I would like to remind everyone, that the wallet seed "steal my coins" generates address "tBagH6WKM1o9MVhw9pvNhnbP1h1gAfbigf". So if you would like your vanity address to be tBag, use that wallet seed and the private key is "3ed08cdafcabfcf1b3d335311a38fe671987bd54f8b5c5d9ead5108f721a8770"
A small server with 100 AMD GPUs can brute force 1 trillion passwords per second.
- 16 bits of entropy = 0.0000006 seconds to steal all coins secured with a password with 16 bits of entropy
- 32 bits of entropy = 0.0042949 seconds to steal all coins secured with 32 bits of entropy
- 48 bits of entropy = 281 seconds to steal all coins secured with 48 bits of entropy
- 64 bits of entropy = 18,000,000 seconds to steal all coins secured with 64 bits of entropy
- 128 bits of entropy = 34,000,000,000,000,000,000 years to brute force at 1 trillion hashes/second
- 256 bits of entropy = 34,000,000,000,000,000,000 years squared, to brute force at 1 trillion hashes/second
Wallet seed security guidelines:numbers only password
-3.3 bits per character
lower case letters and numbers
- 5.2 bits per character
lower and upper case letters and numbers
- 5.9 bits per character
lower,upper case letters, numbers and symbols
- 6.2 bits per character
So a 10 digit number will have 3.3*10 bits = 33 bits of entropy. That password will be cracked in 0.0004 seconds and your coins will be looted.
You think your wallet password is secure. Someone has a GPU cluster than can break that password. So once they get the wallet file, its over. If they are able to get your wallet file, it probably means you have key logger on your computer, so they just have to wait anyways.
We are assuming worst case. This is for using md5 for hashing. The Skycoin deterministic wallet generation function uses SHA256 and elliptic curve multiplication operations, so is ten thousand to 1 million times slower. A top end Intel i7 can do about 1,000 to 8,000 passwords/second. So instead of taking 281 seconds, it actually takes atleast 281 thousand seconds to steal coins if your seed has 48 bits of entropy.
64 bits is minimum that is secure. 128 is minimum recommended. Skycoin uses 256 bit by default.
Human generated passwords are not secure either. They are not random. The theoretical entropy is higher than the actual entropy achieved in practice.
We will switch to word based 128 bit pass phrases from word, that are machine generated, like Electrum uses. It is dangerous to allow users to choose their own passwords, but we allow this. Just make sure not to shoot yourself in the foot.
It is safer to let the machine generate the seed for you.However, if you copy the seed into a clipboard then it can be stolen by trojan on computer. If you type the seed, it can be stolen by key logger or by radio emissions from your keyboard. Using an onscreen keyboard is safer.
Hardware Key Storage Device:For generating and loading keys on to a hardware key storage devices, we will need to fund open source hardware keypad. Could be $10 to $30. A hardware key storage device can be as simple as a $1 ARM processor on a PCB board.
This is a $1 ARM processor, 32 bit, 50 Mhz, 16 Kb of flash memory. Just enough for a program and a few private keys. The cost is $1.15 to manufacture. The PCB board is $0.10, the other components are less than a penny each and total unit will cost $0.30 within two years and the 500 Mhz ARM processors will be $1 soon.
If you want to add an LCD screen, then it costs $4. If you want an LCD screen, a key pad and ability to connect to internet over GSM using a SIM card, then its $12. This is what we will be carrying our coins around on 48 months from now.
The level of security this provides is absolute. Coins cannot be stolen, even if your operating system is infected on every level.
Obama Coins:If you cannot protect your coins "You dont own that".We need to work towards good default security. Coins can be a pass-phrase on a piece of paper in a wallet, a string of words that can be memorized. They can be transmitted across borders in a few bits in seconds. They cannot be seized. No one can even prove they exist. They can be sub-divided infinitely and used as easily to buy a candy bar as a multi-million dollar business transaction.
They offer a level of security and convenience not possible with gold
- gold can be physically seized during war, civil unrest or by broke governments
- 10 tons of gold bars are heavy. You find out your house was built on a swamp and your neighbors notice your house is sinking into ground unevenly from the weight.
- moving 10 tons of gold bars across the border is frustrating
- selling 10 tons of gold is problematic
- selling 10 tons of gold discretely will require taking a haircut. You risk seizure or theft even attempting this.
- even if gold is stored securely overseas, it can be stolen by the custodian without the owner having legal recourse. The thefts in offshore centers make MtGox and Madoff look insignificant.
- 12.4 kg gold bars are difficult to sub-divide for small transactions
- gold is heavly tracked and the government knows whose door to knock down when it is having budget problems
- Gold shows up as a completely black, dense, blackhole on xray scanners. Broke countries are setting up xray scanners at all travel choke points, airports, border crossing, scanning every shipping container in order to grab any gold leaving or entering the country. America is even developing vans with xray machines, which are useless for detecting cash or drugs and can only be used to to detect people transporting either guns or gold. We are already seeing governments seizing properly left and right and selling it without trial or legal pretense.
- DARPA is developing drone and vehicle mounted radar technology with radar that penetrates concrete, rock, walls and can look into home locate gold to enable seizure by broke governments. The same technology being developed to locate guns and disarm insurgencies overseas will be turned against citizens when the budget crisis hits.
- no one knows how much gold exists or if future technological advances will increase supply in future
Crypto-Coins
- weigh nothing
- cannot be seized if proper security is take
- can be taken across borders as a memorized phrase or incantations on a piece of paper
- are infinitely divisible from millions of dollars down to grocery shopping
- can move across borders with greater speed and lower fees than wire transfers
- can effortlessly move across borders
- do not show up on FEMA xray vans
- the total number of coins is fixed by mathematics and cannot increase in the future
So I think crypto-coins will clearly replace gold and other assets in the future. The advantages are one sided.
That wont happen until the default (the easiest way) is immune to having coins stolen. We need to make holding coins more secure than hoarding gold in a basement. We are 70% of the way there.
