Author

Topic: BIP 38; Wallet Standardization; Wills (Read 3622 times)

newbie
Activity: 8
Merit: 0
December 08, 2013, 03:26:00 PM
#5
Hi,

Thanks for taking the time to respond.  I am already impressed with the activity on this forum.

I realize that I have a rather stringent list of requirements, and am actually encouraged by the fact that what I want doesn't exist yet.  I think another of Bitcoin's virtues is to show the world the value and power of open source!  So I am still working on building exactly what I want.

I have settled with Electrum for the time being.  It has many of the features I desired.  Still missing are:
  • A liveCD operating system with Electrum that is smaller than 100MB (under 50MB would be better)
  • A wallet that does not download the entire blockchain, but can get information needed to construct transactions from bitcoin nodes directly (IE, a server just running bitcoind or bitcoinqt.  Perhaps this is not possible with the current release of bitcoind.  I need to research more into SPV clients)

I am also tickled that this thread is now the top google result for 'electrum damn small linux'.  Grin

Regards,
Frito_Mosquito
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
December 06, 2013, 05:15:22 PM
#4
Also, apparently Blockchain.info accepts BIP 38 private keys for import now too.
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
December 06, 2013, 04:59:38 PM
#3

Hey, welcome to Bitcoin! I just stumbled across your thread, and was kind of disappointed you hadn't had more responses by now. I'll try to answer a few of your questions though.

(First, for clarity: I'll refer to the file containing your private keys (among other info) as your wallet, and the software that manages the wallet and (usually) broadcasts your transactions as a client.)


Wallets.  I count no less than 7 different formats-- Qt, Electrum, Armory, Blockchain.info, Multibit, Paper, BIP 38.  Not to mention any online wallet service.  To what do you attribute the variety?  Do you feel like the variety is a good or bad thing? 

I feel the variety is a great strength. Since the private keys are standardized, the wallet formats can afford to be different, and as long as you can extract and save the private keys (or the wallet format isn't too complicated should you need to extract the private keys yourself by hand,) it's quite workable to have multiple clients using different wallet formats (although it would be great if all the clients allowed you to import wallets in other formats, or at least allowed export and import in the standard Bitcoin-Qt format.)

Should a flaw be found in one client, or one wallet format, only a segment of the Bitcoin community will be at risk, not the entire community. Just like biodiversity keeps entire ecospheres from complete collapse should some unexpected calamity arise, I feel diversity in clients (and by extension wallet formats) does the same thing.


Quote
How do you choose a format?

I'd say based on client features. Beginners generally want (need?) something faster and less complicated. A thin client, especially something like the Mycelium wallet app for Android makes a better choice. For someone who knows his way around Bitcoin and wants to support the network with a full client, Bitcoin-Qt might make more sense. For hardcore users who want the best in security, Armory is the clear choice.


Quote
What makes a good wallet?

Again, it mainly comes down to, "does this client best support the features I need?" But that said, one thing to watch for is to give strong, strong preference to clients that don't give third parties access to your private keys. I'd also suggest using a client that matches your degree of expertise... if you can handle Bitcoin-Qt, I'd recommend using it, even if you also use something else. Simpler clients like Mycelium or Electrum, even though they may only grant access to your keys to you, may rely on third-party servers for their speed and thinness. Having a rock-solid backup that also contributes to the network is something more advanced users should find desireable.


Quote
Is it possible to encrypt my wallet, and still have my family be able to access the funds when I die?

It depends on the client, but in most cases, yes!

Bitcoin-Qt can encrypt and backup your wallet. Copy the encrypted backup around, even give copies to your loved ones if you like. Just be sure to either make new backups regularly, or set the software to pre-generate an enormous number of change addresses, just in case. Then you can include the passphrase in your will, and they'll have access to the wallet.

Mycelium has an excellent backup system that generates a PDF for an encrypted paper version of the wallet, along with a password for that specific PDF. You can store the password with the (printed or electronic) PDF, or store them separately such that your family gains access to both the PDF and the password upon your death.

Those are the only two clients I've used extensively; from what I understand, most other clients have other methods of allowing encryption and backup of your wallet (for example, I believe Electrum uses a single passphrase that can recreate the entire wallet.)


Quote
I found many threads like this one, which describe processes for offline wallets, but recent developments left me skeptical of my computer's random number generator.

You have good reason to be wary of PRNGs, both as a source of generating new private keys, and as a source of entropy for individual transactions. IIRC, as far as Bitcoin transactions go, it's possible to craft them without even relying on random numbers, and I believe the suggestion has already been made to the core development team. Considering how it's done, I see no reason why other client developers couldn't implement it right away, or why you couldn't implement it yourself. (You just use the hash of the transaction as the random number.)


Quote
So what to do?  I am attracted to BIP 38, because it seems like a straightforward 2-factor authentication system, but why is it so complicated?

I just discovered and did some reading on BIP 38 myself. It is impressive, isn't it? (For the record, Mycelium now supports it.)


Quote
It does not seem to be widely accepted either (blockchain.info did not recognize my BIP 38 encrypted QR code as a private key).  Why is it worth 20 BTC just to program BIP decryption? Why are all the wallets so complicated?  Why aren't wallets just AES.COUNTER_MODE(Private Key) and Address?  What component am I missing?

Well, BIP 38 is just a very useful feature. It really changes the game as far as Bitcoin private key security goes.

As far as the complication, it comes back to the freedom that Bitcoin allows. Anyone can get in and use it, and if someone doesn't like a wallet format that's already out there--they don't think it encodes enough information, or feel it needs to be simpler, or that it needs to be deterministic, or whatever--then they're free to create their own.


Quote
And as far as death is concerned, do any wallets implement Shamirs secret sharing scheme, or something similar?

I'm not too familiar with that, but I seem to recall that m-of-n signature support for spending from an address has already been implemented into the Bitcoin-Qt client. So at the very least, if you have a single m-of-n address that holds the bulk of your coins you intend to leave to others, then you can distribute the keys for that address to multiple people, and if enough get together and pool their keys, they can access the funds.


Quote
So, should I just stop worrying and love the wallet?

The worrying is understandable, but unnecessary. Smiley If you keep the bulk of your funds in cold storage, in the most simple format you feel comfortable with (so loved ones won't need to spend much effort to retrieve them,) you'll be fine.


Quote
TL;DR: Bitcoin will change the world.  Is there a standard wallet that allows user input addresses (dice generated),

Mycelium and Blockchain.info do.


Quote
produces a variety of standard wallet formats,

This seems to be a big sticking point; I don't know that any allow this.

Quote
generates raw transactions offline,

I thought Blockchain.info allowed this? Maybe not.

Quote
does not download the entire blockchain,

Mycelium, Electrum, Blockchain.info

Quote
is able to implement a secret sharing scheme,

Bitcoin-Qt offers m-of-n signature support, and passphrase-encrypted wallets. Mycelium offers password-encoded PDFs. Electrum's seed passphrase can be broken into separate words (or groups of words) and distributed to others.

Quote
and can run on an operating system smaller than 100MBs?

Not asking a whole lot now, are we?  Grin  That's alright; surely Electrum or Bitcoin-Qt can run on whatever version of Linux you like (not sure about the others.) And we can probably expect the clients to get better with every generation (I'd say we're really only on generation 2 or 3 so far.)
full member
Activity: 177
Merit: 101
November 27, 2013, 02:10:09 AM
#2
Basic BIP 38 is pretty simple if you can use SCrypt and AES256. But the second part of BIP38 what describes keys multiplication is more complicated but is very powerful. Check how bit2factor.org works and what it offers. It's gives amazing possibilities never seen before. And yeah, many people can write an simple web page or an hello world but unable to understand more sophisticated topics as elliptic cryptography which is required to create any bitcoin implementation from scratch. btw, BIP 38 (the second part is about the same scheme as Shamir's)
newbie
Activity: 8
Merit: 0
November 13, 2013, 11:22:31 PM
#1
Hi all,

I bought my first coin in September and haven't looked back.  I occasionally get pangs of regret for not catching the April wave, but I am catching the current wave nicely.

Not to suggest that I am purely in this for profits.  I think bitcoin will do a lot of good in this world.  When a developer in the states on GCP can send money home to Bangalore, Hyderabad, Manila, or whereever for less than 1% fee, that is a good thing.  When 50,000 people all over the world can send $0.25 to a charity in Uganda, that is a good thing.  When you can be your own bank, that is a good thing!  To the future!

Speaking of being your own bank, I have technical questions!

Wallets.  I count no less than 7 different formats-- Qt, Electrum, Armory, Blockchain.info, Multibit, Paper, BIP 38.  Not to mention any online wallet service.  To what do you attribute the variety?  Do you feel like the variety is a good or bad thing?  How do you choose a format?  What makes a good wallet?  Is it possible to encrypt my wallet, and still have my family be able to access the funds when I die?

I found many threads like this one, which describe processes for offline wallets, but recent developments left me skeptical of my computer's random number generator.

So I set out to build what I wanted.  Armed with Damn Small Linux and Python, I built a script that takes a 99 digit base 6 number (generated from dice) and a passphrase as input, and encrypts the private key with AES-256, computes the corresponding address, and saves the results to files.

I practiced.  I have been able to generate addresses, send coins to them, then redeem the coins a few days later (although I still haven't figured out how to generate a raw transaction offline, and then broadcast the raw transaction.  I use blockchain.infos import private key feature).  But taking a step back, I decided to look at how other wallets do things, and they are immensely more complicated!  There are many more data points, there are checksums upon checksums, and other features.  And I got to feeling that maybe trusting my modest but significant stash to my moderate programming skills was unwise.

So what to do?  I am attracted to BIP 38, because it seems like a straightforward 2-factor authentication system, but why is it so complicated? It does not seem to be widely accepted either (blockchain.info did not recognize my BIP 38 encrypted QR code as a private key).  Why is it worth 20 BTC just to program BIP decryption? Why are all the wallets so complicated?  Why aren't wallets just AES.COUNTER_MODE(Private Key) and Address?  What component am I missing?

And as far as death is concerned, do any wallets implement Shamirs secret sharing scheme, or something similar?

Ok, maybe there are some loose ends here.  Maybe I am taking this all too seriously.  My modest stash will probably not attract the attention of the kinds of folks that have access to backdoors (if any) in a computer's RNG.

So, should I just stop worrying and love the wallet?

TL;DR: Bitcoin will change the world.  Is there a standard wallet that allows user input addresses (dice generated), produces a variety of standard wallet formats, generates raw transactions offline, does not download the entire blockchain, is able to implement a secret sharing scheme, and can run on an operating system smaller than 100MBs?

Cheers,
Frito
Jump to: