Pages:
Author

Topic: GUIDE: Securely storing large amounts of bitcoin (brain wallet/paper wallet) (Read 14178 times)

full member
Activity: 158
Merit: 100
I was taught that there weren't any stupid questions.

Then again I was taught a penny saved was a penny earned. Then they went and took them out of circulation because they cost 1.6 cents to make. Anyone figure out what it costs to make a Bitcoin yet?
full member
Activity: 158
Merit: 100
From Pente "In summary, create your own system (including punctuation) that involves a long complex phrase (but possibly public) with a simple private phrase to make a consistant salt phrase (you can even write it down & store it somewhere safe). Now you just add different passwords to your salt phrase to create a safe list of addresses & public keys. I keep a bunch of brainwallets this way so that I can use one without compromising the rest."


Regarding a brain wallet using obscure phrases. Would I be safe in assuming that using two or three obscure phrases that I am confident in remembering yet could save/store as the basis from which I uses a formula from those phrases?

Such as rather than complete words use not too complicated designated 1st, 2nd, 3rd or even last letter in each word for each different phrase. ie; Show unread posts since last visit. Show new replies to your posts. Watchlist can break down to hnoiai*WWSORS*W

In above sample the second, last and first letters of each separate phrase or sentence is capitalized which is easy enough to remember as is separating each phrase with some character. This way you could have a favorite collection of phrases or sentences, phone numbers, even family members and their birth dates and phone numbers.

There's a SHA-512 converter online (really don't know if it's something anyone would want to use) http://hash.online-convert.com/sha512-generator but using that converter gives my broken down phrases these results.

hex: 096d323baf815c52868889dd9c3f4f228c739c9e903f9d3a46126890a3295c2c89c2fb3bc2822eb 6dcaee35c324ea5498c5b2a678dc7c89602b565a78d74360f

HEX: 096D323BAF815C52868889DD9C3F4F228C739C9E903F9D3A46126890A3295C2C89C2FB3BC2822EB 6DCAEE35C324EA5498C5B2A678DC7C89602B565A78D74360F

h:e:x: 09:6d:32:3b:af:81:5c:52:86:88:89:dd:9c:3f:4f:22:8c:73:9c:9e:90:3f:9d:3a:46:12:68:90:a3:29:5c:2c:89:c2:fb:3b:c2:82:2e:b6:dc:ae:e3:5c:
32:4e:a5:49:8c:5b:2a:67:8d:c7:c8:96:02:b5:65:a7:8d:74:36:0f

base64: CW0yO6+BXFKGiIndnD9PIoxznJ6QP506RhJokKMpXCyJwvs7woIuttyu41wyTqVJjFsqZ43HyJYCtWWnjXQ2Dw==

Am I correct in assuming I could take any of these results and run it through again. For example the hex result 096d323baf815c52868889dd9c3f4f228c739c9e903f9d3a46126890a3295c2c89c2fb3bc2822eb 6dcaee35c324ea5498c5b2a678dc7c89602b565a78d74360f   thus acquiring this base64: Z1VlNplzyxJhNStJRqmiKq2TnK4/e8Hjv15pVvoaYGSZRHZjhKG994W9ouL6KkK8OE/y1Vddy/Ee7UvPrEfaBA==  

Just wanting to get some feedback as to whether I'm getting close to figuring out a brain wallet that I only need to remember the sequence of letters chosen from each individual word. The phrases or sentences can be hidden in plain sight on the web or in some familiar books on a shelf. I wouldn't even need to highlight them.

I'd like to think that, as already mentioned, two to four unrelated phrases might generate a base for procuring a comparatively easy way to create and remember a brainwallet. Or can I possibly just use my own generated (above sample-hnoiai*WWSORS*W) result? Does it really need to be a minimum number of letters numbers and characters to be strong? And is using a converter, online or offline, an absolute must?

Maybe I'm missing something here but I've pretty much sold myself on brain wallets for long term storage and easily generated short term use.

edited punctuation for clarity
full member
Activity: 474
Merit: 111
Brainwallets can be mined because SHa256 is a fast hash.
An option might be to use your password, hashed with a slower hash function like BCrypt, then use the output of that as the input of your Brainwallet.
Someone has gone along this path by creating Warpwallet


https://keybase.io/warp/warp_1.0.6_SHA256_e68d4587b0e2ec34a7b554fbd1ed2d0fedfaeacf3e47fbb6c5403e252348cbfc.html
sr. member
Activity: 304
Merit: 250
I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline
I did as in OP's guide which is using Brainwallet.org offline to sign a transaction.

Try http://eligius.st/~wizkid057/newstats/pushtxn.php
Code:
Trying to send...
array(3) {
  ["result"]=>
  NULL
  ["error"]=>
  array(2) {
    ["code"]=>
    int(-22)
    ["message"]=>
    string(11) "TX rejected"
  }
  ["id"]=>
  string(1) "1"
}
Response = 0

Then your inputs must be wrong. Blockchain has been having issues. If it's a small amount you can get away with doing it online.
The inputs were collected from http://blockexplorer.com/q/mytransactions/ as described by OP. Is there another way I can save inputs?

Should this one work with Brainwallet? http://blockchain.info/address/$bitcoin_address?format=json
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

This, 1000X this.  Brain wallets should never be used, humans suck at coming up with something a computer can't guess.

huh?   The distinction was just made that brainwallets with human generated passphrases shouldn't be used,
NOT that brainwallets of any sort are unsafe.  The whole point is that you can use a brainwallet with a computer
generated
passphrase.

Even certain human generated passphrases might be safe, but the issue is that the entropy cannot be measured
so you are better off letting the computer do it.

legendary
Activity: 2912
Merit: 1060
I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline
I did as in OP's guide which is using Brainwallet.org offline to sign a transaction.

Try http://eligius.st/~wizkid057/newstats/pushtxn.php
Code:
Trying to send...
array(3) {
  ["result"]=>
  NULL
  ["error"]=>
  array(2) {
    ["code"]=>
    int(-22)
    ["message"]=>
    string(11) "TX rejected"
  }
  ["id"]=>
  string(1) "1"
}
Response = 0

Then your inputs must be wrong. Blockchain has been having issues. If it's a small amount you can get away with doing it online.
sr. member
Activity: 434
Merit: 250

If we use "sank thou" instead of "thank you", would that avoid dictionary attack?
If anyone else ever did the same and their password was part of a leak, then that password would probably become part of cracking dictionaries.
Also, both "sank" and "thou" are real English words, so they are part of any dictionary. Smiley

If we mix English, Chinese, French and many other languages, the dictionary will be huge.
sr. member
Activity: 304
Merit: 250
Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

This, 1000X this.  Brain wallets should never be used, humans suck at coming up with something a computer can't guess.

If we use "sank thou" instead of "thank you", would that avoid dictionary attack?
If anyone else ever did the same and their password was part of a leak, then that password would probably become part of cracking dictionaries.
Also, both "sank" and "thou" are real English words, so they are part of any dictionary. Smiley
sr. member
Activity: 304
Merit: 250
Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

This, 1000X this.  Brain wallets should never be used, humans suck at coming up with something a computer can't guess.

If we use "sank thou" instead of "thank you", would that avoid dictionary attack?
If anyone else ever did the same and their password was part of a leak, then that password would probably become part of cracking dictionaries.
sr. member
Activity: 434
Merit: 250
Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

This, 1000X this.  Brain wallets should never be used, humans suck at coming up with something a computer can't guess.

If we use "sank thou" instead of "thank you", would that avoid dictionary attack?
sr. member
Activity: 304
Merit: 250
I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline
I did as in OP's guide which is using Brainwallet.org offline to sign a transaction.

Try http://eligius.st/~wizkid057/newstats/pushtxn.php
Code:
Trying to send...
array(3) {
  ["result"]=>
  NULL
  ["error"]=>
  array(2) {
    ["code"]=>
    int(-22)
    ["message"]=>
    string(11) "TX rejected"
  }
  ["id"]=>
  string(1) "1"
}
Response = 0
legendary
Activity: 2912
Merit: 1060
I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline
I did as in OP's guide which is using Brainwallet.org offline to sign a transaction.

Try http://eligius.st/~wizkid057/newstats/pushtxn.php
sr. member
Activity: 304
Merit: 250
I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline
I did as in OP's guide which is using Brainwallet.org offline to sign a transaction.
legendary
Activity: 2912
Merit: 1060
I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?

try doing with brainwallet offline
sr. member
Activity: 304
Merit: 250
I've followed this guide a few time to succesfully offline sign transactions and then broadcast them from another computer.

However, now that I try I get an "Invalid Signature" error when attempting to broadcast from blockchain.info/pushtx . I've also tried broadcasting the same TX from Electrum and get error code 25.

I tried twice with no luck.

Any ideas?
hero member
Activity: 529
Merit: 527
Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

I totally disagree and I am sick of hearing people say that brainwallets aren't safe. Sufficient length & randomness should suffice. Create a salt phrase that you use with every password.
Your salt phrase should include something long (can be public) & something private.
Examples:
"Pi=3.14159265358979323846&MyFirstPhoneNumber=800-555-1222"
"10!=3628800(Base10)=375F00(Hex)&I_LOVE_PATTAYA"
"InverseNaturalLogSeven=1096.6331584284585992637202382881&Starcraft>Chess>Checkers"
"Thanks:Danke:Asante:Salamat:ขอบคุณ:Gracias&I_WAS_BORN_ON_A_MONDAY"

You might want to write this part down somewhere safe if you have ever forgotten anything in your life.

Now when you create your brainwallet, just add a password to your standard salt phrase.

"Thanks:Danke:Asante:Salamat:ขอบคุณ:Gracias&I_WAS_BORN_ON_A_MONDAY"Alpha
Public Key:1EXLETbRDmwsB4gJimQhprvktZDXLkoDWT
Private Key:5KPgmne3z4vo8uPwKHDF6gZbDJpiXALLY9fipEuKtMLH9pbdbi7

"Thanks:Danke:Asante:Salamat:ขอบคุณ:Gracias&I_WAS_BORN_ON_A_MONDAY"Bravo
Public Key:1AxTsiWDsMu3ijy2s3NTF6kk1zJRUGjNyh
Private Key:5KEcUhqeSP4WAvaRRytXD3ChcnLUheaUX5yVLen244q8wHtGmxR

I keep a list of passwords with their public keys. The salt portion is only in my head and I mentally review fairly often. I never store the private keys. I actually store my public keys in a HTML file online so that I can easily access them from anywhere in the world with internet.

Alpha:1EXLETbRDmwsB4gJimQhprvktZDXLkoDWT
Bravo:1AxTsiWDsMu3ijy2s3NTF6kk1zJRUGjNyh

In summary, create your own system (including punctuation) that involves a long complex phrase (but possibly public) with a simple private phrase to make a consistant salt phrase (you can even write it down & store it somewhere safe). Now you just add different passwords to your salt phrase to create a safe list of addresses & public keys. I keep a bunch of brainwallets this way so that I can use one without compromising the rest.

If I need some more bitcoins, I just use brainwallet offline (and in safe mode) to re-create my private key, save that, then restart my computer, go online and add it to my blockchain.info account.



legendary
Activity: 784
Merit: 1000
Brainwallets with human generated passphrases are a bad idea. Doesn't matter if it's offline or online they are just a bad idea period.

This, 1000X this.  Brain wallets should never be used, humans suck at coming up with something a computer can't guess.
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Wouldn't you need all those libraries installed on your computer too?
hero member
Activity: 870
Merit: 585
note, instead of using brainwallet.html, you can use this much smaller file, don't remember where I found it but I have used it to make a successful transaction.
Paste into a text editor and save it as an .html file, for example you could name it offlineTransaction.html
Clicking on the file will make it open in a browser (as stated, have wifi turned off etc. when you do this), and you can generate the transaction offline.  Then go back online, paste into blockchain.info/pushtx, and send your tx on its way.



Untitled
































Transaction history:



Private key in base 58:





Address:
(unknown)

Balance:
(unknown)




Target address:



Amount:



Fee:





Transaction:






Pages:
Jump to: