Pages:
Author

Topic: HOW are bitcoins stored? - page 2. (Read 5762 times)

full member
Activity: 131
Merit: 100
December 21, 2014, 04:40:35 PM
#47
Lets summarize or TLDR;

  • Bitcoins don't actually exist.
  • Wallets store one or more private keys.
  • A private key is a very large integer(number). Link to infograph https://i.imgur.com/IL6PV5E.jpg
  • Any type of bitcoin malware that has access to a machine where an unencrypted wallet resides CAN steal the bitcoins.

The link is very interesting, can I ask a few questions?

1- What does it mean to "f*ck up with the R values"?

2- Why does the impossibility of a computer counting to 2^256 prevent it from attacking bitcoin?

3- And why doesn´t that prevent the computer from generating private keys and making transactions?

4- Which makes me wonder, if private keys are generated randomly, then is there a chance of the same private key being generated twice?

1. R value is part of the algorithm by which a transaction is signed. If the same value is re-used twice, recovery of the private key is trivial. This only happens with badly written code/programmer errors.

2. Since a computer cannot count to 256 in a timely manner(billions of years even if a super computer was used), it cannot check EVERY private key for a balance.

3. Because there are so many. There are as many private keys as there are atoms in the UNIVERSE(well, slightly less than that in cosmic terms).

4. Nothing prevents it, but so long as entropy is sufficient(these are random bytes generated by your hardware) this is extremely unlikely. Or as somebody said, it's infinitely more likely to get hit by lightning 7 times in a row while winning the lottery 7 times in a row.

1- How can I be sure I will never "f*ck up my R values"?

2- So, there are exactly 2^256 private keys total?

3- And from what you said, I suppose it´s not profitable to get your computers to check one by one for balance, because there are so many and they will probably never find one that has already been used?

4- How many digits has the number 2^256?
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
December 21, 2014, 04:31:14 PM
#46
Lets summarize or TLDR;

  • Bitcoins don't actually exist.
  • Wallets store one or more private keys.
  • A private key is a very large integer(number). Link to infograph https://i.imgur.com/IL6PV5E.jpg
  • Any type of bitcoin malware that has access to a machine where an unencrypted wallet resides CAN steal the bitcoins.

The link is very interesting, can I ask a few questions?

1- What does it mean to "f*ck up with the R values"?

2- Why does the impossibility of a computer counting to 2^256 prevent it from attacking bitcoin?

3- And why doesn´t that prevent the computer from generating private keys and making transactions?

4- Which makes me wonder, if private keys are generated randomly, then is there a chance of the same private key being generated twice?

1. R value is part of the algorithm by which a transaction is signed. If the same value is re-used twice, recovery of the private key is trivial. This only happens with badly written code/programmer errors.

2. Since a computer cannot count to 256 in a timely manner(billions of years even if a super computer was used), it cannot check EVERY private key for a balance.

3. Because there are so many. There are as many private keys as there are atoms in the UNIVERSE(well, slightly less than that in cosmic terms).

4. Nothing prevents it, but so long as entropy is sufficient(these are random bytes generated by your hardware) this is extremely unlikely. Or as somebody said, it's infinitely more likely to get hit by lightning 7 times in a row while winning the lottery 7 times in a row.
full member
Activity: 131
Merit: 100
December 21, 2014, 04:25:37 PM
#45
Lets summarize or TLDR;

  • Bitcoins don't actually exist.
  • Wallets store one or more private keys.
  • A private key is a very large integer(number). Link to infograph https://i.imgur.com/IL6PV5E.jpg
  • Any type of bitcoin malware that has access to a machine where an unencrypted wallet resides CAN steal the bitcoins.

The link is very interesting, can I ask a few questions?

1- What does it mean to "f*ck up with the R values"?

2- Why does the impossibility of a computer counting to 2^256 prevent it from attacking bitcoin?

3- And why doesn´t that prevent the computer from generating private keys and making transactions?

4- Which makes me wonder, if private keys are generated randomly, then is there a chance of the same private key being generated twice?
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
December 21, 2014, 03:45:19 PM
#44
Lets summarize or TLDR;

  • Bitcoins don't actually exist.
  • Wallets store one or more private keys.
  • A private key is a very large integer(number). Link to infograph https://i.imgur.com/IL6PV5E.jpg
  • Any type of bitcoin malware that has access to a machine where an unencrypted wallet resides CAN steal the bitcoins.
full member
Activity: 210
Merit: 100
December 21, 2014, 03:26:22 PM
#43
Thanks everyone for the answers, they were really hepful. I am actually curious to know even more details about bitcoin, but right now my priority is how can I buy bitcoin without chance of being robbed. Someone mentioned having an offline computer, but the problem with that is that I have only one computer right now, I can´t have an offline one. So what´s the safest way to buy bitcoin with what I have? Would it be paper wallet or what?

Here's some physical wallet options - http://yocrypto.ca/listing-category/physical-wallets/

I personally use circle to purchase, and send to my woodwallet right away.

There is a whole bunch of free options for paper wallets.  Exchanges thrid party purchasing services, all might be a risk, but also quite important to the ecosystem and funtionality of Bitcoin.  Personally i wouldn't say stay clear 100%, but if you are going to use ANY service that puts a third party in charge of your fund, do your research. If you have to use it, 'get your coins, and withdraw into your paper wallet or w.e fast. If you're trading, make your trades and withdraw before bed. Just keep them close.  2FA wherever possible and just be aware of what is happening with the busines you are trusting your money with...

Can I ask you some questions?

1- What is a woodwallet?

2- How can I be sure my physical wallet won´t be hacked?

3- How to make a paper wallet with absolutely no chance of a hacker figuring out my key?

4- Supposing I already made my paper wallet, do I just buy bitcoins with its "external address"?

5- Shouldn´t I be worried about having a physical wallet, in the sense that if it breaks or is lost, my BTC is lost forever?


1. Wood wallet is one of many physical alternatives. Basically, physical wallets provide offline storage, or remove network connections and back doors.  You can use your physical wallet as a key to access savings, which cannot be taken out unless you scan the physical wallet. Wood wallet is a woodvariety thats roughly ~30 bucks, i chose it because it was cool looking, but there is many free alternatives, metal wallets, or others with screens and such.  Take a browse, some really cool technology coming out right now..


2. Physical wallet puts the security in your hands. As for hacking of them and tracking of them, I am not 100% on all my tech knowledge I would reccomend speaking with someone who's been around for a while and completely understands all the back end happening.

3. - I think this might help, offline address allows you to create a key while offline. https://www.offlineaddress.com/

4. - Purchase coins with w.e service or thorugh a miner, then send to the public or receive address in your physical wallet. NEVER NEVER NEVER NEVER share your private key.

5. - well, yes and no, keep it safe.  IT's physical, more like cash. If you leave it out and someone takes it your frigged, likewise, if your house is set on fire and you have a wood wallet, not looking good, although I know you can make backups, this si something a tech body could help you out with a bit more.  PAper wallet will never break, but it could get exposed to elements and yes, trouble...


I hope someone else reading this can touch base a little deeper with the tech side of things. Anyhow, if you have more Q's send a mesage I can help to extent of my knowledge.  I must say though, you are doing the right thing by coming in here and asking about it before willingly giing money to something that is unknown. Well done, and have a great time with bitcoin, this is a really cool place. Lots to be aware of, but i really enjoy Bitcoin and the community that supports its technology.
full member
Activity: 131
Merit: 100
December 21, 2014, 03:16:35 PM
#42
Thanks everyone for the answers, they were really hepful. I am actually curious to know even more details about bitcoin, but right now my priority is how can I buy bitcoin without chance of being robbed. Someone mentioned having an offline computer, but the problem with that is that I have only one computer right now, I can´t have an offline one. So what´s the safest way to buy bitcoin with what I have? Would it be paper wallet or what?

Here's some physical wallet options - http://yocrypto.ca/listing-category/physical-wallets/

I personally use circle to purchase, and send to my woodwallet right away.

There is a whole bunch of free options for paper wallets.  Exchanges thrid party purchasing services, all might be a risk, but also quite important to the ecosystem and funtionality of Bitcoin.  Personally i wouldn't say stay clear 100%, but if you are going to use ANY service that puts a third party in charge of your fund, do your research. If you have to use it, 'get your coins, and withdraw into your paper wallet or w.e fast. If you're trading, make your trades and withdraw before bed. Just keep them close.  2FA wherever possible and just be aware of what is happening with the busines you are trusting your money with...

Can I ask you some questions?

1- What is a woodwallet?

2- How can I be sure my physical wallet won´t be hacked?

3- How to make a paper wallet with absolutely no chance of a hacker figuring out my key?

4- Supposing I already made my paper wallet, do I just buy bitcoins with its "external address"?

5- Shouldn´t I be worried about having a physical wallet, in the sense that if it breaks or is lost, my BTC is lost forever?
full member
Activity: 210
Merit: 100
December 21, 2014, 03:06:05 PM
#41
Thanks everyone for the answers, they were really hepful. I am actually curious to know even more details about bitcoin, but right now my priority is how can I buy bitcoin without chance of being robbed. Someone mentioned having an offline computer, but the problem with that is that I have only one computer right now, I can´t have an offline one. So what´s the safest way to buy bitcoin with what I have? Would it be paper wallet or what?

Here's some physical wallet options - http://yocrypto.ca/listing-category/physical-wallets/

I personally use circle to purchase, and send to my woodwallet right away.

There is a whole bunch of free options for paper wallets.  Exchanges thrid party purchasing services, all might be a risk, but also quite important to the ecosystem and funtionality of Bitcoin.  Personally i wouldn't say stay clear 100%, but if you are going to use ANY service that puts a third party in charge of your fund, do your research. If you have to use it, 'get your coins, and withdraw into your paper wallet or w.e fast. If you're trading, make your trades and withdraw before bed. Just keep them close.  2FA wherever possible and just be aware of what is happening with the busines you are trusting your money with...
full member
Activity: 131
Merit: 100
December 21, 2014, 02:57:45 PM
#40
Thanks everyone for the answers, they were really hepful. I am actually curious to know even more details about bitcoin, but right now my priority is how can I buy bitcoin without chance of being robbed. Someone mentioned having an offline computer, but the problem with that is that I have only one computer right now, I can´t have an offline one. So what´s the safest way to buy bitcoin with what I have? Would it be paper wallet or what?
hero member
Activity: 518
Merit: 500
Hodl!
December 14, 2014, 10:27:02 AM
#39
 I really haven't heard of offline bitcoins being stolen.

I can't point to a specific example, but it's well known that private keys generated by a "brain wallet" can be insecure, and exhibit vulnerability to dictionary attacks or just plain guessing.

Offline, really just means that the keys cannot be stolen through an internet connection, it does not mean that insecure keys cannot be cracked.

There is a collection of small wallets that have had balance using passphrases from Star Wars films, such as "do or do not there is no try" or "may the force be with you" I am not sure if anyone actually used them or whether they were set up as Easter Eggs.
legendary
Activity: 3472
Merit: 4801
December 14, 2014, 10:20:38 AM
#38
Hmmm. Interesting, this is actually the point of me having started this thread. All I want is to be completely sure there is no chance of my BTC being stolen. Ok, so let me see if I understand: Prepare the transaction online with a watch-only wallet (which brings the question: what is a watch-only wallet?),

A "watch only" wallet is a piece of software that knows what your bitcoin addresses are, but that does not have your private keys.  This software can search the blockchain for unspent transaction outputs sent to those addresses.  The software can use its knowledge of these unspent outputs to tell you how much bitcoin you are able to control and to create unsigned transactions that transfer some of that value wherever you wish.  These unsigned transactions can't be used on the bitcoin network until they are signed, but they can be copied to something external (such as a USB drive or a printed QR Code) and then physically transported to an offline computer.

then the unsigned (?) transaction goes to offline computer.

Correct.

Inside the offline computer (now disconnected from the online one, so that it can´t be hacked?), the transaction is signed.

Correct.

Then the signed transaction (maybe I put it in a usb so that both the online and offline computers won´t actually connect to each other), then the signed transaction (BTW what is a "signed transaction"?)

A signed transaction is a transaction that includes a special number that is unique to the exact specific transaction, and that can only be created with knowledge of the private key, but which can be verified with knowledge of the public key.  I explained this earlier, remember:

Any data (such as a bitcoin transaction for example) can be converted into a numeric representation.  Using the private key and the numeric representation of the data, it is possible to calculate another number (a digital signature of that data).  Using the public key, it is possible for anyone to validate that the matching private key was used to generate the signature, even though the private key isn't know.  If any of the data changes (even a single bit), then the digital signature will no longer match, and everyone will know that the data presented was not the data that was signed.  Therefore, it is possible to create and then sign a transaction, and nobody can modify the transaction on you without re-signing the transaction with the private key.  As long as you are the only person that knows the private key, you are the only person that can create valid verifiably signed transactions.[/i]


goes to online computer, then it is done.

Correct.

And in all of the process, a hacker never had even a milisecond of chance of getting my keys, right?

Unless they break into your home (or business, or wherever you store your offline computer) and physically access the computer and copy the private keys.

Now my questions are:

-What is a watch-only wallet,

You already asked this question earlier.  It has already been answered.

how to get one?

There are a couple of wallets that provide the ability to split the wallet functionality into an online "watch only" wallet and an offline "signing" wallet.  The two most popular are Electrum and Armory.  Armory is a "full node" and stores a complete copy of the blockchain.  Electrum depends on someone running an Electrum server to provide the blockchain information.

-What is an unsigned transaction and what is a signed transaction?

An unsigned transaction is a list of unspent outputs that are to be spent, and a list of scripts that encumber new unspent outputs with a specific requirement before they can be spent.  The most common requirement new outputs are encumbered with is a digital signature from a private key that is associated with a particular bitcoin address.  This transaction doesn't yet have the digital signatures that satisfy the script requirements of the outputs that are being spent.

A signed transaction is the same lists except that each of the outputs in the list of outputs that are being spent includes a digital signature of the transaction that satisfies th signature requirements in the output's script.

-Should I transport the "unsigned transaction" to the offline computer through a usb, and sign it there, then get it back on the online pc?

USB is the most common method.  There is cerrtainly a small risk that the USB could include malware that will affect the offline computer.  If you are truly concerned about that, you might want to look into a non electronic method of transporting data.

-What software in the offline pc will sign the transaction?

There are several pieces of software that can handle that.  Typically it is handled by the offline half software designed for being split into an online and offline functionality, such as Armory or Electrum.

-Do I really need an offline pc or can I just unplug the internet, sign the transaction, and then plug it back

That depends on how concerned you are about malware.

(or could malware detect, save my key, and later send it to hacker)?

Correct.
hero member
Activity: 630
Merit: 500
December 14, 2014, 09:33:52 AM
#37
The moment I was writing that reply above, I knew you will be asking that questions.
Sorry, my english is not so good to explain it all.

Will just say this: yes (if you are so paranoid), you need a separate, offline, computer that is used only for bitcoin wallet software, and has no connection to any other computer or network. You put a clean system on it, install wallet software, and use it only for signing transactions.

https://electrum.org/tutorials.html#offline-mpk
full member
Activity: 131
Merit: 100
December 14, 2014, 09:26:04 AM
#36
Thanks everyone for the answers, they were really helpful. Let me see if I get it right: the safest way to keep BTC would be in an offline computer (or paper or mind, but offline). Ok, but I suppose to make transactions you would need to make them with another computer, and online. But then in order to make a transaction, you would need to type your private key? But in that exact moment when you have to type your key, there could be a keylogger watching, so can I ever be 100% sure no one can steal my BTC even during the few seconds when I type my key to make a transaction?

You can prepare the transaction online, with watch-only wallet, transfer that to offline computer on USB, and sign the transaction with private key there. Signed transaction is then transfered back to online wallet and broadcast to network.
Or use a hardware wallet - private keys are generated there, and never leave.


Hmmm. Interesting, this is actually the point of me having started this thread. All I want is to be completely sure there is no chance of my BTC being stolen. Ok, so let me see if I understand: Prepare the transaction online with a watch-only wallet (which brings the question: what is a watch-only wallet?), then the unsigned (?) transaction goes to offline computer. Inside the offline computer (now disconnected from the online one, so that it can´t be hacked?), the transaction is signed. Then the signed transaction (maybe I put it in a usb so that both the online and offline computers won´t actually connect to each other), then the signed transaction (BTW what is a "signed transaction"?) goes to online computer, then it is done. And in all of the process, a hacker never had even a milisecond of chance of getting my keys, right?

Now my questions are:

-What is a watch-only wallet, how to get one?
-What is an unsigned transaction and what is a signed transaction?
-Should I transport the "unsigned transaction" to the offline computer through a usb, and sign it there, then get it back on the online pc?
-What software in the offline pc will sign the transaction?
-Do I really need an offline pc or can I just unplug the internet, sign the transaction, and then plug it back (or could malware detect, save my key, and later send it to hacker)?
hero member
Activity: 630
Merit: 500
December 14, 2014, 09:06:08 AM
#35
Thanks everyone for the answers, they were really helpful. Let me see if I get it right: the safest way to keep BTC would be in an offline computer (or paper or mind, but offline). Ok, but I suppose to make transactions you would need to make them with another computer, and online. But then in order to make a transaction, you would need to type your private key? But in that exact moment when you have to type your key, there could be a keylogger watching, so can I ever be 100% sure no one can steal my BTC even during the few seconds when I type my key to make a transaction?

You can prepare the transaction online, with watch-only wallet, transfer that to offline computer on USB, and sign the transaction with private key there. Signed transaction is then transfered back to online wallet and broadcast to network.
Or use a hardware wallet - private keys are generated there, and never leave.
full member
Activity: 131
Merit: 100
December 14, 2014, 08:43:36 AM
#34
Thanks everyone for the answers, they were really helpful. Let me see if I get it right: the safest way to keep BTC would be in an offline computer (or paper or mind, but offline). Ok, but I suppose to make transactions you would need to make them with another computer, and online. But then in order to make a transaction, you would need to type your private key? But in that exact moment when you have to type your key, there could be a keylogger watching, so can I ever be 100% sure no one can steal my BTC even during the few seconds when I type my key to make a transaction?
newbie
Activity: 28
Merit: 0
December 14, 2014, 08:06:30 AM
#33
No need to be rude, when people don't know things.

