All you really need is to always prepend your username to your password. If people all did that, then 99.9%+ of these brainwallet thefts would already not have happened. Slow KDFs are just icing on the cake.
Also you need to change passwords every so often, you're inviting disaster of the "holy holy holy fucking shit" variety if you start doing this and change every six months.
Happened to me relatively recently, actually. Had an encrypted machine that hadn't been rebooted in months. No backups (it's not production related, just a personal box, but still). Power outage hits. MFW when I can't remember the login after trying for an hour:
Happened to me too. I got this freebsd server, I use ssh keys to login. But I hadn't login for a while, so I couldn't remember the user's password (which gave access to 'root' via sudo). After 37 tries, I hit nailed it! I was that close from re-installing the system. It had automated backups so, no big deal... Just two-three hours (maybe more) would be lost.
If that was a Linux box, I would have booted into single user mode and changed the password. Or temporarily mounted the hard drive in a different machine and modified /etc/shadow directly. I assume you can do something similar in FreeBSD? Quicker then a re-install.
Except you can lock your bitcoins in 5-of-9 multisignature transaction among 9 of your friends in San Francisco, London, Paris and Moscow with an agreement to not sign the transaction unless you are safe and can talk directly to them.
It's easy to get friends this way with irc and the internet you know. Besides, even if they are only spread around the country or a couple of countries it already makes things way harder. Regardless, passwords, even regular banking passwords are not meant to protect you against people that are willing to abduct you and torture you so I've always found this xkcd kind of unfair. Most passwords are meant to protect you from regular hacking attacks or internet thieves, not your local crazy mafia gang.
Too bad the Bitcoin protocol is hard-wired to accept at most m-of-3 transactions. More than 3 signatures is considered non-standard and rejected by peers/miners.
Nice! It isn't quite the same since the spending party will know the private key forever, while m-of-n is a per-transaction signature. Still very useful.
Could you not simply store your privet key in a truecrypt container then split the truecrypt container into however may par files as you want and distribute the pieces to as may friends via micro SD for safe keeping? Then not only would your friends not be able to conspire and betray you (as this is Jason Bourne scenario) you would then need most of the peices and the passcode to access the contents
Bitcoin is not hard-wired to limit N to 3. Default client discourages "non-standard" transactions by not relaying or mining them, but if you mine them yourself or have someone to mine them, they will be valid and accepted. For all practical purposes, non-standard transactions are just taking longer to be included in the chain and typically required to have a non-zero fee (while the regular payments can be often mined for free).
1. In very different locations. Running around the world is going to be quite expensive.
2. Using different security measures. If they find one friend for his mistakes in maintaining privacy or security, same trick isn't going to work with some others.
3. Friends will also lock their stash in X-of-Y transactions with some other people, so finding them won't immediately increase potential gain.
I'd say the cost of running after individuals grows quadratically while the potential revenue only linearly.
4. Not all your funds will be locked with the same 9 people. 10% will be, while other 10% will be locked with some other group. To get 100% of the stash you'd effectively have to kidnap and torture maybe 20 different persons in different countries all over the world.
5. People learn. Once 2 or 3 folks are captured this way, all the rest will reshuffle their funds elsewhere and use better security measures. So you'd have to catch all at once, otherwise money will always leak right through your fingers.
Bitcoin is really, really a leapfrog technology with security incomparable with anything you had before. Previously known 2/3-factor schemes (including Shamir's Secret Sharing Scheme - SSSS) always required a single non-compromised machine to bring all secrets together. Bitcoin n-of-m transaction can be securely signed by N potentially compromised machines provided they are not all owned by the same operator.
I read the book. The first two thirds is all about him trying to withdraw money from a bank using 80s technology and processes; really painful to read and nothing that would come close to working today.
The private key storage part is bad. What if you have a house fire and your laptop and all your clues burn?
Just save your private key into something like KeePass with a long ass password and a couple of million of hashing rounds. Email the KeePass database to yourself, your family, put it on your server, all your computers, your cell phone, etc.
You still need to remember a good password, but now you have to worry about keeping track of the file. If you lose either, you lose your coin. Plus 7Zip uses a PBKDF2-like key stretcher, but you're probably better off with scrypt, and you're certainly better off with a composition of PBKDF2 and scrypt.
Am I missing something, or is it easier to just come up with a password that's not in a wordlist/rainbowtable than to trust (audit) this 13K lines of code HTML file?
Also, I find this laughable:
> Leave little cryptic notes around your house and office to remind you of what your passphrase is in case you ever forget.
It's likely the password you come up with will be better than the the unbroken 10 BTC WarpWallet challenge, so you have that assurance. Also, we implemented the protocol twice, using two different software stacks, and checked we came up with the same answer. You can probably convince yourself that WarpWallet works as advertised with about 10 lines of Python. We did something like that when building it.
Because we encourage running this thing on an airgapped machine, you mainly need to convince yourself that we're generating keys as advertised (and not from a small known pool). The airgap would prevent this page from sending data back to a server, even if there was logic to do so (which there isn't).
I like the idea of bitcoin, but way too many people (like this article) are just being stupid about it. It's baffling and depressing. Your retirement, really?
At worst bitcoin is a speculative balloon. At best it is a novel, useful way to conduct online transactions. In no conceivable future is it a good place for a long-term investment of the majority of your assets!
>>"The Bitcoin Investment Trust was previously approved by Fidelity as an eligible investment for accredited clients in their self-directed IRA accounts and investments began closing last week. We understand that Fidelity has decided to reevaluate this decision."
If you are under 25 and so easily have enough time to start from scratch if you lost all your money, Bitcoin is perfectly fine for the majority of your assets. If you're 50, then you should think of Bitcoin as a startup investment, as a small purchase so you have enough on hand to use for what you want, or as financial collapse insurance - all of which might only require a few percent of your money. It's all about context.
Honestly, it's about time you guys talking your book start disclosing your total Bitcoin position. Some of the top voices have 100,000+ BTC to their name: cough evoorhees trace mayer. Dunno about vbuterin, but this is just something to think about.
I know bitcoin is a major innovation, but having a bunch of them is an insanely powerful motivator and it becomes virtually impossible not to mix fact with fiction when your entire net worth is riding on it.
54 comments
[ 2.9 ms ] story [ 102 ms ] threadhttps://31.media.tumblr.com/a5edfd83a17768f9f9dd4366e34ecad6...
http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing
1. In very different locations. Running around the world is going to be quite expensive.
2. Using different security measures. If they find one friend for his mistakes in maintaining privacy or security, same trick isn't going to work with some others.
3. Friends will also lock their stash in X-of-Y transactions with some other people, so finding them won't immediately increase potential gain.
I'd say the cost of running after individuals grows quadratically while the potential revenue only linearly.
4. Not all your funds will be locked with the same 9 people. 10% will be, while other 10% will be locked with some other group. To get 100% of the stash you'd effectively have to kidnap and torture maybe 20 different persons in different countries all over the world.
5. People learn. Once 2 or 3 folks are captured this way, all the rest will reshuffle their funds elsewhere and use better security measures. So you'd have to catch all at once, otherwise money will always leak right through your fingers.
Bitcoin is really, really a leapfrog technology with security incomparable with anything you had before. Previously known 2/3-factor schemes (including Shamir's Secret Sharing Scheme - SSSS) always required a single non-compromised machine to bring all secrets together. Bitcoin n-of-m transaction can be securely signed by N potentially compromised machines provided they are not all owned by the same operator.
See also global economical implications of the Bitcoin security: http://blog.oleganza.com/post/67872772342/bitcoin-and-gold
Just sayin.
Just save your private key into something like KeePass with a long ass password and a couple of million of hashing rounds. Email the KeePass database to yourself, your family, put it on your server, all your computers, your cell phone, etc.
Also, I find this laughable:
> Leave little cryptic notes around your house and office to remind you of what your passphrase is in case you ever forget.
Because we encourage running this thing on an airgapped machine, you mainly need to convince yourself that we're generating keys as advertised (and not from a small known pool). The airgap would prevent this page from sending data back to a server, even if there was logic to do so (which there isn't).
If only life were that simple.
https://github.com/jcalvinowens/miscellaneous/tree/master/fu...
Good enough for the Iranians, good enough for you.
At worst bitcoin is a speculative balloon. At best it is a novel, useful way to conduct online transactions. In no conceivable future is it a good place for a long-term investment of the majority of your assets!
http://www.businessinsider.com/fidelity-retirement-bitcoin-o...
>>"The Bitcoin Investment Trust was previously approved by Fidelity as an eligible investment for accredited clients in their self-directed IRA accounts and investments began closing last week. We understand that Fidelity has decided to reevaluate this decision."
I know bitcoin is a major innovation, but having a bunch of them is an insanely powerful motivator and it becomes virtually impossible not to mix fact with fiction when your entire net worth is riding on it.
If I've understood correctly it is just to reinstall WarpWallet on another machine using the same passphrase.
But what if we also can no longer access WarpWallet? What then?