Bitcoin Forum
February 18, 2020, 12:55:39 AM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: How to Create a Bitcoin Receive Address from a Coin Flip  (Read 14355 times)
hexafraction
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250

Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ


View Profile
February 06, 2015, 11:23:00 PM
 #21


*** You cannot use the Brainwallet BIN to HEX converter due to the fact that Brianwallet adds a “0” place holder to every 4 bit BIN sequence. e.g. “1111” converted to HEX is “F” but Brainwallet converts it as “0F” ***


Yes, you can. Just don't add spaces to the binary.

Also, don't use random.org at all. Use a physical coin, or a known-good physical RNG, preferably one that is designed to be unbiased, truly random using physical noise, and separate from a computer.

I have recently become active again after a long period of inactivity. Cryptographic proof that my account has not been compromised is available.
1581987339
Hero Member
*
Offline Offline

Posts: 1581987339

View Profile Personal Message (Offline)

Ignore
1581987339
Reply with quote  #2

1581987339
Report to moderator
1581987339
Hero Member
*
Offline Offline

Posts: 1581987339

View Profile Personal Message (Offline)

Ignore
1581987339
Reply with quote  #2

1581987339
Report to moderator
1581987339
Hero Member
*
Offline Offline

Posts: 1581987339

View Profile Personal Message (Offline)

Ignore
1581987339
Reply with quote  #2

1581987339
Report to moderator
100% First Deposit Bonus Instant Withdrawals Best Odds 10+ Sports Since 2014 No KYC Asked Play Now
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
R2D221
Hero Member
*****
Offline Offline

Activity: 658
Merit: 500



View Profile
February 07, 2015, 12:28:36 AM
 #22

Random.org is for trivial stuff.

Generating a Bitcoin private key and its corresponding address is not trivial at all.

An economy based on endless growth is unsustainable.
fasbit
Sr. Member
****
Offline Offline

Activity: 422
Merit: 251


View Profile
February 07, 2015, 02:48:59 PM
Last edit: February 07, 2015, 03:41:34 PM by fasbit
 #23

I will argue that 256 coin flips from random.org is the best random number possibility available.  And assuming that you push the results through an offline computer using brainwallet offline, you will have a VERY SAFE, VERY RANDOM private key.
LOL.  A "VERY SAFE" number which is trivially known to a third party.  Is someone at "random.org" paying you to encourage people to have them generate their private keys, or did you come by this cluelessness naturally?

I haven't looked recently but last I checked random.org methods were secret and not peer reviewed. So not only may the results be trivially maliciously logged (by the site operators or anyone whos compromised their system; or the operators of the VPSes they use (rackspace cloud)), they're probably more likely to be accidentally flawed because their methods are not reviewed.

A. Attacking an idea or postulate is a great thing.  Attacking a person and calling them "clueless" is ad hominem and is below your status as a moderator of this board.
B. Random.org is peer reviewed here https://www.random.org/media As well as tested by third party orgs like http://www.ecogra.org/  Their methods are not secret but they are not public either.
C. So lets examine your logic:  Since random.org (peer reviewed, certified and in business since 1998) creates a buffer in advance full of billions of ones and zeroes and since it uses https, someone could log the front end usage of these ones and zeros after they leave the buffer and before they hit the https (side note on magnitude: these ones and zeroes from the buffer are used for ALOT of different applications on the site other than coin flips), track the usage by ip, collect and then echo the data once an ip pulls precisely 256 bits of data, run the bits through a key generator, (also try various combinations of the 256bit sequence like only look at the last 256 bits, since the first x bits could have been a test), create a database to collect all of these new bitcoin address and repeatedly query the entire blockchain to see if any of the addresses are extant. If any one address is extant and holds bitcoins, import the corresponding key into a wallet and steal the bitcoins.  OK... I will concede.  This may be possible. Its not likely considering the high level access, the subterfuge necessary, and the high number of bitcoin addresses to generate & query; not probable, but maybe possible.  