You don't actually store the coins, you store key pairs that according to the public ledger have a balance.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
December 14, 2014, 06:43:32 AM
#32
also take a look at a hardware wallet:

http://www.coindesk.com/ledger-launches-usb-bitcoin-wallet-bank-grade-security/


secure and cheap
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
December 14, 2014, 06:32:39 AM
#31
This video explains some things about BTC in an easily understandable manner:
https://www.youtube.com/watch?v=ZloHVKk7DHk
hero member
Activity: 579
Merit: 500
CoinQuacker
December 14, 2014, 03:49:45 AM
#30
Just want to weigh in here about one question which had to do with online coins. So this is where I think a lot of people really blow it with the concept of bitcoin. Essentially it is a software protocol that allows people to collectively agree on something (bitcoin is more of an agreement protocol than it is a payment protocol). What everyone is actually agreeing to is the ownership of these "coins" or digital tokens in a distributed ledger. Since these tokens can be traded instantly to anyone in the world almost instantly, now you have a payment protocol assuming the tokens have value, which is ironically self-fulfilling prophecy: the more people that use it the more they say it's worth (by buying it and such). Bitcoin can be more accurately described as an asset IMO (like gold) than a currency.

So for the first time people can exchange tokens with each other in a peer-to-peer fashion which is bitcoin's central functionality (this wasn't possible before bitcoin), so what do people do, they run around and store their coins online at 3rd party websites (like MtGox)! It's kind of insane, and is exactly NOT the point of bitcoin. This is what I think people miss: Here you have a system where you can keep a couple of coins in a personal file on your computer and you voluntarily let someone else hold them for you? Doesn't make sense!

What is bitcoin ownership ultimately? The private key. When 3rd parties gets hacked, this is what they lose to the hackers. Convince yourself:

- download bitcoin and install (block chain takes awhile to sync)
- go to a faucet like freebitco.in and roll for some free coins. You can have 10,000-20,000 satoshi (0.0001 - 0.0002 BTC) in like a week or so. The expected value per roll is about 2 cents, so in 50 rolls you'll have a buck, theoretically. You can roll once an hour. You can even refer people ....   Grin
- Send the coins to your personal bitcoin client (from the above site they auto-withdraw once a week I believe)
- Once received, copy the address you sent them to
- Open the client -> go to help -> debug window -> console
- in the command line area type "dumpprivkey " (no quotes or brackets)
- copy the output (this is the private key!)
- go to this folder (this is where your wallet lives in "wallet.dat") c:\Users\[YOU]\AppData\Roaming\Bitcoin   [note, this is for windows]
- delete wallet.dat (your coins are now toast). You can also just rename it wallet2.dat or something else, or move it to your desktop or whatever, for this exercise.
- reopen bitcoin (it will generate a new, blank, wallet.dat file automatically if you don't have one there)
- go back to the console and type importprivkey
- your coins come back!

When people make cold-storage, paper wallets they dump the private key and delete all traces of the software. Therefore you really don't even need a wallet file. You just need that private key. You could even memorize, and all of your net bitcoin wealth exists solely in your brain. Imagine that, flying overseas with a memorized key in your head that unlocks $10M in bitcoins. Kind of a cool concept. WITH BITCOIN YOU DON'T OWN ANY COINS. THAT'S JUST A WORD. YOU OWN A PRIVATE KEY.

Lastly, one thing I really enjoy about bitcoin (or any of the 400 alts out there, they really all work the same) is that it is meant to be USED. And I mean beat on like a rented mule. Download the client, play around in the command line area, make several wallets and move some coins around. I mean, if you play around with the client, know of and can manipulate the wallet file, back it up, play with keys and such you are literally 99% further along with bitcoin than the rest of the public, and all of that would take you less than a few hours on a weekend. Welcome to the Top 1%! Not bad for being a noob just earlier today! PLus a lot of the answers to your questions that others have posted in here begin to make a lot of sense, so that's the real benefit of playing around with it, if you really are indeed curious how it works.
sr. member
Activity: 507
Merit: 250
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
December 13, 2014, 11:50:57 PM
#28


It´s amazing that someone thought about all of that stuff and programmed the bitcoin to address all of those issues.  

Yes, it is amazing.  That is why Satoshi is hailed as a genius and Bitcoin as a revolutionary invention.

Doubly remarkable is that Satoshi not only created a stunning new concept, but also managed
to nail so many of the particulars in his implementation.
Pages:
Jump to: