Bitcoin Forum
November 18, 2024, 12:00:16 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How do different softwares compare when generating random private keys?  (Read 1186 times)
thms (OP)
Sr. Member
****
Offline Offline

Activity: 427
Merit: 250


View Profile
July 22, 2014, 12:54:29 PM
 #1

I want to generate some private keys in an offline computer and I was thinking how do all the different options like bitaddress, multibit, etc compare in terms of generating random private keys offline.

Are they all the same, like using some kind of library?

I think I'm going to install multibit offline and make it generate the private keys for me, so then I can print the private keys to make some sort of paper wallet. What do you think of this approach?
btchris
Hero Member
*****
Offline Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub


View Profile WWW
July 22, 2014, 08:16:46 PM
Last edit: July 22, 2014, 10:11:23 PM by btchris
 #2

I want to generate some private keys in an offline computer and I was thinking how do all the different options like bitaddress, multibit, etc compare in terms of generating random private keys offline.

Are they all the same, like using some kind of library?

What are your concerns / priorities?

Strong random number generation? For this, my first choice would be Armory. In addition to the OS's random number pool (either /dev/random or CryptGenRandom), it also mixes in:
Quote
timestamps, down to the microsecond, of every keypress and mouseclick made during the wallet creation wizard. Also logs mouse positions on every press, though it will be constant while typing. ... Then we throw in the [name,time,size] triplets of some volatile system directories, and the hash of a file in that directory that is expected to have timestamps and system-dependent parameters. Finally, take a desktop screenshot...
It's also a deterministic wallet if that matters to you.

Ease of use? For that I'd download a copy of https://bitcoinpaperwallet.com/ (download link is in the lower right of the live demo). It's not quite as thorough as Armory, but it does use window.crypto.getRandomValues which should in theory use the OS's random number pool, and it also uses mouse and keypress events. It's easy to use for paper wallet generation, and quite pretty too. Smiley

https://www.bitaddress.org/, while not quite as pretty, uses the same random number techniques as bitcoinpaperwallet (actually I think bitaddress was first, and bitcoinpaperwallet is based in part on bitaddress). It's probably the way to go if you want an easy method of generating a lot of paper wallets all at once.

Edited to add: both bitcoinpaperwallet and bitaddress support brain wallets, and bitcoinpaperwallet gives fairly decent advice on how to use dice or an extremely-well-shuffled deck of cards to generate the random keys, although there's better advice over in this thread.
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
July 23, 2014, 07:00:27 PM
 #3

For my own generation of private keys when I make paper wallets I make sure haveged daemon is running and then I use /dev/random (Linux) and take an sha256sum

Then I scramble the resulting hash, so that the resulting key is not a hash of what was in /dev/random but has the same number of each hex digit that was in the resulting hash.

I scamble it between 7 and 20 times (random how many)

I figure in the event there is a bug with generation of /dev/random data - repeated scrambling of the results will probably counter the ability for my key to be guessed.

generation is done in /tmp which is mounted tmpfs - so that none of the data generated is ever written to disk.

generate public key, print it to direct connected printer, wipe the print buffer.

-=-

For keys in my software wallet I just let the wallet do its thing. But I don't like to keep a lot of value in an Internet connected wallet.

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
fbueller
Sr. Member
****
Offline Offline

Activity: 412
Merit: 287


View Profile
July 24, 2014, 12:53:59 AM
 #4

If your process is deterministic it adds nothing, and if carried out by a human, its probably introducing a bias. Why not use standard key stretching, like HMAC or PBKDF2?

Bitwasp Developer.
ANTIcentralized
Full Member
***
Offline Offline

Activity: 210
Merit: 100


View Profile
July 24, 2014, 04:23:26 PM
 #5

None of them should be using a "library" as if they were the keys would not be random.

They should use a RNG that randomly chooses a private key and calculates the associated public address to that private key
virtualx
Hero Member
*****
Offline Offline

Activity: 672
Merit: 508


LOTEO


View Profile
July 24, 2014, 09:05:44 PM
 #6

I want to generate some private keys in an offline computer and I was thinking how do all the different options like bitaddress, multibit, etc compare in terms of generating random private keys offline.

Are they all the same, like using some kind of library?

I think I'm going to install multibit offline and make it generate the private keys for me, so then I can print the private keys to make some sort of paper wallet. What do you think of this approach?

It really depends on the software. On the programming level you can choose to use the default system libraries for random number generation. Sometimes developers make their own random number generators based on user or signal input, such as mouse movement, camera movement, sound etc. I'm sure multibit uses a Java random number generator.

...loteo...
DIGITAL ERA LOTTERY


r

▄▄███████████▄▄
▄███████████████████▄
▄███████████████████████▄
▄██████████████████████████▄
▄██  ███████▌ ▐██████████████▄
▐██▌ ▐█▀  ▀█    ▐█▀   ▀██▀  ▀██▌
▐██  █▌ █▌ ██  ██▌ ██▌ █▌ █▌ ██▌
▐█▌ ▐█ ▐█ ▐█▌ ▐██  ▄▄▄██ ▐█ ▐██▌
▐█  ██▄  ▄██    █▄    ██▄  ▄███▌
▀████████████████████████████▀
▀██████████████████████████▀
▀███████████████████████▀
▀███████████████████▀
▀▀███████████▀▀
r

RPLAY NOWR
BE A MOON VISITOR!
[/center]
Abdussamad
Legendary
*
Offline Offline

Activity: 3696
Merit: 1580



View Profile
July 24, 2014, 09:43:09 PM
 #7

They all use system libraries. No one is going to reinvent the wheel here. If armory is getting entropy form other sources then it is mixing that in with the entropy it gets via system interfaces. Adding more entropy, even low quality entropy, doesn't hurt.
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
July 25, 2014, 06:52:08 PM
 #8

If your process is deterministic it adds nothing, and if carried out by a human, its probably introducing a bias. Why not use standard key stretching, like HMAC or PBKDF2?

If that was at me, the process isn't human.

Shell script takes sha256sum of /dev/random - then picks a random number between 7 and 20 and scrambles the characters that many times so that the end result is not a checksum of what was in /dev/random.

Once would probably be enough but 7 to 20 doesn't hurt.

I make a bunch and print them, stick in envelopes. It works, is simple, and is secure. No need to do anything fancier.

If there is a security flaw, it would be because someone had physical access to the envelopes where the private keys are. Or the printer buffer isn't properly cleared.

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!