Memorizing a private key | Bitcointalksearch.org

ThomasV

legendary

Activity: 1896

Merit: 1343

Quote from: jothan on November 27, 2011, 01:48:27 PM

Quote from: ThomasV on November 27, 2011, 10:45:38 AM

Quote from: BurtW on November 26, 2011, 08:39:39 PM

I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.

The first version of Electrum worked just like that.
However, this was not secure enough, because some users might not provide enough entropy.
The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that.

Something like PBKDF2 should be perfect with SHA-2 256.

http://en.wikipedia.org/wiki/PBKDF2

This is exactly what Electrum does with its seed, except there is no salt.
Using a salt stored on a server would make users dependent on that server, which is clearly not acceptable; we want users to be able to recover their wallet in any situation.

jothan

full member

Activity: 184

Merit: 100

Feel the coffee, be the coffee.

Quote from: ThomasV on November 27, 2011, 10:45:38 AM

Quote from: BurtW on November 26, 2011, 08:39:39 PM

I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.

The first version of Electrum worked just like that.
However, this was not secure enough, because some users might not provide enough entropy.
The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that.

Something like PBKDF2 should be perfect with SHA-2 256.

http://en.wikipedia.org/wiki/PBKDF2

dunand

hero member

Activity: 637

Merit: 502

If you want a code example in Java you can look at SimpleClient.java from the bccapi project. This SimpleClient generate a private key and public keys from a seed. That seed is generated from a passphrase and a salt.

More info here : http://code.google.com/p/bccapi/wiki/SimpleClient

ThomasV

legendary

Activity: 1896

Merit: 1343

Quote from: BurtW on November 26, 2011, 08:39:39 PM

I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.

The first version of Electrum worked just like that.
However, this was not secure enough, because some users might not provide enough entropy.
The 12-words encoding that is used now makes sure that keys have 128 bits of entropy. Key strenghtening is added to that.

BTCurious

hero member

Activity: 714

Merit: 504

^SEM img of Si wafer edge, scanned 2012-3-12.

Quote from: grondilu on November 27, 2011, 10:10:28 AM

Quote from: casascius on November 27, 2011, 01:40:36 AM

I have done this before:

rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key. this is way easier.

as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase. sha256(yourname + passphrase) for example

I had no idea that any random number up to 2^256 could be used as a private key. I guess I should learn more about ECDSA.

Technically, not quite any random number up to 2^256, but nearly every number anyway. If you're gonna read up on EC, then it's every number smaller than the field size Fp.

grondilu

legendary

Activity: 1288

Merit: 1076

Quote from: casascius on November 27, 2011, 01:40:36 AM

I have done this before:

rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key. this is way easier.

as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase. sha256(yourname + passphrase) for example

I had no idea that any random number up to 2^256 could be used as a private key. I guess I should learn more about ECDSA.

casascius

vip

Activity: 1386

Merit: 1135

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

I have done this before:

rather than memorize a mnemonic, just memorize a passphrase and use the sha256 of that passphrase as the private key. this is way easier.

as mentioned in a prior post, just salt it with something public, so others don't bump into your passphrase. sha256(yourname + passphrase) for example

FreeMoney

legendary

Activity: 1246

Merit: 1014

Strength in numbers

Quote from: BurtW on November 26, 2011, 08:39:39 PM

I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.

Anyone doing this or similar should really add just a bit of unique and random data. If a lot of people are choosing keys this way people are going to be trying everything remotely common. Adding your name and bank pin ought lock it up tight I think.

sebastian

full member

Activity: 129

Merit: 118

bwagner: Actually a good idea. Then these live-CD-systems with bitcoin could work more well, and you have access to your coins on *any* computer with bitcoin, as long as you know your passphrase.

Like this:
When you start the bitcoin client, you enter a passphrase/password, like:
"HereIAm".
Then, it would generate SHA hash for HereIAm.(number from 1 to 10 000) to generate a new adress. Note that the number 1-10000 is random to increase anonymity, and it will never use any other number, since then some coins would be unspendable. No track of used adresses should occur, the client is simply allowed to "reuse" adresses if its just lucky to pick the same number.

(For webshops/exchanges, the webshop/exhange just check that a adress is "settled" before reusing it for a another customer. With "settled", I mean that goods have been delivered for that adress and all payments have been received for that adress)

To find out coins, it could generate adresses from hash of HereIAm.1 to like hash of HereIAm.10000 and check which coins belong to these, while downloading blockchain. Then it simply saves it to RAM (this takes only 2,4 Mb)

Then you would never need to save any wallet.dat, you simply enter your password/passphrase at startup, in any bitcoin client.

Of course, if 2 people use same passphrase/password, they would share the same wallet, and spend each other's coins.

BurtW

legendary

Activity: 2646

Merit: 1129

All paid signature campaigns should be banned.

I thought that we could simply generate a key pair by using a memorize phrase as the seed to the key pair generator. So I could memorize "Now it the time for all good men to come to the aid of their country" and then any time I want I can generate the corresponding public and private key pair from this phrase. As long as I keep my phrase secret (oops) I can get access to my coins.

grondilu

legendary

Activity: 1288

Merit: 1076

Quote from: ThomasV on November 26, 2011, 10:19:24 AM

Electrum uses a 1600-word dictionary to provide mnemonic codes:
https://bitcointalksearch.org/topic/electrum-a-brainwallet-in-twelve-words-51397

This looks awesome.

The bitcoin forum has become so huge that it gets difficult to learn about cool stuffs. Thanks.

ThomasV

legendary

Activity: 1896

Merit: 1343

Electrum uses a 1600-word dictionary to provide mnemonic codes:
https://bitcointalksearch.org/topic/electrum-a-brainwallet-in-twelve-words-51397

grondilu

legendary

Activity: 1288

Merit: 1076

Code:

This could be in technical, but it does have a "psychological" aspect too so I put it in the general discussion forum.

I have written a set of bash functions to handle bitcoin addresses: https://github.com/grondilu/bitcoin-bash-tools. I added a few functions to turn a private key into a bunch of english words, inspired from RFC-1751.

My aim with this is to help people memorizing at least one bitcoin private key. Such a key could be used in case the FBI threatens to seize your computer, if you want an extremely low tech solution to hoard bitcoins, if you don't trust any physical support, or whatever ...

I have no idea if it is easy or even possible to memorize 27 english words but I guess it should if one uses a method such as the [url=http://en.wikipedia.org/wiki/Method_of_loci]loci method[/url]

Here is an example of a generated address. You'll recognize the public key, the private key in WIF format, the 27 english words and the key in openssl's PEM format.

[code]
1ArPXGu8H3PhKduTamJ5Dj5uPtdpubFuaA, 5JUL6oXMMrgo4MC31oWySDpdH65qLuSNaCdV97i3DekWPyRrJtU
THE BLOT SET TWIT BARE LEER WAGE LILT LIND CORK GOAL OFT REAR VOTE FLEW
WAD KEYS GAVE SEES WAGE EAR YOGA VAST POT BIRD FAKE BEE
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIFZh3PHqWrJ6+vNfmtRtLtmz1kFEP0yihsf14g//ecNMoAcGBSuBBAAK
oUQDQgAEmblPqTIy9lhU5U/UW97j/FLFYra5VSol4AX1avdVitR5n6pxcvyAB4BX
/HjeTsZZdxBK127h9zVk0N4Df9dxzw==
-----END EC PRIVATE KEY-----

Notice that, conveniently enough, the leading 5 in the WIF format makes the sentence often start with 'THE'.

If you have other ideas about how to memorize a private key, please share.[/code]

Topic: Memorizing a private key (Read 6326 times)