Can my Bitcoin be stolen

[pinksheep]

I have now come to the conclusion that there is nothing that I can do to make a secure paper wallet. Surely any combination of numbers/letters/words etc will be guessed by some supercomputer sometime?

[jonald_fyookball]

I have now come to the conclusion that there is nothing that I can do to make a secure paper wallet. Surely any combination of numbers/letters/words etc will be guessed by some supercomputer sometime?

Not at all. Combinations grow exponentially large, much too big for supercomputers.

Flip a coin 128 times, you have 2^128.

That's about 340 trillion trillion trillion combinations,
Each of which would have to be checked by doing a complete
Sha256 hash.

No computer could do it in any mortal time frame.

Roughly a billion seconds ago, Jesus walked the earth.

[pinksheep]

I have now come to the conclusion that there is nothing that I can do to make a secure paper wallet. Surely any combination of numbers/letters/words etc will be guessed by some supercomputer sometime?

Not at all. Combinations grow exponentially large, much too big for supercomputers.

Flip a coin 128 times, you have 2^128.

That's about 340 trillion trillion trillion combinations,
Each of which would have to be checked by doing a complete
Sha256 hash.

No computer could do it in any mortal time frame.

Roughly a billion seconds ago, Jesus walked the earth.

So do you think my 64 dice rolls followed by a few words is sufficient?

[ranochigo]

I have now come to the conclusion that there is nothing that I can do to make a secure paper wallet. Surely any combination of numbers/letters/words etc will be guessed by some supercomputer sometime?

Not at all. Combinations grow exponentially large, much too big for supercomputers.

Flip a coin 128 times, you have 2^128.

That's about 340 trillion trillion trillion combinations,
Each of which would have to be checked by doing a complete
Sha256 hash.

No computer could do it in any mortal time frame.

Roughly a billion seconds ago, Jesus walked the earth.

So do you think my 64 dice rolls followed by a few words is sufficient?

IMO, a person could bruteforce your 64 dice rolls and a few words in a few months or even days. And are you sure you can spend the time to type those 64 letters and a few words? You can easily forget it.
-ranochigo

[pinksheep]

So you really think it would be safer to generate keys by using 'the moving dots' on bitaddress.org etc? In your opinion, is that the safest way?

I would also love to hear someone else's opinion on this.

[ranochigo]

So you really think it would be safer to generate keys by using 'the moving dots' on bitaddress.org etc? In your opinion, is that the safest way?

I would also love to hear someone else's opinion on this.

Unless you can manipulate someone's mouse strokes perfectly for 200 times, then you can hack it. This is theoretically impossible on a computer which will never access the internet. Even if the mouse strokes are recorded, the attacker will not be able to access the mouse stroke recorded.
-ranochigo

[pinksheep]

So you really think it would be safer to generate keys by using 'the moving dots' on bitaddress.org etc? In your opinion, is that the safest way?

I would also love to hear someone else's opinion on this.

Unless you can manipulate someone's mouse strokes perfectly for 200 times, then you can hack it. This is theoretically impossible on a computer which will never access the internet. Even if the mouse strokes are recorded, the attacker will not be able to access the mouse stroke recorded.
-ranochigo

Why 200 times?

[jonald_fyookball]

I have now come to the conclusion that there is nothing that I can do to make a secure paper wallet. Surely any combination of numbers/letters/words etc will be guessed by some supercomputer sometime?

Not at all. Combinations grow exponentially large, much too big for supercomputers.

Flip a coin 128 times, you have 2^128.

That's about 340 trillion trillion trillion combinations,
Each of which would have to be checked by doing a complete
Sha256 hash.

No computer could do it in any mortal time frame.

Roughly a billion seconds ago, Jesus walked the earth.

So do you think my 64 dice rolls followed by a few words is sufficient?

IMO, a person could bruteforce your 64 dice rolls and a few words in a few months or even days. And are you sure you can spend the time to type those 64 letters and a few words? You can easily forget it.
-ranochigo

64 dice rolls is 6^64.  that's on the order of 2^160.  You can't brute force it even if you had a million billion years.
It has nothing to do with opinions!  

That's this many combinations: 1461501637330902918203684832716300000000000000000

Anyone who says you can brute-force that doesn't realize how BIG that really is.

[pinksheep]

That's what I had been told originally by people who seemed to know what they were talking about, but recent posters made me doubt it. Not sure now whether to go ahead & generate new addresses just in case, or leave it as it is.

[jonald_fyookball]

Do the math for yourself.

2^128 = (roughly) 3.4 x 10^38

1 trillion = 10^12
A trillion trillion = 10^24
A trillion trillion trillion = 10^36

The fastest supercomputer is the Tianhe-2, which
has over 3 million cores, takes 720 square meters
of space, and was developed by a team of 1300
scientists and engineers.

It theoretically can do 50 petaflops, which is
50 quadrillion calculations per second. You need about
1000 operations to do a SHA-256 hash, so, with this
computer, you could 50 trillion hashes a second.

If you had 20 billion of these computers, you could do
a trillion trillion hashes per second.

You'd still need to run all that computing power for
340 trillion seconds to reach 2^128, nevermind 2^160.

There's 31,536,000 seconds in a year, so that comes
out to: 10.78 million years.



* i dont know if floating point operations are comparable
to integer operations, but its irrelevant.

[pinksheep]

Wouldn't mind hearing the opinion of others as regards this matter??? My BTC are probably small fry to most people but to me they're a lot & I want them stored as safely as possible.

[jonald_fyookball]

Generate your keys offline. Do not online computer.

You can also hide a copy of your keys using the open puff software.

[pinksheep]

They were generated offline but I got worried that the keys could be bruteforced.

[jonald_fyookball]

Perhaps someone here can confirm my "opinion" on the feasibility of brute forcing a properly generated random key.

[pinksheep]

especially keys generated using dice rolls (64 times in my case) with an additional word or 2 added after the 64 numbers.

[jonald_fyookball]

Just curious, do you not trust/understand the math, or do you not believe dice rolls are random enough?

[pinksheep]

Although I followed the advice given on another forum & rolled dice, I'd have preferred 64 characters chosen from anywhere on the keyboard, even if they weren't as 'random'. Surely they'd have been harder to bruteforce?

Here's the advice I followed:

http://www.reddit.com/r/BitcoinWallet/comments/1p6y5c/secure_paper_wallet_tutorial/

[jonald_fyookball]

What you should understand is that there are "only" 2^160 bitcoin addresses.

So while 58^64 is bigger than 6^64 , you can't make use of the extra security.
(Nor do you need to)

That said, you should do whatever makes you feel most secure :-)

[pinksheep]

But would you agree with my point - that keys generated using only the numbers 1-6 are not as secure as if they had been generated using the numbers 0-9, never mind the other characters on the keyboard? Would it really take a supercomputer many years to bruteforce 64 numbers in the range 1-6?

[pinksheep]

So in a nutshell, if you were in my position, you'd be happy enough with the security of the keys I have generated using the dice rolls?