Pages:
Author

Topic: How does someone with a single wallet with 30k coins not feel vulnarable? (Read 2889 times)

hero member
Activity: 784
Merit: 500
Think about it. 30,000 coins. A public key that everyone knows about now. And perhaps 10,000 computers guessing at the private key? I'd feel vulnerable.

that is all
10,000 computers and still billions(or if not, then millions) of years away before they may hit a key.

This.

legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
How does quantum computing change the game at all? I know Satoshi was aware of the potential of quantum computing and had mentioned it once or twice. Anyone know much about how it will affect bitcoin?

Quantum computers are decades away from making any impact.  Bitcoin could be upgraded
to post-quantum cryptography in the future if necessary.



Are there any articles or anything about the topic? It sounds interesting. I don't really know what the theories are regarding how they could potentially break SHA256. It sounds interesting though.

And also are there already people theorizing on a post-quantum cryptography?

wikipedia is your friend (sometimes)
http://en.wikipedia.org/wiki/Quantum_computer


Yeah, but I was more looking for some articles written about it with regards to bitcoin. But thank you.

according to Wikipedia, the largest number factored by a quantum computer was "143".
that's not a very big number.  so we are pretty far.  that's why no one is really
too concerned right now or writing many bitcoin articles about it.
legendary
Activity: 826
Merit: 1002
amarha
How does quantum computing change the game at all? I know Satoshi was aware of the potential of quantum computing and had mentioned it once or twice. Anyone know much about how it will affect bitcoin?

Quantum computers are decades away from making any impact.  Bitcoin could be upgraded
to post-quantum cryptography in the future if necessary.



Are there any articles or anything about the topic? It sounds interesting. I don't really know what the theories are regarding how they could potentially break SHA256. It sounds interesting though.

And also are there already people theorizing on a post-quantum cryptography?

wikipedia is your friend (sometimes)
http://en.wikipedia.org/wiki/Quantum_computer


Yeah, but I was more looking for some articles written about it with regards to bitcoin. But thank you.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
How does quantum computing change the game at all? I know Satoshi was aware of the potential of quantum computing and had mentioned it once or twice. Anyone know much about how it will affect bitcoin?

Quantum computers are decades away from making any impact.  Bitcoin could be upgraded
to post-quantum cryptography in the future if necessary.



Are there any articles or anything about the topic? It sounds interesting. I don't really know what the theories are regarding how they could potentially break SHA256. It sounds interesting though.

And also are there already people theorizing on a post-quantum cryptography?

wikipedia is your friend (sometimes)
http://en.wikipedia.org/wiki/Quantum_computer
full member
Activity: 168
Merit: 100
This thread just gave me a great idea for a movie.  Cool
legendary
Activity: 1246
Merit: 1011
Suppose that a 2-of-3 key storage system is in use.  Label the private key locations as A, B, and C and let p(A), p(B), and p(C) be the respective probabilities that these locations become compromised (within a certain time window related to checking/key-refreshing freqeuncy; compromised meaning either theft or destruction).  Suppose that A is far more secure than B and C, so much so that p(A) > p(B)p(C).  In this case, storing the bitcoins with a single key at A offers greater security.

Well you can encrypted (BIP32) each of the multisig keys. 

For example I keep one of my multisig keys in a safety deposit box.  Sure it could be compromised but the probability that the box with be compromised AND the passphrase brute forced is remote.

Yes, a practical enhancement, even under the simplifying assumption that the passphrase is stored at A.  My argument was only that 2-of-3 encryption is not necessarily more secure than vanilla encryption.  One needs assumptions about the relative security (and independence) of the three locations to make this deduction.

It seems unlikely to me that a person would have one location so much more secure than any others that my argument will apply.  A prisoner may qualify, who's mind may be far more secure against searches than anything external to their body.  I imagine that most people with 30k bitcoins will have access to a range of highly secure locations.
legendary
Activity: 826
Merit: 1002
amarha
How does quantum computing change the game at all? I know Satoshi was aware of the potential of quantum computing and had mentioned it once or twice. Anyone know much about how it will affect bitcoin?

