Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key? (Read 2037 times)

ShakyhandsBTCer
sr. member
Activity: 448
Merit: 250
It's Money 2.0| It’s gold for nerds | It's Bitcoin
Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
June 15, 2014, 12:53:10 AM
#33
Quote from: Beliathon on June 14, 2014, 02:10:33 PM
Quote from: cp1 on May 12, 2014, 12:59:48 AM
Don't use a brainwallet.  That's terrible.
It's only terrible if you're not smart enough to use it correctly. To be fair though, many people aren't.

Even if used correctly a brain wallet can be less secure then other types of security for wallets.

The only real time when a brain wallet should be used is when there is a good chance that others will have extended access to your possessions.
Beliathon
hero member
Activity: 784
Merit: 1000
https://youtu.be/PZm8TTLR2NU
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
June 14, 2014, 02:10:33 PM
#32
Quote from: cp1 on May 12, 2014, 12:59:48 AM
Don't use a brainwallet.  That's terrible.
It's only terrible if you're not smart enough to use it correctly. To be fair though, many people aren't.
ShakyhandsBTCer
sr. member
Activity: 448
Merit: 250
It's Money 2.0| It’s gold for nerds | It's Bitcoin
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
June 14, 2014, 02:03:36 PM
#31
Quote from: TERA on May 13, 2014, 07:48:22 PM
So the consensus here is that I should test receiving coins but I don't have to test sending them?

You could test the private key by attempting to sign a message with the public address and then use a separate computer/client to validate the signature.

This would be a completely off chain validation.
jonald_fyookball
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 16, 2014, 05:24:06 PM
#30
Quote from: jonald_fyookball on May 13, 2014, 09:29:05 PM
Quote from: franky1 on May 12, 2014, 05:33:54 AM
Quote from: TERA on May 12, 2014, 01:28:57 AM
Quote from: cp1 on May 12, 2014, 12:59:48 AM
Don't use a brainwallet.  That's terrible.  Use a real wallet, armory or electrum offline.
Can you tell me what is bad about a brainwallet or a paper wallet assuming I am using it offline on tails and creating the key in a much more complicated way than their SHA256(passphrase).

using a brain wallet involves turning natural words into a code. before then encrypting it using standard bitcoin encryption protocols.

this brain wallet convertion method may change, or you may mis-spell the words (EG Some instead of some).

the best solution is to put a verified/clean bitcoin software onto a memory stick. then install onto a clean computer without the internet. and generate private keys from this.

DO NOT rely on brain wallets or wallets that your a keyphrase/seed to generate private keys. as i said before the conversion from phrases into a private key may change in the future.

ONLY store actual proper bitcoin private keys.

I put up a bounty to consolidate electrum seed recovery validation into a single python file.
This will greatly mitigate the risks you're talking about.

I'll make an announcement when its available.




Ended up coding this myself  Grin

Check it out:

https://bitcointalksearch.org/topic/electrum-seed-recovery-stand-alone-python-script-612143

jonald_fyookball
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 14, 2014, 12:29:26 PM
#29
Quote from: TERA on May 13, 2014, 07:48:22 PM
So the consensus here is that I should test receiving coins but I don't have to test sending them?

I just used the electrum cold storage solution.
If you do it properly, you will be secure.

And you can restore your wallet from cold storage
using the seed.

You can also test the process on a small amount of
coins (in a different electrum wallet)
as far as signing an offline transaction,
so you are confident in the process.

DeathAndTaxes
donator
Activity: 1218
Merit: 1080
Gerald Davis
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 14, 2014, 12:05:38 PM
#28
Quote from: TERA on May 13, 2014, 07:48:22 PM
So the consensus here is that I should test receiving coins but I don't have to test sending them?

Well that is the problem with consensus.  Is it a consensus of informed people?  There is no reason to manually test cold storage addresses.  Do you manually test all your bitcoin wallet addresses as well?  The software should be tested with unit tests.  The creation of Bitcoin keypairs and addresses is deterministic.  The cold storage address generator could use the exact same unit tests that the bitcoin-core client does.  Test the implementation to ensure it generates correct output instead of trying to test every usage.  If whatever solution you are using doesn't have unit tests then run away quickly. 
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 14, 2014, 10:43:46 AM
#27
If you generate an invalid address then you're doing it wrong.  There's no warning to test every bitcoin qt key that it generates for you.  What's different about doing it offline? The only difference is that rolling your own cryptography is always a bad idea.
Boussac
legendary
Activity: 1221
Merit: 1025
e-ducat.fr
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 14, 2014, 09:54:44 AM
#26
Quote from: fryarminer on May 12, 2014, 04:48:27 AM
I've made several cold storage keys (Well not nearly as many as Casascius!) and several of the ones I have made were duds. The way I test them (there's probably a better way) is to send a few microbitcoins to them and then look up the address on the blockchain. If you find the address on the blockchain it's usually good. If it doesn't show up then it's not.

Actually, yes and no.
You can find a valid bitcoin address in the blockchain for which there is no known private key. An example is 1BitcoinEaterAddressDontSendf59kuE.
However, if you derived the bitcoin address from a private key, then you can spend the coins with the private key.
jonald_fyookball
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 13, 2014, 09:29:05 PM
#25
Quote from: franky1 on May 12, 2014, 05:33:54 AM
Quote from: TERA on May 12, 2014, 01:28:57 AM
Quote from: cp1 on May 12, 2014, 12:59:48 AM
Don't use a brainwallet.  That's terrible.  Use a real wallet, armory or electrum offline.
Can you tell me what is bad about a brainwallet or a paper wallet assuming I am using it offline on tails and creating the key in a much more complicated way than their SHA256(passphrase).

using a brain wallet involves turning natural words into a code. before then encrypting it using standard bitcoin encryption protocols.

this brain wallet convertion method may change, or you may mis-spell the words (EG Some instead of some).

the best solution is to put a verified/clean bitcoin software onto a memory stick. then install onto a clean computer without the internet. and generate private keys from this.

DO NOT rely on brain wallets or wallets that your a keyphrase/seed to generate private keys. as i said before the conversion from phrases into a private key may change in the future.

ONLY store actual proper bitcoin private keys.

I put up a bounty to consolidate electrum seed recovery validation into a single python file.
This will greatly mitigate the risks you're talking about.

I'll make an announcement when its available.



TERA
hero member
Activity: 728
Merit: 500
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 13, 2014, 07:48:22 PM
#24
So the consensus here is that I should test receiving coins but I don't have to test sending them?
sickpig
legendary
Activity: 1260
Merit: 1008
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 12, 2014, 12:04:29 PM
#23
Quote from: TERA on May 12, 2014, 12:37:16 AM
Sorry about the grammar in the title - it was due to space constraints.

Lately I have been creating secure cold storage cold storage wallets using offline key generation and either paper or brain to store the key. It is kind of a scary process because deep down I think there's a chance I might generate an invalid key or mess up somehow and then later I won't be able to retrieve the bitcoins I send to the address. So I go through the tedious process of testing the new address by going through all of the secure/offline methods to send a small amount of coins to and from the address, and verify that it works, before I start sending tons of coins there. Well, as this process is tedious and seems to add an unnecessary layer of risk, I was wondering if it is even necessary.

Is it at all possible to create an invalid private key? Of all 256-bit hex numbers, is each and every one a valid key? Also, is it possible for the algorithm that converts the private key into the public key to mess up somehow? If I wrote down any random 256 bit number, and use (offline) brainwallet to derive the public key, is that sufficient enough and can I start sending my coins to it right away without having to 'test' it first?

not necessarily what you're looking for but you could find a lot of useful info here:

http://falkvinge.net/2014/02/10/placing-your-crypto-wealth-in-cold-storage-installing-armory-on-ubuntu/

and also the BIP on HD wallets could be a worth reading:

https://en.bitcoin.it/wiki/BIP_0032
Peter R
legendary
Activity: 1162
Merit: 1010
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 12, 2014, 10:58:31 AM
#22
Quote from: DeathAndTaxes on May 12, 2014, 10:18:24 AM
Quote from: fryarminer on May 12, 2014, 04:48:27 AM
I've made several cold storage keys (Well not nearly as many as Casascius!) and several of the ones I have made were duds. The way I test them (there's probably a better way) is to send a few microbitcoins to them and then look up the address on the blockchain. If you find the address on the blockchain it's usually good. If it doesn't show up then it's not.

This is nonsense.  Please provide some examples of these bad keys.  If you generated "invalid" keys then it is user error or a bug in your code.  Either way the solution is improved code not random testing.

To OP for ECDSA the private key is a random number less than n and greater than zero.  For Secp256k1 n is
FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141

any non zero 256 bit value less than n is a valid key.

https://en.bitcoin.it/wiki/Secp256k1

In other words, if you generate 256 random bits for example by flipping 256 coins, it will be a valid key 99.99999999999999999999999999999999999962655% of the time.

Like DeathAndTaxes implied, the only way to generate an "invalid" key is by user error or a bug.  An example of a bug would be if the software used a different key to find the associated bitcoin address.  An example of user error would be generating a private key by rolling die, writing down the numbers on a piece of paper, and then transcribing those numbers incorrectly when generating the bitcoin address.  When I generate cold storage addresses, I "test" all my keys using a second piece of software to the one that created them.  I use this second piece of software to produce a bitcoin-signed message and then check that it verifies to the same bitcoin address that the first piece of software told me.  I think this is a good sanity check if you want to test your keys without making your ECDSA public key known to the network.
DeathAndTaxes
donator
Activity: 1218
Merit: 1080
Gerald Davis
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 12, 2014, 10:18:24 AM
#21
Quote from: fryarminer on May 12, 2014, 04:48:27 AM
I've made several cold storage keys (Well not nearly as many as Casascius!) and several of the ones I have made were duds. The way I test them (there's probably a better way) is to send a few microbitcoins to them and then look up the address on the blockchain. If you find the address on the blockchain it's usually good. If it doesn't show up then it's not.

This is nonsense.  Please provide some examples of these bad keys.  If you generated "invalid" keys then it is user error or a bug in your code.  Either way the solution is improved code not random testing.

To OP for ECDSA the private key is a random number less than n and greater than zero.  For Secp256k1 n is
FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141

any non zero 256 bit value less than n is a valid key.

https://en.bitcoin.it/wiki/Secp256k1


BillyBobJoe
member
Activity: 119
Merit: 10
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 12, 2014, 10:06:51 AM
#20
OK, now I am confused, again.

Paper wallets. I was under the impression that when you spend from a paper wallet you should empty the it, sweep the entire amount out. This is because of "change" problems.

Now I see where some recommend spending a small amount as a test.

Could somebody clear this up for me?

Regards,
BBJ
cr1776
legendary
Activity: 4284
Merit: 1316
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 12, 2014, 07:34:47 AM
#19
Quote from: TERA on May 12, 2014, 07:25:49 AM
Quote from: blatchcorn on May 12, 2014, 07:12:12 AM
I thought a bear like TERA would be selling, not holding  Tongue
If you only knew how much fiat I've already cashed out, you would understand. Anyway let's keep this in speculation.

Something else that is off-topic here is the viability of brainwallets.

I simply want to know if the process of creating a brainwallet requires that it be tested with transactions (separate question for both TO and FROM)

It doesn't hurt to test sending TO. Plus multiple checks to ensure that the phrase is correct.

Sending FROM though somewhat negates the purpose of cold storage.  Also once you spend an output that has been sent to the address the only protection is ECDSA, so other unspent outputs become more vulnerable since your public key is known (prior to sending only the RIPMD hash of the SHA256 hash is known, iirc).  The amount of the increase in vulnerability is probably low, but it does reduce security.  This is one reason why it is recommended to avoid reusing addresses.

