Trusting Bitcoin [How do I protect my private key?]

Discuss all general (i.e. non-personal) investing questions and issues, investing news, and theory.
Post Reply
TomCat96
Posts: 428
Joined: Sun Oct 18, 2015 12:18 pm

Trusting Bitcoin [How do I protect my private key?]

Post by TomCat96 » Sat Jul 29, 2017 8:52 pm

This question is a bit of a narrow issue, but a few of you are cryptocurrency enthusiasts.

How do I ensure that my private key remains safe when transacting with it, when sending money from an address.

From what I have been able to tell, private keys may be encrypted through BIP38, which itself uses AES encryption. That's fine and all, but then to send money from an address, I have to:

1. Give up the encrypted private key.
2. Give up passphrase.

Isn't the whole point of the security to prevent that kind of stuff? I took a glance at BIP38, and indeed it looks like all you need to decrypt the private key is the passphrase. The point is, it seems I have to trust someone with my private key (or the means of acquiring my private key). Am I mistaken? Is there a safer way?

User avatar
LadyGeek
Site Admin
Posts: 41020
Joined: Sat Dec 20, 2008 5:34 pm
Location: Philadelphia
Contact:

Re: Trusting Bitcoin [How do I protect my private key?]

Post by LadyGeek » Sat Jul 29, 2017 9:04 pm

This thread is now in the Investing - Theory, News & General forum (bitcoin "theory"). I also retitled the thread for clarity.
To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.

patrick
Posts: 1473
Joined: Fri Sep 04, 2009 3:39 am
Location: Mega-City One

Re: Trusting Bitcoin

Post by patrick » Sat Jul 29, 2017 9:06 pm

You do not need to send your private key or passphrase to anyone else to send a bitcoin payment. You only "give up" these things to the software running on your computer, which produces a digital signature based on the private key, but doesn't reveal the private key to anyone else.

Which is not to say that bitcoin lacks other risks ...

Swelfie
Posts: 159
Joined: Mon Mar 14, 2016 12:54 am

Re: Trusting Bitcoin [How do I protect my private key?]

Post by Swelfie » Sat Jul 29, 2017 9:27 pm

Use a reputable wallet (mycelium is what I use) and the wallet will handle it for you correctly.

The unnecessary details are:

When you send Bitcoin, your public key is exposed and your private key is used to sign the transaction, but is not exposed. Your address can be verified as tied to the public key and the public key used to verify that your signature is valid.

So, only your public key is exposed. Against mere mortals, this is not a problem. However, there are those out there with quantum computers (mostly large government at this time, but rumored that Volkswagen has one). Against those, your private key may be recoverable using your public key. For this reason, a good wallet will completely empty the address, and generate a new one. Then your transaction turns into two transactions. The first is the destination you intend, the second is for anything left over to be sent to the new address. This way your public key for the new address remains hidden so that even quantum computers can't get to it.

kayanco
Posts: 503
Joined: Sat Jun 07, 2014 12:20 am

Re: Trusting Bitcoin [How do I protect my private key?]

Post by kayanco » Wed Sep 13, 2017 8:36 pm

TomCat96 wrote:
Sat Jul 29, 2017 8:52 pm
This question is a bit of a narrow issue, but a few of you are cryptocurrency enthusiasts.

How do I ensure that my private key remains safe when transacting with it, when sending money from an address.

From what I have been able to tell, private keys may be encrypted through BIP38, which itself uses AES encryption. That's fine and all, but then to send money from an address, I have to:

1. Give up the encrypted private key.
2. Give up passphrase.

Isn't the whole point of the security to prevent that kind of stuff? I took a glance at BIP38, and indeed it looks like all you need to decrypt the private key is the passphrase. The point is, it seems I have to trust someone with my private key (or the means of acquiring my private key). Am I mistaken? Is there a safer way?
You can find a wallet to use here, based on your preference:
https://bitcoin.org/en/choose-your-wallet

User avatar
LadyGeek
Site Admin
Posts: 41020
Joined: Sat Dec 20, 2008 5:34 pm
Location: Philadelphia
Contact:

Re: Trusting Bitcoin [How do I protect my private key?]

Post by LadyGeek » Wed Sep 13, 2017 9:03 pm

^^^ The wiki has some background info: Bitcoin
To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.

msimon
Posts: 48
Joined: Tue Feb 19, 2008 11:57 am

Re: Trusting Bitcoin [How do I protect my private key?]

Post by msimon » Sat Sep 16, 2017 3:29 am

The general idea is to keep your private key on a very safe computer which is preferably never connected to the internet.

Install offline bitcoin wallet software on that computer together with your private key. Here is one option: https://www.bitcoinarmory.com/tutorials ... ne-wallet/

When you want to transact, you generate a bitcoin transaction signed with your private key on that computer and copy it (stored as a file) onto a clean USB stick.

You then transfer that file to a computer connected to the internet and broadcast that transaction on the Bitcoin P2P network.

If you really want to be paranoid store your private key in encrypted form on a piece of paper someplace and only import it to your offline wallet computer when you want to generate transactions.

A cute way to generate a private bitcoin key would be to use a sha256 hash of a random files contents. Then store that file in two or three cloud storage services together with many other random files. As long as you can remember the name of the file you used, you can regenerate your private key by rehashing it. That file could be a picture, a document, a music file etc.

Daryl
Posts: 352
Joined: Thu May 22, 2008 9:34 am
Location: Malvern, PA (I like to sleep near my money!)

Re: Trusting Bitcoin [How do I protect my private key?]

Post by Daryl » Sat Sep 16, 2017 5:39 am

This seems like too much work. I'll just stick with CASH!

User avatar
rmelvey
Posts: 739
Joined: Sat Sep 18, 2010 5:17 pm
Contact:

Re: Trusting Bitcoin [How do I protect my private key?]

Post by rmelvey » Sat Sep 16, 2017 7:19 am

I bought a Trezor for storing my bitcoin/ethereum that I don't want to keep on the exchanges. It strikes the right balance between convenience and security. You never have to type in your private key because the signing of the transaction is happening on the trezor device. It is expensive at $120, but if your crypto position is large enough it is worth considering. I like that it comes with a 24 word recovery seed, so that if I ever lose my trezor I can just buy a new one and use the recovery seed to get my private keys. Just make sure to keep your recovery seed somewhere safe, and never type it into a computer. Pen and paper is best.

Post Reply