Topic: The 25 BTC CASASCIUS PHYSICAL BITCOIN is here! - page 2. (Read 6841 times)

There's no more than 123 bits of entropy due to the abbreviated length.  Bitcoin addresses themselves have no more than 160 bits of entropy because they are based on ripemd160.  I chose this as a tradeoff for space versus time.  It's still quite expensive to brute force 123 bits, especially when the payoff is that you might bump into a 1 BTC coin sometime before the end of the world, and especially considering that each iteration of any attack requires a relatively slow elliptic curve multiplication operation.  Mining is far more lucrative by several orders of magnitude to say the least.  

My source of entropy is the cryptographic secure random number generator in the .NET Framework, in the System.Security.Cryptography namespace, XORed with the SHA256 hash of (mash + incrementing number).  Mash is a constant string produced by me mashing gibberish (was probably 60-70 chars) on the keyboard and is meant as extra entropy against Microsoft's implementation.  (I'm familiar with Debian SSL flaw and thought that this would mitigate the possibility if there were something similar).

This was done on an airgapped machine, the OS installation dedicated just for this purpose, private keys have never touched any machine on the internet.  The hard drive was strictly controlled, and after the private keys were printed on 33 sheets of paper (each individually checked for accuracy), has since been zeroed over in its entirety (with linux) and a new OS installed over top of it.

I recognize and appreciate the importance of generating these keys securely.  It would be an epic fail for me to say "Whoops!  Hacker found your private keys in my temp directory... SORRY" and fortunately I know how not to do that.

There's no such thing as random....

I find these physical coins very interesting, but I just want to make sure I understand some of the technical aspects. I have some understanding of the basics of crypto, but not enough to really evaluate this.

The private key you generate is an SHA-256 hash of these letters that you generate and put on the back of the hologram. So, I assume that you are generating these random letters with a good random data source, and there's at least 256 bits of randomness in there, so in theory using the hash of it as a private key is "as random" as an address generated by the standard client in the usual way? Do i have that right?

And so, in addition to trusting you specifically that you don't keep any records of the private keys that you've loaded onto your coins (intentionally or not), we also need to trust that you've used a good random data source. Could you describe and explain your process to ensure that your generation of private keys is random and secure? (Or please point me in the right direction if you've already done so and I've missed it.)

Thank you.

If you don't mind, go to https://casascius.com and fill out your order, but just put in the notes that you want blanks, and subtract the face value off the total, then you'll get an address and all your info will be in my shipping system.  So I can print the customs form and shipping label straight from the database all in one step.

I am willing to sell the blanks at the same price as the coin minus the face value.  They will arrive with no hologram, the same as if you ordered them with the full value, peeled the hologram, redeemed the BTC, and then cleaned off the residue with a solvent (it comes completely off with Goof-off etc.).

For the 1 BTC coins, I am willing to sell torn open ones for 0.15 BTC on an as-available basis.  These have a real private key and bitcoin address, but nothing has been loaded on them, the sticker has been peeled and restuck (so it shows tamper marks), and the private key has been lightly crossed out.  At the moment I probably have 50 such coins available.

(The offer for 0.15 BTC generally are "mistake" coins, since a percentage always get messed up for one reason or another, such as if I accidentally smudge the label and make the tamper dots appear.  On the other hand, there are no 25 BTC mistake coins, because the coins are worth enough that it's worthwhile to clean them off and redo them in the event of a mistake.)

well the US made private ownership of gold illegal for many years, however now it is perfectly legal.  You are only allowed to carry $10,000 worth of precious metals across the border without declaring it though.

Really?  What country has banned gold?

Love the new coin!

Nice idea!  Diversification in a single coin...make it 1oz and 10 BTC and you have close to an equivalent value in silver and BTC.

Blanks, as in the peeled-open shells?  Or blanks as in ... intact, just with no value?  Even though I wouldn't accept one of these as payment without first verifying the code I wouldn't want the potential for there to be "blanks" floating around.

Good to know, thanks!

Simple with MtGox. Login to your MtGox account and Add Funds using a private key
More info- https://bitcointalk.org/index.php?topic=46908.0;topicseen

Very nice!  BTW, I just received my order of 11 one-BTC coins from you today - I would like to compliment you on your fast delivery.  

What is the process for importing the private key on the back of the hologram into a wallet?
[EDIT: Never mind, I found StrongCoin.]

Yes, they are binary-coded ASCII for: "YOU ASKED FOR CHANGE" "WE GAVE YOU COINS".  Four little dots on the bottom tell you where to start reading.

I really need to post another picture of how it looks under can lights.  Not only does that bring the hologram to life, those 0's and 1's sparkle in a way that make the back coin look encrusted with diamonds.

Beautiful!  Is there any significance to the pattern of 1's and 0's on the back?

No, not paint.  They are really gold plated.  (edited my prior posts to make this more clear)

So in short gold colored paint, but it looks nice though
Silver or Gold coins would trigger attention from governements and can not be freely traded, especially gold is not allowed these days
Some people was thinking of walking over our border with 200 krugerrands mounted in their jackets and belts....
And guess who has the gold now .... indeed the governement, so i do not expect such coins have an actual gold plating and to be honest you do not want that either.

Both.  The surface is gold metal.

When you say gold plated alloy, are you referring to gold as in the color, or gold as in metallic content?

pretty cool. Any possibility of minting one in .999 Fine Silver?  Of course it would cost the value of the silver plus the embedded bitcoins, but I'd buy one in pure silver for sure