Quantum computers are decades away from making any impact.  Bitcoin could be upgraded
to post-quantum cryptography in the future if necessary.



Are there any articles or anything about the topic? It sounds interesting. I don't really know what the theories are regarding how they could potentially break SHA256. It sounds interesting though.

And also are there already people theorizing on a post-quantum cryptography?
hero member
Activity: 784
Merit: 1000
https://youtu.be/PZm8TTLR2NU
Think about it. 30,000 coins. A public key that everyone knows about now. And perhaps 10,000 computers guessing at the private key? I'd feel vulnerable.

that is all
10,000 computers and still billions(or if not, then millions) of years away before they may hit a key.
Billions was correct.

donator
Activity: 1218
Merit: 1079
Gerald Davis
How does someone with a single wallet (with all their coins in) not have an address that starts with a fucking 3? That's what I want to know.

Suppose that a 2-of-3 key storage system is in use.  Label the private key locations as A, B, and C and let p(A), p(B), and p(C) be the respective probabilities that these locations become compromised (within a certain time window related to checking/key-refreshing freqeuncy; compromised meaning either theft or destruction).  Suppose that A is far more secure than B and C, so much so that p(A) > p(B)p(C).  In this case, storing the bitcoins with a single key at A offers greater security.

Well you can encrypted (BIP32) each of the multisig keys for added security.  For example I keep one of my multisig keys in a safety deposit box.  Sure it could be compromised but the probability that the box with be compromised AND the passphrase brute forced is remote.  The redundant systems are always a good idea.   Your house may be very secure.  You may even have a $50,000 safe protecting your cold storage private key but disasters do happen.  The loss of the key in a single key system would be catastrophic.  Lost funds are just as gone as stolen funds.

For the OP, if all you are worried about is the loss of a single key you can accomplish secure m-of-n redundancy without using on blockchain multisig.  Shamir's Secret Sharing is an algorithm which allows you to break a secret (i.e. a private key) into n pieces such that you need m of them to reconstruct the original secret.  The m and n can be decided at the time the shared secret is created and can be adapted to a number of needs.  Another secure but less flexible option is just to XOR multiple "subkeys" together to produce the full key.  It is deceptively simple but due to the nature of XOR even if an attacker has all the subkeys but one the security of the full key hasn't be reduced at all.

The tools for multisig are still a little rough and they were a lot more rough in the past.   Due to the limited support for multisig it is possible that some of those high value "single keys" while being encumbered by a single bitcoin private key are stored anywhere as a single complete key.  I used SSS over multisig but I switched recently to P2SH multisig because the tools had adapted enough that I felt comfortable using it.



legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
How does quantum computing change the game at all? I know Satoshi was aware of the potential of quantum computing and had mentioned it once or twice. Anyone know much about how it will affect bitcoin?

Quantum computers are decades away from making any impact.  Bitcoin could be upgraded
to post-quantum cryptography in the future if necessary.

legendary
Activity: 826
Merit: 1002
amarha
How does quantum computing change the game at all? I know Satoshi was aware of the potential of quantum computing and had mentioned it once or twice. Anyone know much about how it will affect bitcoin?
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
If I wanted to steal these 30k, I would not try to brute-force this address. I would simply try simple and efficient techniques like, say, home-jacking, kidnapping or some other "traditional" techniques. These old-fashioned methods work even on cold storages !

The main threat against one's wallet is a matter of pure common sense.
Did you use an online computer to generated your keys ? Or even worse, a website ?
Where do you store them ? Who knows where they are ?
Are they stored in a way they cannot be altered by the years ?
Even better: does someone KNOW you own these BTC ?

Personally, if I ever had to store such a fortune, I would have generated the private/public keys with an offline computer (without network hardware), wrote it down by hand (or engraved on metal or even stone, whatever...) double-checked, triple-checked, then destroyed the computer used to generate the key and hidden the keys in a safe place. A really safe place. Not my pocket, nor a safe in my house. And I would never, ever talk about it to anyone until I decide to spend it...


This.


But even still, I wouldn't put all the 30k in one wallet. I'd divide it up fairly small, just in case I were to lose a private key or something. That would make for a bad day. 

Separate wallets with separate points of failure linearly increase the
chances the some funds will be stolen, but
exponentially decrease the chances that ALL funds will be stolen.
legendary
Activity: 1246
Merit: 1011
How does someone with a single wallet (with all their coins in) not have an address that starts with a fucking 3? That's what I want to know.

Suppose that a 2-of-3 key storage system is in use.  Label the private key locations as A, B, and C and let p(A), p(B), and p(C) be the respective probabilities that these locations become compromised (within a certain time window related to checking/key-refreshing freqeuncy; compromised meaning either theft or destruction).  Suppose that A is far more secure than B and C, so much so that p(A) > p(B)p(C).  In this case, storing the bitcoins with a single key at A offers greater security.
legendary
Activity: 4410
Merit: 4766

*facepalm*

You don't have to give the other private keys to other people.

You can have 3 private keys, instead of one.

Need two for any transaction to occur...

Keep one in a bank vault, one in a safe in your house, and encrypt the other one, cut it in half and store one half at a friend's place, and one and a parent's or another friend.

That is 100000000000x fucking less risky than just having one private key.

tl;dr multi sig is for EVERYONE that understands the concept of 2 factor authentication.

i have my own ways of securing my stash. none of which involve friends or family securing my stuff...
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
How does someone with a single wallet (with all their coins in) not have an address that starts with a fucking 3? That's what I want to know.

multisig is for corporations, board members and other groups.

i dont trust anyone else with my hoard, so why would i give 2 other people the ability to play with my coins behind my back..

I hope to upgrade my cold-storage to m of n signatures. I would be the one with access to all 3 keys, but they would be stored in 3 different locations.
hero member
Activity: 854
Merit: 500
Nope..
And perhaps 10,000 computers guessing at the private key?

I don't think you can find that many retards in this community....

You'd be very, very surprised.  The trick is, don't to after the guy everybody knows has a bundle.  Go after the guys talking about the guy with the bundle.  I wonder, if I announced my coins were on a certain sever at a certain IP address, would I get some unwanted suitors?  I may have I test that out in a honeypot.
sr. member
Activity: 364
Merit: 250
I'd be nervous with that kind of money whether it's bitcoin, dollars, or something else.  If you use some common sense and have proper real life security you should be fine.

Like others said, the ability to crack that key is so far fetched right now.
legendary
Activity: 812
Merit: 1002
How does someone with a single wallet with 30k coins not feel vulnarable?

Why don't you ask satoshi? Or mtgox's "stolen" coins? Those amount to much more than 30k btc.
sr. member
Activity: 644
Merit: 260
Mathematically it is very unlikely that  any computer will be able to "guess" the private key of the subject address. There is a much higher chance that the computer housing the private key somehow is compromised and signs a TX with the private key
legendary
Activity: 1652
Merit: 1029
How does someone with a single wallet (with all their coins in) not have an address that starts with a fucking 3? That's what I want to know.

multisig is for corporations, board members and other groups.

i dont trust anyone else with my hoard, so why would i give 2 other people the ability to play with my coins behind my back..

as for the vulnerability.. id feel more vulnerable holding a debit card with $18mill and a driving licence in my back pocket.. its easy to forge a driving licence if you have a real one to copy the details and just put the thief's face into the picture area.. then just stroll into a bank...

i feel more secure holding a bitcoin privkey
 

*facepalm*

You don't have to give the other private keys to other people.

You can have 3 private keys, instead of one.

Need two for any transaction to occur...

Keep one in a bank vault, one in a safe in your house, and encrypt the other one, cut it in half and store one half at a friend's place, and one and a parent's or another friend.

That is 100000000000x fucking less risky than just having one private key.

tl;dr multi sig is for EVERYONE that understands the concept of 2 factor authentication.
Pages:
Jump to: