Digitizing our Wallets : Digital Wallets for eCommerce Development
Bitcoin Keys, Addresses & Wallets
-
Upload
christopher-allen -
Category
Technology
-
view
506 -
download
23
Transcript of Bitcoin Keys, Addresses & Wallets
Transcript
Bitcoin Keys, Addresses & Walletsby Christopher Allen <[email protected]>
June 21, 2015
1
Transcript
What is this?e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2
Transcript
What is this?e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Clues:• it is a hex value (only 0-9 & a-f characters)
3
Transcript
What is this?e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Clues:• it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes
4
64 chars
Transcript
What is this?e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Clues:• it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key
5
Transcript
What is this?e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Clues:• it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key • it might be SHA256 number
6
Transcript
What is this?e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Clues:• it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key • it might be SHA256 number • look up e3b0c442 with Google
7
Transcript
What is this?e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Clues:• it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key • it might be SHA256 number • look up e3b0c442 with Google
This is a Bitcoin programmers nightmare: • the SHA256 of ""
8
Transcript
What is this?5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjssClues:
• no ambiguous numbers, it may be base58 • it begins with a 5
9
Transcript
What is this?5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjssClues:
• no ambiguous numbers, it may be base58 • it begins with a 5
It is an uncompressed WIF (Wallet Import Format) private key • it is the private key for a brain wallet of "" • like e3b0c442 it is a bitcoin developers
nightmare
10
Transcript
What is this?1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN
11
Transcript
What is this?1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzNClues:
• no ambiguous numbers, it may be base58 • it begins with a 1
13
Transcript
What is this?1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzNClues:
• no ambiguous numbers, it may be base58 • it begins with a 1
It is a P2PKH (Pay to Public Key Hash) Bitcoin address • it is the Bitcoin address when was generated
from a private key for a brain wallet of "" • Like e3b0c442 I watch out for 1HZ
15
Hidden Transcript
A common error…
16
Over $1600 has been lost, $67 last month, swept in minutes
Hidden Transcript
Creating a P2PKH Address
17
Transcript
What is this?mx5u3nqdPpzvEZ3vfnuUQEyHg3gHd8zrrH
18
Transcript
What is this?mx5u3nqdPpzvEZ3vfnuUQEyHg3gHd8zrrHClues:
• no ambiguous numbers, it may be base58 • it begins with an m
19
Transcript
What is this?mx5u3nqdPpzvEZ3vfnuUQEyHg3gHd8zrrHClues:
• no ambiguous numbers, it may be base58 • it begins with an m
It is a P2PKH (Pay to Public Key Hash) Bitcoin address for TestNet • it is the TestNet bitcoin address equivalent to 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN generated from a brain wallet of ""
• Like e3b0c442 I watch out for 1HZ & mx5
20
Transcript
What is this?L4rK1yDtCWekvXuE6oXD9jCYfFNV2cWRpVuPLBcCU2z8TrisoyY1Clues:
• no ambiguous numbers, it may be base58 • it begins with a L
21
Transcript
What is this?L4rK1yDtCWekvXuE6oXD9jCYfFNV2cWRpVuPLBcCU2z8TrisoyY1Clues:
• no ambiguous numbers, it may be base58 • it begins with a L
It is a compressed WIF (Wallet Import Format) private key. Could be L* or K* • but it is 1 character longer than a 5* WIF! • when stored in blockchain, the public keys
are only 256 bits, vs 520 bits >50% smaller!
23
Transcript
What are Bitcoin Wallets?• There are 2^160 P2PKH keys• 1,461,501,637,330,902,918,203,684,832,716,
283,019,655,932,542,976 keys• Which keys are yours?• Wallets help you manage many keys
24
Transcript
Kinds of Wallets• Software• Brain, browser, bulk, deterministic, HD, multi-sig,
export (BIP38/39), escrow (BIP44/5), full node or thin SPV (Simplified Payment Verification) or server
• Physical• Paper, cold, FIPS hardware
• Hosted• Exchange, multi-sig (BIP11/16), escrow (BIP44/5),
locked/unlocked keys, export (BIP38/39), etc.
25
Transcript
What is a Brain Wallet?• In essence, your Bitcoins are stored in your
mind, by memorization of a passphrase• The passphrase is turned into a 256 bit private
key using SHA256• If you forget the passphrase, or are
incapacitated or die, the Bitcoins are lost forever
• HOWEVER, passphrases are not very secure
29
Transcript
Passphrase Entropy• A truly random 12 character password (MixeD CaSe,
Numb3r5, $peçial Characters) has 78 bits of entropy• for example: mH*naG8}Np`$ or [Kh8}J@2t[%3 • Supercomputer or network: 55 days • PC with GPU: 3018 years
30
Transcript
Passphrase Entropy• A truly random 12 character password (MixeD CaSe,
Numb3r5, $peçial Characters) has 78 bits of entropy• for example: mH*naG8}Np`$ or [Kh8}J@2t[%3 • Supercomputer or network: 55 days • PC with GPU: 3018 years
• However, in practice humans are not good at randomness, most 12 character passwords…• Average network decrypt: 47 seconds • PC with GPU in 11 days
31
Password Best Practices
Life With Alacrity blogby Christopher Allen
http://www.lifewithalacrity.com/2009/09/password-best-practices.html
Hidden Transcript
32
Transcript
Summary of Best Practices• Have at least TWO passwords• Create a “non-secure” password for non-financial websites• Pick a memorable long word or short phrase,
• e.g.“amber waves”, “perspicacious”• Shorten it to 7 characters• “ambrwvs”, “prspccus”
• Convert a letter other then first to number• O=0, L=1, E=3, S=5 e.g. “ambrwv5” or “pr5pccus”
• Use letter from domain name for last char, and capitalize it• e.g. second o from google “ambrwv5O” or “pr5pccusO”
• Same technique but longer word for financial (minimum 12)• Check your password's quality (using local Javascript code)• Or use a password generator, or even better — “Diceware"
33
Hidden Transcript
www.grc.com/haystack.htm
34
Transcript
apps.cygnius.net/passtest/password: mH*naG8}Npentropy: 59.823composition: Password is too short.acceptable:nocrack time (seconds):51006556106687.336
35
Transcript
www.PasswordsGenerator.net
36
Transcript
Dicewarehttp://world.std.com/~reinhold/diceware.html
37
Transcript
BrainWallet.orgor git clone https://github.com/brainwallet/brainwallet.github.io.git
38
Transcript
What is a Paper Wallet?• Using a brain wallet is risky• You may forget your passphrase • You may not have enough entropy
• So save it on paper!• 256 bits of entropy• WIF private key• QR code for payments, QR code for WIF
39
Transcript
BitAddress.orgor git clone https://github.com/pointbiz/bitaddress.org.git
40
Transcript
BitCoinPaperWallet.orgor git clone https://github.com/cantonbecker/bitcoinpaperwallet.git
41
Transcript
What is this?6PRKN3F46DpESCG6jPzSybFQwE9SRoK1CYFaiKfVtmDMiv8EBrQhHQdCLK
Clues:• no ambiguous numbers, it may be base58 • it begins with a 6
42
Transcript
What is this?6PRKN3F46DpESCG6jPzSybFQwE9SRoK1CYFaiKfVtmDMiv8EBrQhHQdCLK
Clues:• no ambiguous numbers, it may be base58 • it begins with a 6
It is a BIP38 encrypted WIF (Wallet Import Format) private key address
• BIP is Bitcoin Improvement Proposal • BIP38 is how to encrypt a random private
key with an additional passphrase
43
Transcript
Why use BIP38?• If your paper wallet is stolen, it must be
decrypted before being used• Allows you to "give" a paper wallet to
someone, have them verify amount, then give them password to decrypt.
• Simple version is just encryption (like AES) but advanced version supports "intermediate" codes so that 2nd parties can't see private key
44
Transcript
BitCoinPaperWallet.orgor git clone https://github.com/cantonbecker/bitcoinpaperwallet.git
45
Transcript
bit2factor.comor git clone https://github.com/mannkind/bit2factor.org.git
46
Transcript
What is a Bulk Wallet?• Every time you spend coins on a Bitcoin
address, you should never use it again.• This means you need lots of private keys!• A bulk wallet stores all your private keys• The oldest software wallets are typically bulk
wallets• Can still be useful today for "archive" storage,
such as on an encrypted USB key
47
Transcript
What is a Deterministic Wallet?• Bulk Wallets need lots of private keys! • big file to backup, could be compromised • maybe lots of passphrases to remember • maybe many pages of paper wallets
• Instead, a "master" private key is created, and additional private keys are generated on the fly
48
Transcript
Type 1 Deterministic Wallet• The Electrum wallet (and old versions of
Armory) create a chain of keys based on a master
• Only a root key plus a chain code• Much shorter mnemonic for saving master key• 12 words e.g."magic spoken nearly nine fist
bathroom surprise north reach scrape illusion courage"
49
Hidden Transcript
50
Transcript
Type 2 Deterministic Wallet• "Hierarchical Deterministic" or HD Wallets• Defined in BIP32• Creates a tree of master and child keys• Allows delegate of a child private key to a
server to act as an agent on behalf of the master private key holder
• BEWARE: With a child private key and the master public key an attacker can derive private master!
51
Hidden Transcript
52
Transcript
Master Key Mnemonics• Moving a master key from software wallet to
software wallet can be difficult• BIP39 defines a standard 12 or 24-word
mnemonic for moving master keys• Recreates BIP32 keys for HD wallets• BIP32 master private: xprv9s21Z*• BIP32 extended private: xprv9wzGf*• BIP32 extended public: xpub6Ayd5S*
53
Transcript
dcpos.github.io/bip39/or git clone https://github.com/dcpos/bip39.git
54
Transcript
What is this?3EktnHQD7RiAE6uzMj2ZifT9YgRrkSgzQXClues:
• no ambiguous numbers, it may be base58 • it begins with a 3 • this is a P2SH (Pay to Script Hash) Address • defined by BIP11 & BIP16, P2SH allows for
more complicated transactions that may require multiple keys or signatures to redeem
55
Transcript
ms-brainwallet.orgor git clone https://github.com/ms-brainwallet/ms-brainwallet.github.io.git
56
Transcript
What is this?SSS-5CJkUwdiUPZi2R8RJJzkUFvs1TWC22JAQD2T3QMyhuAvDgzrXKuhT5at
Clues:• no ambiguous numbers, it may be base58 • it begins with a SSS
57
Transcript
What is this?SSS-5CJkUwdiUPZi2R8RJJzkUFvs1TWC22JAQD2T3QMyhuAvDgzrXKuhT5at
Clues:• no ambiguous numbers, it may be base58 • it begins with a SSS
It is a Mycelium "Shamir Secret Share". It lets you "split" a secret into shares github.com/cetuscetus/btctool
• Mycelium Wallet only. No BIP for this yet. • There are other Shamir Secret Sharing
approaches. But cool tech!
58
Transcript
I want it all!• BIP44 and BIP45 wallets are the most advanced• Use multisig addresses (BIP11, BIP16)• Use HD keys (BIP32)• Use Mnemonic backups (BIP39)• Use Structured HD keys (BIP43)• Support multiple accounts & escrow:• BIP44 — Trezor, Coinomi, Mycellium, Encompass• BIP45 (BIP44 plus multiple currencies)— Copay
59
Transcript
Bitcoin vs Testnet
60
Type Bitcoinprefix
Testnetprefix Examples
Pubkey hash (P2PKH address) 1 m or n 17VZNX1SN5NtKa8UQFxwQbFeFc3
mipcBbFg9gMiCh81Kj8tqqdgoZub1
Script hash (P2SH address) 3 2 3EktnHQD7RiAE6uzMj2ZifT9YgRrkS
2MzQwSSnBHWHqSAqtTVQ6v47Xta
Public key(WIF, uncompressed pubkey) 5 9 5EktnHQD7RiAE6uzMj2ZifT9YgRrkS
92Pg46rUhgTT7romnV7iGW6W1gb
Private key(WIF, compressed pubkey) K or L c L1aW4aubDFB7yfras2S1mN3bqg9n
cNJFgo1driFnPcBdBX8BrJrpxchBW
BIP32 private key xprv tprv xprvs21ZrQH143K24Mfq5zL5MhWK
tprv8ZgxMBicQKsPcsbCVeqqF1KV
BIP32 public key xpub tpub xpub661MyMwAqRbcEYS8w7XLSV
tpubD6NzVbkrYhZ4WLczPJWReQy
Bitcoin-QtSoftware Client Desktop: Windows, Mac, Linux+ Open Source+ Maintained by the core Bitcoin developers+ Full Node—downloads full block chain, no need to trust 3rd party SPV servers- Can take a few days to initially download and sync the blockchain.- Clunky UI, no BIP32,38,39,44,45
Hidden Transcript
61
ArmorySoftware Client Desktop: Windows, Mac, Linux+ Open Source+ Multiple wallets, cold and fragmented paper backups+ BIP32 (HD)+&- Full Node—sits on top of Bitcoin-QT (days to download and sync)- Clunky UI, no BIP 38,39,44,45
Hidden Transcript
62
ElectrumSoftware Client Desktop: Windows, Mac, LinuxMobile: Android+ Open Source+ Thin client — connects to SPV servers+ Quick install and setup time, good for beginners.+ Bulk OR deterministic addresses- NOT BIP38 nor BIP39 (Electrum's word seed backups not compatible)
Hidden Transcript
63
MyceliumSoftware Client Mobile: Android+ Open Source+ Thin client—connects to their servers- Only their servers+ Most advanced Android Wallet with multisig (BIP11, BIP16), BIP32 (HD Keys), BIP38 (Mnemonic), BIP44 (escrow), onion-TOR, cold storage (encrypted PDF or Trezor)
Hidden Transcript
64
Bread WalletSoftware Client Mobile: iPhone- Open Source+ Extremely easy to use (too simple?)+ SPV client— not full node, but not dependent on anyone's dedicated servers- SPV can sometimes be slow+ HD Keys (BIP32), encrypted (BIP38) & Mnemonic Export (BIP39)+ Can sweep private keys and BIP38!
Hidden Transcript
65
Hive WalletSoftware Client Mobile: iPhone, Android, Mobile Web- Open Source+ Supports Waggle (GPS) & QR code+ SPV client— not full node, but not dependent on anyone's dedicated servers- SPV can sometimes be slow+ Supports HD Keys (BIP32) and Mnemonic Export (BIP39)+ Also supports Litecoin
Hidden Transcript
66
Bither WalletSoftware Client Desktop: Windows, Mac, Linux Mobile: iPhone, Android- Open Source+ SPV client— not full node+ Supports HD Keys (BIP32), Encrypted Private (BIP38), Mnemonic Export (BIP39 + QR)+ Interesting "cold iPhone" storage idea- Crashes importing BIP39
Hidden Transcript
67
CoinbaseHosted Wallet Desktop: Browser Mobile: iPhone, Android, Opera+ Hosted by an bitcoin exchange, thus you can buy Bitcoin directly via bank+ Supports two-factor auth via one-time auth (Google Auth or Authy)+ APIs for services like LibraTax- Hosted completely on server- No HD Keys (BIP32) or multi-sig- No export (but can sweep to paper)
Hidden Transcript
68
Blockchain.infoHosted Wallet Desktop: Browser Mobile: iPhone, Android, Opera+ Most popular hosted wallet+ Runs all in browser via Javascript+ Free, supports two-factor auth via email+ You can import/export your keys (but no BIP38/39 support!)- No HD Keys (BIP32) or multi-sig- Limited customer support
Hidden Transcript
69
CopayHosted Wallet Desktop: Browser Mobile: iPhone, Android, Opera+ Open Source+ Great Javascript Library+ Runs all in browser via Javascript+ Export/Import BIP48+ multi-sig (BIP11, BIP16) and BIP45 support (BIP44 escrow plus multiple currencies+ BIP45 escrow only with Copay
Hidden Transcript
70
TrezorHardware Wallet Desktop: Setup via USB + Secure hardware+ Easy to use+ Supports HD keys (BIP32), export (BIP38/39), and multi-sig (BIP44)- Costs $119- Requires USB and plugin to boot and setup with desktop- No two-factor auth- Difficult to security review hardware
Hidden Transcript
71
Other WalletsComparisons at:www.expresscoin.com/wallets-comparison
Lots of wallet walkthru's atwww.expresscoin.com/wallets
Hidden Transcript
72
Transcript
The Future of Wallets• Increased Ease of Use
• Address discovery (email, bluetooth, OneName)
• Multi-currency (Altcoins & Sidechains)
• Instant Currency Exchange (USD<->BTC)
• Asset Wallets (stocks, commodities, derivatives, insurance)
• Micropayments
• More kinds of P2SH transactions (time delays, approvals)
• Smart contracts (more P2SH & Etherium)
73
Transcript
The Future of Wallets (continued)
• Personal & Portable Multi-Sig, Escrow & Distributed Cold
• Anonymous Wallets (Mixers, Fog, Dark)
• Auditable and KYC "Clean Money" Wallets
• Trusted On Chip Key Storage• Trustonic: Trustzone (baseband chip on cell phones)• Google: Project Vault (trusted MicroSD)• Apple: Secure Enclave (iOS9 support EC in Touch ID)• Tamper resistant FIPS hardware (credit card, watch)
74
Hidden Transcript
Questions?
75