Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Bitcoin Keys, Addresses & Wallets

4.536 Aufrufe

Veröffentlicht am

Introductory lecture at Blockchain University on managing Bitcoin keys and addresses by using Wallet software and other technologies.

Veröffentlicht in: Technologie

Bitcoin Keys, Addresses & Wallets

  1. 1. Transcript Bitcoin Keys, Addresses & Wallets by Christopher Allen <ChristopherA@LifeWithAlacrity.com> June 21, 2015 1
  2. 2. Transcript What is this? e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 2
  3. 3. Transcript What is this? e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Clues: • it is a hex value (only 0-9 & a-f characters) 3
  4. 4. Transcript What is this? e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Clues: • it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes 4 64 chars
  5. 5. Transcript What is this? e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Clues: • it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key 5
  6. 6. Transcript What is this? e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Clues: • it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key • it might be SHA256 number 6
  7. 7. Transcript What is this? e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Clues: • it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key • it might be SHA256 number • look up e3b0c442 with Google 7
  8. 8. Transcript What is this? e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Clues: • it is a hex value (only 0-9 & a-f characters) • it is 64 characters long or 32 bytes • it might be a ECDSA private key • it might be SHA256 number • look up e3b0c442 with Google This is a Bitcoin programmers nightmare: • the SHA256 of "" 8
  9. 9. Transcript What is this? 5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss Clues: • no ambiguous numbers, it may be base58 • it begins with a 5 9
  10. 10. Transcript What is this? 5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss Clues: • no ambiguous numbers, it may be base58 • it begins with a 5 It is an uncompressed WIF (Wallet Import Format) private key • it is the private key for a brain wallet of "" • like e3b0c442 it is a bitcoin developers nightmare 10
  11. 11. Transcript What is this? 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN 11
  12. 12. Transcript What is this? 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN Clues: • no ambiguous numbers, it may be base58 • it begins with a 1 13
  13. 13. Transcript What is this? 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN Clues: • no ambiguous numbers, it may be base58 • it begins with a 1 It is a P2PKH (Pay to Public Key Hash) Bitcoin address • it is the Bitcoin address when was generated from a private key for a brain wallet of "" • Like e3b0c442 I watch out for 1HZ 15
  14. 14. Hidden Transcript A common error… 16 Over $1600 has been lost, $67 last month, swept in minutes
  15. 15. Hidden Transcript Creating a P2PKH Address 17
  16. 16. Transcript What is this? mx5u3nqdPpzvEZ3vfnuUQEyHg3gHd8zrrH 18
  17. 17. Transcript What is this? mx5u3nqdPpzvEZ3vfnuUQEyHg3gHd8zrrH Clues: • no ambiguous numbers, it may be base58 • it begins with an m 19
  18. 18. Transcript What is this? mx5u3nqdPpzvEZ3vfnuUQEyHg3gHd8zrrH Clues: • no ambiguous numbers, it may be base58 • it begins with an m It is a P2PKH (Pay to Public Key Hash) Bitcoin address for TestNet • it is the TestNet bitcoin address equivalent to 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEz N generated from a brain wallet of "" • Like e3b0c442 I watch out for 1HZ & mx5 20
  19. 19. Transcript What is this? L4rK1yDtCWekvXuE6oXD9jCYfFNV2cWRpVuPLBcCU2z8TrisoyY1 Clues: • no ambiguous numbers, it may be base58 • it begins with a L 21
  20. 20. Transcript What is this? L4rK1yDtCWekvXuE6oXD9jCYfFNV2cWRpVuPLBcCU2z8TrisoyY1 Clues: • no ambiguous numbers, it may be base58 • it begins with a L It is a compressed WIF (Wallet Import Format) private key. Could be L* or K* • but it is 1 character longer than a 5* WIF! • when stored in blockchain, the public keys are only 256 bits, vs 520 bits >50% smaller! 23
  21. 21. Transcript What are Bitcoin Wallets? • There are 2^160 P2PKH keys • 1,461,501,637,330,902,918,203,684,832,716,
 283,019,655,932,542,976 keys • Which keys are yours? • Wallets help you manage many keys 24
  22. 22. Transcript Kinds of Wallets • Software • Brain, browser, bulk, deterministic, HD, multi-sig, export (BIP38/39), escrow (BIP44/5), full node or thin SPV (Simplified Payment Verification) or server • Physical • Paper, cold, FIPS hardware • Hosted • Exchange, multi-sig (BIP11/16), escrow (BIP44/5), locked/unlocked keys, export (BIP38/39), etc. 25
  23. 23. Transcript What is a Brain Wallet? • In essence, your Bitcoins are stored in your mind, by memorization of a passphrase • The passphrase is turned into a 256 bit private key using SHA256 • If you forget the passphrase, or are incapacitated or die, the Bitcoins are lost forever • HOWEVER, passphrases are not very secure 29
  24. 24. Transcript Passphrase Entropy •A truly random 12 character password (MixeD CaSe, Numb3r5, $peçial Characters) has 78 bits of entropy • for example: mH*naG8}Np`$ or [Kh8}J@2t[%3 • Supercomputer or network: 55 days • PC with GPU: 3018 years 30
  25. 25. Transcript Passphrase Entropy •A truly random 12 character password (MixeD CaSe, Numb3r5, $peçial Characters) has 78 bits of entropy • for example: mH*naG8}Np`$ or [Kh8}J@2t[%3 • Supercomputer or network: 55 days • PC with GPU: 3018 years •However, in practice humans are not good at randomness, most 12 character passwords… • Average network decrypt: 47 seconds • PC with GPU in 11 days 31
  26. 26. Password Best Practices Life With Alacrity blog
 by Christopher Allen http:// www.lifewithalacrity.com/ 2009/09/password-best- practices.html Hidden Transcript 32
  27. 27. Transcript Summary of Best Practices •Have at least TWO passwords •Create a “non-secure” password for non-financial websites •Pick a memorable long word or short phrase, •e.g.“amber waves”, “perspicacious” •Shorten it to 7 characters • “ambrwvs”, “prspccus” •Convert a letter other then first to number • O=0, L=1, E=3, S=5 e.g. “ambrwv5” or “pr5pccus” •Use letter from domain name for last char, and capitalize it • e.g. second o from google “ambrwv5O” or “pr5pccusO” •Same technique but longer word for financial (minimum 12) •Check your password's quality (using local Javascript code) •Or use a password generator, or even better — “Diceware" 33
  28. 28. Hidden Transcript www.grc.com/haystack.htm 34
  29. 29. Transcript apps.cygnius.net/passtest/ password: mH*naG8}Np entropy: 59.823 composition: Password is too short. acceptable: no crack time (seconds): 51006556106687.336 35
  30. 30. Transcript www.PasswordsGenerator.net 36
  31. 31. Transcript Diceware http://world.std.com/~reinhold/diceware.html 37
  32. 32. Transcript BrainWallet.org or git clone https://github.com/brainwallet/brainwallet.github.io.git 38
  33. 33. Transcript What is a Paper Wallet? • Using a brain wallet is risky • You may forget your passphrase • You may not have enough entropy • So save it on paper! • 256 bits of entropy • WIF private key • QR code for payments, QR code for WIF 39
  34. 34. Transcript BitAddress.org or git clone https://github.com/pointbiz/bitaddress.org.git 40
  35. 35. Transcript BitCoinPaperWallet.org or git clone https://github.com/cantonbecker/bitcoinpaperwallet.git 41
  36. 36. Transcript What is this? 6PRKN3F46DpESCG6jPzSybFQwE9SRoK1CYFaiKfVtmDMiv8EBrQhHQdCLK Clues: • no ambiguous numbers, it may be base58 • it begins with a 6 42
  37. 37. Transcript What is this? 6PRKN3F46DpESCG6jPzSybFQwE9SRoK1CYFaiKfVtmDMiv8EBrQhHQdCLK Clues: • no ambiguous numbers, it may be base58 • it begins with a 6 It is a BIP38 encrypted WIF (Wallet Import Format) private key address • BIP is Bitcoin Improvement Proposal • BIP38 is how to encrypt a random private key with an additional passphrase 43
  38. 38. Transcript Why use BIP38? • If your paper wallet is stolen, it must be decrypted before being used • Allows you to "give" a paper wallet to someone, have them verify amount, then give them password to decrypt. • Simple version is just encryption (like AES) but advanced version supports "intermediate" codes so that 2nd parties can't see private key 44
  39. 39. Transcript BitCoinPaperWallet.org or git clone https://github.com/cantonbecker/bitcoinpaperwallet.git 45
  40. 40. Transcript bit2factor.com or git clone https://github.com/mannkind/bit2factor.org.git 46
  41. 41. Transcript What is a Bulk Wallet? • Every time you spend coins on a Bitcoin address, you should never use it again. • This means you need lots of private keys! • A bulk wallet stores all your private keys • The oldest software wallets are typically bulk wallets • Can still be useful today for "archive" storage, such as on an encrypted USB key 47
  42. 42. Transcript What is a Deterministic Wallet? • Bulk Wallets need lots of private keys! • big file to backup, could be compromised • maybe lots of passphrases to remember • maybe many pages of paper wallets • Instead, a "master" private key is created, and additional private keys are generated on the fly 48
  43. 43. Transcript Type 1 Deterministic Wallet • The Electrum wallet (and old versions of Armory) create a chain of keys based on a master • Only a root key plus a chain code • Much shorter mnemonic for saving master key • 12 words e.g."magic spoken nearly nine fist bathroom surprise north reach scrape illusion courage" 49
  44. 44. Hidden Transcript 50
  45. 45. Transcript Type 2 Deterministic Wallet • "Hierarchical Deterministic" or HD Wallets • Defined in BIP32 • Creates a tree of master and child keys • Allows delegate of a child private key to a server to act as an agent on behalf of the master private key holder • BEWARE: With a child private key and the master public key an attacker can derive private master! 51
  46. 46. Hidden Transcript 52
  47. 47. Transcript Master Key Mnemonics • Moving a master key from software wallet to software wallet can be difficult • BIP39 defines a standard 12 or 24-word mnemonic for moving master keys • Recreates BIP32 keys for HD wallets • BIP32 master private: xprv9s21Z* • BIP32 extended private: xprv9wzGf* • BIP32 extended public: xpub6Ayd5S* 53
  48. 48. Transcript dcpos.github.io/bip39/ or git clone https://github.com/dcpos/bip39.git 54
  49. 49. Transcript What is this? 3EktnHQD7RiAE6uzMj2ZifT9YgRrkSgzQX Clues: • no ambiguous numbers, it may be base58 • it begins with a 3 • this is a P2SH (Pay to Script Hash) Address • defined by BIP11 & BIP16, P2SH allows for more complicated transactions that may require multiple keys or signatures to redeem 55
  50. 50. Transcript ms-brainwallet.org or git clone https://github.com/ms-brainwallet/ms-brainwallet.github.io.git 56
  51. 51. Transcript What is this? SSS-5CJkUwdiUPZi2R8RJJzkUFvs1TWC22JAQD2T3QMyhuAvDgzrXKuhT5at Clues: • no ambiguous numbers, it may be base58 • it begins with a SSS 57
  52. 52. Transcript What is this? SSS-5CJkUwdiUPZi2R8RJJzkUFvs1TWC22JAQD2T3QMyhuAvDgzrXKuhT5at Clues: • no ambiguous numbers, it may be base58 • it begins with a SSS It is a Mycelium "Shamir Secret Share". It lets you "split" a secret into shares github.com/cetuscetus/btctool • Mycelium Wallet only. No BIP for this yet. • There are other Shamir Secret Sharing approaches. But cool tech! 58
  53. 53. Transcript I want it all! •BIP44 and BIP45 wallets are the most advanced •Use multisig addresses (BIP11, BIP16) •Use HD keys (BIP32) •Use Mnemonic backups (BIP39) •Use Structured HD keys (BIP43) •Support multiple accounts & escrow: •BIP44 — Trezor, Coinomi, Mycellium, Encompass •BIP45 (BIP44 plus multiple currencies)— Copay 59
  54. 54. Transcript Bitcoin vs Testnet 60 Type Bitcoin
 prefix Testnet
 prefix Examples Pubkey hash (P2PKH address) 1 m or n 17VZNX1SN5NtKa8UQFxwQbFeFc3 mipcBbFg9gMiCh81Kj8tqqdgoZub1 Script hash (P2SH address) 3 2 3EktnHQD7RiAE6uzMj2ZifT9YgRrkS 2MzQwSSnBHWHqSAqtTVQ6v47Xta Public key
 (WIF, uncompressed pubkey) 5 9 5EktnHQD7RiAE6uzMj2ZifT9YgRrkS 92Pg46rUhgTT7romnV7iGW6W1gb Private key
 (WIF, compressed pubkey) K or L c L1aW4aubDFB7yfras2S1mN3bqg9n cNJFgo1driFnPcBdBX8BrJrpxchBW BIP32 private key xprv tprv xprvs21ZrQH143K24Mfq5zL5MhWK tprv8ZgxMBicQKsPcsbCVeqqF1KV BIP32 public key xpub tpub xpub661MyMwAqRbcEYS8w7XLSV tpubD6NzVbkrYhZ4WLczPJWReQy
  55. 55. Bitcoin-Qt Software Client Desktop: Windows, Mac, Linux + Open Source + Maintained by the core Bitcoin developers + Full Node—downloads full block chain, no need to trust 3rd party SPV servers - Can take a few days to initially download and sync the blockchain. - Clunky UI, no BIP32,38,39,44,45 Hidden Transcript 61
  56. 56. Armory Software Client Desktop: Windows, Mac, Linux + Open Source + Multiple wallets, cold and fragmented paper backups + BIP32 (HD) +&- Full Node—sits on top of Bitcoin- QT (days to download and sync) - Clunky UI, no BIP 38,39,44,45 Hidden Transcript 62
  57. 57. Electrum Software Client Desktop: Windows, Mac, Linux Mobile: Android + Open Source + Thin client — connects to SPV servers + Quick install and setup time, good for beginners. + Bulk OR deterministic addresses - NOT BIP38 nor BIP39 (Electrum's word seed backups not compatible) Hidden Transcript 63
  58. 58. Mycelium Software Client Mobile: Android + Open Source + Thin client—connects to their servers - Only their servers + Most advanced Android Wallet with multisig (BIP11, BIP16), BIP32 (HD Keys), BIP38 (Mnemonic), BIP44 (escrow), onion-TOR, cold storage (encrypted PDF or Trezor) Hidden Transcript 64
  59. 59. Bread Wallet Software Client Mobile: iPhone - Open Source + Extremely easy to use (too simple?) + SPV client— not full node, but not dependent on anyone's dedicated servers - SPV can sometimes be slow + HD Keys (BIP32), encrypted (BIP38) & Mnemonic Export (BIP39) + Can sweep private keys and BIP38! Hidden Transcript 65
  60. 60. Hive Wallet Software Client Mobile: iPhone, Android, Mobile Web - Open Source + Supports Waggle (GPS) & QR code + SPV client— not full node, but not dependent on anyone's dedicated servers - SPV can sometimes be slow + Supports HD Keys (BIP32) and Mnemonic Export (BIP39) + Also supports Litecoin Hidden Transcript 66
  61. 61. Bither Wallet Software Client Desktop: Windows, Mac, Linux Mobile: iPhone, Android - Open Source + SPV client— not full node + Supports HD Keys (BIP32), Encrypted Private (BIP38), Mnemonic Export (BIP39 + QR) + Interesting "cold iPhone" storage idea - Crashes importing BIP39 Hidden Transcript 67
  62. 62. Coinbase Hosted Wallet Desktop: Browser Mobile: iPhone, Android, Opera + Hosted by an bitcoin exchange, thus you can buy Bitcoin directly via bank + Supports two-factor auth via one- time auth (Google Auth or Authy) + APIs for services like LibraTax - Hosted completely on server - No HD Keys (BIP32) or multi-sig - No export (but can sweep to paper) Hidden Transcript 68
  63. 63. Blockchain.info Hosted Wallet Desktop: Browser Mobile: iPhone, Android, Opera + Most popular hosted wallet + Runs all in browser via Javascript + Free, supports two-factor auth via email + You can import/export your keys (but no BIP38/39 support!) - No HD Keys (BIP32) or multi-sig - Limited customer support Hidden Transcript 69
  64. 64. Copay Hosted Wallet Desktop: Browser Mobile: iPhone, Android, Opera + Open Source + Great Javascript Library + Runs all in browser via Javascript + Export/Import BIP48 + multi-sig (BIP11, BIP16) and BIP45 support (BIP44 escrow plus multiple currencies + BIP45 escrow only with Copay Hidden Transcript 70
  65. 65. Trezor Hardware Wallet Desktop: Setup via USB + Secure hardware + Easy to use + Supports HD keys (BIP32), export (BIP38/39), and multi-sig (BIP44) - Costs $119 - Requires USB and plugin to boot and setup with desktop - No two-factor auth - Difficult to security review hardware Hidden Transcript 71
  66. 66. Other Wallets Comparisons at: www.expresscoin.com/ wallets-comparison Lots of wallet walkthru's at www.expresscoin.com/ wallets Hidden Transcript 72
  67. 67. Transcript The Future of Wallets • Increased Ease of Use • Address discovery (email, bluetooth, OneName) • Multi-currency (Altcoins & Sidechains) • Instant Currency Exchange (USD<->BTC) • Asset Wallets (stocks, commodities, derivatives, insurance) • Micropayments • More kinds of P2SH transactions (time delays, approvals) • Smart contracts (more P2SH & Etherium) 73
  68. 68. Transcript The Future of Wallets(continued) • Personal & Portable Multi-Sig, Escrow & Distributed Cold • Anonymous Wallets (Mixers, Fog, Dark) • Auditable and KYC "Clean Money" Wallets • Trusted On Chip Key Storage • Trustonic: Trustzone (baseband chip on cell phones) • Google: Project Vault (trusted MicroSD) • Apple: Secure Enclave (iOS9 support EC in Touch ID) • Tamper resistant FIPS hardware (credit card, watch) 74
  69. 69. Hidden Transcript Questions? 75

×