TUTORIAL - Generate Bitcoin Private Keys SECURELY!
I see that a lot of people have problems generating Bitcoin keys safely so I thought I put out this quick tutorial to help them. Most people keep their coins on mobile wallets and centralized exchanges, because they don't know how to secure the bitcoins properly. Well you need to generate the private keys safely, and also sign the transactions safely. In this tutorial we will focus on the previous.
TUTORIAL
1) Create an Offline PC with No Persistence
DISCLAIMER: Before proceeding, you agree that you won't hold me responsible if you electrocute yourself or damage your computer or if any other damages happen! Proceed with caution or ask an expert to do it for you!
What you want to do is buy an old computer that is cheap and only serves this purpose, doing bitcoin transactions. It should not be a laptop because they have WI-FI in them. Then do the following:
- Make sure the computer is disconnected from the power source!
- Unplug it from the Internet
- Take out the hard disk
- Take out the video card (only if it has built-in video card)
- Take out any extra addon: Bluetooth, Network Controller Chip, PCI-Express card, etc...
The only thing that should be left in your PC hard box should be: Motherboard (with built in video card), RAM Chip, Fans, Power Unit and their respective cables.
2) Burn a Live Linux Distro to a DVD
You can choose a Linux Distro that starts up from DVD: http://livecdlist.com
Before downloading it, you should verify their PGP signatures or their checksums to know that you have downloaded the original one, not a tampered one.
3) Boot the Computer from DVD
Boot up your offline computer from a DVD, you only need the hardbox, a monitor, a mouse and a keyboard, preferably all of them should have wires, because wireless keyboards and mices are not secure.
You should also have a USB stick with which you ship the Bitcoin Wallet. Now you can choose any Bitcoin wallet you wish, but also make sure your verify their integrity. I recommend using Electrum, because it's easy to generate private keys with it, and it can be remembered.
6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
4) Generate the Private Key
Make sure you have installed everything, Electrum needs Python as a dependency, so make sure it is updated to the latest version. Then after everything is ready, you just start Electrum and it will generate your seed
with it's wallet wizard. It should be straightforward.
However maybe your CPU's random number generator is weak or tampered, so you can add outside entropy to your seed, by generating a big integer with dices for example.
@creatr pointed out in his article that you can generate seeds with dices, by generating a large number with multiple dice rolls, but I disagree with him because dices are not good random number generators. A tampered CPU should still be better than a set of dice, however we can combine them.
If you are extra paranoid, you can use the CPU for the random number generator, but you can salt that number with entropy generated from the dice, this way the number will be statistically random, but salted with an unpredictable number from your dice. The number you roll with the dice should be a base 10 integer. All you need to do is just enter this in the console:
electrum make_seed --nbits 160 --entropy 12345678910111213141516
Where you just replace the number after entropy
with your own big number generated with the dices. The bits should be 160, since this is the maximum security an unspent bitcoin address will give you. It should give you 16 random words, that you can then memorize or write down, and this can be your seed that generates all private keys in your wallet.
Electrum is awesome! You can also add private keys from the old bitoind wallets and spend right from them in a unified Electrum interface.
Good post - already following you!
Yes, but those were probably not that securely generated ,so it's wise to generate new keys securely, and send the money to the new ones. Although proceed with caution.
Hi, @profitgenerator,
Thanks for the "shout out" link to my Bitcoin article. :) I do appreciate the mention!
However, I must continue to disagree with you about sources of randomness. Computers are a rather poor source of entropy. Good casino dice, however, are "fair" in the sense of "not a cheat." They roll quite randomly. This article, "Experimentally obtained statistics of dice rolls" reports on a test of more than half a million rolls of casino dice in good condition, and found no evidence of any bias in the roll. Casino dice are inherently random.
On the other hand, computers are by their very nature predictable and repeatable. In order to obtain truly random numbers from a computer, some non-computational source of entropy must be introduced. This article, "Introduction to Randomness and Random Numbers" from http://random.org explains this in considerable detail.
And so, Thank You, but I'll be sticking with my 100% random casino dice when it comes to generating private keys for storing my bitcoin and/or other cryptocurrencies! ;)
I disagree, it has been scientifically proven that the CPU cache timeouts or whatever it is called, is statistically random. And a good software gather other entropy sources too, like the heat of the PC and others. It should be very high quality randomness.
But you can always salt the entropy just to make sure it's not tampered randomness.
Why would you use Random.org? You want that website to know your entropy? Why not just generate it yourself then.
I am not against the dice, I would use dices too, but I would only use them as salt, and not as the main entropy source.
I don't use Random.org - it is simply a good source of information about randomness.
I know what randomness is, i have a background in statistics :)
But it might be good for newbies here. Anyways nice debate, I'll be reading your content, you put out some good stuff.
This post has been ranked within the top 80 most undervalued posts in the first half of Nov 23. We estimate that this post is undervalued by $4.06 as compared to a scenario in which every voter had an equal say.
See the full rankings and details in The Daily Tribune: Nov 23 - Part I. You can also read about some of our methodology, data analysis and technical details in our initial post.
If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.
A less complicated methode is a hardware wallet. It will probably cost less and it is way easier to set up and make transactions for the same security level.
http://hardware-wallet.com
Yeah but then you have to trust the hardware of that device, which is harder to inspect than your average PC.
For example it can easily be detected if your PC processor has weak RNG, by generating a lot of [0,1] and measuring the probability distribution, it should be Bernoulli Distribution with a mean of 0.5 or with a very very small deviation from it , and the residuals should be 0 or very small over a huge sample.
How do I test the quality of the RNG in those hardware devices? I should just take their words for it?
Great Article!
Found it extremely helpful while moving my Bitcoins into cold storage
https://walletgenerator.net/# is pretty nice too
Thank you