|
Matt Corallo
|
 |
May 04, 2011, 05:14:12 PM |
|
Why only one?
Might be useful for people who don't want their entire wallet to be re-creatable given the password but might want to backup a single address. Though at that point, printing out the private key would probably just be more secure. |
|
|
|
|
|
|
|
|
|
|
Even in the event that an attacker gains more than 50% of the network's
computational power, only transactions sent by the attacker could be
reversed or double-spent. The network would not be destroyed.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
ffe
|
|
May 04, 2011, 06:11:34 PM |
|
Is there any way in the current client to enter a key-pair not generated in that client?
|
|
|
|
|
|
Matt Corallo
|
|
May 04, 2011, 06:19:17 PM |
|
Is there any way in the current client to enter a key-pair not generated in that client?
Not currently but there are patches to allow importing keys from other wallets and it isn't theoretically too hard. |
|
|
|
|
ffe
|
|
May 04, 2011, 06:38:41 PM |
|
Well then, if the import-keys function is added, I suggest adding the ability to create a new key-pair seeded by a password entered then and there.
This way you could create one of those keys, park a bit of coin in it and have it available at any time in the future at any client simply by entering the same password.
Not only useful for you, but a neat way to transfer coin using a human memorable password. You and your buddy are having dinner and you need to transfer 10 BTC to him. Your client on your phone creates a temporary key solely for this transfer, based on a simple password you both agree on, and loads it with 10 BTC. He enters the same password on his phone client and moves the coin to one of his permanent keys. The temporary password is not needed any more and can be dropped by both parties.
Of course if a password generated key-pair is used to store coin long term, make the password a strong one and print it out!
|
|
|
|
|
|
Garrett Burgwardt
|
|
May 04, 2011, 08:20:16 PM |
|
Well then, if the import-keys function is added, I suggest adding the ability to create a new key-pair seeded by a password entered then and there.
This way you could create one of those keys, park a bit of coin in it and have it available at any time in the future at any client simply by entering the same password.
Not only useful for you, but a neat way to transfer coin using a human memorable password. You and your buddy are having dinner and you need to transfer 10 BTC to him. Your client on your phone creates a temporary key solely for this transfer, based on a simple password you both agree on, and loads it with 10 BTC. He enters the same password on his phone client and moves the coin to one of his permanent keys. The temporary password is not needed any more and can be dropped by both parties.
Of course if a password generated key-pair is used to store coin long term, make the password a strong one and print it out!
Bad idea. What happens when two people use the same password? |
|
|
|
|
|
ffe
|
|
May 04, 2011, 08:40:12 PM
Last edit: May 04, 2011, 09:29:42 PM by ffe |
|
Well then, if the import-keys function is added, I suggest adding the ability to create a new key-pair seeded by a password entered then and there.
This way you could create one of those keys, park a bit of coin in it and have it available at any time in the future at any client simply by entering the same password.
Not only useful for you, but a neat way to transfer coin using a human memorable password. You and your buddy are having dinner and you need to transfer 10 BTC to him. Your client on your phone creates a temporary key solely for this transfer, based on a simple password you both agree on, and loads it with 10 BTC. He enters the same password on his phone client and moves the coin to one of his permanent keys. The temporary password is not needed any more and can be dropped by both parties.
Of course if a password generated key-pair is used to store coin long term, make the password a strong one and print it out!
Bad idea. What happens when two people use the same password? Nothing worse than if you save your wallet on a public forum, as far as I can tell. If you're stupid, you lose your coin. No one is storing any coin long term in these keys and if someone is stupid enough to use "password" as the password he should expect a collision sometimes. If we want to protect stupid users I suppose the client could perform basic checks like password quality indicators and checking that the new key-pair has never been seen before in the block chain. My experience is it's a losing game trying to protect stupid people from themselves. |
|
|
|
|
|
Garrett Burgwardt
|
|
May 04, 2011, 09:07:01 PM |
|
People will always want to use simple phrases or words. Collisions will abound, and it will only serve to cause trouble. Leave it out I say.
|
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
 Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
May 05, 2011, 03:37:12 AM |
|
People will always want to use simple phrases or words. Collisions will abound, and it will only serve to cause trouble. Leave it out I say.
For single uses, I would suggest it's already feasible to do this, just use a throwaway MyBitcoin account, and using passwords to generate single addresses is outside the scope of the original suggestion. Using MyBitcoin, the security needs of passing a password as a proxy for a single transfer could be met with a weaker password since using an online service takes away the opportunity to brute force billions and trillions of possibilities per second. |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