;-)
TERA
hero member
Activity: 728
Merit: 500
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 12, 2014, 07:25:49 AM
#18
Quote from: blatchcorn on May 12, 2014, 07:12:12 AM
I thought a bear like TERA would be selling, not holding  Tongue
If you only knew how much fiat I've already cashed out, you would understand. Anyway let's keep this in the Speculation forum.

Something else that is off-topic here is the viability of brainwallets.

I simply want to know if the process of creating a brainwallet requires that it be tested with transactions (separate question for both TO and FROM)
blatchcorn
sr. member
Activity: 952
Merit: 281
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 12, 2014, 07:12:12 AM
#17
I thought a bear like TERA would be selling, not holding  Tongue
TERA
hero member
Activity: 728
Merit: 500
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 12, 2014, 06:59:13 AM
#16
Quote from: franky1 on May 12, 2014, 06:47:42 AM
Quote from: TERA on May 12, 2014, 05:40:02 AM

What is wrong with using sha256? If the hashing algorithm on brainwallet.org changes to something else, I can still use a sha256 script from somewhere else. It is a fairly common hashing algorithm and I dont have to rely on the tool on brainwallet.org.

using sha is fine to convert your own sentance into your own bases for making a privkey. as long as you take these precautions
1. you dont forget your own process (sentance->sha->privkey EG if you need to chop off characters at the start, end to make your sha'd sentence into a key)
2. you dont rely on other peoples process as they may change (research how someone used bitaddress.org a couple years ago and now using a different browser or the version updated that his sentence no longer produces the same privkey)
3. try not to get amnesia during your holocaust/coma

its simpler to find a landmark.. dig a hole. and put a heatproof box with a metal sheath that has a privkey engraved into it..
if a holocaust occured that had enough heat to melt the metal underground.. loss of bitcoins would be the last thing on your mind.

brain wallets should be short term, (think amnesia, alzheimer's or simply forgetting due to not being in long term memory)
but if I got amnesia, wouldn't I forget the password to the encrypted hardware wallet or the location where I hid it anyway?
medUSA
legendary
Activity: 952
Merit: 1005
--Signature Designs-- http://bit.ly/1Pjbx77
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 12, 2014, 06:58:32 AM
#15
Quote from: TERA on May 12, 2014, 12:37:16 AM
So I go through the tedious process of testing the new address by going through all of the secure/offline methods to send a small amount of coins to and from the address, and verify that it works, before I start sending tons of coins there.

I think testing cold wallet keys before you send savings there is being prudent. Some would argue that once you send a transaction, you disclose your public key and the security of that address drops, and it is not a "cold" storage anymore.
franky1
legendary
Activity: 4424
Merit: 4794
Re: Is it neccessary to 'test' new cold storage? Is there such thing as invalid key?
May 12, 2014, 06:47:42 AM
#14
Quote from: TERA on May 12, 2014, 05:40:02 AM

What is wrong with using sha256? If the hashing algorithm on brainwallet.org changes to something else, I can still use a sha256 script from somewhere else. It is a fairly common hashing algorithm and I dont have to rely on the tool on brainwallet.org.

using sha is fine to convert your own sentance into your own bases for making a privkey. as long as you take these precautions
1. you dont forget your own process (sentance->sha->privkey EG if you need to chop off characters at the start, end to make your sha'd sentence into a key)
2. you dont rely on other peoples process as they may change (research how someone used bitaddress.org a couple years ago and now using a different browser or the version updated that his sentence no longer produces the same privkey)
3. try not to get amnesia during your holocaust/coma

its simpler to find a landmark.. dig a hole. and put a heatproof box with a metal sheath that has a privkey engraved into it..
if a holocaust occured that had enough heat to melt the metal underground.. loss of bitcoins would be the last thing on your mind.

brain wallets should be short term, (think amnesia, alzheimer's or simply forgetting due to not being in long term memory)
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: