How I Generate My Own SECURE Private Keys for Bitcoin

in #bitcoin7 years ago (edited)

"As long as there is a means of converting bitcoins into real money, criminal actors will have an incentive to steal them."
- The FBI - (emphasis added)

Let's give the FBI a big "shout out."

We're so glad the FBI knows what "real money" is, right? If they didn't, how could they fight counterfeiting? (Ding, ding, ding, ding, sarcasm alarm...)

This is a revised and improved version of the very first article I published here on Steemit. It needed to have several links fixed, and needed some improvements.

I would have simply edited the article, but the Steemit user interface doesn't (yet) allow content creators to edit their old files.

Table of Contents

To be truly secure, hold your own private Bitcoin keys.
Image courtesy of Alexandra / München and http://pixabay.com

If you "own" some bitcoins,

have you considered the counterparty risk?

"Counterparty risk" is the very real risk that you take by allowing someone else to hold the private keys to "your" bitcoins. If you have stored your bitcoins with an exchange or any other third party, you are trusting that party to return them to you upon your demand. You are also trusting them not to lose them to theft or other malfeasance.

Table of Contents

Image By Bitboy (Bitcoin forums) CC0, via Wikimedia Commons.

Hearing about Bitcoin exchange failures,

(such as Mt. Gox and Bitfinex)is enough to spook a lot of people who otherwise might want to be involved in cryptocurrency.

Personally, after "loosing it all" some time ago in the Mt. Gox debacle, I vowed never again to let that happen to me. If you have been around cryptocurrencies for a while, you know that the only way to truly guard and protect your coins is to create and hold your own private keys and to keep the bulk of your holdings in "Cold Storage".

One of the problems I ran into while trying to set myself up as my own “Private Bitcoin Banker” was paranoia over generating a truly secure private key. For example, I wondered about the methods that involve jiggling your mouse on a webpage... hmmm...

Then I read about how to generate a key in the privacy of your own home with a single, ordinary, six-sided die. You can read that description yourself on http://bitaddress.org on the “Wallet Details” page.

Table of Contents

Ordinary Six-Sided Dice
Image By Diacritica CC BY-SA 3.0, via Wikimedia Commons.

When I tried that method, however, the http://bitaddress.org web page would not function on my offline Raspberry Pi computer. This left me with no good way to convert the resulting base six key into a format that my Armory wallet would accept.

After wasting considerable time looking for a base six to base sixteen conversion utility that would run on my "Cold Storage Raspberry Pi," I decided that instead I would use dice in a slightly different way to generate a base sixteen (a.k.a. hexadecimal) private key directly. Here's how I do it:

I use four dice instead of one. Each time I roll the dice, I record the result as a four-bit binary number. Rolling the dice twice produces a complete byte.

After 64 rolls of the dice (whew!), I have a full 32-byte, 256-bit value. I then convert that value, hexadecimal nibble by nibble, into a 32 byte hexadecimal private key.

For my convenience (and now yours as well!) I created a worksheet for recording and converting the dice rolls.

For the truly paranoid, if you are uncertain about just how random your dice may be, you may want to read the Diceware page and this article about making dice rolls more random.

Print The Worksheet Below and "Roll Your Own" Bitcoin Private Keys!

Roll Your Own Private Bitcoin Keys.
Original worksheet by @creatr
Bitcoin Key Worksheet

I hope this procedure is pretty clear, but I'll be happy to answer any questions you may have in the "comments" section below.

Click on the worksheet image for a full-sized version.

Print as many copies of the worksheet as you need for your own key-generating pleasure.

Why not find a handful of dice and give it a try?

You've got nothing to lose but your paranoia.


Table of Contents

Hold your own keys...
Image courtesy of Daryn Bartlett and http://unsplash.com


Visit my Library Technology Shelf for more crypto articles.


Table of Contents


~FIN~

LOOK! Check out our amazing product:
>>CLICK HERE!<<


Thanks for your time and attention.
You are why I'm here on Steemit!
I have very eclectic interests and hope, over time, to write about them all.


⬇️To Check Out @creatr's World⬇️CLICK Each Image Below⬇️

@creatr @creatr @creatr
Sort:  

Hahah this was an enjoyable post. Upvoted and resteemed.

Thank you for the Re-Steem, friend! :D

That looks like a fun way to do this, but isn't it a bit too much work? :) I still like the idea :)

When it comes to your life saving, a few minutes of effort aren't "too much work." ;)

Why would doing it manually be the only secure way though? If you don't trust a webpage as it might record the key, you could still use it as a source of randomness and still end up with the same level of security. You can use a webpage to generate parts of your private key in the correct format and then use a dice to shuffle them around. It will save you a lot of time and I don't think it's any less secure as the page owner would have no clue how you are using the keys they have generated for you and it will save you all the manual work and conversion.

Computers are a very poor source of randomness. You need a good source of entropy, and machines are not that.

I'm not saying dice are the only secure way. What I am saying is that, when I use my own dice and roll them myself in privacy, then I know that the private key I have created is unquestionably private.

Think of it as a relatively inexpensive way of constructing a bank vault...

"...the page owner would have no clue how you are using the keys they have generated for you..."

Seriously? If someone has created a honey trap web page explicitly for generating keys, you don't think they have the skills to scan crypto blockchains for hits?

Why would you trust a complete stranger like that, Dave? Doesn't sound at all like you... ;)

Computers are good enough source of randomness for that purpose if used right.

I'm not saying use an online generated key as is ;)

You can generate 10 supposed keys off a webpage (or webpages to mix it up more). And then throw dice to determine what segments you get from each key. You get the building blocks in the right format so you don't have to convert and then you randomize with the dice. Sounds secure enough to me and yes, the page owner can't really know what you're doing in that case which is what I was referring to.

But I also see no harm in being a bit overly paranoid about something like this, as you said, if it's your savings, you're always better safe than sorry. I just see your method as a tiny bit of overkill.

Still, it's really nice for you to share your worksheets with the community and I'm sure people are going to make use of those.

Merci pour votre article qui est très bien fait de votre part. Cela me fait plaisir de voir des personnes comme vous écris de bons articles.
Merci Cordialement

@creatr This is such a vital topic that is often overlooked. I too would like to see more posts of this nature. Meanwhile, I will try to see if Trezor allows importing of private keys.

As of now, I don't have any cryptocurrency except for the ones steemit provides so a lot of this is confusing to me. But I will have to bookmark this for future references (whenever that is lol). Thanks for this :)

You're welcome. I suggest you learn to convert Steem to bitcoin... ;)

Still reading up whenever I get the chance. I don't have much room to make mistakes lol

Hi @creatr, Thanks for the info, it's a lot to take in though. Is this for creating your own keys for a hardware wallet, or a paper wallet? In your opinion, is running the off-line version of WalletGenerator.net on your local computer to make paper wallets not safe?

Hi, friend,

I have to confess that (until you pointed it out) I am not familiar with walletgenerator.net - and that I am uber-paranoid about having an effective "cold storage" for bitcoin after being hugely damaged by MtGox.

This method is for creating the private, secret key which should never go on-line and never be seen or known by anyone else.

I believe that most wallet programs (for example, Armory is one that I have used) provide a means to import a private key generated from an arbitrary source (like my dice method). I'm not sure which, if any, hardware wallets (e.g. Trevor) have a provision for doing the same.

I think the entire domain of "making cryptocurrency friendly while maintaining security" is a very large and fertile field for further development.

Thanks for your question. I hope my answer is somewhat helpful? ;)

Ok, got it. Yeah I agree, I have a few paper wallets where I hold the private and public keys for some alt coins, but I am looking into hardware like Ledger Nano and Trezor for future. A way to 50/50 what I acquire in time to be safe. I definitely don't trust keeping stuff in online accounts. Even in time I will have to balance out what I keep as Steem Power and exchange out some to other coins to store offline.

it's interesting - we're security conscious in different ways - you with your bitcoin privacy keys and me with my security cams. When you began rolling dice, I'm sure some began rolling their eyes, but who are they to judge? We all deal with our won private logic and then try to convince others of its reasonableness ex. "I would have simply edited the article, but the Steemit user interface doesn't (yet) allow content creators to edit their old files." "nuff said, lol

So, now I have a mental image of my friend John, seated in a dark room surrounded by images on monitors, fed by dozens of cameras strategically located at every corner of the estate... ;) :D

pretty close, but they're on my i-phone too as well as my video intercom and cameras within the house LOL!!

Had to resteem this so I can keep track it to go over a few times. It's a little deep for my uneducated mind. Steem On

Hello, friend.

I perhaps need to do some background articles...

In any case, if you ever have any questions about this, please ask! ;)

I love the community how-to spirit -- it's what I hope our world has more of in the future. Thanks Creatr!

You're welcome...

And, just a brief mention of a "fine point."

In using the nickname @creatr, the 'c' is intentionally lower-case so as to never be mistakenly confused with "The Creator."

In other words, I'm not in competition with "The Big Guy," I just admire his handiwork immensely, and hope to (in small ways) imitate his creative ability. ;)

Thanks Creatr. This is a bit advanced for me. I will refer to it ad read it again to further educate myself. I did see you spoke early on that Steemit does not allow you to edit old files yet. Does that mean I cannot copy and paste portions of old posts into a new created post???? Again thanks for sharing. - Troy

Hi, Troy...

You can certainly copy and paste, although (if you just do that in the conventional way) you may not get all the formatting.

However, @ausbitbank has created a very neat tool that will give you the original source code of your posts, even if they are older than a week. Here's a link to the tool: https://steemviz.com/viewsource

You need to copy and paste your post address (minus everything up to the @ at the beginning of @enjoywithtroy) into the address field, and it will give you the original source code. Very cool, thanks @ausbitbank!

If you are ever going to own a large amount of bitcoins (i.e. any amount that you don't want to lose) you should very certainly consider "cold storage." I'll be happy to try and answer any questions you may have. ;)