Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Make a Bitcoin Address With a TI-89 Calculator

Posted by timothy on from the next-week-how-to-make-a-castle-out-of-toothpicks dept.

sarahnaomi writes: The power of Bitcoin is giving your dusty old TI-89 calculator a second chance of being useful. Matt Whitlock, who helped make one of the world's first Bitcoin ATMs, is at it again. In a video posted on to Vimeo, he showed how using the calculator once only used for high school geometry and a 12-sided die makes a secure address for your Bitcoin account. The video self-explanatory. Load up your calculator with the code, roll it 72 times and enter the number rolled into it. After that, the calculator pumps out a private key and address.

32 of 56 comments (clear)

  1. Are you retarded? by rebelwarlock · · Score: 3, Insightful

    I'm not rolling a die 72 times and manually entering each result.

    1. Re:Are you retarded? by gl4ss · · Score: 1

      yeah.. why can't you just smash numbers in random until you get enough for a good seed?

      --
      world was created 5 seconds before this post as it is.
    2. Re:Are you retarded? by dbIII · · Score: 1, Insightful

      It's a bitcon article so asking if the suckers drawn in the scheme are retarded is considered rude.
      "It's the future" - it's like that thing in Cryptonomicon only not backed by anything of value and it's founder has gone into hiding.

    3. Re:Are you retarded? by itzly · · Score: 2

      Or take a picture of your room, calculate a hash, and be done with it.

    4. Re:Are you retarded? by ultranova · · Score: 4, Insightful

      It's a bitcon article so asking if the suckers drawn in the scheme are retarded is considered rude.

      More importantly, calling people who use Bitcoin retarded or suckers doesn't actually constitute a strong argument against it.

      only not backed by anything of value

      Bitcoin is backed by the goods and services available in exchange of it, just like any other currency.

      and it's founder has gone into hiding.

      The founders of most currencies currently at use are dead.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    5. Re:Are you retarded? by grumling · · Score: 1

      Tune a radio to white noise, sample the audio 72 times and use that. Can I patent cosmic background radiation encryption?

      --
      "Well, good luck finding a judge that doesn't run a bestiality site."
    6. Re:Are you retarded? by SharpFang · · Score: 1

      Instead of taking values of keys (which would be a poor seed), take timing of keypresses. If the calculator runs at 1MHz, run a loop that takes 10uS per iteration, and count how many iterations it took between keypresses, modulo 100. No human is capable of timing their keypresses to 1 millisecond with *any* precision, nor correlate the keypresses to any fixed multiple of 10us period, so the sub-millisecond part of timing is entirely random.

      So, you're getting about 7 bits of entropy per keypress. Double that for key release. 14 bits per push, d12 is around 3.5 bits of entropy so mash your buttons for a total of 18 keypresses and you have your key.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  2. Not many devices by DrYak · · Score: 2

    In theory, your "you mama" joke approach should work. (For a good enough hash. Things like SHA2 or SHA3/Keccak should be okay).

    But, in practice, that would require:
    - a device with a camera (well, duh...)
    - a device that is easy programmable enough (because very few camera are known to automatically display a has on the screen by default)
    - a device that is *offline* (the whole point of doing it on something different than a laptop is to do it on a device that has low risk of virus/trojan/backdoor)

    That strongly limits the possibilities:
    - TFA's Ti 89 doesn't have a camera
    - point-and-shoot camera usually don't have an easy way to install your "picture hashing your mom as a random number generator" system
    - smartphone aren't offline and could be susceptible to hacking, the exact thing you wanted to avoid by going to a portable device.

    Appart from a few old-school PDAs (e.g.: a Palm IIIc, with the PalmPix dongle), few devices will qualify all of the above.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Not many devices by wonkey_monkey · · Score: 1

      smartphone aren't offline

      They can be made so easily enough.

      --
      systemd is Roko's Basilisk.
    2. Re:Not many devices by Reaper9889 · · Score: 3, Interesting

      Well, that was one of the more unexpected "you mama" joke: Your mama is so fat that she shows up in a post mentioning only your room!

      I want to note that just in case someone thinks so: You can not roll two 6-sided die and add them together and get a 12-sided dice - first of all you cant roll 1 and you roll 7 way too often. What you can do is have two rolls of a 6-sided die. Say you first roll x and then y. If y is even you rolled x otherwise you rolled 6+x. This gives you precisely 12 different equally likely outcomes.

    3. Re:Not many devices by itzly · · Score: 2

      - point-and-shoot camera usually don't have an easy way to install your "picture hashing your mom as a random number generator" system

      Take SD card from regular digital camera (or phone), stick it in an off-line linux laptop, and run sha256sum. No programming required.

    4. Re:Not many devices by itzly · · Score: 3, Funny

      In theory, your "you mama" joke approach should work

      No, yo momma is too big for a hash.

    5. Re: Not many devices by Anonymous Coward · · Score: 1

      What if you glue the dice together?

    6. Re:Not many devices by gox · · Score: 1

      The device itself should not allow the possibility of the data becoming online at a future time. That rules out systems with connection capabilities that also have memory.

    7. Re:Not many devices by itzly · · Score: 1

      Smash it with a hammer, and throw away the pieces. If your secret key isn't worth a new phone, it's not worth going through all this trouble anyway.

    8. Re:Not many devices by jonwil · · Score: 1

      Canon digital camera with CHDK (Canon Hack Development kit for adding new features to Canon cameras) should be able to do this if someone was to write the code for it.

      So it has a camera, its programmable and it (at least the Canon PowerShot SX130IS sitting next to me anyway) has no network connectivity.

      And its probably easier to find a camera that is supposed by CHDK than to get hold of an ancient PDA AND a camera dongle for it.

    9. Re:Not many devices by NemosomeN · · Score: 1

      A Canon camera with CHDK on it would fit all of your requirements.

      --
      I hate grammar Nazi's.
    10. Re:Not many devices by Hamsterdan · · Score: 1

      If the device becomes online without you consent in the future, it means it's not in your hands anymore. Thus *any* device will be vulnerable to prying eyes.

      --
      I've got better things to do tonight than die.
    11. Re:Not many devices by gox · · Score: 1

      I don't think anyone would go through all this trouble for security, it is just a geek entertainment thing.

      Having said that, keeping around an offline device for secure storage is not too bad an idea. If you have a RasPi lying around, it's all you need to generate secure keys, store 2FA secrets, and anything else that is best preserved cold.

    12. Re:Not many devices by lucm · · Score: 1

      You must be a hoot when you play craps in Vegas

      --
      lucm, indeed.
    13. Re:Not many devices by gox · · Score: 1

      I assumed wonkey_monkey is talking about making smartphones temporarily offline. So it does become online with your consent. It could also connect without you even noticing.

      Also, any device is vulnerable, but not equally. A lot needs to happen for the encrypted data on my old laptop with no wi-fi capability to leak out.

  3. Dicing your way to security by drinkypoo · · Score: 1

    Seriously? No, really, seriously?

    You couldn't figure out ANY way to get sufficiently random numbers out of that calculator just from human interaction?

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:Dicing your way to security by itzly · · Score: 1

      Of course, but that's not cool enough.

    2. Re:Dicing your way to security by lucm · · Score: 1

      I guess "cool" is subjective

      --
      lucm, indeed.
    3. Re:Dicing your way to security by drinkypoo · · Score: 1

      and if it's going to time key-presses to get entropy then it might as well at least have the user enter more entropy in the process.

      So have them press the keys a few more times. It's still less hassle than rolling dice. Plus, what if someone figures out how to determine the roll of your dice from the sound, and has an audio bug in your facility?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  4. More yo mama by DrYak · · Score: 1

    No, yo momma is too big for a hash.

    +Funny.

    To keep with today's theme:
    - Yo mama's so fat, her picture need to "Google Maps" to be viewable
    - Yo mama's so fat, said picture can provide secure hash random seeds for the rest of the whole internet's existence.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  5. This actually has a good point by Nona+Slashdottir · · Score: 1

    Good point from TFA: " it’s secure because it never connects with a “NSA backdoored” computer when generating it", which actually makes sense. Many people have a calculator like this which provides a suitable air-gapped and safe computing resource.

  6. You accidentally some words by wonkey_monkey · · Score: 4, Funny

    The video self-explanatory.

    Ah.

    Load up your calculator with the code, roll it 72 times

    Okay, done that, but nothing much happened. What is the 12-sided die for?

    --
    systemd is Roko's Basilisk.
  7. Bitcoin is backed by faith by perpenso · · Score: 1

    Bitcoin is backed by the goods and services available in exchange of it

    No, its not. The quantity of a particular good or service equating to a bitcoin can vary wildly in a very short period of time.

    Bitcoin, like other currencies, it backed by faith. And a lot of that faith has to do with speculation not commerce.

    Bitcoin is not a currency, it currently fails as a store of value. Could that change, possibly, but unlikely in the short term.
    Bitcoin is a speculative instrument.
    Bitcoin's real use is as a payment system. During payment processing bitcoins are generally not held by the recipient so the store of value problem isn't an issue. Advocates make much of the vendors who accept bitcoins but in truth most never touch a bitcoin. A bitcoin exchange is used to actually collect the coins and convert them to fiat currency immediately. And what does this demonstrate, a lack of faith.

  8. Hardware wallets by codebonobo · · Score: 1

    Mycelium entropy released a offline hardware based paper wallet generator which allows you to generate secure single wallets or Shamir’s 2-of-3 Secret Sharing Scheme wallets with a single click and even use your own seed if you are especially paranoid

    The unit was 40 dollars - https://mycelium.com/entropy https://mycelium.com/assets/en...

    or you could just get one of many hardware wallets - https://bitcointalk.org/index....

  9. HWRNG by Zeroko · · Score: 1

    Did they try finding an entropy source on-calculator like Linux uses for /dev/random? It seems that reading from an unconnected address occasionally yields different values...maybe characterize the distribution to get a lower bound on its entropy, then let it run automated for however many seconds or minutes it takes to accumulate enough. It would be easier on the user than rolling a die a bunch. (Of course, it might be hard to rule out systematic trends in the bits returned without intimate knowledge of the physics of the hardware involved.)

    For that matter...what about the slight bias of actual physical dice rolled by humans? You only get ~258 bits from 72d12, assuming it is perfectly random. You need extra rolls to get the full 256 bits needed (with a sufficiently high probability), plus some strategy (hashing?) to mix the slightly spread-out entropy into a maximum-entropy key.

  10. Best calculator ever made. by arobustus · · Score: 1

    How about my TI-86?