Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 1 from 1 user
Re: Matching public key with directory.io - why so difficult?
by
aleksej996
on 17/09/2017, 01:04:29 UTC
⭐ Merited by ETFbitcoin (1)
Quote from: Agnosticus on September 16, 2017, 11:47:50 PM
OK, this makes a bit more sense now. My "algorithm" for determining the key to use would make it more vulnerable to attack than a randomly generated key. But I still have an issue with this and it would be a really interesting study.

What's the greater risk?:

1) Using my method where it's a simple algorithm for me to remember the page number and location via a HUGE (and I mean HUGE) string of numbers - i.e. not your typical internet password. This wallet would exist in my head. Despite this, it's more vulnerable to attack because it doesn't have the entropy of a purely randomly generated number.

2) Using a randomly generated key which is less prone to attack, but is more easily forgotten or the details of which more easily lost. (This key would have to be stored somewhere physical, opening it up to being attacked in a way the first option wouldn't.)

I wonder what the figures are in terms of dollar value lost due to i) hacking ii) simply losing your private key.

I've already spoken to one guy who lost over 1000 bitcoin on a hard drive somewhere, and I bet most of you have heard similar stories. I would almost hazard that simple user clumsiness (i.e. option ii) is a greater threat to your wealth than being hacked.


Questions about security vs. accessibility have been plaguing the computer security industry for decades. In the end it is simply up to you to determine such risks for yourself, there is no formula that will answer it for you.

Although humans are notoriously bad at randomness, human minds are really good at seeing patterns, even when they are not there (like shapes in the clouds). You can use that to your advantage to generate a random password using a machine and then remember it by imagining patterns in the keys, pretending that the characters actually have some meaning. This will help you remember it.

Another way you could exploit a human mind is by obtaining muscle memory of your keys. All you need to do is type them regularly, even if it is on a detached keyboard, so it will stay in your "muscles". All my passwords exist only in my subconscious, they were randomly generated and they are long as hell, I have no idea what they are. This resulted in some loses of accounts and inability to type them on a phone keyboard, but as long as you have a physical copy as well, you should be fine. It is unlikely you would lose both at the same time.