So to test your theory I am going to publish a bitcoin address that I created using random.org, leave some BTC there and see if they evaporate.  If they magically walk away, then we will know that someone at random.org is malicious.  If nothing happens, then Im going to stick with my "SAFE" comment.  I will however add a note of caution to the thread warning people that 1) They could get struck by lightning today 2) Earth could get destroyed by a meteor in the next 5 minutes AND 3) Somebody at random.org might guess your intent out of the millions of possible intents by those who use this service, parse through the data looking for precisely 256 bits of interesting target data turn them into a bitcoin key and steal your BTC.

Dear Mythical Hacker at Random.Org:  I created this address with the coin flip service on 02/07/2015.  I flipped 8 coins at once using Polish Zloties.  I pulled precisely 256 bits of data from the buffer to make it easy on you.  Please steal my bitcoins.
Here is the address: 1DcS5pEgjnLGJ43h7znVxdcxMfx6pfaZvA




fasbit
Sr. Member
****
Offline Offline

Activity: 422
Merit: 251


View Profile
February 07, 2015, 03:04:49 PM
 #24


*** You cannot use the Brainwallet BIN to HEX converter due to the fact that Brianwallet adds a “0” place holder to every 4 bit BIN sequence. e.g. “1111” converted to HEX is “F” but Brainwallet converts it as “0F” ***


Yes, you can. Just don't add spaces to the binary.

Also, don't use random.org at all. Use a physical coin, or a known-good physical RNG, preferably one that is designed to be unbiased, truly random using physical noise, and separate from a computer.

Ahhh... you are correct!  I fixed the note.
redsn0w
Legendary
*
Offline Offline

Activity: 1778
Merit: 1041


#Free market


View Profile
February 07, 2015, 03:09:55 PM
 #25

Oh fantastic, thanks for the info. I surely will try!
hhanh00
Sr. Member
****
Offline Offline

Activity: 467
Merit: 261


View Profile
February 07, 2015, 04:47:10 PM
 #26

This thread reminds me of [Calvin & Hobbes](http://www.gocomics.com/calvinandhobbes/2012/11/07)

doof
Hero Member
*****
Offline Offline

Activity: 764
Merit: 501


View Profile WWW
February 09, 2015, 05:14:22 AM
 #27

Please please please do not do this. The cryptosystem which Bitcoin keys and addresses are part of assumes for its security that its private keys are uniformly random numbers. Flipping coins by hand will definitely not give uniformly random numbers, and is probably so biased (depending on your hand, the coin, what side you pick it up from, the surface it lands on, etc, etc) that you can measure it yourself by just flipping a coin and counting the zeroes and ones.

If you swap out one component of a cryptosystem for another you have constructed a new cryptosystem and need to argue its security. And I guarantee you won't find a good security argument for "Bitcoin script with biased randomness".

To add to the presumption of insecurity that should be applied to all new cryptosystems, let me point out that much of this one is gibberish:


Quote
Every Public Address corresponds to exactly one Private Key and vice-versa.
This is simply false.

Are you talking about possible collisions?
coinableS
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001



View Profile WWW
February 09, 2015, 05:24:52 AM
 #28

Please please please do not do this. The cryptosystem which Bitcoin keys and addresses are part of assumes for its security that its private keys are uniformly random numbers. Flipping coins by hand will definitely not give uniformly random numbers, and is probably so biased (depending on your hand, the coin, what side you pick it up from, the surface it lands on, etc, etc) that you can measure it yourself by just flipping a coin and counting the zeroes and ones.

If you swap out one component of a cryptosystem for another you have constructed a new cryptosystem and need to argue its security. And I guarantee you won't find a good security argument for "Bitcoin script with biased randomness".

To add to the presumption of insecurity that should be applied to all new cryptosystems, let me point out that much of this one is gibberish:


Quote
Every Public Address corresponds to exactly one Private Key and vice-versa.
This is simply false.

Are you talking about possible collisions?


I believe he is referring to this:  https://bitcointalk.org/index.php?topic=24268.0

So there are 2^160 public keys but only 2^96 private keys? Ho does that add up?
Are there private keys than unlock more than one public key?
There are just under 2^256 private keys, just under 2^256 public keys, and 2^160 addresses. There are some addresses that have more than one corresponding public key and thus more than one corresponding private key.

coinpr0n
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1000



View Profile
February 09, 2015, 01:25:49 PM
 #29

Cool idea. So decentralized ...

xDan
Hero Member
*****
Offline Offline

Activity: 688
Merit: 500

ヽ( ㅇㅅㅇ)ノ ~!!


View Profile
February 10, 2015, 05:31:44 PM
 #30

It's a nice idea, but if you are doing coin flipping as a way to have "perfect" randomness, then you are rather spoiling the effort by having it touch any online computer system. I would rather just use bitcoin core on a linux livecd which I'd trust way more than any of the sites you linked.

i.e. suggesting mathisisfun.com website. Hey hackers, go compromise mathisfun.com, a fun little side project for you, maybe you'll find yourself some private keys.

Or maybe OP is the hacker who has already done so. Clever!

I would definitely be interested in seeing a tiny little script with no external dependencies that can be run on an offline system.

(Or excel/open office equations that I can copy+paste myself).

HODLing for the longest time. Skippin fast right around the moon. On a rocketship straight to mars.
Up, up and away with my beautiful, my beautiful Bitcoin~
fasbit
Sr. Member
****
Offline Offline

Activity: 422
Merit: 251


View Profile
February 10, 2015, 07:09:33 PM
 #31

It's a nice idea, but if you are doing coin flipping as a way to have "perfect" randomness, then you are rather spoiling the effort by having it touch any online computer system. I would rather just use bitcoin core on a linux livecd which I'd trust way more than any of the sites you linked.

i.e. suggesting mathisisfun.com website. Hey hackers, go compromise mathisfun.com, a fun little side project for you, maybe you'll find yourself some private keys.

Or maybe OP is the hacker who has already done so. Clever!

I would definitely be interested in seeing a tiny little script with no external dependencies that can be run on an offline system.

(Or excel/open office equations that I can copy+paste myself).

  • I'm working on the excel.  I have the sha256 and base58 working in excel, just hung up on RIPEMD-160...but i'm close
  • Also all of the links I suggested have "offline" capability.
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1001


Gresham's Lawyer


View Profile WWW
February 11, 2015, 04:34:20 AM
 #32

For the Hex Dice, I'd like to see them in happy homes:

BTC0.05 for a pair will get me off my butt to get them shipped to you in the USA, for international, probably a bit more.  Let me know where you are and I'll let you know how much more.


FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
spin
Sr. Member
****
Offline Offline

Activity: 360
Merit: 250


View Profile
February 12, 2015, 09:18:36 AM
 #33

I will argue that 256 coin flips from random.org is the best random number possibility available.  And assuming that you push the results through an offline computer using brainwallet offline, you will have a VERY SAFE, VERY RANDOM private key.
LOL.  A "VERY SAFE" number which is trivially known to a third party.  Is someone at "random.org" paying you to encourage people to have them generate their private keys, or did you come by this cluelessness naturally?

I haven't looked recently but last I checked random.org methods were secret and not peer reviewed. So not only may the results be trivially maliciously logged (by the site operators or anyone whos compromised their system; or the operators of the VPSes they use (rackspace cloud)), they're probably more likely to be accidentally flawed because their methods are not reviewed.

A. Attacking an idea or postulate is a great thing.  Attacking a person and calling them "clueless" is ad hominem and is below your status as a moderator of this board.
B. Random.org is peer reviewed here https://www.random.org/media As well as tested by third party orgs like http://www.ecogra.org/  Their methods are not secret but they are not public either.
C. So lets examine your logic:  Since random.org (peer reviewed, certified and in business since 1998) creates a buffer in advance full of billions of ones and zeroes and since it uses https, someone could log the front end usage of these ones and zeros after they leave the buffer and before they hit the https (side note on magnitude: these ones and zeroes from the buffer are used for ALOT of different applications on the site other than coin flips), track the usage by ip, collect and then echo the data once an ip pulls precisely 256 bits of data, run the bits through a key generator, (also try various combinations of the 256bit sequence like only look at the last 256 bits, since the first x bits could have been a test), create a database to collect all of these new bitcoin address and repeatedly query the entire blockchain to see if any of the addresses are extant. If any one address is extant and holds bitcoins, import the corresponding key into a wallet and steal the bitcoins.  OK... I will concede.  This may be possible. Its not likely considering the high level access, the subterfuge necessary, and the high number of bitcoin addresses to generate & query; not probable, but maybe possible.  

So to test your theory I am going to publish a bitcoin address that I created using random.org, leave some BTC there and see if they evaporate.  If they magically walk away, then we will know that someone at random.org is malicious.  If nothing happens, then Im going to stick with my "SAFE" comment.  I will however add a note of caution to the thread warning people that 1) They could get struck by lightning today 2) Earth could get destroyed by a meteor in the next 5 minutes AND 3) Somebody at random.org might guess your intent out of the millions of possible intents by those who use this service, parse through the data looking for precisely 256 bits of interesting target data turn them into a bitcoin key and steal your BTC.

Dear Mythical Hacker at Random.Org:  I created this address with the coin flip service on 02/07/2015.  I flipped 8 coins at once using Polish Zloties.  I pulled precisely 256 bits of data from the buffer to make it easy on you.  Please steal my bitcoins.
Here is the address: 1DcS5pEgjnLGJ43h7znVxdcxMfx6pfaZvA

A.  He may have been a little harsh, but you need to understand cryptography for some of these things.  And you can't simply claim something is secure.  I am trying to learn about cryptography, and all I've really learned thus far is that there is a lot out there and one can quickly do a lot of damage.
B.  Those are random citations that don't any really appear to be peer review of the methods. For random.org to be tested their methods should be fully disclosed.  They have a question covering this in their FAQ: https://www.random.org/faq/#Q2.2  It talks about gaming and gambling.  Being verified for that is NOT the same as being verified for cryptographic purposes.  Also see https://www.random.org/faq/#Q1.2  Standard security practice before using something in cryptography is that it's open to inspection and that a lot of people have looked at it.  The code they use is not available so how do you know it's right. 
C. In theory the whoever can access the machines they use can get to the random numbers generated.  These include the hosting company, the site owners, hackers with access etc.  gmaxwell did point out that the most likely source of error was a accidentally poor implementation of the random number generator process.  The point is you cannot know because it's all closed source and not reviewed. So do you want to use something that is well reviewed random generator or something that may or may not be random?

A poor random generator may make it possible to solve private keys for 1 in 1000 or 1 in a 1000 000 generated using the site.  The point is even 1 in 1bn is a lot (and I mean a LOT) less secure than other methods used to generate private keys.  So your test address is probably safe, but how safe you won't know, because it's all closed up.  Now if lots of people start using the service (like when someone start recommending them) the odds start looking a lot better for an attacker.

This is my lay understanding of the issues around something like this.



If you liked this post buy me a beer.  Beers are quite cheap where I live!
194YjsiwmGm3hcbPcJWWyzRAS9CQLX1fJL
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1001


Gresham's Lawyer


View Profile WWW
February 12, 2015, 05:19:42 PM
 #34

I will argue that 256 coin flips from random.org is the best random number possibility available.  And assuming that you push the results through an offline computer using brainwallet offline, you will have a VERY SAFE, VERY RANDOM private key.
LOL.  A "VERY SAFE" number which is trivially known to a third party.  Is someone at "random.org" paying you to encourage people to have them generate their private keys, or did you come by this cluelessness naturally?

I haven't looked recently but last I checked random.org methods were secret and not peer reviewed. So not only may the results be trivially maliciously logged (by the site operators or anyone whos compromised their system; or the operators of the VPSes they use (rackspace cloud)), they're probably more likely to be accidentally flawed because their methods are not reviewed.

A. Attacking an idea or postulate is a great thing.  Attacking a person and calling them "clueless" is ad hominem and is below your status as a moderator of this board.
B. Random.org is peer reviewed here https://www.random.org/media As well as tested by third party orgs like http://www.ecogra.org/  Their methods are not secret but they are not public either.
C. So lets examine your logic:  Since random.org (peer reviewed, certified and in business since 1998) creates a buffer in advance full of billions of ones and zeroes and since it uses https, someone could log the front end usage of these ones and zeros after they leave the buffer and before they hit the https (side note on magnitude: these ones and zeroes from the buffer are used for ALOT of different applications on the site other than coin flips), track the usage by ip, collect and then echo the data once an ip pulls precisely 256 bits of data, run the bits through a key generator, (also try various combinations of the 256bit sequence like only look at the last 256 bits, since the first x bits could have been a test), create a database to collect all of these new bitcoin address and repeatedly query the entire blockchain to see if any of the addresses are extant. If any one address is extant and holds bitcoins, import the corresponding key into a wallet and steal the bitcoins.  OK... I will concede.  This may be possible. Its not likely considering the high level access, the subterfuge necessary, and the high number of bitcoin addresses to generate & query; not probable, but maybe possible.  

So to test your theory I am going to publish a bitcoin address that I created using random.org, leave some BTC there and see if they evaporate.  If they magically walk away, then we will know that someone at random.org is malicious.  If nothing happens, then Im going to stick with my "SAFE" comment.  I will however add a note of caution to the thread warning people that 1) They could get struck by lightning today 2) Earth could get destroyed by a meteor in the next 5 minutes AND 3) Somebody at random.org might guess your intent out of the millions of possible intents by those who use this service, parse through the data looking for precisely 256 bits of interesting target data turn them into a bitcoin key and steal your BTC.

Dear Mythical Hacker at Random.Org:  I created this address with the coin flip service on 02/07/2015.  I flipped 8 coins at once using Polish Zloties.  I pulled precisely 256 bits of data from the buffer to make it easy on you.  Please steal my bitcoins.
Here is the address: 1DcS5pEgjnLGJ43h7znVxdcxMfx6pfaZvA

A.  He may have been a little harsh, but you need to understand cryptography for some of these things.  And you can't simply claim something is secure.  I am trying to learn about cryptography, and all I've really learned thus far is that there is a lot out there and one can quickly do a lot of damage.
B.  Those are random citations that don't any really appear to be peer review of the methods. For random.org to be tested their methods should be fully disclosed.  They have a question covering this in their FAQ: https://www.random.org/faq/#Q2.2  It talks about gaming and gambling.  Being verified for that is NOT the same as being verified for cryptographic purposes.  Also see https://www.random.org/faq/#Q1.2  Standard security practice before using something in cryptography is that it's open to inspection and that a lot of people have looked at it.  The code they use is not available so how do you know it's right. 
C. In theory the whoever can access the machines they use can get to the random numbers generated.  These include the hosting company, the site owners, hackers with access etc.  gmaxwell did point out that the most likely source of error was a accidentally poor implementation of the random number generator process.  The point is you cannot know because it's all closed source and not reviewed. So do you want to use something that is well reviewed random generator or something that may or may not be random?

A poor random generator may make it possible to solve private keys for 1 in 1000 or 1 in a 1000 000 generated using the site.  The point is even 1 in 1bn is a lot (and I mean a LOT) less secure than other methods used to generate private keys.  So your test address is probably safe, but how safe you won't know, because it's all closed up.  Now if lots of people start using the service (like when someone start recommending them) the odds start looking a lot better for an attacker.

This is my lay understanding of the issues around something like this.

GMaxwell writes from a development point of view.
Make it provably safe therefore trustless (not requiring unusual trust).
I appreciate that view point in a developer, because it makes the code useful for very large values.

The "test" is one which uses very small bait: 1DcS5pEgjnLGJ43h7znVxdcxMfx6pfaZvA has 0.05 XBT.
It is not a very valid test.  It will not entice someone with an exploit to go after those coins.

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
e1ghtSpace
Legendary
*
Offline Offline

Activity: 1498
Merit: 1001


Crypto since 2014


View Profile WWW
February 14, 2015, 11:57:13 AM
 #35

Since we only generate 256 1's or 0's does that mean that there are only 256^2 possibilities?
Wow, it should be 2^256 Cheesy
hexafraction
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250

Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ


View Profile
February 17, 2015, 12:17:45 AM
 #36

Since we only generate 256 1's or 0's does that mean that there are only 256^2 possibilities?
Wow, it should be 2^256 Cheesy

No, generating 256 bits means there are 2^256 possibilities. For example, 1 coin flip has 2^1 possibilities, 2 coin flips have 2^2, 3 flips has 2^3, etc. The number of possibilities for n flips is the number of possibilities of n-1 flips times the number of possibilities of that nth flip, hence 2^n.

I have recently become active again after a long period of inactivity. Cryptographic proof that my account has not been compromised is available.
fasbit
Sr. Member
****
Offline Offline

Activity: 422
Merit: 251


View Profile
February 17, 2015, 01:49:41 AM
 #37

I will argue that 256 coin flips from random.org is the best random number possibility available.  And assuming that you push the results through an offline computer using brainwallet offline, you will have a VERY SAFE, VERY RANDOM private key.
LOL.  A "VERY SAFE" number which is trivially known to a third party.  Is someone at "random.org" paying you to encourage people to have them generate their private keys, or did you come by this cluelessness naturally?

I haven't looked recently but last I checked random.org methods were secret and not peer reviewed. So not only may the results be trivially maliciously logged (by the site operators or anyone whos compromised their system; or the operators of the VPSes they use (rackspace cloud)), they're probably more likely to be accidentally flawed because their methods are not reviewed.

A. Attacking an idea or postulate is a great thing.  Attacking a person and calling them "clueless" is ad hominem and is below your status as a moderator of this board.
B. Random.org is peer reviewed here https://www.random.org/media As well as tested by third party orgs like http://www.ecogra.org/  Their methods are not secret but they are not public either.
C. So lets examine your logic:  Since random.org (peer reviewed, certified and in business since 1998) creates a buffer in advance full of billions of ones and zeroes and since it uses https, someone could log the front end usage of these ones and zeros after they leave the buffer and before they hit the https (side note on magnitude: these ones and zeroes from the buffer are used for ALOT of different applications on the site other than coin flips), track the usage by ip, collect and then echo the data once an ip pulls precisely 256 bits of data, run the bits through a key generator, (also try various combinations of the 256bit sequence like only look at the last 256 bits, since the first x bits could have been a test), create a database to collect all of these new bitcoin address and repeatedly query the entire blockchain to see if any of the addresses are extant. If any one address is extant and holds bitcoins, import the corresponding key into a wallet and steal the bitcoins.  OK... I will concede.  This may be possible. Its not likely considering the high level access, the subterfuge necessary, and the high number of bitcoin addresses to generate & query; not probable, but maybe possible.  

So to test your theory I am going to publish a bitcoin address that I created using random.org, leave some BTC there and see if they evaporate.  If they magically walk away, then we will know that someone at random.org is malicious.  If nothing happens, then Im going to stick with my "SAFE" comment.  I will however add a note of caution to the thread warning people that 1) They could get struck by lightning today 2) Earth could get destroyed by a meteor in the next 5 minutes AND 3) Somebody at random.org might guess your intent out of the millions of possible intents by those who use this service, parse through the data looking for precisely 256 bits of interesting target data turn them into a bitcoin key and steal your BTC.

Dear Mythical Hacker at Random.Org:  I created this address with the coin flip service on 02/07/2015.  I flipped 8 coins at once using Polish Zloties.  I pulled precisely 256 bits of data from the buffer to make it easy on you.  Please steal my bitcoins.
Here is the address: 1DcS5pEgjnLGJ43h7znVxdcxMfx6pfaZvA

A.  He may have been a little harsh, but you need to understand cryptography for some of these things.  And you can't simply claim something is secure.  I am trying to learn about cryptography, and all I've really learned thus far is that there is a lot out there and one can quickly do a lot of damage.
B.  Those are random citations that don't any really appear to be peer review of the methods. For random.org to be tested their methods should be fully disclosed.  They have a question covering this in their FAQ: https://www.random.org/faq/#Q2.2  It talks about gaming and gambling.  Being verified for that is NOT the same as being verified for cryptographic purposes.  Also see https://www.random.org/faq/#Q1.2  Standard security practice before using something in cryptography is that it's open to inspection and that a lot of people have looked at it.  The code they use is not available so how do you know it's right. 
C. In theory the whoever can access the machines they use can get to the random numbers generated.  These include the hosting company, the site owners, hackers with access etc.  gmaxwell did point out that the most likely source of error was a accidentally poor implementation of the random number generator process.  The point is you cannot know because it's all closed source and not reviewed. So do you want to use something that is well reviewed random generator or something that may or may not be random?

A poor random generator may make it possible to solve private keys for 1 in 1000 or 1 in a 1000 000 generated using the site.  The point is even 1 in 1bn is a lot (and I mean a LOT) less secure than other methods used to generate private keys.  So your test address is probably safe, but how safe you won't know, because it's all closed up.  Now if lots of people start using the service (like when someone start recommending them) the odds start looking a lot better for an attacker.

This is my lay understanding of the issues around something like this.

GMaxwell writes from a development point of view.
Make it provably safe therefore trustless (not requiring unusual trust).
I appreciate that view point in a developer, because it makes the code useful for very large values.

The "test" is one which uses very small bait: 1DcS5pEgjnLGJ43h7znVxdcxMfx6pfaZvA has 0.05 XBT.
It is not a very valid test.  It will not entice someone with an exploit to go after those coins.
1. I agree that my measly .05 BTC of bait is not a real enticement.  But it would demonstrate if someone had maliciously swiped the code and was using the site to swipe private keys no matter the balance.
2. I appreciate gmaxwell's point and I added warnings based on his point.  This thread is however, about creating the private key with a coin flip not a web site.  Using a site like random.org is ancillary to the thread and I marked it "educational only."
3. The only thing I claim is safe is: 1) its done offline, 2) its done randomly, and 3) no one can know the method of creation.  I will stick by that maxim. < this is the essence of the thread
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1010


View Profile
February 17, 2015, 06:31:09 AM
 #38



EXTRA SPEED:  .....



Punch your keyboard and take SHA256 of the results. It's way much better than using an online third party RNG.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
NewLiberty
Legendary
*
Offline Offline

Activity: 1204
Merit: 1001


Gresham's Lawyer


View Profile WWW
February 17, 2015, 08:53:18 AM
 #39

1. I agree that my measly .05 BTC of bait is not a real enticement.  But it would demonstrate if someone had maliciously swiped the code and was using the site to swipe private keys no matter the balance.
2. I appreciate gmaxwell's point and I added warnings based on his point.  This thread is however, about creating the private key with a coin flip not a web site.  Using a site like random.org is ancillary to the thread and I marked it "educational only."
3. The only thing I claim is safe is: 1) its done offline, 2) its done randomly, and 3) no one can know the method of creation.  I will stick by that maxim. < this is the essence of the thread
Agree with all of this Smiley and with the recent revelations:
http://www.cbc.ca/news/technology/nsa-hid-spying-software-in-hard-drive-firmware-report-says-1.2959252
the method is very attractive, still I'd stick with the 64 hex dice rolls over the 256 coin flips.

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
teukon
Legendary
*
Offline Offline

Activity: 1246
Merit: 1001



View Profile
February 17, 2015, 10:59:00 AM
 #40

The only thing I claim is safe is: 1) its done offline, 2) its done randomly, and 3) no one can know the method of creation.  I will stick by that maxim. < this is the essence of the thread

I don't see the need for (3).  Indeed, if (3) is at all useful to your security then I'd claim that you're not introducing enough entropy at step (2) and are being forced to rely on the extra entropy of your method being one among many plausible alternatives.

Certainly, 256 coin flips provides sufficient entropy.  I believe 128 coin-flips is enough for critical cold storage even with the method known but I'm not a cryptographer.
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!