I don't know how people expect Bitcoin to thrive when somebody like me is being admonished for learning how to take the proper steps to utilize the full potential of its encryption methods.
You aren't being amonished for learning. You are being admonished for making false assumptions, and refusing to put any effort into learning.
Most of this stuff would sound like nonsense to a mainstream crowd,
As would most of the techinical details behind TCP/IP and ethernet, and yet they all seem to manage to use websites without a problem.
let alone having to worry about changing encryption methods down the line when they've invested some of their time to learning how it actually works, if they even learned it at all. Hmmm, no wonder there are banks to take care of all of this for the commoners.
Agreed. The average user will use a piece of software that has been thoroughly reviewed and certified as trustworthy, or they will use a bank.
Describe these "offline transactions"? Explain exactly how ownership of the bitcoins (which reside as an output on the blockchain) will be transfered to another individual using your "offline wallet and something like Armory" without the public key being exposed?
Yeah, I really don't get it myself.
Clearly.
The idea I think is so you don't have to use your private key on the hot PC?
Right, but the public key will still be broadcast when you broadcast the transaction, which brings us back to the recommendation to not re-use the address.
Another idea: couldn't I just open up a separate offline wallet on my offline PC to send small funds to so that those bitcoins can be used freely?
Send small funds from where?
I realized after your response that all transactions have to be recorded online.
Sounds like maybe you're starting to catch on?
This also preserves the secure state of my offline savings wallet, correct?
That depends. Will you be spending/sending any of the bitcoins that are received at that offline savings wallet? Or will it be exclusively receiving bitcoins. As soon as you try to get any bitcoins out of that offline savings, you are back where we started.
I see what you mean. Which means I'll have to come up with multiple brain wallets to maintain a true offline account. Hopefully, I wouldn't have to do that so many times.
Yes, it definitely sounds like you're starting to catch on.
Which has worked very well for many, many years. What is it about paper money that you don't like?
A paper wallet is basically a bundle of cash, correct? So I would basically be keeping a bundle of cash in my domicile or another residence. Yeah, it's a lot smaller and easier to maintain, but you're still keeping a ton of money in your home. Does anyone do this with conventional money except for drug dealers?
And a brainwallet is basically a bundle of cash as well. So you would basically be keeping a bundle of cash on your person. Yeah, its not physical, but you're still keeping a ton of money on your person. Does anyone do this with conventional money except for drug dealers?
So, you'd rather that the hoodlums attack you directly to get at your bitcoins than to attack a safe? You prefer to be beaten to a bloody pulp and tortured beyond belief for the sake of some money? Personally, I'd rather they just took my money and moved on. My life, and health are far more valuable to me than any amount of money could ever be.
Well, I would give it up if I had to, that example was under the idea that the safe would be targeted without my presence.
So you prefer that the thief targets you directly rather than your safe?
or keeping it at a bank deposit, which I thought was the direction we were trying to steer away from with this new paradigm shift.
A paper wallet is absolutely nothing like that. Where did you get that idea?
I have seen people recommend saving paper wallets in bank vaults.
Sure, in which case the bank is exactly like a bank, but the paper wallet itself is not. Some people feel that a bank vault provides reasonable protection against theft. Those people keep their paper wallets in bank vaults. Others prefer not to. How to protect a paper wallet is a decision for each individual to make for themselves.
Or it could just get lost or destroyed by fire.
And your memory can't get lost or destroyed by fire? or illness? or fall or other injury? Just store two copies in two separate secure locations.
I could always encrypt my brainwallet with an audio message if worst came to worst. Of course, better methodologies can be thought up of compared to coming up with one on the spot in a forum post.
Sure. And you can encrypt your paper wallet with a password as well if you like. This seems to be getting away from the discussions of the intrinsically insecure nature of "brainwallets", and the importance of not reusing addresses.
As I'll explain later, I think my brainwallet passphrase is going to be amazing,
And I disagree.
People have advocated software seeds that contain 12 English words as being highly secure. C'mon, I can do better than that, is it that hard to believe?
That depends on whether you are generating those words randomly, or using your brain to come up with them.
As mentioned earlier, I could use offline transactions, or set up another wallet as a middle man.
Which most likely demonstrates that you have no idea what you are talking about and are just making stuff up in hopes that you can do what you want without someone telling you that it is a bad idea.
Yes, I concede that. But now I have learned a bit more, and can understand where my original plan fails, which is what I wanted to accomplish with this thread. This has all been a great thought experiment so that I can come up with a better plan centered around a brainwallet and/or other methods.
Glad I could help you understand better the issues surrounding your plans.
One technique I've seen is someone type a bunch of BS letters over 1000 characters long into a brainwallet to generate keys. That seems pretty secure.
No. It really doesn't. That is a bad idea. You want a good idea? Grab a handful of very well balanced dice (perhaps from your local casino?). Roll the dice a bunch of times (until you've rolled at least 62 dice) and then convert from base 6 to get a private key.
How is that a bad idea?
Human beings are VERY BAD at doing anything in a random way. The harder they try to be random, the less random they tend to be:
I'm not an expert on computers but doesn't the brain wallet provide a unique output when somebody inputs random typing like......
3903450EFZDFZOJF3405340F9ZDFF034T038TGERPJEPRFP034FZEFZEF03450324534508ZEFZOFJZ ELFJ345
In other words it would be unlikely anybody else would type that exact code in and get the same brain wallet results?
As Dan said, humans are a bad source of randomness.
For example your string above fails on several levels
- you are using only a very small selection of characters from the available keyspace
- there are several repetitions of sequences
From the line above alone I can conclude you most likely use a keyboard with french layout. Your left hand was hovering slighty above qsdf, your right hand was hovering over the lower part of the numpad, you moved the right hand over to the alphanumeric keys twice (once in the middle of the string and once near the end), you were subconsciously typing on the right hand with a rhythm of thumb-ring finger-index finger (producing the oft repeated 034 sequence), similarily you subconsciously used a rhythm of ring finger - middle finger - index finger with the left hand (producing the ZEF sequence)
Yeah, the dice sounds good, but typing something like this into a brain wallet is bad? :
onthunsoeahtueroah.crhu903409hu0244903gp02g2[93g[hu9[h239g23[9g29j0ud203gf2309g[192[3d0239[23.0,u02u3 (and so on, for as long as you want)
I'm not going to attempt the same analysis as greyhawk did on someone else's attempt at the same thing, but I will point out:
There are approximately 95 distinct characters you could have used. and yet after typing 101 characters, you have a very significant amount of repetition, and have only used 24 different characters.
You also repeat several sequences multiple times.
I've said it multiple times now. Human beings are not good at randomness. We simply aren't wired that way. We are wired for patterns.
But if you think the mainstream public could understand all the caveats and nuances of Bitcoin's cryptograhy, then you got another thing coming.
No more than I expect them to understand all the caveats and nuances of the internet's protocols (such as TCP/IP, HTTP, FTP, UDP, etc) in order to use websites. Can you imagine what the internet would be like right now if use of it required a detailed understanding of all of the underlying protocols?
My only question is, if I have the public key: then it's just like entering a password, right? If I get it wrong, no harm, no foul? I could keep going on until I get it.
I'm not sure what you're asking. But if I'm guessing correctly, you can guess at the private key as many times as you like. Each guess will result in a new bitcoin address. Eventually if you guess the correct private key, you'll end up generating the bitcoin address that you expect and you can then use that private key to sign the transaction and broadcast it along with the public key.