mircea_popescu: random is a scam.
Indeed, you should need no more convincing on the matter of randomness. MP said so, and he has a way of calling the shotsi.
Since random is a scam, Random Number Generators (RNGs) are most definitely not random and therefore quite undeserving of our trust.ii. This being so, we have two choices: (1) we can pout and wave our futile little fists at the sky, or (2) we can generate some good ol’ fashioned entropy.
Entropy, for those who’ve forgotten their klassroom fisiks, is the degree of disorder in a system. We should be most familiar with this concept from the Second Law of Thermodynamics, which states that the world acts spontaneously to minimize potentialsiii or, equivalently, maximize entropy. In information theory, entropy is measured in bits, where one bit of entropy is equivalent to the uncertainty of a single coin flip, two bits is two flips, and so on.
So why does entropy matter to Bitcoin? Because entropy is all about collisions and therefore the likelihood of brute-forcing an input based on the output. As such, entropy is the core of private key security.
For many users, a strong password and a USB back-up are the only tools implemented in wallet security. With a desktop clientiv, a web-based walletv, or bitaddress.org’s paper walletsvi, we’re trusting someone else’s interpretation of “adequate entropy”. As much as Bitcoiners loooove trusting, let’s not and say we did.
Generating secure and highly entropic private keys is of the utmost importance, and it’s easy enough to do on our own. Here are the steps:
1. Visit bitaddress.org
2. Save the page as an HTML file to a USB key.
3. Safely remove the USB and plug it into an offline computer running a clean OS.
4. Open the HTML file and click on “Brain Wallet”vii.
5. Since your own vocabulary is inadequateviii, derive an 10-word (minimum) passphrase using five (5) dice and this 7776-word English dicelist, this Romanian dicelist, or one of these other non-English language dicelists.
6. Click “View”, then print 2 copies.
7. Clear the browsing history, safely eject the USB drive, and restart the computer.
Voila! You now have a high-entropy private key on a paper wallet (aka cold storage)!
You should keep each copy of the paper wallet in a different location, and even cut each piece in half and store them separately so that the compromising of one location doesn’t compromise your savings. Laminating each piece will also protect from age-related fading and moisture damage.
That’s it! You’re now your own bank.
Welcome to Bitcoin.
___ ___ ___
- See Bitcoin as a currency, Mt. Gox, Bitcoin Foundation, and as the King of Siam would say: “etsetera, etsetera, etsetera”.↩
- RNGs, then, are as intentionally gibbled as the rest of our our digital security.↩
- This sounds suspiciously like the present state of affairs in the modern welfare state, where the masses distribute and diffuse the achievements of the productive few.↩
- Like Bitcoin-qt or MultiBit↩
- I personally find blockchain.info to be quite well designed↩
- Paper wallets created in offline environments on a clean OS aren’t “unhackable” if the private key doesn’t have enough entropy. bitaddress.org currently relies on cursor movement, which won’t cut the mustard no matter how much caffeine you’ve had today. The amount of entropy that a Javascript interface such as this generates is just too small to be considered safe. From the bitaddress.org GitHub post: “2014-01-18: status ACTIVE bitaddress.org-v2.8.0-SHA1-87dcf19f02ee9fb9dd3a8c787bcf52eef944aa82.html – more entropy from browser fingerprinting for PRNG seed – user can add entropy through URL hash tag – seed mouse movement as 16-bit number” 16 FUCKING BITS! That’s equivalent to choosing a single-word “passphrase” from a 66,000 word dictionary => log2(66000) ? 16.01 bits, which is plainly inadequate. ↩
- This function uses SHA256 to hash your passphrase. One sincerely hopes.↩
- You don’t want to end up like this chump, do you?↩