Topic: How to Create a Bitcoin Receive Address from a Coin Flip - page 3. (Read 14665 times)

Random.org is for trivial stuff.

Generating a Bitcoin private key and its corresponding address is not trivial at all.

Yes, you can. Just don't add spaces to the binary.

Also, don't use random.org at all. Use a physical coin, or a known-good physical RNG, preferably one that is designed to be unbiased, truly random using physical noise, and separate from a computer.

LOL.  A "VERY SAFE" number which is trivially known to a third party.  Is someone at "random.org" paying you to encourage people to have them generate their private keys, or did you come by this cluelessness naturally?

I haven't looked recently but last I checked random.org methods were secret and not peer reviewed. So not only may the results be trivially maliciously logged (by the site operators or anyone whos compromised their system; or the operators of the VPSes they use (rackspace cloud)), they're probably more likely to be accidentally flawed because their methods are not reviewed.

Thank you for the clarification! And I'm also curious how much are those, if you're still selling

Interesting. Reading for the first time creating bitcoin address with dices.

I would be interested in buying a set of HEX dice... How much are they?

Why?
Are you assuming they are not balanced or something?

These are 16 sided hexidecimal dice.
Despite Anditoshi's sage advice on much of the fluff around this method, using dice or coins is not significantly reduce or increaes the entropy of key generation.
It just isn't code+machine doing it.  Ultimately you are going to have to trust some device to use your bitcoin, but doing it by hand for novelty's sake is fun for some.

Thanks for the feedback.  However this is not a technical paper on cryptography, it is simply a step by step method on "HOW" to create a private key.  Most of your argument is either technical or addresses a "WHY" issue.  I did clean up two small issues that were over simplifications on my part.  

I will only address your central theme with which I disagree:  While it may be scientifically possible to determine that a coin flip method has a bias (you could make the same argument about dice as well), I could also make the same argument about how the Bitcoin client chooses its random string.  There are many examples of Bitcoin wallets themselves having built in biases that allowed the private keys to be hacked.  Computers have a built in bias against randomization which must be overcome.  Your Bitcoin wallet is no exception as it always sits on an OS.  (Google:  Android OS pseudorandom number generator PRNG - and also NSA Dual EC DRBG)

I offered an option in the original post where one could obtain true random numbers from a coin flip. > from www.random.org

I will argue that 256 coin flips from random.org is the best random number possibility available.  And assuming that you push the results through an offline computer using brainwallet offline, you will have a VERY SAFE, VERY RANDOM private key.

Edit:  It is possible for someone at random.org to guess your intent, even though their site is not a BITCOIN related site.  So just use it for testing.  True security will come from the coin toss not an online web site.

More the side... less the randomness.

That is a 16-sided dice. You only need to roll it 64 times to get a 256-bit number.
On the other hand, with a normal 6-sided dice, you need to roll it 100 times.

NewLiberty, what kind of dice do you have there? How does it differ from normal dices/coin toss?

Not exactly, you can't import a base 6 format key into your wallet. First you have to convert it from base 6 to WIF. In the OP the conversion is done using brainwallet, but they use a different method so the conversion method is different, they started with binary 1 and 0 and then convert to hex and then to WIF. With the dice method you have base 6 and then convert to WIF private key with the help of an app like bitaddress.

As I can see that you have disqualified blockchain.info as a reliable wallet. Would like to know the technical reason behind it. I am assuming the user is downloading the paper wallet from blockchain.info, so that he is still in control of his coins, even if the site goes down. AFAIK, their keys are encrypted too... so for a DB hack, private keys should not be stolen.

Moreover, do u think, if someone runs bitaddress.org offline (by downloading the zip from https://github.com/pointbiz/bitaddress.org) to generate addresses, that is a safe method with enough randomness ?

These are done by your wallet when you import the key generated by the OP's method.

Please please please do not do this. The cryptosystem which Bitcoin keys and addresses are part of assumes for its security that its private keys are uniformly random numbers. Flipping coins by hand will definitely not give uniformly random numbers, and is probably so biased (depending on your hand, the coin, what side you pick it up from, the surface it lands on, etc, etc) that you can measure it yourself by just flipping a coin and counting the zeroes and ones.

If you swap out one component of a cryptosystem for another you have constructed a new cryptosystem and need to argue its security. And I guarantee you won't find a good security argument for "Bitcoin script with biased randomness".

To add to the presumption of insecurity that should be applied to all new cryptosystems, let me point out that much of this one is gibberish:


Linkage between addresses and identities has nothing to do with key generation. This sort of linkage is done by exploiting ordinary address mismanagement.

A Bitcoin private key is an integer modulo the field order of the secp256k1 curvegroup used by Bitcoin's signature scheme. It is an element of an additive group and has no size.

Publishing your addresses is a (potentially very serious) privacy risk and cannot be done "freely without fear".

This is simply false.

"not likely" is an understatement. The probability is 2^{-160}. There is nothing in yourordinary life that is comparable to this number. Nobody, ever, will ever find a private key by guessing uniformly at random. (Of course, they may exploit biases in random number generators and guess nonuniformly at random; this has happened many times.)

This is horrifically bad advice. Key management is hard enough to do when using software specifically designed to do it for you. Manual key management is stupid, and manual key generation is even stupider.

This statement is nonsensical. Besides, there is no encryption in Bitcoin.


Every part of this tells me you should not be touching encoding or decoding systems, let alone cryptosystems. Please do not give cryptographic advice if you do not know what you are talking about. It is dangerous and therefore immoral. Do you also advise people how to do surgery on themselves and others? Do you tell them how to pilot aircraft? (Perhaps you are an expert on one or both of these things; then how would you like to see laymen giving such advice?)


Please don't advise people to use brainwallet. About half of the things on that site are implemented dangerously; I have good reason to believe this is deliberate because its creator it attempting to steal money from users of its compromised keys. One good reason is that none of the dangerous things are labeled as such (or better, removed) despite repeated admonishment from myself and others.


As I mentioned above, manual key management is stupid and dangerous. (I'm going to get a lot of flack from paper wallet users for this claim. Nonetheless I stand by it.)


This provides no extra security. Can you clarify (for my understanding of psychology) why you would think it does?


This is unbelievably bad advice. If you are being paid to do this, then I advise you to speak with a priest and take a serious look at the moral decisions you are making. In any case, please stop.


I'll just leave this here.

I'm going to stop now; the remainder was simply instructions on importing keys, and I've already discussed manual key management. I will also say, without justification (as I'm tired of repeating it, not because I have none) that web wallets, and blockchain.info in particular, are not a safe way to store Bitcoin keys, and I strongly advise anyone storing coins with such a service to move them out of there immediately.

There was another discussion going on regarding this, where someone posted the following...


Can someone please tell me where are the 5-9 of this happening in the OP ?

I've a bunch of these left over from when I was running around to all the conventions....


So they are for sale.  If folks want them let me know and I will put some up for sale.
The folks that made them aren't doing it any more so to get more I would have to make a very large order.

very helpful tutorial thankz for explaining it....really a good work

Thanx!  Im working on the excel spreadsheet now.  Hope to have it out there shortly.