This thread is not only for my security. It’s for the security of everyone on this forum. Read on please…
As some of you know from this thread, I’ve been trying to figure out how to secure all my Peercoins on paper wallets. As I said toward the end of that thread, I’m currently at the point where I think I can do this. I just need to make sure that the private keys I’m generating for my paper wallets are randomized enough, so nobody can ever figure them out and gain access to my money. I felt this concerned everyone here, so I made a new thread about it just in case anyone here is seriously lacking on the security of their private keys.
During my research, I encountered a lot of warnings not to rely on random address/key generators like Bitaddress.org. The warning was that hackers could replicate the algorithm of the generator you used and possibly figure out your private keys, putting your money at risk.
The other warning was about brain wallets. Brain wallets allow you to enter some kind of long pass phrase which is then converted into a private key. So in order to access your private key and spend your coins, all you need to do is remember your pass phrase. As long as you remember your pass phrase, you never need to write down your private key. It will be in your head. This has created a problem though where people create pass phrases that are way too simple or even lines out of books or movies, allowing hackers to easily guess their pass phrases and immediately gain access to their wallet and steal all their coins. Check out this Reddit thread to hear all the horror stories about people having their Bitcoins stolen because they used a brain wallet…
Check out the horror stories: http://www.reddit.com/r/Bitcoin/comments/1ptuf3/
I thought maybe rather than typing in a pass phrase with real words or using an address/key generator, I could use the brain wallet pass phrase to type in a bunch of gibberish, which would then convert to a private key. But even hitting random keys doesn’t seem to be truly random enough, since there’s too much repetition.
Besides helping myself figure this out, I posted this thread because I bet there are people here right now that have made these mistakes and I want to save them from the possibility of having their key compromised and getting their coins stolen in the future. So anyone here that thinks they know the best way to create a secure randomized private key, please post your method here now so any newbies can learn.