Pages:
Author

Topic: Test writing mistakes: please write down these private keys for me (Read 484 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Task failed successfully.  Tongue
That nicely summarizes my little experiment. I have no idea how people manage to write down useless private keys.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
So, here's the private key written by me:
Code:
KyHmMbp1TvBNBzi6uAAekb6DwtCsUJyYXG5CDrKDv2sCc8h4UfmD

And that's the first private key copied from page 1:
Code:
KyHmMbp1TvBNBzi6uAAekb6DwtCsUJyYXG5CDrKDv2sCc8h4UfmD

Bingo! Same keys.

I tried to mess up with the letters. Task failed successfully.  Tongue

hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Since I have pretty good number memory I waited a bit longer; here is what I wrote down for key 2 and 3, didn't bother to do 1 Grin

Code:
L4on7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g

L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpqYS7nrBLzv9K

Damn second one has an error. I wrote the 'y' so weird that it looks more like 'q'. If I would have written it more carefully maybe I had fixed it up a bit, it doesn't look like all my 'y's but I purposely did it quick and without double check or anything to give a good result for this writing test.

L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpqYS7nrBLzv9K
legendary
Activity: 2730
Merit: 7065
From the software perspective, I think that's a great idea: since 0 and O don't exist, they can be remapped to lowercase o automatically, otherwise indeed a user needs to know that these are not part of the alphabet.
I don't know if automatically changing unsupported characters to supported ones should be done without also providing an explanation to the user of what is going on. I would assume that you are paying attention to what you are entering into the software. If you type in a "0", and Electrum changes it to an "o" the user might think there is a bug in the wallet or something wrong with his keyboard. But if he knows that the wallet is doing that itself and the reason, then I am all for it.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Sorry I could not participate in this kind of testing, but private keys in that format are not meant to be written down by hand. If you do write it down, you must make sure there are no mistakes. The trick is to be extra careful and make sure to distinguish lowercase and uppercase letters, maybe an extra line or dot or something when writing it down.

Since you might end up printing it anyway, I would include a QR code as well. (all done offline, of course).

Seed phrases are meant to be written down by hand, so that's why they are so much easier to write, stamp, engrave, etch.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I am certainly not in a position to propose to Electrum developers what should be included and how because I don't have the underlying skills or knowledge to do so. But I do believe that it can be done.
When entering a mnemonic, Electrum shows a small list of possible words. Something similar could work for private key characters. It should even be possible to instantly brute-force 1 or even 2 incorrect characters in the background, but that may be a bit too much to ask from a wallet.

(the hand written key I received 3 years ago still has a substantial amount of money in it).
Do you have the corresponding public key (it starts with G and is 56 chars long)?
Yes.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
When you attempt to recover your wallet and you type in the private key, when you get to the part where there is an lowercase "o", you might think it's an uppercase "O" or the number "0" because you wrote it down in a weird way.
May I propose an idea? Why not allowing 0 and O, but counting them as o? Same thing for I and l; counting both as i. You could avoid searching what you've written wrong this way.
I just checked the wiki again and it turns out that lowercase i and lowercase o are indeed part of the alphabet. I thought they were omitted as well for some reason.

From the software perspective, I think that's a great idea: since 0 and O don't exist, they can be remapped to lowercase o automatically, otherwise indeed a user needs to know that these are not part of the alphabet.

In Electrum, this function, or actually the lambda expression in the first line of it, checks if the input is valid.

The functions is_address_list and is_private_key_list specify what is classified as valid and what isn't, so I added some code that replaces the keys there and also where they're saved. I don't have enough knowledge about the Electrum codebase, but as a PoC it seems to work and I submitted a pull request.

Neat idea, but it's a bit difficult to implement on few window such as window on below image. The reasons are,
1. You need to know whether user entering private key or address.
2. Bech32 uses different set of character.
I am certainly not in a position to propose to Electrum developers what should be included and how because I don't have the underlying skills or knowledge to do so. But I do believe that it can be done.

The software knows whether you are entering an address or a private key already. It doesn't happen that someone imports a private key and the software recovers a watch-only wallet like if you imported an address. Probably based on the length, checksums, and whatnot. Once it recognizes that the imported/entered string is a private key, the new feature could check if the entered string contains characters that don't belong there, such as "O" or "0". If discovered, a notification would inform the user of the non-allowed characters. With that, it would be easier to recognize mistakes if you know you entered a "0", for example, and you shouldn't have.
The logic how it decides between address list or private key list is very trivial: it checks first that it's not a list of addresses (link) and if not, it checks if it's a list of private keys.
My proposal just replaces the characters which are out of the alphabet with the ones that are (0 => o, O => o, I => i, l => i).
legendary
Activity: 2730
Merit: 7065
Neat idea, but it's a bit difficult to implement on few window such as window on below image. The reasons are,
1. You need to know whether user entering private key or address.
2. Bech32 uses different set of character.
I am certainly not in a position to propose to Electrum developers what should be included and how because I don't have the underlying skills or knowledge to do so. But I do believe that it can be done.

The software knows whether you are entering an address or a private key already. It doesn't happen that someone imports a private key and the software recovers a watch-only wallet like if you imported an address. Probably based on the length, checksums, and whatnot. Once it recognizes that the imported/entered string is a private key, the new feature could check if the entered string contains characters that don't belong there, such as "O" or "0". If discovered, a notification would inform the user of the non-allowed characters. With that, it would be easier to recognize mistakes if you know you entered a "0", for example, and you shouldn't have.
legendary
Activity: 2674
Merit: 1226
Livecasino, 20% cashback, no fuss payouts.
OK I did this yesterday, but about 16 hours ago I think it still counts:) and I made only 1 mistake in the first address, where the "1" I wrote down as "l".

I normally am a slow and careful writer, my 7s have a cross, my 5 and S are very distinct, and my zero has a cross also, but I guess this is a common mistake, because the 1 does look like the letter l. I can't really say if this was because I "saw" a letter, or if I saw the number but my brain forgot to add the top down-dash to make it look like 1.

Very interesting and thanks for sharing, it makes me think a lot now.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Wrote them down. I had forgotten how awful it is to write WIFs. I think that writing them in hex format would be much less tedious.

Check the keys below and tell me which one is easier to read.
Code:
WIF: L2HrVcnLMGssHzXYd1cqoyUB3JJZasJf1WR3ZQujcspzEUHYWf7M
HEX: 9751 8525 1452 acc5 8b06 a490 0f27 e40a 847c ceb1 ca3a f083 f41a 215c 4e40 c77b

When you attempt to recover your wallet and you type in the private key, when you get to the part where there is an lowercase "o", you might think it's an uppercase "O" or the number "0" because you wrote it down in a weird way.
May I propose an idea? Why not allowing 0 and O, but counting them as o? Same thing for I and l; counting both as i. You could avoid searching what you've written wrong this way.
legendary
Activity: 1040
Merit: 2785
Bitcoin and C♯ Enthusiast
(the hand written key I received 3 years ago still has a substantial amount of money in it).
Do you have the corresponding public key (it starts with G and is 56 chars long)?
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I haven't seen any QWERTZ keyboards these days, but perhaps a more common problem is if you are attempting to type on a compact laptop keyboard, or some keypad on a mobile device, as opposed to a regular keyboard.

I had that problem in the past when changing typing language from EN-US to DE-DE or RO-RO. Indeed, now it's no longer that common (maybe the newer OSes are smarter).


I hate writing

Me too, still, I didn't make any error:
Code:
orig: L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpyYS7nrBLzv9K
mine: L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpyYS7nrBLzv9K
legendary
Activity: 2730
Merit: 7065
How can they mistakenly write a 0 instead of an O if both do not ever exist in a base58check encoded string? There is no way they can swap these 2 even if they have no idea that neither is part of the base58check alphabet. They don't need to know to be protected, I hope it's cleared up a bit Grin
You are writing the private key by hand. It's possible to write down the lowercase "o" bigger than it should be on your piece of paper. When you attempt to recover your wallet and you type in the private key, when you get to the part where there is an lowercase "o", you might think it's an uppercase "O" or the number "0" because you wrote it down in a weird way. A wallet like Electrum won't let you proceed and isn't telling you that your private key contains unsupported characters. The person doing the recovery wouldn't know where the mistake is.

I just noticed I made a mistake in my previous post and I corrected it after I saw this reply of yours.

This would be a great feature for Electrum to add: automatically replace non-existing characters by the likely equivalent instead of graying out the Next button.
Either that or adding some feedback that the user has added a non-supported character in his private key and display the characters on screen which aren't supported. Maybe someone with a GitHub account can suggest such a feature to Electrum devs?


Back to the private key. I wrote down the 2nd hey key like this:
L4on7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g

I just compared it to the one in OP. They match. I tried to create a new wallet in Electrum by importing the key, and it works.
I only had problems with the last letter. Had to think a bit whether it's a "g" or a "q", but I went for the correct one.

Interesting test!
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
How can they mistakenly write a 0 instead of an O if both do not ever exist in a base58check encoded string? There is no way they can swap these 2 even if they have no idea that neither is part of the base58check alphabet.
Even though their key can still be recovered, they'll need to figure out the problem before doing so.

If you entered those characters into a wallet such as Electrum, it wouldn't allow you to proceed with the recovery, but you wouldn't know why exactly.
This would be a great feature for Electrum to add: automatically replace non-existing characters by the likely equivalent instead of graying out the Next button.

As for the HD seed discussion or marking upper case: that's great advice if you're creating a new cold storage now, but it doesn't help you if you're stuck with a written down private key (the hand written key I received 3 years ago still has a substantial amount of money in it).



Here's the typed version of my own handwriting:
1. KyHmMbp1TvBNBzi6uAAekb6DwtCsUJyYXG5CDrkDvzsCc8h4UfmD (I was in doubt: the z could have been a 2)
2. L40n7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g (the k could have been a K)
3. L1YqE8Y8FPn2fdBxMfe8wwU3bT5NPEfxMxLujHKpyYS7nrBLzv9K

I've typed all keys twice in an editor, then used CTRL-C to check if they match. Key 1. didn't match my second typing: I had omitted the green 5 the first time.

Now for the real comparison:
1. KyHmMbp1TvBNBzi6uAAekb6DwtCsUJyYXG5CDrkDv2sCc8h4UfmD original
1. KyHmMbp1TvBNBzi6uAAekb6DwtCsUJyYXG5CDrkDvzsCc8h4UfmD typed after writing it down
This confirmed my susicion.

2. L4on7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g original
2. L40n7wrsP2vPyDkYKyTKnEudCTmU9kyH6ra6hiZXzhZWmQzM7v9g typed after writing it down
I didn't notice this while typing, but it's not something that's hard to detect.

3. No differences between the original and what I typed in after writing it down.

Conclusion: I hate writing Tongue But so far this shouldn't be hard to figure out and restore when needed.
Note: when using CTRL-F, tick "Match Case".
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Maybe it's because I'm a QWERTY typist, but it's still good to note.

This can bring another problem: one may think he's on QWERTY and he's actually on QWERTZ, hence typing y and z interchanged. But this may be off topic, since it's OP asked for handwriting.

This is actually a related problem, because people are inevitably going to type their private keys on some airgapped device (for storage purposes) without writing it down.

I haven't seen any QWERTZ keyboards these days, but perhaps a more common problem is if you are attempting to type on a compact laptop keyboard, or some keypad on a mobile device, as opposed to a regular keyboard.
legendary
Activity: 1040
Merit: 2785
Bitcoin and C♯ Enthusiast
Alternatively i would convert the private key to HEX/decimal if i have bad handwriting, but it takes more time and i lost advantage of checksum which offered by WIF.
Your comment woke some old ideas in me, how about converting the key to human readable words? It is easier to write down, typos occur but are less common and easier to detect, it also has a checksum.
An example can be seen below, the private key's binary form is encoded using the same BIP39 scheme which can be converted back to a WIF using the same scheme in reverse.
Code:
L28Peud5cQcijrtMthAdUS8FynpM8PKZtnoUZb1VAio9WxKoebHt
mystery omit wheel view great lemon describe output march trend govern envelope confirm delay woman sweet arrange host waste tourist impose artwork predict crack

I made a new option for it in Denovo, the first two options are for this conversion and the second two are dealing with versioned WIFs (BIP178 and what Electrum briefly used).
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Those aren't much of a problem because 0, O, I, and l are excluded.
Sure, they are but someone new to Bitcoin wouldn't know that, and those are the people who mostly make these mistakes. Even someone familiar with the technology could overlook that and forget which letters can't be part of the private key. If you entered those characters into a wallet such as Electrum, it wouldn't allow you to proceed with the recovery, but you wouldn't know why exactly.
How can they mistakenly write a 0 instead of an O if both do not ever exist in a base58check encoded string? There is no way they can swap these 2 even if they have no idea that neither is part of the base58check alphabet. They don't need to know to be protected, I hope it's cleared up a bit Grin

Quote
use HD seed
Also, for this topic some mistakes related to HD seeds may be relevant, like for example typing another word that is different in writing, but similar in spelling.
I am pretty confident such words have been intentionally excluded exactly because of this. The different wordlists are all thoroughly chosen. As an example, from the Italian wordlist rules:

11. If 3 of the first 4 letters are already used in the same sequence in another mnemonic word, there must be at least other 3 different letters.
12. If 3 of the first 4 letters are already used in the same sequence in another mnemonic word, there must not be the same sequence of 3 or more letters.

Rules 11 and 12 prevent the selection words that are not different enough. This makes each word more recognizable among others and less error prone. For example: the wordlist contains "atono", then "atomo" is rejected, but "atomico" is good.
copper member
Activity: 1652
Merit: 1901
Amazon Prime Member #7

I'm participating to this experiment because I expect that it will help the average Joe who comes here only after he no longer can import his private key.
For us, the ones who participate to this forum on a daily basis, i think that there's a much easier way to avoid mistyping the humanly-counterintuitive private key: use HD seed. The chances to mistype beyond recovery those English words are much much smaller.
I agree, I think it is far superior to use a seed in all cases, but especially if you are going to write down your backup.

If you are using a BIP 39 seed, I understand you only need the first 3 letters of a seed word to know the entire seed word (when dealing with the English word list). If you are not sure what the first 3 letters are, the rest of the word will narrow down the potential words. If you are missing information about some of your words, the number of potential seeds is much lower than when dealing with a private key.
hero member
Activity: 813
Merit: 1944
Quote
use HD seed
Yes, but using HD seed is not easy in case of Bitcoin Core. You can dump your wallet to some text file and read xprv in this way, but still, this is base58-encoded. Of course in case of wallets like Electrum you can use HD seed as for example 12 words, but if you want to import that into Bitcoin Core wallet, then you have to import it key by key or use some tool that will convert it for you on-the-fly.

Also, for this topic some mistakes related to HD seeds may be relevant, like for example typing another word that is different in writing, but similar in spelling.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!

I'm participating to this experiment because I expect that it will help the average Joe who comes here only after he no longer can import his private key.
For us, the ones who participate to this forum on a daily basis, i think that there's a much easier way to avoid mistyping the humanly-counterintuitive private key: use HD seed. The chances to mistype beyond recovery those English words are much much smaller.
Pages:
Jump to: