Topic: Mental Bitcoin Wallet: I have real bitcoins stored in my head. - page 6. (Read 12759 times)
Anyone that understands the principle involved here isn't likely to be the kind of person to have insecure interfaces.
If you'd temporarily store your passphrase in a file and execute (in Linux) the following
gpg --print-md sha256
would that do the trick also?
I'm not sure how to input the passphrase through the keyboard into gpg, but that would be much better.
gpg --print-md sha256
would that do the trick also?
I'm not sure how to input the passphrase through the keyboard into gpg, but that would be much better.
[snip>
... I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.
Too bad that your hacked computer immediately after putting your keys in the 'real wallet.dat' already has transferred all your bitcoins to the thief's wallet before you were able to touch any key!... I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.
That is bloody brilliant. I mean, really, really, really.
Bloody brilliant! Given a popular and accessible conversion utility and interface...well. I have to go outside and breath slowly now.
Bloody brilliant! Given a popular and accessible conversion utility and interface...well. I have to go outside and breath slowly now.
I'm sure one of bitcoinporn's private keys will be generated by inputting Canticles 1:13 into this key generator. 
Exactly.
Every private key is just a 32-byte hex number. Every 32-byte hex number can be used as a private key. And hence, every 32-byte hex number has a corresponding Bitcoin address.
Just by coincidence (or perhaps not), the SHA256 hash algorithm can produce a 32-byte hex number from any text input. And while the output isn't predictable, it always produces the same output given the same input text.
So the idea is just to pair these two ideas. Pick a passphrase, compute the SHA256 of it, use that as a private key.
All the Casascius Bitcoin Utility does, is calculate the Bitcoin address that corresponds to your 32 bytes as the matching private key.
You aren't remembering the private key itself, you're merely remembering the text that will produce your private key when plugged back into the SHA256 hash algorithm. Which is good enough.
(When using Casascius Bitcoin Utility / SHA256, the passphrases ARE case sensitive by the way)
Every private key is just a 32-byte hex number. Every 32-byte hex number can be used as a private key. And hence, every 32-byte hex number has a corresponding Bitcoin address.
Just by coincidence (or perhaps not), the SHA256 hash algorithm can produce a 32-byte hex number from any text input. And while the output isn't predictable, it always produces the same output given the same input text.
So the idea is just to pair these two ideas. Pick a passphrase, compute the SHA256 of it, use that as a private key.
All the Casascius Bitcoin Utility does, is calculate the Bitcoin address that corresponds to your 32 bytes as the matching private key.
You aren't remembering the private key itself, you're merely remembering the text that will produce your private key when plugged back into the SHA256 hash algorithm. Which is good enough.
(When using Casascius Bitcoin Utility / SHA256, the passphrases ARE case sensitive by the way)
are private and public keys case sensitive? if they are not then i could probably eventually memorize 1 key pair.
You don't memorize the keys themselves. You memorize a string whose hash is the private key. You can use any algorithm to convert the string to a key that you like, case sensitive or case insensitive. 
I have successfully transferred bitcoins into my head. They can't be hacked. They exist nowhere but in my head. If I die, they die with me.
As crazy as this sounds, it's true.
I simply picked a passphrase, and turned it into a bitcoin address with my open source Casascius Bitcoin Utility (available from github). When I want to spend the funds, I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.
What's my purpose in making this point? While the entire Bitcoin community is reeling over the loss of Mybitcoin.com - not just the site, but the realization that keeping bitcoins in a web wallet is fundamentally flawed - I really want to pound in the idea that bitcoins can be kept on paper and in the form of codes or passphrases. And when people do this, the bitcoins cannot be hacked.
Every sentence you can think of, corresponds to a Bitcoin address. The bitcoin address can be given out freely, the sentence is the password that allows spending of bitcoins. Once upon a time, I stored 0.25 bitcoins in the sentence "This string contains 0.25 BTC hidden in plain sight."... others were successfully able to retrieve the 0.25 BTC given the sentence.
The future of practicing safe Bitcoin is for people to be able to keep their private keys offline. If you operate a Bitcoin-based website or exchange or are working on client code, please, for the future of Bitcoin, include the ability for people to enter and redeem the funds off of hand-typed private keys.
As crazy as this sounds, it's true.
I simply picked a passphrase, and turned it into a bitcoin address with my open source Casascius Bitcoin Utility (available from github). When I want to spend the funds, I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.
What's my purpose in making this point? While the entire Bitcoin community is reeling over the loss of Mybitcoin.com - not just the site, but the realization that keeping bitcoins in a web wallet is fundamentally flawed - I really want to pound in the idea that bitcoins can be kept on paper and in the form of codes or passphrases. And when people do this, the bitcoins cannot be hacked.
Every sentence you can think of, corresponds to a Bitcoin address. The bitcoin address can be given out freely, the sentence is the password that allows spending of bitcoins. Once upon a time, I stored 0.25 bitcoins in the sentence "This string contains 0.25 BTC hidden in plain sight."... others were successfully able to retrieve the 0.25 BTC given the sentence.
The future of practicing safe Bitcoin is for people to be able to keep their private keys offline. If you operate a Bitcoin-based website or exchange or are working on client code, please, for the future of Bitcoin, include the ability for people to enter and redeem the funds off of hand-typed private keys.
Could you explain the process behind those apps?
I'm thinking of using a different type of wallet along with my Safebit wallet, one that will allow users to move addresses from place to place rather than them being attached to a singular wallet file, which I find extremely inefficient and quite simply a stupid idea in the first place when you can store individual addresses and manipulate them directly.
I put a bomb in the blockchain, prepare to be stricken with alzheimer's
"I want a big mac and large fries to go, but only if you accept bitcoins via passphrases like this"
"oh wait, double that order, please"
"yes its me again. still accepting bitcoins via passphrases like this?"
"the usual, please and thank you"
etc
-MarkM- (Darn, I forgot the password from Saberhagen's "Octagon". Chapel Perilous? Something related to that...)
"oh wait, double that order, please"
"yes its me again. still accepting bitcoins via passphrases like this?"
"the usual, please and thank you"
etc
-MarkM- (Darn, I forgot the password from Saberhagen's "Octagon". Chapel Perilous? Something related to that...)
This XKCD strip comes to mind.
Nice, just wait till a "Mind Reader" gets a hold of it .
. 
are private and public keys case sensitive? if they are not then i could probably eventually memorize 1 key pair.
iwearcoloredcodedbvdssize34to36
mygirlfriendlikesto(insert your own words here)withme
ithinkmywifeischeatingonmehencethisbitcoinstash
if2plus2equals4thenwhyisthegrassgreen
ilikeu238special3doorsdownandb52s
And you say this idea is sound? I agree!
It's useless without the key!
mygirlfriendlikesto(insert your own words here)withme
ithinkmywifeischeatingonmehencethisbitcoinstash
if2plus2equals4thenwhyisthegrassgreen
ilikeu238special3doorsdownandb52s
And you say this idea is sound? I agree!
It's useless without the key!
Only on Windows
*nix users, look at pp2k.py http://github.com/jackjack-jj/pp2k
*nix users, look at pp2k.py http://github.com/jackjack-jj/pp2k
I dont trust my memory. At all.
Not even to remember the opening line to your favorite childhood cartoon? Or the motto of a group you belonged to? Simply take a sentence you already know from memory, and add a few words to it (like "big fat ____" or "____ in the bed" or the name of a favorite artist etc.)
If not your memory, certainly you can use a piece of paper, or whatever you do to keep track of your regular passwords!
I dont trust my memory. At all.
I have successfully transferred bitcoins into my head. They can't be hacked. They exist nowhere but in my head. If I die, they die with me.
As crazy as this sounds, it's true.
I simply picked a passphrase, and turned it into a bitcoin address with my open source Casascius Bitcoin Utility (available from github). When I want to spend the funds, I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.
What's my purpose in making this point? While the entire Bitcoin community is reeling over the loss of Mybitcoin.com - not just the site, but the realization that keeping bitcoins in a web wallet is fundamentally flawed - I really want to pound in the idea that bitcoins can be kept on paper and in the form of codes or passphrases. And when people do this, the bitcoins cannot be hacked.
Every sentence you can think of, corresponds to a Bitcoin address. The bitcoin address can be given out freely, the sentence is the password that allows spending of bitcoins. Once upon a time, I stored 0.25 bitcoins in the sentence "This string contains 0.25 BTC hidden in plain sight."... others were successfully able to retrieve the 0.25 BTC given the sentence.
The future of practicing safe Bitcoin is for people to be able to keep their private keys offline. If you operate a Bitcoin-based website or exchange or are working on client code, please, for the future of Bitcoin, include the ability for people to enter and redeem the funds off of hand-typed private keys.
EDIT: Added, per suggestion, a reminder that any time you import Bitcoins from a private key into the current Satoshi client and spend less than all of them, you should spend the rest to new addresses, or at least back-up the wallet.dat. This is because the portion you didn't spend (the change) gets sent to a brand new address that exists only in wallet.dat, and will be lost if you don't keep it safe.
As crazy as this sounds, it's true.
I simply picked a passphrase, and turned it into a bitcoin address with my open source Casascius Bitcoin Utility (available from github). When I want to spend the funds, I will simply use the same passphrase to generate the same private keys, import them into a real wallet.dat, and then spend them.
What's my purpose in making this point? While the entire Bitcoin community is reeling over the loss of Mybitcoin.com - not just the site, but the realization that keeping bitcoins in a web wallet is fundamentally flawed - I really want to pound in the idea that bitcoins can be kept on paper and in the form of codes or passphrases. And when people do this, the bitcoins cannot be hacked.
Every sentence you can think of, corresponds to a Bitcoin address. The bitcoin address can be given out freely, the sentence is the password that allows spending of bitcoins. Once upon a time, I stored 0.25 bitcoins in the sentence "This string contains 0.25 BTC hidden in plain sight."... others were successfully able to retrieve the 0.25 BTC given the sentence.
The future of practicing safe Bitcoin is for people to be able to keep their private keys offline. If you operate a Bitcoin-based website or exchange or are working on client code, please, for the future of Bitcoin, include the ability for people to enter and redeem the funds off of hand-typed private keys.
EDIT: Added, per suggestion, a reminder that any time you import Bitcoins from a private key into the current Satoshi client and spend less than all of them, you should spend the rest to new addresses, or at least back-up the wallet.dat. This is because the portion you didn't spend (the change) gets sent to a brand new address that exists only in wallet.dat, and will be lost if you don't keep it safe.
Jump to: