Pages:
Author

Topic: Mental Bitcoin Wallet: I have real bitcoins stored in my head. (Read 12769 times)

donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
If the blockchain gets any bigger you might get a nose bleed!

Then your head explodes.

hero member
Activity: 696
Merit: 500


If the blockchain gets any bigger you might get a nose bleed!
hero member
Activity: 533
Merit: 501
Assuming a dumb user who uses a simple password (this is always a starting condition for designing any system) this means that when they pick their bad password, they will eventually lose all their money to someone who just brute forces it.

This is a valid concern, even for the example passphrases given.

If the passphrase has ever been published on the Internet, it may cost a suprisingly small amount to determine if any substrings on the the Internet (of limited complexity) correspond to a public address in the block-chain when hashed. If you use a dictionary word, you have no chance: it does not take any special hardware to check.

You only need 3 things:
Now the SHA-2 function is likely expenive enough, as is the address conversion, that simple queries will likely cost more than $100. However, I would be surprised it the cost rose more than an order of magnitude larger (Read: $10,000 budget, not including coding time).


That is why the passcode itself shouldn't be something the user created, and is some very long string. Though this isn't a mental bitcoin wallet, it makes for a very easy to copy, sync, backup, and even printout and archive wallet.

Just for fun I may eventually take a common top 1000 passwords list create addresses based up them, and see if they ever pop up as being funded.
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
Assuming a dumb user who uses a simple password (this is always a starting condition for designing any system) this means that when they pick their bad password, they will eventually lose all their money to someone who just brute forces it.

This is a valid concern, even for the example passphrases given.

If the passphrase has ever been published on the Internet, it may cost a suprisingly small amount to determine if any substrings on the the Internet (of limited complexity) correspond to a public address in the block-chain when hashed. If you use a dictionary word, you have no chance: it does not take any special hardware to check.

You only need 3 things:
Now the SHA-2 function is likely expenive enough, as is the address conversion, that simple queries will likely cost more than $100. However, I would be surprised it the cost rose more than an order of magnitude larger (Read: $10,000 budget, not including coding time).
hero member
Activity: 533
Merit: 501
Assuming a dumb user who uses a simple password (this is always a starting condition for designing any system) this means that when they pick their bad password, they will eventually lose all their money to someone who just brute forces it.

I could see just using a large random alphanumeric string for the seed for the wallet, so in essence a user could just copy their entire wallet by just copying that string.

You could have a client that when it starts up it generates the string, or asks if you already have one. At that point, bang, you have any number of addresses at your disposal. If you want to backup, all you need is the seed string for the client. If you want to move (or keep in sync) with another client, you just copy the string into it. A client could handle multiple wallets, each with their own string. Your wife and you (or a group of people in an organization) could share a joint wallet that both have the same string, but you would each also have your individual wallets.

Your wallet becomes a minuscule line of text. The only thing that might add some weight is if you use an address book.
hero member
Activity: 793
Merit: 1026
Sure.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

btcaddress.zip SHA256 hash: 6475b20ab235ea685b73ef117283aaf0c8d9f021dd0a3434dfc6e7ab7f0da3d5

http://www.casascius.com/btcaddress.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJObU1dAAoJEFou6PHxF1ojUqIIAInIKSS8aitXDHANGtBfeQbi
SUejbeqsiVtLZsPzSeC4jdWCYfOSXfAMbo0Lg3IXMgHLZjlJCTSK7tRElMwBYAwm
zscUPpJnA7mv9fziAZjAzcluJ+WMuHiINvZeiTWEFVhZdSXnWdm1T1kLO7gJdjww
4wVD+fiZJkTqi6Asgs0nreDDNTv051e+U9gnEkBfB+k8kJedFiUGsmiFQZGyPTVd
lnRMursoWX9wHnZ6C/7xsJKf/nW6++9Y8YIVHdjiMvC6UE/Ai7Pi6vh2BQNSEatk
iazs6w7htVcUlo0OMX1AxTN1R4JDNHak6F/ueEOgOZEeyaMDjoECj7tlPFM532A=
=xzg7
-----END PGP SIGNATURE-----



Words cannot describe how grateful I am, so here's a picture accurately representing it.

vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Sure.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

btcaddress.zip SHA256 hash: 6475b20ab235ea685b73ef117283aaf0c8d9f021dd0a3434dfc6e7ab7f0da3d5

http://www.casascius.com/btcaddress.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJObU1dAAoJEFou6PHxF1ojUqIIAInIKSS8aitXDHANGtBfeQbi
SUejbeqsiVtLZsPzSeC4jdWCYfOSXfAMbo0Lg3IXMgHLZjlJCTSK7tRElMwBYAwm
zscUPpJnA7mv9fziAZjAzcluJ+WMuHiINvZeiTWEFVhZdSXnWdm1T1kLO7gJdjww
4wVD+fiZJkTqi6Asgs0nreDDNTv051e+U9gnEkBfB+k8kJedFiUGsmiFQZGyPTVd
lnRMursoWX9wHnZ6C/7xsJKf/nW6++9Y8YIVHdjiMvC6UE/Ai7Pi6vh2BQNSEatk
iazs6w7htVcUlo0OMX1AxTN1R4JDNHak6F/ueEOgOZEeyaMDjoECj7tlPFM532A=
=xzg7
-----END PGP SIGNATURE-----

hero member
Activity: 793
Merit: 1026
casascius, is there any way you could compile a Windows binary for your bitcoin address utility.  :-D  I am not a techie, and although I MIGHT be able to figure out how to compile it myself, there's a good chance I'd fuck it up.  Similarly, I have to wait until bitcoin v0.4 comes out before I can take advantage of the import/export private keys patch (assuming it's included in that build).  But when the official client does have the capability to import new keys, having your program so that I could create addresses out of my own password would be very very handy!  I'm just not enough of a computer guy to do it myself--even though I see that the ability is out there...
legendary
Activity: 1372
Merit: 1002
Yes, but if your family doesn't know what your printed QR-code in your drawer is, your bitcoins are also going to disappear if you die.

Exactly. I think a memorized 'travel wallet' is perfectly fine. But one really needs to print a deterministic 'savings wallet' and including it in the will (or a ceramic piggie bank).

You're right.
For the piggie bank you can leave precise instructions so family can redeem the bitcoins.
sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
I think his point is that people will continue to use the same receiving address even after they've transferred some coins from it (Clearly), leaving some coins at their known account and some at various accounts unknown to them (Ideally, not by default). This makes it very hard for human beings to know what they need to protect in order to be assured of not losing their coins (Bingo).

I think he applauds the mental bitcoin idea. He's only bitching that the 'might lose coins after spending' problem is a problem with the client, not with mental bitcoin wallets. Rather than warn people about the numerous ways they might lose coins after sending, the client might instead return change to the sending address by default, just as anyone would intuitively expect.


EDIT: Demonstrating the point are 3 of 4 (4 of 5) posters on this page with a presumably static bitcoin address in their signature.
Are you saying that sending change to a fresh address is useless because some people will publicly announce their address and reuse it (and it does not provide the originally intended anonymity anyway)?

In order for mental bitcoin wallets to be well supported, standard clients will need to (a) return change to the same address or (b) deterministic wallets where the 'key' is really a seed or (c) some other brilliant yet unknown to me feature or (d) continually explain the 100 key pool problem to users after they've lost their fortune polish bitomat style.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.

EDIT: Demonstrating the point are 3 of 4 posters on this page with a presumably static bitcoin address in their signature.

Are you saying that sending change to a fresh address is useless because some people will publicly announce their address and reuse it?
I think his point is that people will continue to use the same receiving address even after they've transferred some coins from it, leaving some coins at their known account and some at various accounts unknown to them. This makes it very hard for human beings to know what they need to protect in order to be assured of not losing their coins.
legendary
Activity: 1246
Merit: 1016
Strength in numbers

EDIT: Demonstrating the point are 3 of 4 posters on this page with a presumably static bitcoin address in their signature.

Are you saying that sending change to a fresh address is useless because some people will publicly announce their address and reuse it?
sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
The technique is only appropriate for holding coins to be transferred whole. Once the coins are claimed, they are no longer stored in a "mental wallet", period.

That is true for the current implementation of the C++ client, which, considering it's still beta is not a trivial point. Alternate change output is an unintuitive hack which fails to create anonymity but successfully creates confusion and lost coins.

EDIT: Demonstrating the point are 3 of 4 posters on this page with a presumably static bitcoin address in their signature.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
83 posts and only one post about how using this method can lose all your bitcoins because the change gets sent to a different address that gets stored in the wallet.dat that is generated when using the paper/wetware-stored key in the client. 

Or is that just FUD, 'cause it seems an important detail and shouldn't be glossed over.  How about a disclaimer at the top of the thread like: Warning using this technique improperly, even once, could result in a loss of all your bitcoins

Am I totally off base here?  It seems rather scary to attempt this technique with any large amount of btc.
The technique is only appropriate for holding coins to be transferred whole. Once the coins are claimed, they are no longer stored in a "mental wallet", period.
legendary
Activity: 1221
Merit: 1025
e-ducat.fr

Yes, but if your family doesn't know what your printed QR-code in your drawer is, your bitcoins are also going to disappear if you die.

I kind of like the idea that the bitcoins disappear with their owner: it's like a donation to the bitcoin community since the value of the remaining bitcoins is increased in proportion of the lost coins.
That's the beauty of a limited money supply combined with infinite divisibility.
sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
Yes, but if your family doesn't know what your printed QR-code in your drawer is, your bitcoins are also going to disappear if you die.

Exactly. I think a memorized 'travel wallet' is perfectly fine. But one really needs to print a deterministic 'savings wallet' and including it in the will (or a ceramic piggie bank).
legendary
Activity: 1372
Merit: 1002
...or the last letter of every line. Assume every page of this book is a potential key and you don't write anything down at all. History is littered with similarly cracked methods. No matter your method, if you can't trust your friends, family or self, your bitcoins will die with you.

Yes, but if your family doesn't know what your printed QR-code in your drawer is, your bitcoins are also going to disappear if you die.
sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
...or the last letter of every line. Assume every page of this book is a potential key and you don't write anything down at all. History is littered with similarly cracked methods. No matter your method, if you can't trust your friends, family or self, your bitcoins will die with you.
sr. member
Activity: 1008
Merit: 250
Some people can remember a lot very accurately. I don't have the best memory myself, but I reckon I could manage a phrase or two pretty easily.

What about remembering a chapter number of a book you have and using the first paragraph?
The passphrase would be much secure.

That's quite clever. You could have "Page 3 Paragraph 5 Sentence 4" written down on a piece of paper, and even if someone found the paper they wouldn't be able to crack your password unless they knew which book you were referring to...
legendary
Activity: 1372
Merit: 1002
Some people can remember a lot very accurately. I don't have the best memory myself, but I reckon I could manage a phrase or two pretty easily.

What about remembering a chapter number of a book you have and using the first paragraph?
The passphrase would be much secure.
Pages:
Jump to: