force utf-8 encoding and add simple retry logic on bad ...

Brute force bitcoin brain wallets with Go

submitted by oguzbilgic to golang [link] [comments]

Brute force bitcoin brain wallets with Go

Brute force bitcoin brain wallets with Go submitted by oguzbilgic to Bitcoin [link] [comments]

Is brute force brain wallet still profitable in 2020 ? (x-post from /r/Bitcoin)

submitted by ASICmachine to CryptoCurrencyClassic [link] [comments]

Daedalus seed

Hi Everyone
I was playing with daedalus wallet and noticed that the seed is verified by some algo for daedalus to be happy to create a wallet out of it. I intended to create my own (slightly modify the daedalus generated one) to make it more secure by using multi-language seeds and / or create "related" wallets by changing a word or two in the original seed. The idea of using multi language seeds came as a countermeasure to Ryan Castellucci's concept of brute-forcing bitcoin brain-wallets.
Any comments on this ? Would Daedalus allow "custom" seeds. I know that allowing people to choose their own seeds (brain-wallets) could lead to weakening the wallet (as Ryan proved) but allowing to slightly modify the daedalus created one could actually help if you used multi-language words.
Or do we simply consider an "english dictionary" to the power of 12 strong enough against brute-force attack ?
But to me it seems that the strict rule of creating the seed makes the seed space way smaller than "english dictionary" to the power of 12
I am happy to be corrected if i misunderstood the concept of the seed.
Regards Peter
submitted by Pytya to cardano [link] [comments]

The custodial middle ground / trade-off

Lets face it, storing bitcoins safely is still a pain for the average Joe and this still presents a hurdle for mainstream adoption. Until UI/UX improves to a level that all but eliminates this hurdle we will still contend with this issue, if it ever will. The average person just wants to log in with a username and password and see money with very little or no risk of it being gone (in the event that it is gone, there is some insurance). Custodial wallets have the risk of the providers just disappearing, seized or getting hacked. Non-custodial wallets means the owner has to think up ways to store the mnemonic seed; paper, metal, stone, encrypted file, brain?? Stress!!
I have a solution; still vague in my mind as I do not currently have the time or technical ability to pull this off. A second layer network built on top of bitcoin, lets call it Hunter. This will basically be a backup for seeds where seeds will be encrypted using a user's password and maybe another easily derived number and the cipher will be divided up and stored on other nodes on the network. The nodes to be stored on will be derived pseudo-randomly from the password (and the number) therefore each node will either not have a user's encrypted seed or will just have a very small part of the encrypted seed stored. The pseudo-random algorithm will give a different set of nodes if the number of nodes in the network changes from the time the user stored the encrypted seed.
Now if the user loses or forgets the seed, the user can get it back by scouring the network, of course, by paying other nodes a small amount of bitcoin to retrieve the portion of the encrypted seed (hunting). The trick here is to ensure that the pseudo-random sequence makes it more probable for a user who knows the password to contact far less nodes than an attacker who is engaging in a system wide hunt (brute forcing) thus paying far less bitcoin to nodes to retrieve the seed than the attacker.
Problems
There are other problems but I cannot remember them now. I assume employing RAID and smart contracts will minimize or solve some of these problems.
Also if someone will be kind enough to drop a formula to calculate the security of your backup on this network based on the number of nodes in it.
RAID https://en.wikipedia.org/wiki/RAID
submitted by rujotheone to Bitcoin [link] [comments]

ELI5 How does hacking brain wallets work?

I keep reading about people having bitcoin stolen from brain wallets. Can someone explain the process to me? From what I understand, the thief throws passwords combinations at the blockchain until eventually he gets confirmation that he has found a valid passphrase. How do they get confirmation they've found a valid passphrase and then link that to a wallet?
Is the brain wallet system seriously flawed? I was going to set up a brain wallet for a family member, but maybe this isn't such a good idea?
submitted by LordAlwood to Bitcoin [link] [comments]

Satoshi birthday 7 million quiz

To celebrate Satoshi's birthday I am giving away a brain wallet with some satoshis on it. Not much, only 7 million, which is about $350 now. This is just for fun and to experiment with this format. Maybe help people learn about brain wallets.
I have just sent the satoshis to the first address in the brain wallet.
To find the seed, answer the following 7 quiz questions (multiple choice). The SHA 256 hash of all correct answers combined is the wallet seed. Insert one space between answers.
Brute forcing all 16384 possible combinations is a trivial exercise if you are prepared for this kind of quiz and have hours or days of time at your disposal. I count on that not being the case and the race getting decided by who gets the perfect answer first by either knowing the answer or searching faster than others. From that point on it still takes some time to derive and sweep the relevant private key from the brain wallet seed. And of course you need to know how to do that in the first place. If multiple perfect scoring answers compete in that race, it may be a matter of luck which sweeping transaction confirms first.
Let's see how long it takes before someone sweeps that address. It will be interesting to see if it takes more or less than the average ten minutes for finding a block.
  1. On December 7, 2010 a) There was a guy describing himself as an ordained priest offering to "bless your dildo" for only one bitcoin on the Bitcoin subreddit. b) Satoshi was a moderator of the Bitcoin subreddit with the user name noagendamarker. c) The Bitcoin subreddit had less subscribers than Satoshi's age at the time. d) There were were only two posts about price on the Bitcoin subreddit.
  2. Satoshi chose April 5 as his birthday because the American government prohibited private holding of gold on that day. Which of the following is correct? a) The government paid less than the world market price for gold when they prohibited private holding that day. b) Roosevelt had the authority to do this under the Trading with the Enemy Act of 1917 and the executive order also prohibited importing gold into the United States. c) Franklin D. Roosevelt required all American citizens by executive order 6102 to deliver all of their gold at the fixed price of $20.67 before May 1st. d) In a challenge to this executive order the government won by a 6 to 3 majority decision at the Supreme Court.
  3. If you mined bitcoins on Satoshi's 34th birthday, you would on average mine (according to a post by Satoshi) a) A few tens of bitcoins a day. b) A few bitcoins a day. c) A few thousand bitcoins a day. d) A few hundred bitcoins a day.
  4. Which of the following Bitcoin burn addresses has the largest balance? a) 1AndrewYangForPresident2o2ozm6Pzd. b) 1WarrenForPresident2o2oxxxy3DCZMZ. c) 1SandersForPresident2o2oxxxvYnPyW. d) 1TRUMPforPresident2o2oxxxxxAvY6s.
  5. The author of a paper proposing a practical escrow cash system in 1996 was a) Satoshi Sakamoto. b) Tatsuaki Okamoto. c) Satoshi Nakamoto. d) Tatsuaki Nakamura.
  6. The small girl looking at the two most famous pizzas in history in 2010 was a) wearing a red t-shirt. b) wearing a green t-shirt. c) wearing a blue t-shirt. d) wearing a yellow t-shirt.
  7. RPOW was a proof-of-work based system using trusted computing. It ran on a) an IBM 4758 PCI Cryptographic Coprocessor. b) an Intel 4758 PCI Cryptographic Coprocessor. c) an AMD 4758 PCI Cryptographic Coprocessor. d) a Dell 4758 PCI Cryptographic Coprocessor.
submitted by AoiNakamoto to Bitcoin [link] [comments]

DOGE support has been added to SWIFT's web/mobile wallet

DOGE support has been added to SWIFT's web/mobile wallet
https://preview.redd.it/1xbpzdjf5ey21.png?width=346&format=png&auto=webp&s=089cca3e0de1578fd106361ca89df3bbf7e7fe0a

SwiftCash - Web Wallet

SWIFT's web wallet is an open-source wallet written in html, css and javascript. All signatures are handled on the client-side and private keys never leave the browser. To secure the account of users who login with an email and password rather than a private key, the wallet hashes the email and passsword 144,000 times, and then uses the final hash to create an address and private key in the end. The wallet also enforces very strong passwords using a password strength meter to further secure the accounts against brute-force attacks.

Hosting

This web wallet is hosted on github, and can be verified and accessed via the following links:
To avoid becoming a victim of phishing attacks, make sure you always double check the domain in your browser's address bar. You can also download the wallet and run it locally. But you're still going to need Internet in order to transact with the blockchain.

BTC, LTC and DOGE Support

Bitcoin, Litecoin and Dogecoin transactions are created and signed locally and then sent to their own networks using api(s) provided by https://chain.so/ - https://www.blockcypher.com is also used for following up on transaction details.

Login With Your Private Key(s)

You can login with a SwiftCash, Bitcoin, Litecoin or Dogecoin private key. If you login with a SwiftCash private key, the wallet will generate a Bitcoin, Litecoin and Dogecoin address using your SwiftCash private key. If you login with a Bitcoin private key, the wallet will generate a SwiftCash, Litecoin and Dogecoin address using your Bitcoin private key. And so will be the case if you login with a Litecoin or Dogecoin private key. It is however highly recommended to use email and password to login if you intend to stash all your cryptos in the same wallet per se, and only use the login with private key feature to spend your paper or brain wallets.

Transaction Fees

The wallet enforces a minimum of 0.002 SWIFT, 0.0001 BTC, 0.001 LTC and 1 DOGE transaction fees and allows users to increase this fee. To help avoid situations in which ridiculously high fees are paid by accident, the wallet enforces a maximum of 0.2 SWIFT, 0.01 BTC, 0.1 LTC and 100 DOGE transaction fees.

Change Addresses

By default, all changes are sent back to the sender's address. To specify a custom change address, click on the funnel icon. You need to specify a custom change address everytime you login or switch between different coins, to override the default behavior.

Notes

  • To copy your address, click on the copy icon next to your address.
  • To refresh your balance, click on the lightning icon next to your balance.
  • To view your balance in US dollars, click on your balance.
  • To specify a custom change address, click on the funnel icon.
  • To change/adjust the transaction fee, click on the wrench icon.
  • To copy your private key, click on the key icon.

License

Copyright (C) 2018-2019 SwiftCash Developers
This software is provided as is and with no warranty under the MIT license.

Donation Addresses

  • SWIFT: SXucSXaV5HURNyJUWnPrVFHTdRzoU2u19F
  • BTC: 1BccQgoLLvHDrfX1yMQmwM8tyemNe84ZjJ
  • LTC: LVqZfu7ARaXH7UDB9VQ5DNCfBs8eqfRRNx
  • DOGE: DFkhwwjyeLBWPfhchwQLV7JVrnVg45zgh6

Support

For support, join http://discord.swiftcash.cc

Whitepaper

To find out more about SwiftCash, consider reading our whitepaper! https://swiftcash.cc/assets/whitepaper.pdf
submitted by msg768 to dogecoin [link] [comments]

Words are Hard: Defining Common Terms in the Ethereum / Crypto Space

Wallet

Account

Address ("Public Key")

Public Key

Private Key

Keystore File

Mnemonic Phrase

Hardware Wallet:

AddressIdenticon / AddressIcon:

Hexadecimal

Seed

Brain Wallet

Entropy

TO DO STILL:

Derive / Derivation

Encryption

Encrypted vs Unencrypted Keys

Ledger

Difference between an exchange or hosted wallet & a wallet you control

Node

Client (+ Light Client)

DAG

Decentralized

Blockchain

Gas (Gas Limit vs Gas Price)

ICO

DAO

Fork (Soft Fork vs Hard Fork)

Smart Contract

Ðapp

Hash

Multisig Wallet / Wallet Contract

WEI vs GWEI vs Shannon vs Ether

All feedback, rewrites, clarification, typo-fixing, and requests for additions are more than welcome. 😃
submitted by insomniasexx to ethereum [link] [comments]

Bitfi Hardware Wallet & Why you should care

Bitfi is a global payments technology company based in the US that enables businesses and consumers to securely participate in a decentralized economy. Their mission is to accelerate the growth and adoption of digital assets. This past week the company released their Knox hardware wallet focusing mainly on user-friendliness and air-gapped security. When visiting the homepage of the Bitfi website they state its “the worlds first un-hackable device”, and seeing this as someone who has been in the computer space for over 15 years it can bring a sense of unease. Ignoring the fact that they supposedly have John Mcafe now on their team, let us dig in further to what makes this device so remarkable.
The transition of storing cryptocurrencies on any type of cold wallet can seem highly technical for someone who is inexperienced with encryption technology. If sets of rules are not followed funds can be lost forever. Bitfi intends on making this easier and safer for the average individual. Instead of having to write down a 24-word mnemonic phrase or separate private keys for each coin, and then worrying on how to safely store it from theft or damage. Bitfi created an algorithm, which acts similar to a brain wallet giving a user the freedom to make a long unique phrase they can easily remember (for example: “[email protected]”) will be specific for them and impossible to guess or brute force.
Unlike popular cryptocurrency hardware devices such as Trezor or Ledger Nano S, the Bitfi Knox wallets DO NOT store the user's private keys in the hardware. If the Bitfi Knox device is stolen or seized and then taken apart the keys are unable to be retrieved. Since there are no private keys are stored on the device there is also no potential for a “man in the middle” or distribution attack that can occur where a user's keys are stolen prior to actually receiving the device. We saw this happen when unfortunate consumers purchased the Ledger Nano S from 3rd party sellers this past year.
As explained by CEO Daniel Khesin, the Bitfi Knox wallet is not a storage device but rather a separate CPU running calculations for their open sourced algorithm. A secret phrase the user created will calculate the private key to sign for transactions made on the Bitfi dashboard. The device will also update automatically to the latest firmware when connected to Wi-Fi, and routes to company node that allows a user to view all their balances on the device. Bitfi will also release an app on the phone that will work with the Knox wallet to allow their users to purchase products and services on the go.
The device itself has a smartphone type of look to it with an LED Touchscreen, multi-currency support, dashboard and other additional customizable features. Bitfi plans on continually integrating blockchain assets every few weeks. They currently support Bitcoin, Ethereum (ERC20 tokens), EOS, NEO/GAS, Litecoin, and lastly Monero being the first company to functionally implement the popular privacy coin on their wallet without additional downloads from Github.
On their webpage, it looks as if the wallet already went on sale, and within a short period of time sold out entirely. In my opinion, I have never heard of a hardware wallet that performs like this so I am interested in purchasing one just to see if Bitfi Knox succeeds in its functional promise.
'The Most Comprehensive Cryptocurrency Wallet Guide': Simona Vaitkune https://medium.com/@fastinvest/the-most-comprehensive-cryptocurrency-wallet-guide-5e820a26ed44
CEO Daniel Khesin (podcast) https://www.futuretechpodcast.com/podcasts/daniel-khesin-founder- bitfi-worlds-first-un-hackable-crypto-wallet/
Bitfi (comparables to other storage) http://bitfi.com/bitfi-wallet
Bitfi (news) https://btcmanager.com/bitfi-and-mcafee-announce-unhackable-crypto-wallet/
submitted by Pizdie to Monero [link] [comments]

Quizchain Introduction

This introduction will briefly describe how to solve puzzles and claim prizes on the quizchain.
See also my Wattpad story with another introduction and much context:
https://www.wattpad.com/story/184148284-second
I will use the most recent block at the time of writing, which was block 13.
If you want to claim the prize for a block, you need to find a solution and what to put in the TOMI field, except when I don't have one.
The question for this block was "Kraaz". To solve this, apply the well known Atbash method to the question, which resolves it to "Pizza" (this block was posted on Bitcoin Pizza day). If you don't know what Atbash is, have a look at the relevant Wikipedia article. It is a simple cipher method known for more than 2000 years. I use it quite a lot here.
Once you got that, you need to find what to put in the TOMI field. TOMI means "thinking only method". I use that field when the solution has low entropy and would easily be brute forced without such a countermeasure. It is very unpopular with many players and responsible for much complexity in the more difficult blocks.
The basic rule for what to put there is: Work from your solution and then put a decisive hint to that solution in the TOMI field. That may be the method, in this case Atbash. Or it may be something else. In this case I said in the block that I wanted the relevant name, which was the name of the Pizza buyer, Laszlo Hanyecz.
Once you find both solution and TOMI field, write it up like this:
Pizza TOMI Laszlo Hanyecz
Then take a MD5 hash of that string with your favorite hashing tool. Check for the first three digits. Often I give them in the block description. In this case I gave b5e.
If your hash matches that, there is a good chance you have solved the block.
Go to the Ian Coleman BIP39 tool at https://iancoleman.io/bip39/.
Check the first box there (show entropy details). That opens a field where you paste your hash. Watch as the tool calculates for a moment or two.
Then look at the bottom of the page at the "Derived Addresses" section. If the first public address there matches the one indicated in the funding transaction of the block, you can be sure you have the right solution.
Copy the first private key (found at the left). Swipe that key with any Bitcoin wallet software (look for a menu point "cold storage").
Once you are done with that go to the block and post a comment indicating that you solved the block. That way other players know that they don''t need to bother anymore. And I know that a human player solved the block, as opposed to some bot or other.
Posting the solution and your process in finding it is also very welcome, though you may want to wait until your prize claiming transaction is confirmed.
Here are a couple of general rules on how to find solutions fast.
Some of the blocks have a dead end that people are supposed to fall for. If your solution seems obvious and turns out to be not successful, maybe it is not actually the solution.
For some blocks I also post the first digit of solution only and TOMI field only MD5 hash. These are supposed to help rule out dead ends fast. They will still give false positives on an average rate of 16 to 1.
Look at past blocks and the methods I used there. I have the complete quizchain documented in my Wattpad story on the experiment, available at my Twitter feed @NakamotoAoi. In many cases once you understand the method the rest is very easy.
Many blocks are impossible to solve without context. Context may refer to a new chapter of the Wattpad story, information in the brain wallet for the last block or recent Bitcoin news.
If you find a block to be difficult, it probably is. In that case, you may want to wait for the first hint. When blocks need hints to solve them, I try to annnounce the hint in advance, to give all players the same chance. In many cases, a block is solved very soon after the first hint.
I hope this helps and thank you for playing the quizchain.
submitted by AoiNakamoto to Grycoin [link] [comments]

Basic Bitcoin security guide

Hello,
This post is to give you a quick introduction into Bitcoin security. While nobody can guarantee you 100% security, I hope to mitigate some problems you can run into. This is the “20% of effort to get you to 80% safe”.
First of all, you have to determine how much money you want to hold in Bitcoin and how much effort are you willing to put in. If you are happy just holding a few dollars worth and don’t care if you lose them, that’s one approach to take. For everyone else, lets get started.
Password strength
A lot of the times how secure your money is will be determined by the strength of your password. Since in the worst case scenario we are talking about someone trying to brute force your wallet, casual online passwords are too weak. Under 10 characters is too weak. Common words and phrases are too weak. Adding one number to a password at the end is too weak.
Moreover, you can consider your password much weaker if you:
If you want a really strong password:
Wallet security
Now we are getting to the meat of things.
There are a number of wallets available to store your hard earned bitcoins. If you have a decent amount of coins to store, you should look into software wallets - BitcoinQT, MultiBit, Armory or Electrum. They are among the best place to store your money safely (provided your computer is secure as well). Chose one you think best suits you, install it and encrypt your wallet file with your strong password. You should take your wallet file and back it up (location of the file is different for different clients, so you have to do some research as to where to find that file). Back it up on a CD, safe USB drive or the like. Keep them safe. If you lose that file, you will lose your money.
A quick word on deterministic wallets. Electrum and Armory allow you to create wallets from a seed. If you use the same seed later, you can recreate your wallet on other machines. With deterministic wallets, you only need to keep that seed secure to have access to your money.
In comparison, in BitcoinQT's traditional wallet, every address you use is random, meaning that after you send 50-100 outgoing transactions your backups can be obsolete. Always keep an up-to-date backup of such wallet file if possible.
Okay, sometimes you need to have your Bitcoins with you when you leave your computer. In this case, you should look into either online or mobile wallets. A staple for both of those is Blockchain.info, but there are others to chose from.
A good rule of thumb with these is to not store more money in them than you can afford to lose. They are best used as a convenient way of accessing some money, not storing your savings. Online wallets are especially vulnerable to their servers getting hacked and people’s money getting stolen.
What to keep in mind while using online wallets:
  • Use a secure password (the more money you have in them the stronger the password should be)
  • Always keep a backup of your wallet in case you need to recover your money
  • Whenever possible, enable two factor authentication
  • Don’t use your online wallets from unsafe computers
Cold storage
Sometimes you want to store your bitcoins for a long time in a safe place. This is called “cold storage”. There are a few ways one can do this.
First of all, paper wallets. They are nice for giving people small bitcoin gifts, but also for long-term storage if properly used. What you want to do is generate and print them offline. You can save the linked page for example and run that offline. If you are really paranoid, you can put it on read-only media and access that from a different computer. For really long term storage, use archival-grade paper.
Another approach to take is using a separate computer for storing your money that is offline 99+% of the time. You could set one up easily by buying an old laptop, reformatting it, installing Linux and a Bitcoin client. Generate an address on that machine and send money to it from your main wallet. Depending on how paranoid you are you can connect that computer to the Internet afterwards to synchronize data with the Bitcoin Network and then turn it off and put it away somewhere safe until it’s needed.
Brain wallets
Don’t. They are not for you. Unless you are a security-conscientious programmer, those are not for you.
Diversifying
Keeping all of your eggs in one basket is never a good thing. You should look into diversifying some of your Bitcoin assets in case your other storage methods fail. Some ways you can diversify:
  • Buy a physical Bitcoin. As long as you trust the coin creator such coins can be an effective cold storage
  • Invest - I wouldn’t recommend this for more than some trivial amount unless you know what you are doing, but investing in some Bitcoin stocks could be a way to get more money out of your bitcoins
How not to diversify:
  • Avoid keeping your bitcoins at exchanges or other online sites that are not your online wallets. Such sites can be closed down or disappear along with your money.
  • Alt-coins - there are few cryptocurrencies that are worthwhile, but most of them are just Bitcoin clones. If a currency brings nothing new, it’s worthless in comparison to Bitcoin. Namecoin is a distributed domain name server (although recently it had a fatal flaw uncovered, so be warned), Ripple is a distributed currency exchange and payment system. Litecoin will only be useful in case Bitcoin’s hashing algorithm gets compromised (very unlikely at this time). Beyond that there are few if any alt-coins that are a worthwhile way of diversifying.
Accepting payments and safety
We’ve covered safe ways to store money, now a quick note about bitcoin payments and their safety.
First of all, when you are sending a transaction, pay your fees. Transactions without fees can take forever to propagate, confirm and clear. This can cause you a lot of stress, so pay your fees.
Secondly, when accepting large Bitcoin payments (say you want to suddenly cash in a gold bar into bitcoins), wait for at the very least 1 confirmation on those transactions. 6 is best, but having even 1 confirmations is a lot better than having none. This is mainly a rule of thumb for the paranoid (I wouldn’t be doing this for most casual transaction), but maybe it will save you if you are dealing with some shady people.
Wrapping up...
That should cover the basics. If you want to read more about Bitcoin’s security in general, here is my master thesis on the subject. A lot of questions about Bitcoin and security have also been answered on Bitcoin StackExchange - be sure to check it out.
Comments and improvement suggestions welcome.
EDITS:
  • Removed link to insecure site
  • Removed random article section
  • Added information about deterministic wallets
submitted by ThePiachu to Bitcoin [link] [comments]

I invested all of my Bitcoin to a brain wallet.... it's gone. Help me understand what happened?

So, I've been buying bitcoin for a while, little by little, and decided to create a "savings" account of sorts. I thought a really sweet way to handle it was to create a brain wallet.
I used the tool here: http://bitcointools.appspot.com
I memorized an arbitrary string of letters and numbers to create a private key and address. I found it super cool because this address has never been attached to a wallet of any sort on any computer, so I thought it'd be super freaking secure. If I ever needed any of its funds, I'd punch in the generated private key and attach it to a new wallet.
Here's my address, created entirely from my memorized string of characters sent through one round of SHA256:
https://blockchain.info/address/14kzRY5rLmXUwgM2ZKbMtWSfouuvpT2PAL
I had 18.5BTC here. As of today, it's all gone. A transaction happened earlier today that I certainly didn't initiate. It was all sent to a brand new address I've never seen before, and the transfer of my BTC to this one is the only transaction ever for this other address.
I'm wrecked. This is a ton of money, and I thought I had the safest solution ever using a brain wallet. The private key string of mine was not at all cryptologically inpenetrable.... however I can't fathom how it would have been brute forced or "guessed". It was a string of letters and numbers with a discernible pattern, but it is a string of characters that I guarantee have never been typed on the internet, ever, outside of the two or three times I typed it out on the bitcointools address to confirm that I wasn't accidentally sending my bitcoin to a black hole.
Reddit, how does something like this happen? Is there some kind of absurd chance that the funds transferred to this new address somehow have an assocation with the private key that generated my original address? Is there some chance that the bitcoin appspot website tracks stuff people type to steal wallets?
I'm even willing to share the damn private key string I invented to someone respectable in the Bitcoin community to help them do research on what happened. I have nothing to lose. This really, really sucks. I decided to be "safe" and put everything there, so that's all the BTC I ever had.
EDIT: looks like the only logical explanation is that the bitcointools site is being run by a scammer. Why it took a month for him to steal my coins I have no damn idea, but I'm devastated. :( Guys, please upvote this so people can be aware to NOT create brain wallets using this damn site!!
I've learned my lesson for the future. Once I get out of this state of shock, I'm going to get an encrypted wallet.dat, put it in a safe place, back it up, lock it up, and that will be the end of it. All offline.
EDIT 2: to you guys who sent btc tips to me to help me return, I thank you very, very much.
submitted by Turkeyslam to Bitcoin [link] [comments]

Secure paper wallet tutorial

This is my handout for paranoid people who want a way to store bitcoin safely. It requires a little work, but this is the method I use because it should be resistant to risks associated with:
  1. Bad random number generators
  2. Malicious or flawed software
  3. Hacked computers
If you want a method that is less secure but easier, skip to the bottom of this post.
The Secure Method
  1. Download bitaddress.org. (Try going to the website and pressing "ctrl+s")
  2. Put the bitaddress.org file on a computer with an operating system that has not interacted with the internet much or at all. The computer should not be hooked up to the internet when you do this. You could put the bitaddress file on a USB stick, and then turn off your computer, unplug the internet, and boot it up using a boot-from-CD copy of linux (Ubuntu or Mint for example). This prevents any mal-ware you may have accumulated from running and capturing your keystrokes. I use an old android smart phone that I have done a factory reset on. It has no sim-card and does not have the password to my home wifi. Also the phone wifi is turned off. If you are using a fresh operating system, and do not have a connection to the internet, then your private key will probably not escape the computer.
  3. Roll a die 62 times and write down the sequence of numbers. This gives you 2160 possible outcomes, which is the maximum that Bitcoin supports.
  4. Run bitaddress.org from your offline computer. Input the sequence of numbers from the die rolls into the "Brain Wallet" tab. By providing your own source of randomness, you do not have to worry that the random number generator used by your computer is too weak. I'm looking at you, NSA ಠ_ಠ
  5. Brain Wallet tab creates a private key and address.
  6. Write down the address and private key by hand or print them on a dumb printer. (Dumb printer means not the one at your office with the hard drive. Maybe not the 4 in 1 printer that scans and faxes and makes waffles.) If you hand copy them you may want to hand copy more than one format. (WIF and HEX). If you are crazy and are storing your life savings in Bitcoin, and you hand copy the private key, do a double-check by typing the private key back into the tool on the "Wallet Details" tab and confirm that it recreates the same public address.
  7. Load your paper wallet by sending your bitcoin to the public address. You can do this as many times as you like.
  8. You can view the current balance of your paper wallet by typing the public address into the search box at blockchain.info
  9. If you are using an old cell phone or tablet do a factory reset when you are finished so that the memory of the private keys is destroyed. If you are using a computer with a boot-from-CD copy of linux, I think you can just power down the computer and the private keys will be gone. (Maybe someone can confirm for me that the private keys would not be able to be cached by bitaddress?)
  10. To spend your paper wallet, you will need to either create an offline transaction, or import the private key into a hot wallet. Creating an offline transaction is dangerous if you don't know what you are doing. Importing to a client side wallet like Bitcoin-Qt, Electrum, MultiBit or Armory is a good idea. You can also import to an online wallet such as Blockchain.info or Coinbase.
Trusting bitaddress.org
The only thing you need bitaddress.org to do is to honestly convert the brainwallet passphrase into the corresponding private key and address. You can verify that it is doing this honestly by running several test passphrases through the copy of bitaddress that you plan on using, and several other brainwallet generators. For example, you could use the online version of bitaddress, and brainwallet and safepaperwallet and bitcoinpaperwallet. If you are fancy with the linux command line, you can also try "echo -n my_die_rolls | sha256sum". The linux operating system should reply with the same private key that bitaddress makes. This protects you from a malicious paper wallet generator.
Trusting your copy of bitaddress.org
Bitaddress publishes the sha1 hash of the bitaddress.org website at this location:
https://www.bitaddress.org/pgpsignedmsg.txt
The message is signed by the creator, pointbiz. I found his PGP fingerprint here:
https://github.com/pointbiz/bitaddress.org/issues/18
"527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A"
With this fingerprint, you can authenticate the signed message, which gives you the hash of the current bitaddress.org file. Then you can hash your copy of the file and authenticate the file.
I do not have a way to authenticate the fingerprint itself, sorry. According to the website I linked to, git has cryptographic traceability that would enable a person to do some research and authenticate the fingerprint. If you want to go that far, knock yourself out. I think that the techniques described in this document do not really rely on bitaddress being un-corrupt. Anyway, how do we know pointbiz is a good guy? ;-)
There are a lot of skilled eyes watching bitaddress.org and the signed sha1 hash. To gain the most benefit from all of those eyes, it's probably worthwhile to check your copy by hashing it and comparing to the published hash.
"But we aren't supposed to use brainwallets"
You are not supposed to use brainwallets that have predictable passphrases. People think they are pretty clever about how they pick their passphrases, but a lot of bitcoins have been stolen because people tend to come up with similar ideas. If you let dice generate the passphrase, then it is totally random, and you just need to make sure to roll enough times.
How to avoid spending your life rolling dice
When I first started doing this, I rolled a die 62 times for each private key. This is not necessary. You can simply roll the die 62 times and keep the sequence of 62 numbers as a "seed". The first paper address you create would use "my die rolls-1" as the passphrase, the second would be "my die rolls-2" and so on. This is safe because SHA256 prevents any computable relationship between the resulting private key family.
Of course this has a certain bad security scenario -- if anyone obtains the seed they can reconstruct all of your paper wallets. So this is not for everyone! On the other hand, it also means that if you happen to lose one of your paper wallets, you could reconstruct it so long as you still had the seed.
One way to reduce this risk is to add an easy to remember password like this: "my die rolls-password-1".
If you prefer, you can use a technique called diceware to convert your die rolls to words that still contain the same quantity of entropy, but which could be easier to work with. I don't use diceware because it's another piece of software that I have to trust, and I'm just copy/pasting my high entropy seed, so I don't care about how ugly it is.
Why not input the dice as a Base 6 private key on the Wallet Details tab?
Two reasons. First of all, this option requires that you roll the die 99 times, but you do not get meaningful additional protection by rolling more than 62 times. Why roll more times if you don't have to? Second, I use the "high entropy seed" method to generate multiple private keys from the same die rolls. Using the Base 6 option would require rolling 99 times for every private key.
I'm a big nerd with exotic dice. How many times to roll?
Put this formula in Excel to get the number of times to roll: "=160*LOG(2,f)" where f = number of faces on the die. For example, you would roll a d16 40 times. By the way, somewhat unbelievably casino dice are more fair than ordinary dice
The "Change address" problem:
You should understand change addresses because some people have accidentally lost money by not understanding it.
Imagine your paper wallet is a 10 dollar bill. You use it to buy a candy bar. To do this you give the cashier the entire 10 dollar bill. They keep 1 dollar and give you 9 dollars back as change.
With Bitcoin, you have to explicitly say that you want 9 dollars back, and you have to provide an address where it should go to. If you just hand over the 10 dollar bill, and don't say you want 9 dollars back, then the miner who processes the transaction gives 1 dollar to the store and keeps the remainder themselves.
Wallet software like Bitcoin-Qt handles this automatically for you. They automatically make "change addresses" and they automatically construct transactions that make the change go to the change address.
There are three ways I know of that the change problem can bite you:
  1. You generate a raw transaction by hand, and screw up. If you are generating a transaction "by hand" with a raw transaction editor, you need to be extra careful that your outputs add up to the same number as your inputs. Otherwise, the very lucky miner who puts your transaction in a block will keep the difference.
  2. You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the paper wallet. The change is not in the paper wallet. It is in a change address that the wallet software generated. That means that if you lose your wallet.dat file you will lose all the change. The paper wallet is empty.
  3. You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the change address that the wallet software generated. If the transaction did not need to consume all of the "outputs" used to fund the paper wallet, then there could be some unspent outputs still located at the address of the paper wallet. If you destroyed the paper wallet, and destroyed the copy of the private key imported to the wallet software, then you could not access this money. (E.g. if you restored the software wallet from its seed, thinking all of the money was moved to the wallet-generated change addresses.)
For more on this, see here
The hot paper wallet problem
Your bitcoin in your paper wallet are secure, so long as the piece of paper is secure, until you go to spend it. When you spend it, you put the private key onto a computer that is connected to the internet. At this point you must regard your paper wallet address as hot because the computer you used may have been compromised. It now provides much less protection against theft of your coins. If you need the level of protection that a cold paper wallet provides, you need to create a new one and send your coins to it.
Destroying your paper wallet address
Do not destroy the only copy of a private key without verifying that there is no money at that address. Your client may have sent change to your paper wallet address without you realizing it. Your client may have not consumed all of the unspent outputs available at the paper wallet address. You can go to blockchain.info and type the public address into the search window to see the current balance. I don't bother destroying my used/empty paper wallet addresses. I just file them away.
Encrypting your private key
BIP 0038 describes a standardized way to encrypt your paper wallet private key. A normal paper wallet is vulnerable because if anyone sees the private key they can take the coins. The BIP38 protocol is even resistant to brute force attacks because it uses a memory intensive encryption algorithm called scrypt. If you want to encrypt your wallets using BIP38, I recommend that you use bitcoinpaperwallet because they will let you type in your own private key and will encrypt it for you. As with bitaddress, for high security you should only use a local copy of this website on a computer that will never get connected to the internet.
Splitting your private key
Another option for protecting the private key is to convert it into multiple fragments that must be brought together. This method allows you to store pieces of your key with separate people in separate locations. It can be set up so that you can reconstitute the private key when you have any 2 out of the 3 fragments. This technique is called Shamir's Secret Sharing. I have not tried this technique, but you may find it valuable. You could try using this website http://passguardian.com/ which will help you split up a key. As before, you should do this on an offline computer. Keep in mind if you use this service that you are trusting it to work properly. It would be good to find other independently created tools that could be used to validate the operation of passguardian. Personally, I would be nervous destroying the only copy of a private key and relying entirely on the fragments generated by the website.
Looks like Bitaddress has an implementation of Shamir's Secret Sharing now under the "Split Wallet" tab. However it would appear that you cannot provide your own key for this, so you would have to trust bitaddress.
Durable Media
Pay attention to the media you use to record your paper wallet. Some kinds of ink fade, some kinds of paper disintegrate. Moisture and heat are your enemies.
In addition to keeping copies of my paper wallet addresses I did the following:
  1. Order a set of numeric metal stamps. ($10)
  2. Buy a square galvanized steel outlet cover from the hardware store ($1)
  3. Buy a sledgehammer from the hardware store
  4. Write the die rolls on the steel plate using a sharpie
  5. Use the hammer to stamp the metal. Do all the 1's, then all the 2's etc. Please use eye protection, as metal stamp may emit sparks or fly unexpectedly across the garage. :-)
  6. Use nail polish remover to erase the sharpie
Electrum
If you trust electrum you might try running it on an offline computer, and having it generate a series of private keys from a seed. I don't have experience with this software, but it sounds like there are some slick possibilities there that could save you time if you are working with a lot of addresses.
Message to the downvoters
I would appreciate it if you would comment, so that I can learn from your opinion. Thanks!
The Easy Method
This method is probably suitable for small quantities of bitcoin. I would not trust it for life-altering sums of money.
  1. Download the bitaddress.org website to your hard drive.
  2. Close your browser
  3. Disconnect from the internet
  4. Open the bitaddress.org website from your hard drive.
  5. Print a paper wallet on your printer
  6. Close your browser
submitted by moral_agent to BitcoinWallet [link] [comments]

Introducing NanoWarpWallet, a Nano Brain Wallet/Paper Wallet Generator using Scryp

edit: oops, I typo'd the title. Should be Scrypt not Scryp ;)
Hello all!
I've released the first version of my brain wallet generator, NanoWarpWallet! You can check out the hosted version here: https://termhn.github.io/nanowarpwallet and the GitHub repo here: https://github.com/termhn/nanowarpwallet
What is NanoWarpWallet? NanoWarpWallet is a fork of the original WarpWallet used for making Nano wallets instead of bitcoin ones. It is a deterministic Nano wallet generator. What this means is that you never have to save or store your wallet seed or account private key directly anywhere. Instead, you pick a good passphrase - see the section of the site about choosing a password - and never use it for anything else. Then, whenever you want to access your actual wallet seed or private key, you put your password back into NanoWarpWallet and it will generate the same wallet seed and account as before as long as the same password and salt was used as input. This is what "deterministic" means. Much like other wallet generators, all of this is done on your computer only; an external server is never contacted after you download the initial page. This has a number of benefits, but also a number of possible weaknesses.
"Brainwallets" are often frowned upon in the cryptocurrency community because the safety of a brainwallet is entirely based on how strong of a passphrase you choose to protect it with, and most times the chosen passphrases are not good. NanoWarpWallet takes steps to minimize this by using large iterations of scrypt and pbkdf2 as well as a salt in order to make brute-forcing much more difficult. The original WarpWallet still has an unclaimed 20 BTC bounty for anyone who can break a wallet with only an 8 character password and a known salt.
The benefits of a brain wallet done properly are that, in theory, you don't have to store your password anywhere but in your own brain. You can use a method like a mnemonic peg to memorize a password very thoroughly. However, even if you do store your password, you'll be guarded against the most common malware that tries to specifically steal crypto wallets since your password will not be in the form that they are looking for. This allows you to disguise your Nano password in ways that make it look quite innocuous unless someone is targeting you specifically, which is quite unlikely unless you have a ridiculous sum that you regularly advertise online.
The weaknesses are that, if you choose a bad password, an attacker could very easily take your coins, since the only thing they need to be able to generate your secret key (and therefore take control of your wallet) is your password. WarpWallet adds two improvements over the traditional brainwallet to try to mitigate these weaknesses:
  1. WarpWallet uses scrypt to make address generation both memory and time-intensive. This means that it takes a matter of several seconds to run a password through the algorithm and get the resulting private and public key, rather than a matter of a fraction of a millisecond like with a traditional brainwallet generator.
  2. You can "salt" your passphrase with your email address. Though salting is optional, we recommend it. Any attacker of WarpWallet addresses would have to target you individually, rather than netting you in a wider, generic attack, since they would need to add your email address together with your password. And your email is trivial to remember, so why not?
However, even with these safegaurds, it's not infallible. If you use a bad password, even with a salt, your coins are still easily stolen. This is why I have a whole section on the tool dedicated to how to choose a good password.
One of the other interesting "feature" of the tool is the ability to verify that the code in the GitHub repository is the same code that is compiled and hosted on the live web version. What does this mean for you as far as security?
The uncompiled source code is actually quite short and easy to understand, so it's much easier for community members that know javascript (or even yourself) to analyze it. It also uses directly other open source libraries for all the cryptographic functions, only tying them together into an easy to use interface. This means that, again, the actual code itself is quite easy to understand and verify.
In order to verify this for yourself, head over to the github page: https://github.com/termhn/nanowarpwallet and follow the instructions there.
It would be awesome for some community members to do this, and for anyone willing to inspect the code as well and post their results and any concerns they have. That's how open source programs can start to be trusted and where the security comes from: when many eyes are looking at something, it's a lot harder for bugs or intentional security loopholes to sneak through.
Also, I wanted to take advantage of and help spread other community projects, so I registered my name to my address on Nanode at @gray. If you wish to donate (no need), you can definitely do so there!
If you're a programmer and want to implement NanoWarpWallet yourself, here is the algorithm used.
s1 = scrypt(key=(passphrase||0x1), salt=(salt||0x1), N=218, r=8, p=1, dkLen=32) s2 = pbkdf2(key=(passphrase||0x2), salt=(salt||0x2), c=216, dkLen=32, prf=HMAC_SHA256) seed = s1 ⊕ s2 accountPrivateKey = blake2b(seed||accountIndex) accountPublicKey = ed25519_publickey(accountPrivateKey) accountAddress = hexToWIF(accountPublicKey) 
submitted by termhn to nanocurrency [link] [comments]

The way to create and use a Brain Wallet

First off, I understand that brain wallets are easier to break into with brute force techniques, but as long as I have a sufficiently long and random passphrase it shouldn't matter. In addition to memorizing the phrase, I will create some form of backup.
To create a wallet, all I need to do is create a sufficient phrase, choose a hash function like sha256, and create a private key. From the private key, I can get the public key. And this is fairly simple to do, as my understanding goes.
The problem I'm having trouble figuring out is how to use and maintain the brainwallet. As I have read, when you initiate a transaction using your brain-wallet, the remaining coins left in your wallet may not stay in your brain-wallet, they may go to a different "change" address. But not always, it depends on the transaction sent to the network.
So if my goal is to have a simple, reasonably-secure, brain-wallet that I can store bitcoins on and spend from, what method should I use?
  1. How the heck do I specify the "change address"? Could I write my own transactions so I have complete control and just use some service to push them onto the network?
  2. Should I care if the "change" address is the same brain-wallet? If it doesn't matter, what's the simplest, safest, way to spend?
  3. If I need a new change address every time, this defeats the defeats the purpose of the brain wallet, unless the method you recommend can generate many private keys deterministically from 1 pass phrase. From there, you just use the next address on the list as the "change address". But even this, if the generation uses a complicated algorithm, the purpose of the brain wallet is partially defeated, because now you can't create the private key easily without using someone else's software. If the generation algorithm was simple enough or followed a standard, like sha256 for example, then you could memorize the algorithm so you essentially own everything in that case which is fine.
  4. Many "solutions" I have read about this include transferring into a "hot software wallet" to spend, and then transferring the change back to a new or same address. This requires 2 transactions at a minimum, one to spend the coins, the other to transfer the coins from the software wallet to your cold-storage wallet. I want a solution that doesn't require 2 transaction fees.
Any advice / recommendations is appreciated. I am still new to this technology.
submitted by BigglesWerth to Bitcoin [link] [comments]

Bitfi Hardware Wallet & Why you should care

Bitfi is a global payments technology company based in the US that enables businesses and consumers to securely participate in a decentralized economy. Their mission is to accelerate the growth and adoption of digital assets. This past week the company released their Knox hardware wallet focusing mainly on user-friendliness and air-gapped security. When visiting the homepage of the Bitfi website they state its “the worlds first un-hackable device”, and seeing this as someone who has been in the computer space for over 15 years it can bring a sense of unease. Ignoring the fact that they supposedly have John Mcafe now on their team, let us dig in further to what makes this device so remarkable.
The transition of storing cryptocurrencies on any type of cold wallet can seem highly technical for someone who is inexperienced with encryption technology. If sets of rules are not followed funds can be lost forever. Bitfi intends on making this easier and safer for the average individual. Instead of having to write down a 24-word mnemonic phrase or separate private keys for each coin, and then worrying on how to safely store it from theft or damage. Bitfi created an algorithm, which acts similar to a brain wallet giving a user the freedom to make a long unique phrase they can easily remember (for example: “[email protected]”) will be specific for them and impossible to guess or brute force.
Unlike popular cryptocurrency hardware devices such as Trezor or Ledger Nano S, the Bitfi Knox wallets DO NOT store the user's private keys in the hardware. If the Bitfi Knox device is stolen or seized and then taken apart the keys are unable to be retrieved. Since there are no private keys are stored on the device there is also no potential for a “man in the middle” or distribution attack that can occur where a user's keys are stolen prior to actually receiving the device. We saw this happen when unfortunate consumers purchased the Ledger Nano S from 3rd party sellers this past year.
As explained by CEO Daniel Khesin, the Bitfi Knox wallet is not a storage device but rather a separate CPU running calculations for their open sourced algorithm. A secret phrase the user created will calculate the private key to sign for transactions made on the Bitfi dashboard. The device will also update automatically to the latest firmware when connected to Wi-Fi, and routes to company node that allows a user to view all their balances on the device. Bitfi will also release an app on the phone that will work with the Knox wallet to allow their users to purchase products and services on the go.
The device itself has a smartphone type of look to it with an LED Touchscreen, multi-currency support, dashboard and other additional customizable features. Bitfi plans on continually integrating blockchain assets every few weeks. They currently support Bitcoin, Ethereum (ERC20 tokens), EOS, NEO/GAS, Litecoin, and lastly Monero being the first company to functionally implement the popular privacy coin on their wallet without additional downloads from Github.
On their webpage, it looks as if the wallet already went on sale, and within a short period of time sold out entirely. In my opinion, I have never heard of a hardware wallet that performs like this so I am interested in purchasing one just to see if Bitfi Knox succeeds in its functional promise.
'The Most Comprehensive Cryptocurrency Wallet Guide': Simona Vaitkune https://medium.com/@fastinvest/the-most-comprehensive-cryptocurrency-wallet-guide-5e820a26ed44
CEO Daniel Khesin (podcast) https://www.futuretechpodcast.com/podcasts/daniel-khesin-founder- bitfi-worlds-first-un-hackable-crypto-wallet/
Bitfi (comparables to other storage) http://bitfi.com/bitfi-wallet
Bitfi (news) https://btcmanager.com/bitfi-and-mcafee-announce-unhackable-crypto-wallet/
submitted by Pizdie to BitcoinAll [link] [comments]

Why did Ethereum make it possible to unlock wallets by only knowing the private key? This sounds insane.

Hi everyone. I want to move my ETH to cold storage and am using MyEtherWallet.com
I stopped when I realized that all you need is the private key to unlock a wallet without even knowing the public address. The dev of the wallet explained to me that it would take too much computational power to do such thing. Can anyone verify that this is true? And even if it is, why would Ethereum set it up this way? It seems like it would've made more sense to go the traditional route of requiring the owner of account to know the username/password combination instead of requiring just a password to gain access.
Below is the link and the portion in question.
https://www.myetherwallet.com/#help
  1. Couldn't everybody could put in random private keys, look for a balance, and send to their own address?
Short version: yes, but finding an account with a balance would take longer than the universe...so...no.
Long ELI5 Version: So Ethereum is based on Public Key Cryptography, specifically Elliptic curve cryptography which is very widely used, not just in Ethereum. Most servers are protected via ECC. Bitcoin uses the same, as well as SSH and TLS and heaps of other stuff. The Ethereum keys specifically are 256-bit keys, which are stronger than 128-bit and 192-bit, which are also widely used and still considered secure by experts.
In this you have a private key and a public key. The private key can derive the public key, but the public key cannot be turned back into the private key. The fact that the internet and the world’s secrets are using this, or a variation of, this cryptography means that if for some reason there is suddenly a way to go from public key -> private key, your lost ETH is the least of everyone’s problems.
Now, that said, YES if someone else has your private key then they can indeed send ETH from your account. Just like if someone has your password to your email, they can read and send your email, or the password to your bank account, they could make transfers (or maybe pay your bills). For this reason, you could download the Keystore version of your private key which is the private key, encrypted with a password. This is like having a password that is also protected by another password.
And YES, in theory you could just type in a string of 64 hexadecimal characters until you got one that matched. In fact, smart people could write a program to very quickly check random private keys. This is known as "brute-forcing" or "mining" private keys. People have thought about this long and hard, especially when Bitcoin exploded. With a few very high end servers, they may be able to check 1M+ keys / second. However, even checking that many per second would not yield access to make the cost of running those servers even close to worth while - it is more likely you, and your great-grandchildren, will die before getting a match.
If you know anything about Bitcoin, this will put it in perspective: To illustrate how unlikely this is: suppose every satoshi of every bitcoin ever to be generated was sent to its own unique private keys. The probability that among those keys there could be two that would correspond to the same address is roughly one in 100 quintillion.
If you want something a bit more technical, take a look here: These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.
Of course, this all assumes that keys are generated in a truly random way & with sufficient entropy. The keys generated here meet that criteria. geth/Mist as well. Jaxx as well. The Ethereum wallets are all pretty good. Keys generated by brainwallets do not, as a person's brain is not capable of creating a truly random seed. There have been a number of other issues regarding lack of entropy or seeds not being generated in a truly random way in Bitcoin-land, but I'll save that for another day.
submitted by ynotplay to ethereum [link] [comments]

Multisignature + Brain Wallet = Ultimate in Easy Security

I've been using a brain wallet for a while now and just moved all my long-term deep-freeze cold storage coins into what I realized is a much better solution. I created a 7 of 7 multisig address and then created 7 easy to remember brain wallets to use as my 7 keys.
This solves pretty much all the downsides of a brain wallet that most people complain about. The 7 things are super easy for me to remember so there is no chance of me ever forgetting what they are. A brute force/dictionary attack becomes completely infeasible as it would need to crack seven separate keys while simultaneously trying to verify every single potential combination of seven keys that it creates.
This opens up a lot of phrases that were already useless. For instance, with a single brain wallet you would be a total idiot to try and use a line from your favorite song, no matter how obscure, because the brute/dictionary attacks will figure it out.. only a matter of time. But now you could take a whole verse of that same song.. split it up into maybe 8 lines .. create 8 brain wallet addresses .. and combine them into one ulta-high security multisig address.
I just think it's pretty damn awesome how, over time, my bitcoins are becoming more and more secure. Every day.
submitted by bonerlickerz to Bitcoin [link] [comments]

Giving a tech talk about Bitcoin to my company

So the internet company I just started working for has occasional hour long tech talks and a slot opened up this week. I offered to give a talk about Bitcoin. There's a lot of interest already, partly because I'm new and partly because btc is so hot right now.
Reddit, I would like your help with making this awesome. Below are my scribbly notes of the high points I'd like to hit. ANything I am missing? Since it is only an hour I cannot go into too much detail (and I am far from an expert in the protocol, but the best way to learn something is to teach it!)
I was going to call it:
Bitcoin: VIRES IN NUMERIS - in numbers we trust
Show the vimeo video: http://vimeo.com/63502573
PROTOCOL
MINING
EXCHANGES
WALLETS
USAGE
submitted by supership79 to Bitcoin [link] [comments]

YSK: The linux command "echo 'passphrase' | shasum" generates a valid Brainwallet key without using external applications.

Edit: There's a small error in the title. It's Sha256sum, not shasum.
It is recommended that you use this in a live CD. If you use a Live CD you can use this method even if you're a Windows user.
There is a linux command that allows you to easily generate Brainwallet keys without needing to use or trust external services. Here's the instructions:
  1. Open a terminal.
  2. Type "unset HISTFILE". This will turn off the terminal's history.
  3. Type "echo -n 'your secret phrase here' | sha256sum"
  4. Safe the output to a secure place.
Now you've got the private key to your new Brainwallet Bitcoin Address.
Import it to your favourite client, which will recalculate the corresponding public address or download a copy of www.bitaddress.org and use the "Wallet details" section while offline.
Now you know both: The private key and the public address. The brain wallet can be regenerated at any point using the same command. It is the same brainwallet that www.brainwallet.org would generate.
Important: You should do all this from a live CD for better security. A live CD is a new operating system that runs straight from a CD and is not affected my any malware you have on your computer.
You should also be totally disconnected from the internet. If you download a copy of bitaddress on an USB, you can then plug it in and use while using the live CD.
I recommend Lubuntu, a lightweight distribution: www.lubuntu.net
Update: Use this website to calculate how strong your passphrases are against a Brute Force attack https://www.grc.com/haystack.htm (assuming you don't use dictionary words only).
submitted by DanielTaylor to Bitcoin [link] [comments]

My Heir Wallet. Any suggestions?

My Heir Wallet
I decided I needed something slightly different than a paper wallet or a brain wallet. I am calling it an Heir Wallet. The idea is to have an offline wallet to store Bitcoins, with a private key that is defined by a hash of some answers that are commonly known by my heirs. My spouse and children should know the answers to all of the clues. Others will likely know the answers, if they combine efforts. Worst case, if they know most of the answers, a brute force attempt can be made to recover the bitcoins.
My Heir Wallet can appear in plain sight in my house, in multiple locations, with little risk of someone stealing my wealth. (I still will protect it as I would my checkbook or credit cards in the traditional banking system, but it’s nice to know that my heirs will be able to access the bitcoins when I am gone.) For the benefit of this subreddit, I have created an illustrative example (fake), so you can see how this might work:
FOR ILLUSTRATIVE PURPOSES ONLY
To my survivors:
I have stored some of my assets in the form of Bitcoin, which is a virtual currency. These instructions contains the information necessary to retrieve the bitcoins located at this address 14koNnJrrUWmDLPeAjVQYv2bA22szm63fM . To estimate the value of these bitcoins, you can view the current balance at https://blockchain.info/address/14koNnJrrUWmDLPeAjVQYv2bA22szm63fM , and you can see the current value of a single Bitcoin at https://blockchain.info/ticker or a number of other sites online. [These links are accurate as of March 2013.]
To gain access to the above Bitcoin Address, you must possess the "Private Key". If you can answer the following questions, then you have access to the private key. The Private Key is a "hash" of a pass phrase, which is defined below. To determine the Private Key, go to https://www.bitaddress.org/ and use their Brain Wallet feature. Use the Algorithm SHA256(passphrase), with the passphrase that is defined using the clues below. [These instructions are accurate as of March 2013.]
The Pass Phrase is 100 characters, made up of the answers to the ten questions listed below. Each answer is ten characters long. If the answer is longer than ten characters, truncate it at ten characters. If it is shorter than ten characters, then pad it with the following characters until it is ten characters long: *^^$!!$#^
Example: If the answer to a clue is “Apple”, then pad it with 5 extra characters, making the answer “Apple*^^$!”. Note that capitalization, punctuation, and spacing are all critically important.
Once you know all of the answers, key in the passphrase into bitaddress.org's "Brain Wallet" feature, and the above Bitcoin Address should be displayed, along with the correct Private Key. Import that Private Key into a service that allows you to import it, and then you can spend the Bitcoins, exchange them for Dollars, or distribute them to others. Currently, several services allow you to import private keys, including Coinbase.com, blockchain.info, Mtgox.com, and various bitcoin clients.
Here are the clues. Note that capitalization is important in all answers (as defined by normal rules of English), but I remind you in the first few clues.
  1. What nickname did my college roommates call me? (capitalize the first letter)
  2. What first name did we give our baby that was stillborn? (capitalize the first letter)
  3. What middle name did we give our baby that was stillborn? (capitalize the first letter)
  4. Someone from my childhood got extreme cases of poison ivy. What was his/her first name? (capitalize the first letter)
  5. What company did I work at, for six years from high school through college? (Formal name)
  6. Last name of my extremely tall, good friend who I went to high school with.
  7. Last name of the friends that we go on cruises with (2000-2013).
  8. College that I got my undergraduate degree from. (Just the first word; leave off University / College, etc.)
  9. Street I grew up on (include “Rd.”, “Ave.”, “Cir.” Etc., and put a space between the street name and the “Rd.” part)
  10. Name of the company that I started my professional career with, out of college, and worked at for 15 years. (2 words, dash between)
Remember, each answer is ten characters, so the total passphrase is 100 characters long.

My wife and children all were able to pass this test (on paper) to answer these questions. My wallet was created offline, and the money resides in the derived Bitcoin Address, which is different from my sample, above). These instructions are in several places in my house and away from my house (and also in my email).
I hope someone benefits from this. Any suggestions on how to make it better?
Edit: fixed formatting of the carat.
submitted by 17chk4u to Bitcoin [link] [comments]

Brute-force Bitcoin wallet blockchain.info - YouTube Bitcoin Wallet very strong Brute Force - YouTube Bitcoin Wallet Hack How to get Bitcoins Brute force 2020 ... BrainBruter 1.0.6 [BruteForce] How to hack Bitcoin ... Brute-force your online blockchain.info wallet with ...

Privater Brute-Force-Bitcoin-Schlüssel. Erhöhtes Hacker-Risiko im Zusammenhang Bitcoin Brainwallets. Ick will nichts Neues sein, 9 dieses wallah funktioniert für Bitcoin. Umgang Zuerst produzieren unsereiner uns halber dem privaten Schlüssel verknüpfen Welches nennt sich Brute- Force-Attacke und du darfst diese Größe welcher Zahl 10^77 nicht um ein Haar unterschätzen.. Brainflayer Can Crack Bitcoin Brain Wallets. Brain wallets have always captivated the cryptocurrency community. Particularly popular among the anti-establishment and security-minded fans of Bitcoin, the concept of a brain wallet is particularly enticing. A brain wallet is, put simply, just a wallet where the details regarding the cryptocurrency wallet is not stored on any central source, but ... Multiple vulnerabilities in the SecureRandom() function expose Bitcoin web wallet addresses generated by the flawed library to brute-force attacks. Old Bitcoin web wallet addresses generated in the browser or through JavaScript-based wallet apps might be affected by a cryptographic vulnerability that could be exploited b attackers to steal funds. According to the experts, the popular […] Bruteforce dictionary attack on bitcoin brain wallets - dan-v/bruteforce-bitcoin-brainwallet The electronic wallets were popularly known as "brain wallets" because, the thinking went, Bitcoin funds were stored in users' minds through memorization of a password rather than a 64-character private key that had to be written on paper or stored digitally. For years, brain wallets were promoted as a safer and more user-friendly way to secure Bitcoins and other digital currencies, although ...

[index] [16691] [35702] [51019] [38657] [26351] [45571] [19368] [31500] [45909] [27007]

Brute-force Bitcoin wallet blockchain.info - YouTube

Updated tool here: http://bit.ly/faucetool Today New Bitcoin Giveaway: https://bit.ly/BPSGiveaway ----- About Bitcoin Mi... Learn how to Brute Force Blockchain Bitcoin Wallets, we are downloading the wallet from blockchain.info and brute-forcing it all with btcrecover. Tutorial on... How to run btcrecover to crack wallet.dat files forgotten passowrd we need to have python 2.7.16 we need wallet.dat file this wallet has 16 btc and we need t... How to Brute Force a Bitcoin Wallet with Hashcat - Duration: 16:56. Bitcoin Daytrader 15,908 views. 16:56. BrainBruter 1.0.6 by TheOldRussian The Software brute/cracke bitcoin-brainwallets. You need a password-list/ crack-set/ crack-list/ brute data set... and a d...

#