Topic: Obfuscation - only to be used by wizards in magic spells, not cryptography - page 3. (Read 5732 times)
September 23, 2013, 12:10:52 PM
The simplest method? Encrypting the wallet is the simplest method. Just type in a password and done.
September 23, 2013, 10:58:26 AM
-MarkM, your answer is confusing. This bit I understand and think is the bottom line:
There are too many possibilities.
The rest of your post I don't really understand what you are saying. 
September 23, 2013, 09:51:32 AM
There are too many possibilities.
Many many years ago HP put out a calculator, the HP-25, which was programmable, but had no card-reader type of thing for recording "programs", which were basically up to 25 stored keystrokes.
They had an example pseudorandom number generator that I typed in so many times for playing tabletop roleplaying games that to this day I still remember it: start with a random number less than one (zero point a bunch of digits), add it to pi, raise it to the fifth power, and take the fractional part.
You could probably do that with some chosen number of digits of accuracy yourself with any of a number of arbitrary accuracy calculators such as 'bc'.
But why do exactly that? Why not use root two instead of pi? Or the golden ratio? Or any other famous number easy to look up on the internet? Why the fifth power? Wouldn't the seventh, or thirteenth, or whatever number you would find easy to remember, work just as well?
This does not even use any of the steps involved in the original post so merely bruteforcing using the original post's repertoire of steps ought not stumble upon it...
Plus what number less than one did you even start with? The genesis block hash with a decimal point in front of it? The date in the headline in the genesis block, expressed in seconds since the purported birthtime of some prophet (with a decimal point in front of it) or what? Etc.
And how many digits accuracy, exactly, did you tell your arbitrary accuracy calculator to use? How does that version of it on that architecture "round" or "truncate" extra digits? Etc.
-MarkM-
Many many years ago HP put out a calculator, the HP-25, which was programmable, but had no card-reader type of thing for recording "programs", which were basically up to 25 stored keystrokes.
They had an example pseudorandom number generator that I typed in so many times for playing tabletop roleplaying games that to this day I still remember it: start with a random number less than one (zero point a bunch of digits), add it to pi, raise it to the fifth power, and take the fractional part.
You could probably do that with some chosen number of digits of accuracy yourself with any of a number of arbitrary accuracy calculators such as 'bc'.
But why do exactly that? Why not use root two instead of pi? Or the golden ratio? Or any other famous number easy to look up on the internet? Why the fifth power? Wouldn't the seventh, or thirteenth, or whatever number you would find easy to remember, work just as well?
This does not even use any of the steps involved in the original post so merely bruteforcing using the original post's repertoire of steps ought not stumble upon it...
Plus what number less than one did you even start with? The genesis block hash with a decimal point in front of it? The date in the headline in the genesis block, expressed in seconds since the purported birthtime of some prophet (with a decimal point in front of it) or what? Etc.
And how many digits accuracy, exactly, did you tell your arbitrary accuracy calculator to use? How does that version of it on that architecture "round" or "truncate" extra digits? Etc.
-MarkM-
September 23, 2013, 09:33:26 AM
I suppose the main question about this approach is whether it can be brute forced in some way? Could you take the encrypted data and somehow brute force it backwards to the original unencrypted key? I don't think it could be, but I'd be glad to hear what others have to say.
September 23, 2013, 09:02:45 AM
I've been reading up on bitcoin wallet security recently and there is no clear winner. It seems to me that there are a whole lot of complex solutions that involve encrypting volumes, memorising long passwords etc. There are many points of failure.
It seems to me that a much simpler method has been overlooked. I see this as a lo-tech solution, that can be widely used by everyone. You only have to memorise 4 or 5 steps to entirely encrypt/decrypt your private key.
You could call it "hiding in plain sight with obfuscation".
Instead of complex software encryption, you can simply take your private key and obscure it with a few personal, easy-to-remember obfuscation rules. Then, simply save the obscured data as a text file, email it to yourself or print it out and you don't have to worry whether anyone steals it or not, as it would be garbage and undecipherable to them.
a).
Take this private key:
5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF
Encrypt:
1. Add/Subtract x to each number (e.g. +5)
0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNydYXYB4KF
2. Shift characters along x places (e.g. +7)
YXYB4KF0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
3. Take a memorable name and swop first with last letter and add symbol to the first letter. So if your cat is called fluffy, you could replace every "F" with "y$". You could mix it up by having a personal rule to alternate the symbol with case, so F->y$ and f->y#
YXYB4Ky$0Kb3kLy#4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
4. Replace a number with a line break (e.g. 4).
YXYB
Ky$0Kb3kLy#
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
5. Transpose lines (e.g. 3 and 2)
YXYB
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
Ky$0Kb3kLy#
Now you have a totally obscured private key that is IMPOSSIBLE to hack without the hacker knowing your obsfucation steps/rules.
If you memorise the obsfucation steps, you now have a totally secure private key, that you can store in plain sight.
The amount of steps you choose is up to you and you can make up your own rules. Maybe you will add another step where you always replace the 10th character with an "M". It's up to you.
b).
If you feel you HAVE to write the steps down (try not to!), they need to be obfuscated to.
The above could be coded as
5_7cat4
Save it in a text file, write it on a piece of paper, carve it in a tree.
Then you keep the calculations in a separate place, which could be written as
----
++$#
3trans2
----
Save it in a different text file, write it on a different piece of paper, carve it in a different tree.
I highly suggest you create your own shorthand notation, which will obfuscate further. There are many ways you can do this, but Google translate is your friend here
Obviously use words you understand. kurang, מינוס
Decrypt with rules in reverse:
YXYB
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
Ky$0Kb3kLy#
>
YXYB
Ky$0Kb3kLy#
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
>
YXYB4Ky$0Kb3kLy#4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
>
YXYB4KF0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
>
0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNydYXYB4KF
>
5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF
The Avenger
It seems to me that a much simpler method has been overlooked. I see this as a lo-tech solution, that can be widely used by everyone. You only have to memorise 4 or 5 steps to entirely encrypt/decrypt your private key.
You could call it "hiding in plain sight with obfuscation".
Instead of complex software encryption, you can simply take your private key and obscure it with a few personal, easy-to-remember obfuscation rules. Then, simply save the obscured data as a text file, email it to yourself or print it out and you don't have to worry whether anyone steals it or not, as it would be garbage and undecipherable to them.
a).
Take this private key:
5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF
Encrypt:
1. Add/Subtract x to each number (e.g. +5)
0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNydYXYB4KF
2. Shift characters along x places (e.g. +7)
YXYB4KF0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
3. Take a memorable name and swop first with last letter and add symbol to the first letter. So if your cat is called fluffy, you could replace every "F" with "y$". You could mix it up by having a personal rule to alternate the symbol with case, so F->y$ and f->y#
YXYB4Ky$0Kb3kLy#4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
4. Replace a number with a line break (e.g. 4).
YXYB
Ky$0Kb3kLy#
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
5. Transpose lines (e.g. 3 and 2)
YXYB
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
Ky$0Kb3kLy#
Now you have a totally obscured private key that is IMPOSSIBLE to hack without the hacker knowing your obsfucation steps/rules.
If you memorise the obsfucation steps, you now have a totally secure private key, that you can store in plain sight.
The amount of steps you choose is up to you and you can make up your own rules. Maybe you will add another step where you always replace the 10th character with an "M". It's up to you.
b).
If you feel you HAVE to write the steps down (try not to!), they need to be obfuscated to.
The above could be coded as
5_7cat4
Save it in a text file, write it on a piece of paper, carve it in a tree.
Then you keep the calculations in a separate place, which could be written as
----
++$#
3trans2
----
Save it in a different text file, write it on a different piece of paper, carve it in a different tree.
I highly suggest you create your own shorthand notation, which will obfuscate further. There are many ways you can do this, but Google translate is your friend here
Obviously use words you understand. kurang, מינוסDecrypt with rules in reverse:
YXYB
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
Ky$0Kb3kLy#
>
YXYB
Ky$0Kb3kLy#
zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
>
YXYB4Ky$0Kb3kLy#4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
>
YXYB4KF0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNyd
>
0Kb3kLf4zgWQnogidDA21MzPL1TsZZY81hWXMssSzNydYXYB4KF
>
5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF
The Avenger
Jump to: