6

Suppose one generates an account with the following procedure:

  1. Flip a coin 256 times;

  2. On a paper, write each heads as 1 and each tails as 0;

  3. Convert the 256-bit string to hex by mapping each 4-bit sequence to a char from 0 to F;

  4. Save that 64-character hex string to a file (say, echo 'ABCDABCDABCDABCDABCDABCDABCDABCDABCDABCDABCDABCDABCDABCDABCDABCDABCD' > priv.txt);

  5. Import that private key using geth account import;

  6. Remove the file: rm priv.txt;

  7. Store the private key in a safe place, offline.

Is to know if this procedure is safe or if is there any potential issue with it.

MaiaVictor
  • 3,177
  • 2
  • 17
  • 37
  • 1
    How do you know the coin flips really randomly? ;-) – q9f Feb 04 '16 at 13:48
  • 1
    @Viclib: it's a great way of generating a cold / paper wallet but it's going to be slow. A Dungeon & Dragon type dice with 16 sides shall be much faster (and it's kinda nerdier too) ! – Cedric Martin Feb 06 '16 at 00:25

2 Answers2

3

Nothing is 100% secure, at least nothing you can be certain of.

Your procedure is a pretty good idea. I just played it through. Possible security implications:

  1. The coin might not flip randomly enough. It's reported that some coins turn out more often heads than tails. Try a dice maybe (odds = 1, even = 0)?
  2. If you use a machine to convert the binary number to hexadecimal, ensure it's offline and secure. Try to boot from a live medium before doing this.
  3. The step saving it to disk (priv.txt) might leave a magnetic footprint on your harddisk. Again, boot from a live medium which operates in memory. But don't forget to backup your encrypted keystore.

I think it's easier and more safe than using geth directly to generate an encrypted keystore. Just make sure it's offline and operating in memory and well backed up.

Cedric Martin
  • 678
  • 4
  • 13
q9f
  • 32,913
  • 47
  • 156
  • 395
  • 1
    +1... Note that when I boot from a Linux live CD I do it on a desktop PC (not a laptop) from which I've physically disconnected the harddisk and from which I unplug the network cable after having downloaded every dependency I need. So from the moment I unplug the network cable, the information I enter cannot be transmitted over the network nor written to the harddisk. – Cedric Martin Feb 06 '16 at 00:23
2

While unlikely to flip so many heads in a row, it's still worth mentioning that not all 256-bit numbers are valid private keys in Ethereum and as explained here:

Specifically, any 256-bit number from 0x1 to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140 is a valid private key.

Community
  • 1
eth
  • 85,679
  • 53
  • 285
  • 406
  • Interesting, wasn't aware of that limit. Could also be relevant for this question. – q9f Jul 07 '16 at 09:27
  • @5chdn Your statement in that question "Now I see not every 256-bit number is a valid ECDSA private key for bitcoin." is what made me check this :) – eth Jul 07 '16 at 20:44