or :-
1) get 2 or more 8GB USB stick and install a fresh copy of ubuntu 11.04
2) install the bitcoin client
3) download the blockchain and generate a couple of addresses
4) unmount and duplicate the USB stick [a couple of times]
5) store sticks somewhere physically safe
6) send coins to the address you have generated in #3
....
when you need to access coins
1) clean boot the usb stick
2) download the blockchain [either let the client do it or do it the sneaky way]
3) send coins to your current useful address [make sure you get it confirmed]
4) shutdown USB version and store it away safe
...
installing security patches for Ubuntu etc and testing to see that it works on a few machines may be useful
YMMV
Topic: most secure savings wallet: NO wallet - page 2. (Read 4873 times)
This is a great possible addition to secure bitcoins 'offline', problem is, it's very user-unfriendly.
These functions should be in the normal client, using a nice interface, instead of the need for 2 or more different command-line tools.
For your post, the message of iamzill does applyThese functions should be in the normal client, using a nice interface, instead of the need for 2 or more different command-line tools.
If it's integrated in the client, the functions will be known by attackers and bruteforce will be far more easy
So either the client integrates thousands of different functions of the passphrases and user must learn which one he used, or that great idea will be reserved for people willing to study a little bit
Also, no need for command line: http://www.miraclesalad.com/webtools/md5.php
This is a great possible addition to secure bitcoins 'offline', problem is, it's very user-unfriendly.
These functions should be in the normal client, using a nice interface, instead of the need for 2 or more different command-line tools.
These functions should be in the normal client, using a nice interface, instead of the need for 2 or more different command-line tools.
Wouldn't getting your private key stolen be the same as getting your wallet.dat stolen?
Yes.
Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
just for fun i sent you 0.02 btc to that imaginary address
...you'll have to now import it quick before someone else does 
I had to pay fees for not being stolen but thanks 
Really smart, I love it
Just one thing: the priv key has been written somewhere
Instead you can create yourself your privkey (at least the hex one, 64 characters long,I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
Or if you prefer learn sentences: md5('I love bitcoin').md5('Paypal suxxx') for 1G1b4mbjaCYNxsZJyaWV9qyE5cFVhZxBcy
Or even substr(md5('I love bitcoin'), 0, 14).md5('Paypal suxxx').substr(md5('I love bitcoin'), 14, 18)
Just one thing: the priv key has been written somewhere
Instead you can create yourself your privkey (at least the hex one, 64 characters long,
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
Or if you prefer learn sentences: md5('I love bitcoin').md5('Paypal suxxx') for 1G1b4mbjaCYNxsZJyaWV9qyE5cFVhZxBcy
Or even substr(md5('I love bitcoin'), 0, 14).md5('Paypal suxxx').substr(md5('I love bitcoin'), 14, 18)
This is very dangerous and very stupid, and I'm talking about sending BTC to an anonyomus Nevis LLC level stupid here.
The current bitcoin market cap is $90 million USD. Even if just 1% of bitcoiners take your advice, that's still $900,000 USD free money for anyone capable of setting up a GPU farm (a rare talent, I might add
). Human chosen passwords only have 1.0 to 1.5 bits of entropy per letter. Your examples contain less than 30 bits of entropy, and that's not taking into account the hacker will populate their dictionary with frequently appearing words from this forum. Compared to the ~256 bits of entropy in real Bitcoin keys, your method would generate private keys that are 2^226 ~= 1.07839787 × 10^68 times easier to brute-force. If people are stupid enough to just use md5.md5 that's their problem...
Everyone who is savvy enough to know how to concatenate two md5's know they MUST use salts and tricks like that too...
1KJvYREkZxEgDczTKoEtvrhfkALsFsWKRa: my two passphrases are 'jackjack' and 'iamzill', come at me bro
Really smart, I love it
Just one thing: the priv key has been written somewhere
Instead you can create yourself your privkey (at least the hex one, 64 characters long,I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
Or if you prefer learn sentences: md5('I love bitcoin').md5('Paypal suxxx') for 1G1b4mbjaCYNxsZJyaWV9qyE5cFVhZxBcy
Or even substr(md5('I love bitcoin'), 0, 14).md5('Paypal suxxx').substr(md5('I love bitcoin'), 14, 18)
Just one thing: the priv key has been written somewhere
Instead you can create yourself your privkey (at least the hex one, 64 characters long,
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
Or if you prefer learn sentences: md5('I love bitcoin').md5('Paypal suxxx') for 1G1b4mbjaCYNxsZJyaWV9qyE5cFVhZxBcy
Or even substr(md5('I love bitcoin'), 0, 14).md5('Paypal suxxx').substr(md5('I love bitcoin'), 14, 18)
This is very dangerous and very stupid, and I'm talking about sending BTC to an anonyomus Nevis LLC level stupid here.
The current bitcoin market cap is $90 million USD. Even if just 1% of bitcoiners take your advice, that's still $900,000 USD free money for anyone capable of setting up a GPU farm (a rare talent, I might add
). Human chosen passwords only have 1.0 to 1.5 bits of entropy per letter. Your examples contain less than 30 bits of entropy, and that's not taking into account the hacker will populate their dictionary with frequently appearing words from this forum. Compared to the ~256 bits of entropy in real Bitcoin keys, your method would generate private keys that are 2^226 ~= 1.07839787 × 10^68 times easier to brute-force. 
Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
just for fun i sent you 0.02 btc to that imaginary address
...you'll have to now import it quick before someone else does
Wouldn't getting your private key stolen be the same as getting your wallet.dat stolen?
Really smart, I love it
Just one thing: the priv key has been written somewhere
[NSFNewbies]
Instead you can create yourself your privkey (at least the hex one, 64 characters long,I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
Or if you prefer learn sentences: md5('I love bitcoin').md5('Paypal suxxx') for 1G1b4mbjaCYNxsZJyaWV9qyE5cFVhZxBcy
Or even substr(md5('I love bitcoin'), 0, 14).md5('Paypal suxxx').substr(md5('I love bitcoin'), 14, 18)
Just one thing: the priv key has been written somewhere
[NSFNewbies]
Instead you can create yourself your privkey (at least the hex one, 64 characters long,
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
Or if you prefer learn sentences: md5('I love bitcoin').md5('Paypal suxxx') for 1G1b4mbjaCYNxsZJyaWV9qyE5cFVhZxBcy
Or even substr(md5('I love bitcoin'), 0, 14).md5('Paypal suxxx').substr(md5('I love bitcoin'), 14, 18)
sounds good but will be even better once the mainline client can import the privkey
would be funny if your privkey only existed as a hand-written note.
actually, given 10 or 15 minutes you could probably just memorize it.
would be funny if your privkey only existed as a hand-written note.
actually, given 10 or 15 minutes you could probably just memorize it.
I'm sure a lot of you know of this, but let me explain a method for storing your savings that is quite secure and hard to screw up:
The idea is to use no wallet. All you need to "store" bitcoins is an address. To use these coins, you need the associated private key.
So why not do away with all the wallet.dat securing and fiddling with swapping wallets, securely deleting plaintext versions and all that and just generate a key using vanitygen (https://bitcointalk.org/index.php?topic=25804.0)?
Now simply send your savings to that Address (1JBhAaDAFHRuUjyVrjte6XwSwXpTmGsCSt)
All you need to store is the Privkey (5HyBZhJu2UgjA2nUVSF9infL8KMEeCgSguEz8FXoP2FZGG76NiW). You need to do this securely, of course (print it out, write down, encrypt and mail to friends, put on super-secret usb-drive, or use some other method)
Now when you want to get at your savings later (or verify it's working), you can import the key into any wallet.dat using either the importprivkey rpc command of the bitcoin client (currently still sipa:showwallet patch necessary) or using pywallet.
Additional measure for enhanced security: generate the address(es) on a secure machine with no network connection, known to be non-infiltrated.
Any problems with that approach?
The idea is to use no wallet. All you need to "store" bitcoins is an address. To use these coins, you need the associated private key.
So why not do away with all the wallet.dat securing and fiddling with swapping wallets, securely deleting plaintext versions and all that and just generate a key using vanitygen (https://bitcointalk.org/index.php?topic=25804.0)?
Quote
#> ./vanitygen 1
Address: 1JBhAaDAFHRuUjyVrjte6XwSwXpTmGsCSt
Privkey: 5HyBZhJu2UgjA2nUVSF9infL8KMEeCgSguEz8FXoP2FZGG76NiW
Address: 1JBhAaDAFHRuUjyVrjte6XwSwXpTmGsCSt
Privkey: 5HyBZhJu2UgjA2nUVSF9infL8KMEeCgSguEz8FXoP2FZGG76NiW
Now simply send your savings to that Address (1JBhAaDAFHRuUjyVrjte6XwSwXpTmGsCSt)
All you need to store is the Privkey (5HyBZhJu2UgjA2nUVSF9infL8KMEeCgSguEz8FXoP2FZGG76NiW). You need to do this securely, of course (print it out, write down, encrypt and mail to friends, put on super-secret usb-drive, or use some other method)
Now when you want to get at your savings later (or verify it's working), you can import the key into any wallet.dat using either the importprivkey rpc command of the bitcoin client (currently still sipa:showwallet patch necessary) or using pywallet.
Additional measure for enhanced security: generate the address(es) on a secure machine with no network connection, known to be non-infiltrated.
Any problems with that approach?
Jump to: