Author

Topic: text encoding and regenerating keys and bitcoin addresses (Read 3200 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I'll email myself a story, just a few sentences long.
I'll send this mnemonic to my yahoo and gmail accounts.
Comments, criticisms, suggestions?

Don't email it, even to yourself. Just a suggestion.

For the amount of trouble, keeping it on your person is a much better idea. Stitching on your clothes is also a good idea.

Some other ideas: money belts.
legendary
Activity: 1974
Merit: 1030
Of course, if you can memorize it and not forget, that would be better. I just don't trust my brain that much yet on seldom used information. I memorize my email and passwords even if it is 32 characters long, but that's because I use it every day.

Exactly, the trick is using the password everyday. Of course you can't type it in your online computer but you should imagine that you're telling it to someone else or something like that, something that makes you actually recall each and every word in the passphrase.
sr. member
Activity: 304
Merit: 380
Considering what's at stake, going to the trouble of doing it from scratch the way I did is well worth it, in my opinion.  I patiently researched the issue.  Then when I understood it well, I did the work.  No shortcuts.  That's how you get something right.

Next I want to use salt or something to generate several different passphrases from the original one (while avoiding an undue increase in the mnemonic load), so I can divide my gelt into small piles for safer storage.  Now how would you go about it?
legendary
Activity: 1106
Merit: 1016
090930
There's a better way.  Mnemonics.
I made a passphrase of English words from a list of about 54 thousand words.  Easy enough to do if you concatenate a bunch of scrabble lists, turn them into comma separated files, import them into a spreadsheet; then use random numbers to select a series of words from the list.  For a wordlist of 54k, six words give you about 94 bits of entropy.  If you're lazy you can just use the diceware list, but at only 7776 words you will need a longer passphrase.  Seven words would give you 90 bits of entropy.
Now for the mnemonics part.  Instead of saving the passphrase itself, I'll save something that will remind me of the passphrase. 
I'll email myself a story, just a few sentences long.  Each sentence will be tailored to jog my memory about one of the words.  I'll send this mnemonic to my yahoo and gmail accounts.  I'll probably also keep the passphrase or mnemonic on my person.  Sewing it into my waistband seems like too much trouble.  Probably just write something on a slip of paper and keep in my wallet or passport.
Comments, criticisms, suggestions?

This (diceware style brainwallets) is exactly the approach I recommend.
To make it even easier: check out my signature Wink
sr. member
Activity: 304
Merit: 380
There's a better way.  Mnemonics.
I made a passphrase of English words from a list of about 54 thousand words.  Easy enough to do if you concatenate a bunch of scrabble lists, turn them into comma separated files, import them into a spreadsheet; then use random numbers to select a series of words from the list.  For a wordlist of 54k, six words give you about 94 bits of entropy.  If you're lazy you can just use the diceware list, but at only 7776 words you will need a longer passphrase.  Seven words would give you 90 bits of entropy.
Now for the mnemonics part.  Instead of saving the passphrase itself, I'll save something that will remind me of the passphrase. 
I'll email myself a story, just a few sentences long.  Each sentence will be tailored to jog my memory about one of the words.  I'll send this mnemonic to my yahoo and gmail accounts.  I'll probably also keep the passphrase or mnemonic on my person.  Sewing it into my waistband seems like too much trouble.  Probably just write something on a slip of paper and keep in my wallet or passport.
Comments, criticisms, suggestions?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Will your bitcoins be useful to you if you are dead? If not, then I suggest something that you always keep with you, like a necklace, or a ring on your finger, or a small card in your physical wallet.

You may be traveling, but you need to be wearing clothes or at least have a little bag with you. It's so easy to hide or stitch something to your underwear or pants or undershirt, or stuck to your passport (which I take it, you guard very well so you won't lose it.)

There are special wallets for this purpose, usually sold to travelers, you hide it under your clothes. For passports, for credit cards, for cash.

Even the bad guys do it. Osama bin Laden stitched a few dollars onto his clothes when they killed him.

Quote
Osama bin Laden had cash totaling 500 Euros and two telephone numbers sewn into his clothing when he was killed.

Some people say use marine stainless steel, plastic, tungsten... For clothes, I suggest you embroider either the passphrase or the private key itself on cloth. Then you stitch that on your clothes or jacket that can hang from your belt. It can even get wet.

Of course, if you can memorize it and not forget, that would be better. I just don't trust my brain that much yet on seldom used information. I memorize my email and passwords even if it is 32 characters long, but that's because I use it every day.
sr. member
Activity: 304
Merit: 380
Using a brainwallet for something you mean to forget about seems a little risky. Noone plans to get dementia, but it can happen with age.

Wouldn't a paper wallet be a better choice?

You might be worried about printouts to be stolen/lost in fire. Upcoming versions of Armory are planned to support Shamir Secret Sharing, so you could make a 2-out-of-3 paper wallet, meaning you need any 2 printouts to access your coins.

http://bitcoinarmory.com/about/using-our-wallet/
NO, a paper wallet would most emphatically not be a better choice.  And adopting a wallet that requires access to even more pieces of paper is worse.
I am a traveler.  I don't have a home or even a home town.  When it comes time to spend some of my stored bitcoin, I may be in Asia or South America, not sitting on my couch down the street from some bank where I stored a paper wallet in a safe deposit box.
A brain wallet isn't all that different from a paper wallet.  And I don't have to rely on memory alone.
legendary
Activity: 1106
Merit: 1016
090930

When you submit a passphrase to a hashing algorithm, your text must first be unencoded to binary form, right?  Then hashed. 
When I use a utility like bitaddress.org or brainwallet.org, for the purpose of decoding the text into a binary form does it see my passphrase as ASCII, UTF-8, or what?
Let's say I create a brainwallet following instructions here:
http://www.reddit.com/r/Bitcoin/comments/1bhffb/how_to_create_and_use_an_offlineonly_wallet/
I memorize or preserve my passphrase, store bitcoins at the address bitaddress.org generated from the passphrase, and leave them there, untouched, for a long time.
Several years from now I decide to retrieve those coins.  How can I be sure I will still be able to regenerate my private key?  Bitaddress.org and bitwallet.org may be gone; and I don't even know how they used text encoding in the first place.  How can I be sure I'll be able use my passphrase to regenerate my private key in the distant future?

They are just using plain text - for that matter, perhaps it may help you to look at our 30-line neuron/NoBrainr python script (see signature), which does SHA256(passphrase) and produces identical results to both of these websites.
full member
Activity: 168
Merit: 100
Using a brainwallet for something you mean to forget about seems a little risky. Noone plans to get dementia, but it can happen with age.

Wouldn't a paper wallet be a better choice?

You might be worried about printouts to be stolen/lost in fire. Upcoming versions of Armory are planned to support Shamir Secret Sharing, so you could make a 2-out-of-3 paper wallet, meaning you need any 2 printouts to access your coins.

http://bitcoinarmory.com/about/using-our-wallet/
sr. member
Activity: 304
Merit: 380
Yeah, it's a little over my head.
Like I said, I just want to be able to put funds in a brain wallet and be absolutely sure I can retrieve the funds several years down the road.  It's all my retirement money.
I've been reading through this thread:
https://bitcointalksearch.org/topic/ann-bitaddressorg-safe-javascript-bitcoin-addressprivate-key-43496
took several hours just to wade through the first dozen pages or so, but I understood a lot of it.
I came upon something that concerns me in this post:
https://bitcointalksearch.org/topic/m.913296
"if i only ever send to the non-compressed bitcoin address, then i must import the non-compressed private key to spend them.
That's right."
What would this mean for my future ability to spend if I used bitaddress.org to generate several uncompressed addresses and deposited bitcoins in them?
full member
Activity: 168
Merit: 100
From https://en.bitcoin.it/wiki/BIP_0038:
Quote
Parameters: passphrase is the passphrase itself encoded in UTF-8.

Brace yourself, I found it rather overwhelming. Smiley
sr. member
Activity: 304
Merit: 380
You could backup bitaddress.org.
Yes, I have the file stored, and if I could read code I might be able to look at bitaddress.com's Javascript and see how it handles text unencoding.  Do you know what text encoding/unencoding scheme it works on?
full member
Activity: 168
Merit: 100
You could backup bitaddress.org.

It's all javascript, so saving the html file is all you need to do.
sr. member
Activity: 304
Merit: 380

When you submit a passphrase to a hashing algorithm, your text must first be unencoded to binary form, right?  Then hashed. 
When I use a utility like bitaddress.org or brainwallet.org, for the purpose of decoding the text into a binary form does it see my passphrase as ASCII, UTF-8, or what?
Let's say I create a brainwallet following instructions here:
http://www.reddit.com/r/Bitcoin/comments/1bhffb/how_to_create_and_use_an_offlineonly_wallet/
I memorize or preserve my passphrase, store bitcoins at the address bitaddress.org generated from the passphrase, and leave them there, untouched, for a long time.
Several years from now I decide to retrieve those coins.  How can I be sure I will still be able to regenerate my private key?  Bitaddress.org and bitwallet.org may be gone; and I don't even know how they used text encoding in the first place.  How can I be sure I'll be able use my passphrase to regenerate my private key in the distant future?
Jump to: