What is the Best Method for Generating Secure & Randomized Private Keys?

This thread is not only for my security. It’s for the security of everyone on this forum. Read on please…

As some of you know from this thread, I’ve been trying to figure out how to secure all my Peercoins on paper wallets. As I said toward the end of that thread, I’m currently at the point where I think I can do this. I just need to make sure that the private keys I’m generating for my paper wallets are randomized enough, so nobody can ever figure them out and gain access to my money. I felt this concerned everyone here, so I made a new thread about it just in case anyone here is seriously lacking on the security of their private keys.

During my research, I encountered a lot of warnings not to rely on random address/key generators like Bitaddress.org. The warning was that hackers could replicate the algorithm of the generator you used and possibly figure out your private keys, putting your money at risk.

The other warning was about brain wallets. Brain wallets allow you to enter some kind of long pass phrase which is then converted into a private key. So in order to access your private key and spend your coins, all you need to do is remember your pass phrase. As long as you remember your pass phrase, you never need to write down your private key. It will be in your head. This has created a problem though where people create pass phrases that are way too simple or even lines out of books or movies, allowing hackers to easily guess their pass phrases and immediately gain access to their wallet and steal all their coins. Check out this Reddit thread to hear all the horror stories about people having their Bitcoins stolen because they used a brain wallet…

Check out the horror stories: http://www.reddit.com/r/Bitcoin/comments/1ptuf3/

I thought maybe rather than typing in a pass phrase with real words or using an address/key generator, I could use the brain wallet pass phrase to type in a bunch of gibberish, which would then convert to a private key. But even hitting random keys doesn’t seem to be truly random enough, since there’s too much repetition.

Besides helping myself figure this out, I posted this thread because I bet there are people here right now that have made these mistakes and I want to save them from the possibility of having their key compromised and getting their coins stolen in the future. So anyone here that thinks they know the best way to create a secure randomized private key, please post your method here now so any newbies can learn.

If it’s a truism that Bitcoin/Peercoins are secure from manipulation via miners, it’s absolutely possible to ensure a safe wallet.

The question is, how do we ensure it?

Thanks for the question, Sentinelrv, it’s a good time to bring it up for the community.

The thing that seems to separate a website login from a Bitcoin/Peercoin address is that with a website you need to guess a user name in addition to a password in order to gain access. You also usually only get a limited number of tries before the system shuts you out. With a Bitcoin/Peercoin address though, all you need to do is guess the private key. You also get to try as many times as you want until you get it right. I really wish some kind of 2-factor authentication was possible for peace of mind.

@Sunny, can you think of a way to build multi-auth into the protocol? Perhaps to use the blockchain’s variation to the advantage of Peercoin holders?

That’s the rub though, isn’t it? A secure, anonymous currency that also has a way of recognizing who is the rightful owner.

Brain wallets is a concept I don’t agree with too much myself. I read up on them. It is easy to mix up numbers, words, or letters in your head over time. I’d rather trust a paper wallet, or a non-connected usb or thumb drive anyday.

With regard to regular private keys, a lot of people don’t know what they look like until they export them the first time.

Your PPC address might look like this:

PDFJIODFjklsdlkjsdfjklsdjkldsflsddsjlk

But your Private Key, which can sign transactions from that wallet address looks like this:

adsfjklsadu20u234jklfdassjkl12304jkdfsldfsaj092134jklakljfsad09231j2iopfjskdlasdf102jf

That’s what your private key looks like already. It’s even longer than your Peercoin public wallet address, and more complex.

Finally you have your passphrase. This “encrypts” your wallet even more, by rehashing your private key.

Now let’s say you create a paper wallet, and destroy your original digital wallet.

For someone to guess your private key, it isn’t your passphrase they are looking for, it is this:

adsfjklsadu20u234jklfdassjkl12304jkdfsldfsaj092134jklakljfsad09231j2iopfjskdlasdf102jf

Which is extremely complex, unique, and diffcult.

In fact, your passphrase you use to encrypt your wallet, isn’t even used after you’ve unlocked your wallet to dumpprivkey

So to create a paper wallet, choosing a “password or passphrase” isn’t important anymore. You’re not encrypting the paper. You’re actually printing out in plain text your Peercoin wallet address and private key.

A lot people get confused between private keys and passphrases / passwords.

The system picks the long and complex hidden private key for you. You are just protecting the digital file with the password or passphrase.

But a paper wallet with a public wallet address and associated private key is fairly safe if you delete the computerized version of a wallet, or keep it offline, in an non-network connected place (like a thumbdrive or usb stick in your safe at home)

The crux being, with Peercoin, that Brain / paper wallets do not provide the benefit of Proof-of-Stake. PPC network security depends, to a significant degree, on coins held; not necessarily in circulation, but at least occasionally connected to the network to process blocks.

Cold storage cannot be the ultimate answer, it is untenable if the currency is to gain traction.

That’s true. Thanks for that part Ben. :slight_smile:

I’m still looking into this, but I think once multi signature support comes in 0.4 you will have a way to store your coins securely effectively offline and still generate pos blocks. As I said still investigating only came across multi sig last weekend

ppcman, I was pretty confused about this stuff and haven’t had that much time this week, so it took me a while to figure things out before I responded back to you. Now let me see if I have everything here straight. You let me know if I’m still misunderstanding something…

When your private key has been imported into the Peercoin client and it becomes a digital wallet, you can choose to encrypt it by choosing a pass phrase. This pass phrase protects your digital wallet in case it’s ever stolen from your computer by a person or malware/viruses, etc…

You can turn this same digital wallet into a paper wallet by dumping the private key. You then write down your address and key and hide it somewhere safe. Rather than reusing the same private key though, the best way to do this would be to create a new paper wallet off-line, preferably on a boot CD of Ubuntu and then transfer your coins to the new address.

If this is all correct so far, let me explain my problem in more detail. What I need to do right now is create a bunch of brand new private keys and addresses so I can make paper wallets out of them. I encountered 3 problems though, which I detailed in the original post.

1. It’s been said not to trust random private key generators because they’re not random enough and can be figured out by hackers, putting your newly created keys at risk. After hearing about this, I went searching for another way to create secure private keys. I then found out about http://brainwallet.org/. Using that website, rather than using the random key generator, I can enter in my own pass phrase, which will convert what I wrote into a new private key that I could then use. User input makes the resulting private key more unique than anything the random key generator could come up with by itself.

[quote=“ppcman, post:5, topic:1015”]Finally you have your passphrase. This “encrypts” your wallet even more, by rehashing your private key.

Now let’s say you create a paper wallet, and destroy your original digital wallet.

For someone to guess your private key, it isn’t your passphrase they are looking for, it is this:

adsfjklsadu20u234jklfdassjkl12304jkdfsldfsaj092134jklakljfsad09231j2iopfjskdlasdf102jf

Which is extremely complex, unique, and difficult.

In fact, your passphrase you use to encrypt your wallet, isn’t even used after you’ve unlocked your wallet to dumpprivkey

So to create a paper wallet, choosing a “password or passphrase” isn’t important anymore. You’re not encrypting the paper. You’re actually printing out in plain text your Peercoin wallet address and private key.[/quote]

2. This is where I ran into the second problem. In the above quote I believe you’re talking about the pass phrase that encrypts the digital wallet. What I’m talking about is the pass phrase for a brain wallet. It seems that when people make brain wallets, they use easy to figure out pass phrases. They use lines from books or movies, or anything simple. Hackers then try out different pass phrases until they find one that leads to a private key that has money in it, which they then steal.

3. So I don’t want to use a random key generator and I don’t want to use a simple pass phrase on brainwallet.org to create my own unique key. This gave me the idea of entering in a bunch of gibberish as the pass phrase, for example: fgjDLKJH*gu48;p(guiMmp;r,/;)$%I^)WP$^?)_-[.-HKED)HPvre,/ptrkp Using brainwallet.org, all that gibberish would then be converted into a unique private key which I could then use. It would be much harder for hackers to figure out that pass phrase than something like “The dog jumped over the moon”. But then I found out that even typing a bunch of keys is not TRULY random. It might take hackers longer to figure out, but it’s possible they could.

So my problem is, how do I create a TRULY randomized pass phrase to be used on brainwallet.org, so that it will create a TRULY randomized private key that nobody can ever figure out? MeBeingAwesome has told me he used something called Diceware, but I haven’t looked into it yet. Is that acceptable or is there something better out there?

Try this as an exercise.

Go to www.blockchain.info and create a free bitcoin wallet on that website.

Watch what they give you to verify your identity in the event you lose your password. It’s kind of neat. Basically they give you a bunch of words at random which is used to generate your private key. Instead of just using a number, they give multiple words.

As far as this statement goes:

It's been said not to trust random private key generators because they're not random enough

This is because if the computer that remains online, is generating a sequence of numbers since it was turned on, with really intricate reverse engineering a pattern of numbers can be found to be created based on the random number generator’s “seed” (which can be the number of seconds since the computer was turned on)

But if you take a computer, let it create a wallet for you, and shut it off, and disconnect it from the network so no one gets access to it, you are relatively safe. Someone would have to manually get your private key by hashing it. If it was that easy, the Silk Road coins seized by the government would have been stolen already, and they haven’t been.

I don’t know how many Peercoins you are trying to protect. If it is in excess of 10,000 I recommend you split them into multiple wallets, so no wallet contains all of the coins. This way there is no incentive for someone to run a massive amount of hardware trying to get your private key (which would not only take years, but a massive investment and dedication)

The ways that coins are getting stolen these days are usually through these methods so you get an idea:

a) Someone leaves their computer online, is vunerable, their wallet.dat file is copied, and it is not encrypted with a passphrase / password

b) Some exchange, gambling site, or other website holding wallet private keys with a lot of coins in them gets hacked, and they get access to bitcoind on that machine and execute a command: bitcoind sendtoaddress 1sdjksdfklsadfjlaslasdfsdjlsdj [numcoins]

c) Some exchange, gambling site, or other website has user accounts, where there their own proprietary code has a security hole which lets a person exploit it to use their interface to withdraw coins to some other wallet address of their choosing.

Right now, these are the types of ways coins are getting stolen for the most part. Stealing coins because “someone’s random number generator isn’t truly random, on an offline computer” is not it. You’re really worried about a nonsensical issue at this point.

If you were running a gambling game of some sort, on an online computer, yes, you would need to be worried about random number generators and their seed, because eventually someone might be able see a pattern. “Hmm… every 15 minutes, 17 seconds, and 3 milliseconds, I usually win. Ok, I’ll sync my computer with their random number generator, and I’ll make a bot that automatically places a big bet every 15 minutes, 17 seconds, and 3 milliseconds”.

Hey, Sent, in case you haven’t seen it, you may want to check out this Reddit thread about “change” addresses and their interactions moving coins to a paper wallets.