost/stolen/fried, or i go into a coma for the next 5 years, I will still have my bitcoins. I want to have no worries at all. That is why I am going for a brain-wallet-type solution. What is wrong with using sha256? If the hashing algorithm on brainwallet.org changes to something else, I can still use a sha256 script from somewhere else. It is a fairly common hashing algorithm and I dont have to rely on the tool on brainwallet.org. Some don't like brain wallets for several reasons: 1. People are generally bad at picking a sufficiently random group of characters (words or whatever). 2. People forget the characters. 3. People forget the salt. 4. Sometimes the code changes or there are bugs (Safari 6.05, had a Javascript BIP38 bug). (Save the current version somewhere as a backup, note the version so you can get it from github as a 2nd backup). The animus toward brain wallets occurs because they are usually poor, see this for some discussion: https://bitcointalk.org/index.php?topic=311000.msg3345309#msg3345309http://cryptocoinblog.com/brainwallets-and-why-you-shouldnt/
|
|
|
|
franky1
Legendary
Offline
Activity: 4438
Merit: 4820
|
|
May 12, 2014, 11:47:42 AM |
|
What is wrong with using sha256? If the hashing algorithm on brainwallet.org changes to something else, I can still use a sha256 script from somewhere else. It is a fairly common hashing algorithm and I dont have to rely on the tool on brainwallet.org.
using sha is fine to convert your own sentance into your own bases for making a privkey. as long as you take these precautions 1. you dont forget your own process (sentance->sha->privkey EG if you need to chop off characters at the start, end to make your sha'd sentence into a key) 2. you dont rely on other peoples process as they may change (research how someone used bitaddress.org a couple years ago and now using a different browser or the version updated that his sentence no longer produces the same privkey) 3. try not to get amnesia during your holocaust/coma its simpler to find a landmark.. dig a hole. and put a heatproof box with a metal sheath that has a privkey engraved into it.. if a holocaust occured that had enough heat to melt the metal underground.. loss of bitcoins would be the last thing on your mind. brain wallets should be short term, (think amnesia, alzheimer's or simply forgetting due to not being in long term memory)
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
medUSA
Legendary
Offline
Activity: 952
Merit: 1005
--Signature Designs-- http://bit.ly/1Pjbx77
|
|
May 12, 2014, 11:58:32 AM |
|
So I go through the tedious process of testing the new address by going through all of the secure/offline methods to send a small amount of coins to and from the address, and verify that it works, before I start sending tons of coins there.
I think testing cold wallet keys before you send savings there is being prudent. Some would argue that once you send a transaction, you disclose your public key and the security of that address drops, and it is not a "cold" storage anymore.
|
|
|
|
TERA (OP)
|
|
May 12, 2014, 11:59:13 AM |
|
What is wrong with using sha256? If the hashing algorithm on brainwallet.org changes to something else, I can still use a sha256 script from somewhere else. It is a fairly common hashing algorithm and I dont have to rely on the tool on brainwallet.org.
using sha is fine to convert your own sentance into your own bases for making a privkey. as long as you take these precautions 1. you dont forget your own process (sentance->sha->privkey EG if you need to chop off characters at the start, end to make your sha'd sentence into a key) 2. you dont rely on other peoples process as they may change (research how someone used bitaddress.org a couple years ago and now using a different browser or the version updated that his sentence no longer produces the same privkey) 3. try not to get amnesia during your holocaust/coma its simpler to find a landmark.. dig a hole. and put a heatproof box with a metal sheath that has a privkey engraved into it.. if a holocaust occured that had enough heat to melt the metal underground.. loss of bitcoins would be the last thing on your mind. brain wallets should be short term, (think amnesia, alzheimer's or simply forgetting due to not being in long term memory) but if I got amnesia, wouldn't I forget the password to the encrypted hardware wallet or the location where I hid it anyway?
|
|
|
|
blatchcorn
|
|
May 12, 2014, 12:12:12 PM |
|
I thought a bear like TERA would be selling, not holding
|
|
|
|
TERA (OP)
|
|
May 12, 2014, 12:25:49 PM |
|
I thought a bear like TERA would be selling, not holding If you only knew how much fiat I've already cashed out, you would understand. Anyway let's keep this in the Speculation forum. Something else that is off-topic here is the viability of brainwallets. I simply want to know if the process of creating a brainwallet requires that it be tested with transactions (separate question for both TO and FROM)
|
|
|
|
cr1776
Legendary
Offline
Activity: 4256
Merit: 1313
|
|
May 12, 2014, 12:34:47 PM |
|
I thought a bear like TERA would be selling, not holding If you only knew how much fiat I've already cashed out, you would understand. Anyway let's keep this in speculation. Something else that is off-topic here is the viability of brainwallets. I simply want to know if the process of creating a brainwallet requires that it be tested with transactions (separate question for both TO and FROM) It doesn't hurt to test sending TO. Plus multiple checks to ensure that the phrase is correct. Sending FROM though somewhat negates the purpose of cold storage. Also once you spend an output that has been sent to the address the only protection is ECDSA, so other unspent outputs become more vulnerable since your public key is known (prior to sending only the RIPMD hash of the SHA256 hash is known, iirc). The amount of the increase in vulnerability is probably low, but it does reduce security. This is one reason why it is recommended to avoid reusing addresses. ;-)
|
|
|
|
BillyBobJoe
Member
Offline
Activity: 119
Merit: 10
|
|
May 12, 2014, 03:06:51 PM |
|
OK, now I am confused, again.
Paper wallets. I was under the impression that when you spend from a paper wallet you should empty the it, sweep the entire amount out. This is because of "change" problems.
Now I see where some recommend spending a small amount as a test.
Could somebody clear this up for me?
Regards, BBJ
|
|
|
|
|