Yeap...randomly mnemonic string (phrases/words from default english.txt or
custom words from an input stream) + special passphrase (non-null).
Two things (not a criticism of the code which is well written and easy to
read, but just a general concern about people):
1) Hard copies - No matter how well they are stored they're bound to get
lost or stolen. Lost meaning people can forget where they placed them or
forgot the combination to their safe.
2) Soft copies - Most of us (speaking from a first world country
perspective) have some sort of computer electronic device we're always on
so it's "easier/safer" if we just store it electronically.
Yes I get the "you need to be responsible for your own life/money"
argument, but life happens.
Besides how can you live life always worried about your crypto keys?
Also I mentioned "easy to read" not "easy to understand", just like someone
can read words on a page and not have an understanding of what's written.
So the mechanism to an unlosable key would be:
1) User creates rules of recovery -- this can be as easy as answering a
list of user generated questions or as complex as a scavenger hunt on the
internet or maybe a music audio file.
2) The original mnemonic, which is a hashed of some words, is combined
with some other hashes in a long string and made available to user via
various transport methods (screen, email, plain ftp, post online).
A user can even come up with her own creative way of how the mnemonic
is combined with the other hashes.
For example, original: 3mDLLijh 8xZZDN FzaRJPb9i3Nf4KqiW YS7ko2k
KB1EhQ FNtMVb (will be longer in real life)
Combined:
3ZDNFzaRJPbLLijhS7ko2kKB1E3mDLLNtMVbNf4KqiWYS7ko2k3mDLLijh8xZZDNFzaRJPb9i3Nf4KqiWYS7ko2kKB1EhQFNtMVb3S7ko2kKB1LNtMVbNf4KqiWYS7ko2kKB1EhQFNtMVbb9i3Nf4b
3) Misdirection -- blast fake combined mnemonic to user chosen
destinations as well as the real one. Only the user would be able to tell
which is real and which is fake by searching (maybe CTRL+F) with original.
4) The original mnemonic is used to generate private key.
#2, #3 and #4 protects and enforces good user practice. Even if a
malicious entity picked up the data while they're stored on paper or
electronically the entity will never know which one is real and which one
is fake.
User doesn't have to store private key anywhere because he can just
regenerate it.
#1 takes the pressure off of user having to write down mnemonic or worrying
about where to store private key or mnemonic.
The point is to make figuring out the mnemonic impossible for anyone else
besides the user or clues the user leaves behind for his affiliates.
No one is going to know the series of events that happened in my life nor
the music I like from season to season without an extraordinary amount of
data gathering and computation unless they're me or people I've shared with.
Sorry for the long post.
On Monday, March 11, 2019 at 11:13:14 PM UTC-4, Tom Va wrote:
>
> Hi,
>
> This is my first post in this group so please pardon me for any
> uncharacteristic locutions.
> I would like to contribute to this project.
>
> *My question is has anyone come up with a way where a private key no
> longer can be lost?*
> For example, I generated my private key on my local computer/smartphone.
> If my computer crashes or I drop my phone in the ocean I've lost my coins.
> My solution is to send out an encrypted seed at the time a private key is
> generated so that a user can use it to regenerate the private key.
>
> Of course it's not going to be like the user will just use the actual sent
> encrypted seed to regenerate the private key.
> There will be a set of rules the user comes up with and only that user or
> who ever she shares the rules with to "decrypt" the seed and use it to
> regenerate the private key.
>
> This would be like an HD wallet, but instead of a perdetermined method of
> generating the seed the user would generate the seed.
> For example "when" the user loses his key he can look at the set of rules
> he came up with to regenerate the encrypted seed which he'll receive in one
> way or another.
> Then he can take that encrypted seed (a long string of text, probably base
> on Base58Check form) and base on his rules he can break the seed into
> phrases to regenerate the private key.
>
--
You received this message because you are subscribed to the Google Groups
"bitcoinj" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to bitcoinj+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
