Hacker News new | past | comments | ask | show | jobs | submit login
How Jason Bourne Stores His Bitcoin (maxtaco.github.io)
107 points by sillysaurus2 on Jan 19, 2014 | hide | past | favorite | 49 comments

I'm creating the JSON Bourne Shell btw. Totally got dibs on that name!

You could also train yourself (using e.g. http://en.wikipedia.org/wiki/Mnemonic_major_system) to memorize a completely random private key.

What if you suffer from memoryloss? Forgetfullness, traumatic experiences, dementia, headtrauma?

Also you need to change passwords every so often, you're inviting disaster of the "holy holy holy fucking shit" variety if you start doing this and change every six months.

Happened to me relatively recently, actually. Had an encrypted machine that hadn't been rebooted in months. No backups (it's not production related, just a personal box, but still). Power outage hits. MFW when I can't remember the login after trying for an hour:


Happened to me too. I got this freebsd server, I use ssh keys to login. But I hadn't login for a while, so I couldn't remember the user's password (which gave access to 'root' via sudo). After 37 tries, I hit nailed it! I was that close from re-installing the system. It had automated backups so, no big deal... Just two-three hours (maybe more) would be lost.

If that was a Linux box, I would have booted into single user mode and changed the password. Or temporarily mounted the hard drive in a different machine and modified /etc/shadow directly. I assume you can do something similar in FreeBSD? Quicker then a re-install.

Yes you're totally right. The machine was/is a embedded low consumption headless server, but you can do that using a FreeBSD image and VMware.

I like the idea of bitcoin, but way too many people (like this article) are just being stupid about it. It's baffling and depressing. Your retirement, really?

At worst bitcoin is a speculative balloon. At best it is a novel, useful way to conduct online transactions. In no conceivable future is it a good place for a long-term investment of the majority of your assets!

Sorry, that was a little joke. I don't think anyone should hold more than a small portion of their total assets in cryptocurrencies.

Interesting that we are now to the point where that wasn't obviously a joke.

That's because it's almost reality... sorta ...Fidelity ended up changing their mind for now, but for a moment it was real.


>>"The Bitcoin Investment Trust was previously approved by Fidelity as an eligible investment for accredited clients in their self-directed IRA accounts and investments began closing last week. We understand that Fidelity has decided to reevaluate this decision."

Really? You took that obvious joke seriously?

Head over to /r/bitcoin sometime... Full of people figuring out how to buy bitcoins with a credit card, etc. Something about it drives people crazy.

If you are under 25 and so easily have enough time to start from scratch if you lost all your money, Bitcoin is perfectly fine for the majority of your assets. If you're 50, then you should think of Bitcoin as a startup investment, as a small purchase so you have enough on hand to use for what you want, or as financial collapse insurance - all of which might only require a few percent of your money. It's all about context.

Honestly, it's about time you guys talking your book start disclosing your total Bitcoin position. Some of the top voices have 100,000+ BTC to their name: cough evoorhees trace mayer. Dunno about vbuterin, but this is just something to think about.

I know bitcoin is a major innovation, but having a bunch of them is an insanely powerful motivator and it becomes virtually impossible not to mix fact with fiction when your entire net worth is riding on it.

I feel like Jason Bourne stores it in a sub-dermal implant.

I read the book. The first two thirds is all about him trying to withdraw money from a bank using 80s technology and processes; really painful to read and nothing that would come close to working today.

In his head, of course.


Just sayin.

You're talking about Johnny Mnemonic. :P

It was basically what Matt Damon did in Elysium.

Except you can lock your bitcoins in 5-of-9 multisignature transaction among 9 of your friends in San Francisco, London, Paris and Moscow with an agreement to not sign the transaction unless you are safe and can talk directly to them.

Because obviously everyone considering bitcoins has a dozen cryptogeek friends spread out in half a dozen countries.

It's easy to get friends this way with irc and the internet you know. Besides, even if they are only spread around the country or a couple of countries it already makes things way harder. Regardless, passwords, even regular banking passwords are not meant to protect you against people that are willing to abduct you and torture you so I've always found this xkcd kind of unfair. Most passwords are meant to protect you from regular hacking attacks or internet thieves, not your local crazy mafia gang.

Too bad the Bitcoin protocol is hard-wired to accept at most m-of-3 transactions. More than 3 signatures is considered non-standard and rejected by peers/miners.

The key, however, can be split an unlimited number of ways using Shamir's Secret Sharing Scheme or a similar protocol.


Nice! It isn't quite the same since the spending party will know the private key forever, while m-of-n is a per-transaction signature. Still very useful.

You can push directly to Eligius if you want anything up to k-of-20; http://github.com/vbuterin/pybitcointools lets you do that with the eligius_pushtx command.

Bitcoin is not hard-wired to limit N to 3. Default client discourages "non-standard" transactions by not relaying or mining them, but if you mine them yourself or have someone to mine them, they will be valid and accepted. For all practical purposes, non-standard transactions are just taking longer to be included in the chain and typically required to have a non-zero fee (while the regular payments can be often mined for free).

Those 9 friends are most likely other bitcoin filled pinatas. So the expense of tracking them down will lead to more paydays.

Those 9 friends are:

1. In very different locations. Running around the world is going to be quite expensive.

2. Using different security measures. If they find one friend for his mistakes in maintaining privacy or security, same trick isn't going to work with some others.

3. Friends will also lock their stash in X-of-Y transactions with some other people, so finding them won't immediately increase potential gain.

I'd say the cost of running after individuals grows quadratically while the potential revenue only linearly.

4. Not all your funds will be locked with the same 9 people. 10% will be, while other 10% will be locked with some other group. To get 100% of the stash you'd effectively have to kidnap and torture maybe 20 different persons in different countries all over the world.

5. People learn. Once 2 or 3 folks are captured this way, all the rest will reshuffle their funds elsewhere and use better security measures. So you'd have to catch all at once, otherwise money will always leak right through your fingers.

Bitcoin is really, really a leapfrog technology with security incomparable with anything you had before. Previously known 2/3-factor schemes (including Shamir's Secret Sharing Scheme - SSSS) always required a single non-compromised machine to bring all secrets together. Bitcoin n-of-m transaction can be securely signed by N potentially compromised machines provided they are not all owned by the same operator.

See also global economical implications of the Bitcoin security: http://blog.oleganza.com/post/67872772342/bitcoin-and-gold

Sounds to me like it'd be better to encourage people to pick longer passphrases (8 - 10 words instead of 4), in addition to using scrypt.

All you really need is to always prepend your username to your password. If people all did that, then 99.9%+ of these brainwallet thefts would already not have happened. Slow KDFs are just icing on the cake.

> Copy the HTML to your AGM using a USB-stick.

Good enough for the Iranians, good enough for you.

Seriously, the centrifuges connected to your 2008-era Lenovo netbook might be totally rooted after this transfer.

What is the recovery procedure if you lose access to the AGM?

If I've understood correctly it is just to reinstall WarpWallet on another machine using the same passphrase.

But what if we also can no longer access WarpWallet? What then?

Luckily, WarpWallet's algorithm is public and therefore can be reimplemented even in the case of their disappearance.

Sometimes simple is good. Why not print off a few QR codes, and hide them around your house?

Why can't I just store it in a password protected 7Zip file. What will happen?

You still need to remember a good password, but now you have to worry about keeping track of the file. If you lose either, you lose your coin. Plus 7Zip uses a PBKDF2-like key stretcher, but you're probably better off with scrypt, and you're certainly better off with a composition of PBKDF2 and scrypt.

victim of homokov's cookie attack.

The cookie attack is an attack against browsers, not against sites. The effect is that the server refuses your request.

The private key storage part is bad. What if you have a house fire and your laptop and all your clues burn?

Just save your private key into something like KeePass with a long ass password and a couple of million of hashing rounds. Email the KeePass database to yourself, your family, put it on your server, all your computers, your cell phone, etc.

Am I missing something, or is it easier to just come up with a password that's not in a wordlist/rainbowtable than to trust (audit) this 13K lines of code HTML file?

Also, I find this laughable:

> Leave little cryptic notes around your house and office to remind you of what your passphrase is in case you ever forget.

It's likely the password you come up with will be better than the the unbroken 10 BTC WarpWallet challenge, so you have that assurance. Also, we implemented the protocol twice, using two different software stacks, and checked we came up with the same answer. You can probably convince yourself that WarpWallet works as advertised with about 10 lines of Python. We did something like that when building it.

Because we encourage running this thing on an airgapped machine, you mainly need to convince yourself that we're generating keys as advertised (and not from a small known pool). The airgap would prevent this page from sending data back to a server, even if there was logic to do so (which there isn't).

> You can probably convince yourself that WarpWallet works as advertised with about 10 lines of Python.

If only life were that simple.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact