Generate an address - page 2. | Bitcointalksearch.org

DannyHamilton

legendary

Activity: 3472

Merit: 4794

Quote from: jackjack on September 12, 2013, 09:27:21 AM

Quote from: DannyHamilton on September 12, 2013, 08:38:26 AM

Is there a better source of entropy available to the average person that could be used to mechanically generate a private key?

For i<52:

if 0->31: add the corresponding 5 bits to the private key
if 31+: run it again

Remove FOUR random bits

I think I said "available to the average person".

Most of the people that I know have a coin in their pocket or very nearby. I don't know anybody that owns their own well balanced and maintained roulette wheel.

By the way, how would you choose which 4 bits to remove?

jackjack

legendary

Activity: 1176

Merit: 1260

May Bitcoin be touched by his Noodly Appendage

Quote from: DannyHamilton on September 12, 2013, 08:38:26 AM

Is there a better source of entropy available to the average person that could be used to mechanically generate a private key?

For i<52:

if 0->31: add the corresponding 5 bits to the private key
if 31+: run it again

Remove FOUR random bits

pc

sr. member

Activity: 253

Merit: 250

Quote from: BurtW on September 11, 2013, 06:36:20 PM

Quote from: pc on September 10, 2013, 01:49:05 PM

A private key is just a 256-bit random number. (Well, a number between 1 and hex value FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141.)

Where did you get that God awful number? The actual value of p for secp256k1 is:

p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F

I got it from the Private Key page on the Bitcoin wiki. I don't know whether the number is right or wrong, but feel free to update the wiki (perhaps it should have a citation, even?) if the value there is wrong. I apologize for not checking my sources more thoroughly, or at least citing where I was getting my info from.

In any event, it's rather unlikely that a random 256-bit number won't be in the range. If somebody gets heads a ton of times in a row, they may want to double-check the upper bound before using it. (Or, perhaps more likely, check that their coin is fair…)

DannyHamilton

legendary

Activity: 3472

Merit: 4794

Quote from: grue on September 11, 2013, 08:04:57 PM

Quote from: BurtW on September 11, 2013, 06:36:20 PM

So yes, you could flip a coin 256 times and copy down the results into a 256 bit number and as long as your number is less than the (prime) number p shown above it is a valid private key.

A coin is a really bad source of entropy though.

You're suggesting that a typical coin is not "fair" and will tend to land on one side more often than the other?

I would think there would be enough events adding entropy to the action (flip rotation speed, flip initial height, maximum height, resting height, air flow around the coin, initial side up, axis of rotation, horizontal velocity, etc) that the bias in the coin would have to be pretty significant to have a discernible effect in 256 trials.

Is there a better source of entropy available to the average person that could be used to mechanically generate a private key?

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: Zeek_W on September 11, 2013, 08:56:09 PM

Quote from: grue on September 11, 2013, 08:04:57 PM

Quote from: BurtW on September 11, 2013, 06:36:20 PM

So yes, you could flip a coin 256 times and copy down the results into a 256 bit number and as long as your number is less than the (prime) number p shown above it is a valid private key.

A coin is a really bad source of entropy though.

Use 512 coins, and drop them from a height. Unleash a dog/kid into the room to scatter and or lose some coins. Then pick up 256 coins randomly Grin

I did say "valid", not "good" or "random" or "secure".

Still, flipping a coin 256 times and then directly using the value obtained would be much better than using "stfu!" as your pass phrase to a brain wallet Wink

Zeek_W

sr. member

Activity: 336

Merit: 250

Quote from: grue on September 11, 2013, 08:04:57 PM

Quote from: BurtW on September 11, 2013, 06:36:20 PM

So yes, you could flip a coin 256 times and copy down the results into a 256 bit number and as long as your number is less than the (prime) number p shown above it is a valid private key.

A coin is a really bad source of entropy though.

Use 512 coins, and drop them from a height. Unleash a dog/kid into the room to scatter and or lose some coins. Then pick up 256 coins randomly Grin

grue

legendary

Activity: 2058

Merit: 1431

Quote from: BurtW on September 11, 2013, 06:36:20 PM

So yes, you could flip a coin 256 times and copy down the results into a 256 bit number and as long as your number is less than the (prime) number p shown above it is a valid private key.

A coin is a really bad source of entropy though.

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: pc on September 10, 2013, 01:49:05 PM

A private key is just a 256-bit random number. (Well, a number between 1 and hex value FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141.)

Where did you get that God awful number? The actual value of p for secp256k1 is:

p = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F

= 2²⁵⁶ - 2³² - 2⁹ - 2⁸ - 2⁷ -2⁶ - 2⁴ - 1

Oh, I see, that is the order n of G. You just copied the wrong number.

So yes, you could flip a coin 256 times and copy down the results into a 256 bit number and as long as your number is less than the (prime) number p shown above it is a valid private key.

Abdussamad

legendary

Activity: 3640

Merit: 1571

Quote from: gravitate on September 11, 2013, 06:46:03 AM

I managed to use VMware free trial to run ubuntu withough having to boot from a usb. Then erased application and wiped my free space.
Will I be safe?

Running linux in a VM is pointless if your are worried about the safety of your host system. If someone has access to your host system they have access to everything you are running on it including VMs. You should boot from a live USB or DVD.

gravitate

legendary

Activity: 1372

Merit: 1000

lol thanks

J35st3r

full member

Activity: 196

Merit: 100

Quote from: gravitate on September 11, 2013, 06:46:03 AM

I managed to use VMware free trial to run ubuntu withough having to boot from a usb. Then erased application and wiped my free space.
Will I be safe?

If you ran it as a live-CD (no disk image) you should be fine, otherwise you need to secure-delete the disk image (use sdelete from SysInternals ... EDIT OOPS that's Microsoft, mac must have an equivalent utility).

There may be some residual data in your pagefile, so probably best to reboot your mac too (not hibernate as this just makes it worse).

[/paranoia_mode]

gravitate

legendary

Activity: 1372

Merit: 1000

I managed to use VMware free trial to run ubuntu withough having to boot from a usb. Then erased application and wiped my free space.
Will I be safe?

J35st3r

full member

Activity: 196

Merit: 100

Quote from: pc on September 10, 2013, 02:32:04 PM

I did say one could use "a calculator". Presumably, one could balance it being fancy enough to be able to handle EC math, while not being fancy enough that one had to worry about it storing ones key for a long time or getting compromised in some fashion.

The EC algorithm is actually fairly simple (see JackJack's pywallet for an implementation), but relies on bigints (arbitary percision integers) which may or may not be available on a stand-alone "calculator". As has been said elsewhere, this is an ideal application for a raspberry pi. You don't even need to connect it to the internet. Just download bitaddress.org from the github, transfer it to the pi via a memory stick (or load it onto the boot partition of the OS SD card) and you're good to go. Attach a printer, and your key has never been exposed to the outside world. You should reflash the SD card afterwards, to be sure nothing remains that can be exposed later, destroy it if you're paranoid, and the printer too, you never know what's stored inside the modern ones, but an ancient text-only line printer should be safe Cool

pc

sr. member

Activity: 253

Merit: 250

Quote from: jackjack on September 10, 2013, 02:21:38 PM

Quote from: pc on September 10, 2013, 09:22:52 AM

Or to be completely offline, you can flip a coin 256 times to make the private key and have a calculator and pencil and paper to calculate the public key and address. I want to do it one of these days just to show that it's possible.

Calculating the public key would require a crazy amount of motivation
Calculating the address is impossible

https://bitcointalksearch.org/topic/bitcoin-wallet-generation-by-hand-286534

Heh, I hadn't realized it was a recent topic on the forum.
I did say one could use "a calculator". Presumably, one could balance it being fancy enough to be able to handle EC math, while not being fancy enough that one had to worry about it storing ones key for a long time or getting compromised in some fashion.
And one would probably be more willing to enter one's public key on a "real" computer to hash to generate the address, though you'd probably want to use multiple systems to make extra sure that the address one generated actually corresponded to the public key. The network allows payments straight to public keys instead of addresses just fine, though I don't know of any wallet software that makes doing so simple.

jackjack

legendary

Activity: 1176

Merit: 1260

May Bitcoin be touched by his Noodly Appendage

Quote from: pc on September 10, 2013, 09:22:52 AM

Or to be completely offline, you can flip a coin 256 times to make the private key and have a calculator and pencil and paper to calculate the public key and address. I want to do it one of these days just to show that it's possible.

Calculating the public key would require a crazy amount of motivation
Calculating the address is impossible

https://bitcointalksearch.org/topic/bitcoin-wallet-generation-by-hand-286534

pc

sr. member

Activity: 253

Merit: 250

Quote from: gravitate on September 10, 2013, 01:02:02 PM

Wow doing it with a coin is fascinating! Can you post a guide on this? It will give everyone a greater understanding of bitcoins too! Wow that really is intriguing

A private key is just a 256-bit random number. (Well, a number between 1 and hex value FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4141.) All your computer does to make a new address is pick a new random number, and then do some math that calculates the public key from that number. There isn't any magic to it; it's just math. So, any way that randomly picks 256 bits will work. Computers tend to use fancy cryptographic libraries that find good sources of randomness from the information available to a computer, since they tend to be poor at flipping literal coins.

My comment was a probably-too-long offhand remark that you need some technology that you trust to keep your private key private. Sometimes simple technology is best, since you can see how it works and if it's sending your data elsewhere easily. But even if you were to literally flip coins, you'd want to make sure there wasn't a camera or somebody watching you that would compromise your random number generation. Really it's an analogy for what you need your key generating computer to be doing: picking good-quality random numbers that nobody else can end up knowing.

gravitate

legendary

Activity: 1372

Merit: 1000

Wow doing it with a coin is fascinating! Can you post a guide on this? It will give everyone a greater understanding of bitcoins too! Wow that really is intriguing

pc

sr. member

Activity: 253

Merit: 250

Well, you seem to want hardware you can trust, but say that you don't trust any of your hardware. So, you need to get your hardware into a state where you trust it, or you need to acquire new hardware that you do trust. Something like a Raspberry Pi may be great for this sort of thing, though on "embedded" kinds of devices you want to make sure that your random number generator has enough entropy to work with.

Or to be completely offline, you can flip a coin 256 times to make the private key and have a calculator and pencil and paper to calculate the public key and address. I want to do it one of these days just to show that it's possible.

Rannasha

hero member

Activity: 728

Merit: 500

Quote from: gravitate on September 10, 2013, 06:46:57 AM

Rannesha I would have to wipe my os on my mac then right? Maybe I could do this with my pi

You don't need to wipe your Mac. Linux USB installations allow you to boot and run the full operating system from a USB stick. The harddisk with your Mac installation on it isn't touched (and any malware on it isn't started). Once you're done, restart the machine, remove the USB stick and it'll boot right back to your regular OS.

Of course, using a RPi works just as well.

gravitate

legendary

Activity: 1372

Merit: 1000

Rannesha I would have to wipe my os on my mac then right? Maybe I could do this with my pi

Topic: Generate an address - page 2. (Read 3036 times)