Friday, January 25, 2013

Hiding Bitcoins in Your Brain

Storing digital money in your brain

Wait, why would I want to do that?

So, in current events, this week the Republicans in the U.S. House of Representatives thankfully dropped their threat to make the U.S. default on its debt, and agreed to suspend the debt ceiling for another two months.  Now we have a nice little month-long breather until the next few idiotic, self-induced fiscal crises caused by the highly dysfunctional U.S. Federal government:
  • The onset of the "sequester" (some rather substantial automatic budget cuts), currently scheduled to kick in on March 1st (of this year, 2013).
  • The end of the current "continuing resolution" (a temporary appropriations bill under which government is operating, in lieu of a real annual budget), scheduled for March 27th.  This would halt virtually all government spending until a new budget or continuing resolution is passed.
  • The end of the current "debt ceiling suspension" which will be on May 18th.  We are currently already at or over the Federal debt limit, and if the suspension expired without first raising the limit, the U.S. Treasury would be immediately in violation of debt-ceiling law, and would immediately be forced to default on at least some of its fiscal obligations.
Given the hairiness of this fiscal and political situation, I wouldn't rest easy just yet.  Wealthy Republicans in the U.S. still seem hell-bent on avoiding higher taxation of any kind (except that they didn't seem to mind letting the highly-regressive payroll tax go up by a few points in the fiscal cliff deal).  Never mind the fact that their stubbornness is rapidly bankrupting the U.S. government's coffers, while repeatedly threatening to rudely shove our lower and middle classes into recession-inducing austerity akin to what Europe is already suffering.

It is no wonder that so many individuals, in the U.S. and elsewhere, faced with such insanity, are looking for ways to free themselves from what we see as virtual enslavement of humanity by the elite few who de facto control the world's money supply, namely, wealthy bankers & financiers, and their allies in the world's powerful Central Banks (such as the Fed) and the associated governments.  The people of the world are looking for a new, free, open, unfettered, democratic monetary system that is not so easily manipulated by banks and governments to serve the wealthy few.  And many of us have fixed our sights on Bitcoin (official link) as the most promising solution.  I have discussed the advantages of Bitcoin at length in my previous blog posts (see archive links at right), so I will not repeat that discussion here.

However, in the past, Bitcoin was rather difficult to use, which deterred many laypeople (i.e., non-computer geeks) from getting involved in it.  But today, thanks to many contributions from the community of Bitcoin enthusiasts, it is becoming easier and easier.  In this blog post, I give a brief tutorial with advice on how to quickly and inexpensively (with low fees) obtain some Bitcoins in a form that is both easy to spend, and quite secure from loss or theft.  Some of the following instructions are specific to users in the U.S., but solutions that are already as easy exist for users in many other countries - perhaps a subject for a later post.

When your wallet is permanently stored IN your brain,
you can't forget where you put it, or so one might hope...

Bitcoin Brain Wallets

One of the interesting things about Bitcoin, as a monetary technology, is that it does not require individuals to maintain any individual written or electronic records about their accounts in order to keep, send, and receive money.  This is because Bitcoin's account ledger is maintained in a public database called the "block chain" which is replicated redudantly in thousands of computers all over the world (all computers that act as "nodes" in the Bitcoin network).  The information stored in the block chain cannot be corrupted by any one party, because the other nodes in the network would immediately notice the discrepancy and reject the corrupted version.  It's security by consensus.  It's democratic because anyone with a modern computer can set up a node and participate in the network.  (Free software to do this is hosted at, and maintained by, the non-profit bitcoin.org.)

However, setting up a fully-functional Bitcoin node is somewhat cumbersome for the casual user - depending on your connection speed, it can take a whole day or more to download a complete copy of the block chain (it is currently 4.5 GB), and the standard Bitcoin client is rather resource-intensive and tends to slow down older computers.  And if your computer ever gets disconnected from the network for a while (say you turn it off when you go on vacation), it can take many hours for it to catch up.  So I don't really recommend this approach for everyday people who don't want their daily lives to revolve around Bitcoin.

Fortunately, there is a much easier way.  There are now free public web services such as Blockchain.info which will keep up with the block chain for you, so you don't have to.  All that you have to do, as a user, is remember one key piece of information - a passphrase (longish password) - that will give you access to your accounts.  What I'm going to teach you here is, how to use your passphrase to send and receive Bitcoins without ever actually giving that passphrase to another person, or to any computer but your own!  As long as you keep your passphrase totally secret (and another person cannot guess it), your Bitcoins are totally secure.  When you create a passphrase-based Bitcoin account, it is sometimes called a "brain wallet," because you are effectively "storing" your Bitcoins "in your brain" (as opposed to, on a computer, or on paper, or in a bank vault).  See this Forbes article for some additional discussion of this concept.

In addition to the browser-based clients like Blockchain.info, there are also easy-to-use "thin clients" that install on your computer and access the block chain through a server.  Electrum is one that I have tried that is very easy to install and use.  More about it later...

A brain wallet can be as secure as any safe.

Creating a Secure Brain Wallet

Nowadays, the steps required to create for yourself a Bitcoin brain wallet (containing one or more Bitcoin accounts) are very easy.  There are two ways, both easy:
  1. The extremely easy way, which for your peace of mind only requires you to trust (or verify for yourself) that the JavaScript code in Bitcoin.info's web pages, as they promise, does not actually transmit any of your private information (passwords/passphrases/unencrypted private keys) to their servers, but only processes it within your own web browser, on your computer.  Personally, I believe this promise, because blockchain.info is a widely-used and trusted tool in the Bitcoin community, and I think that if their code did not do what they say, someone in the community would have noticed it by now, and complained loudly.  But, DISCLAIMER:  I do not myself guarantee that every line of their web-page code is now, or will forever remain, true to their promise of privacy.  So, if you think that the operators of Blockchain.info might "turn evil" at some point, then you might not want to use this method for accounts in which you plan to store a very large amount of value.  But, it can still be quite reasonable to use it for day-to-day spending-money accounts.
  2. The moderately easy way, which requires no trust in anybody.  This is because it only requires you to run a program offline; your computer does not even need to be connected to the network to use it. So, if you are feeling especially paranoid, you can unplug your network cable before using the program, and then wipe your computer's hard drive afterwards, if you want to make REALLY, REALLY sure that this program is not sending any of your secrets to others.  (Or, if you ARE a computer geek, you can look at the source code, and compile it yourself, to make sure it is trustworthy.  Personally, I trust this tool because its author is widely-known and respected in the Bitcoin community, and the tool is open-source, so if it contained security breaches, others would have noticed by now.)  The disadvantage of this method is that it only allows you to receive Bitcoins, not send them; if you want to be able to send coins without running a full Bitcoin node of your own, you will need to trust or verify some software that talks to the network, at some point.
I will go over both of these methods shortly.  But first, a few words about passphrases.

Coming up with a passphrase

Nowadays, many websites force you to use weird-looking passwords that contain both letters and numbers, and sometimes also capital letters, punctuation marks, etc.

Interestingly, the "correct horse battery staple" brain-wallet has
had 40 Bitcoin transactions pass through it, with a total value of
about $9 at current prices.  As of now, its balance is 0 though.  :)
You can create a passphrase of that nature as well, but I don't recommend it.  Why?  Because it's stupid, as this XKCD comic aptly demonstrates.  It's very easy for a human (namely you) to forget exactly where you put all those numbers, capital letters, and punctuation marks, and what they all were, and plus, if you ever need to verbally convey your passphrase quickly to another human in an emergency (war coming - quick, take my Bitcoins and run!) they will almost certainly not remember it right.

Instead, I recommend taking a longish, easy-to-remember, meaningful-to-you, hard-to-guess English phrase,  and using it by itself, plain and simple, with spaces (for readability while you are typing it), but with no fancy stuff like punctuation, or uppercase letters, or punctuation at all.

To make it especially easy for you to remember, you could even make your passphrase a favorite saying, or a line or two from a favorite book or poem or song lyric, e.g., "i think that i will never see a poem lovely as a tree" (from a Joyce Kilmer poem) - note no capitals, no punctuation, all lowercase, with spaces.  That's easy to tell to others.

However, if you use this method, beware that someone else might happen to try using that SAME line, in which case they can see that you have Bitcoins stored in it, and steal them - so, if you use a published phrase at all, I'd recommend you take it from some piece of literature that is REALLY obscure.  Just be aware that someday, someone might write a computer program that scours ALL published phrases below a certain length, looking for Bitcoins stashed in them to steal, so a string of random words would be better.

To be safest, you really want your phrase to be long, random, and have zero Google hits (when you enclose it in quotation marks to force Google to take the words in order).  Pick, say, 4 moderately obscure words off the top of your head - here, I'll try:  "category platypus ennui toast" has 0 hits, done.  But, don't use that particular one, because soon Google will index this page, and it will have 1 hit at least.  :)

EDIT:  Gavin Andreesen, lead developer of the Bitcoin project, responds with the following warning:
Humans are pretty bad at being original. REALLY bad at being random. And we are terrible at comprehending huge numbers.

So if you ask the average person to create a secure passphrase, they're very likely to create something that a "determined attacker" with a lot of computing power can crack.

I think if people start to use quotes from obscure literary works as their brain wallets, then they're going to lose their bitcoins sooner or later. Attackers can try MILLIONS of passphrases per minute, to crack EVERY SINGLE brainwallet that has ever been created.

So: if you absolutely, positively won't be dissuaded from using a brainwallet, here is my advice on how you might be able to come up with a secure passphrase:

Think of two passphrases that you think you can remember. And think of a government-issued number that you can easily lookup or remember (like your driving license or social security number).

Create a brainwallet passphrase that is:

the first passphrase,the government id number,the second passphrase

Then create a 'sentinel' brainwallet that is just the first passphrase, and send a small number of bitcoins to it. When those bitcoins get spent (or more bitcoins are sent to it by somebody else), you know that the first passphrase you chose isn't good enough any more.  Choose a more complicated passphrase and create a new 'sentinel' and real brainwallet, and move your old brainwallet there.
And Casascius, who we'll talk about more later, recommends that, to foil attackers, adopting a new, slower key-generation algorithm scrypt, and says:
Second, I propose the following standardized method for creating salt: a user should enter their own birthdate and their postal code that was current at the time their brainwallet was created.  The postal code should be stripped only to alphanumeric characters (no spaces or dashes).  These should be provided as salt to the scrypt algorithm in the form YYYY-MM-DD-x where x is the stripped postal code.  The purpose of these is that it's unlikely the user will forget these (even if they move) while still providing satisfactory entropy to substantially prevent parallel cracking of the entire brainwallet universe.  If all brainwallet generators and decrypters follow the same method for generating salt, users won't be burdened with having to remember how they created their salt, nor how they formatted their information.
So, for added security, one might consider adopting one or more their suggestions.  So for example, instead of just "category platypus ennui toast," I might be well-advised to use something a bit more elaborate like "category platypus ennui toast/1968-07-24-37416/i think that i will never see a poem lovely as a tree", where 1968-07-24 is my date of birth (note: this is not my actual date of birth), and 37416 is my current ZIP code (note: this is not my actual ZIP code).  The extra personal information adds a more-or-less unique "salt" which prevents attackers from using brute-force methods to systematically search brain-wallet passphrases for everyone in the world simultaneously.

See the forum post for many, many more helpful comments and suggestions...


Creating a full (send & receive) Brain Wallet on Blockchain.info

Steps to do this are extremely easy.
  1. Go to https://blockchain.info.
  2. Click "Wallet" in the black navigation bar at the top.
  3. Click the blue "Start a New Wallet" button under "New Users" at left.
  4. Come up with an "Alias" or short, easy-to-remember name to help you pull up your wallet info on another computer.  This does not have to be secure.  It could be something very simple and obvious like "Allisons wallet" (if not already taken).  If you forget it, you can still recover your brain wallets, but not other accounts inside this Blockchain.info wallet, so make sure it's easy to remember.
  5. Come up with a password.  This is your password to access Blockchain.info's services for this wallet; it is not the "Brain wallet passphrase" I was discussing earlier.  However, you could use the same passphrase here, or a similar method to come up with it.  Blockchain.info will give you feedback on how secure your password is on the bottom of the page.
  6. Do the CAPTCHA and hit Continue.  It will give you a longish phrase that you can write down if you want, to help you recover your password if you forget it.  For security, Blockchain.info doesn't store your password, and so they can't recover it if you lose it.  They are serious business!
  7. Now you're at the Login screen.  Your Alias gets automatically transformed to an obscure account "Identifier" like 2e960961-3a5d-eadd-c2e0-30fb0938f031 which you can write down if you want, but you don't need to:  Your browser will remember it for use in future sessions, or you can just type your Alias instead.  Anyway, it does not need to be secret.
  8. Enter your password.  Now you're at the My Wallet screen.  You can see your balance (initially zero), your first account identifier (some long alphanumeric string like 14Xzhue9ZRkyUa6BHusTSCae4Pa3bmeLuH, and a corresponding QR code).  Now, keep in mind that the private keys for this new account are stored, encrypted, in Blockchain.info's servers, and require your password to decrypted.  This is not yet a true Brain Wallet, since if the Blockchain.info website was inaccessible, you would be unable to retrieve your coins.  However, Blockchain.info does provide you several methods for backing up your wallet (see Download/Dropbox/Google Drive/Email buttons under "Backup" on the Wallet Home page).  I recommend doing this if you plan to use the address that initially came with your Blockchain.info account.
  9. Now, create your true Brain Wallet account.  On the Wallet Home page, click the "Import/Export" tab, then "I Understand," then look at the Brain Wallet section.  Type your Brain Wallet passphrase and then click "Generate Key".  Now if you click on the "Receive Money" tab, you can see the newly generated brain-wallet Bitcoin account identifier (a.k.a. address) listed among the accounts in this wallet.  The passphrase "category platypus ennui toast" made the Bitcoin account 19YPrPAQdjwEsT2QnbvhVnyEuyXWxSL2Hq.  (Of course, I'm not going to put any money in this account, since everyone reading this blog can go through these steps, type this passphrase, and gain complete access to it - so it's not secure at all!)
  10. I recommend you label your brain wallet, so that in case you keep multiple brain wallets, you can remember which one this one is.  Under the "Actions" pulldown on the right side of the account identifier on the Receive Money screen, select "Label Address" and enter your chosen nickname for this particular brain wallet.
So, the benefit of creating a brain wallet is, even if you completely lost access to your Blockchain.info account, you could still access this very same brain wallet using a brand-new Blockchain.info account, or any other service that lets you access brain wallets.  If all else fails, you can even import your brain wallet into the standard Bitcoin client (but in that case, you'll have to wait for it to download the block chain before you can use it).  More on this later.

Creating a watch-only (receive-only) Brain Wallet on Blockchain.info

So, let's say you want to keep your Brain Wallet passphrase really close to your breast, because you plan to store a whole lot of value (your life savings, say) in it.  Maybe you don't completely trust Blockchain.info not to violate their promise not to transmit your password or your private wallet information that's in it, unencrypted, to their server, so you're worried that they might someday steal your coins.  You want to make sure that any copies of your passphrase/private key remain totally within your physical control at all times.

Well, you can address this problem, by never giving Blockchain.info either your passphrase, or your account's private key.  This means Blockchain.info can't be used to sign orders to make payments from that account - however, you can still use it to monitor the Bitcoin money received into that account - thus the name "Watch-Only."  If you later decide to trust Blockchain.info with your passphrase, you can always enter it at a later time, and gain the ability to make payments from that account, as well as receive them.  Or, if you still don't trust Blockchain.info, you can use some other service to make the outgoing payments, while still using Blockchain.info to monitor your account balance and transactions.

The easiest way I know is to create a brain wallet offline is to use a handy little Windows app called the Casascius Bitcoin Address Utility.  The official download page for its source code is on GitHub.

Well worth buying for their sheer beauty alone!
A little background:  Casascius (a.k.a. Mike Caldwell) is a well-known and widely-trusted member of the Bitcoin community who is perhaps most widely known for creating a beautiful line of physical Bitcoin coins.  These are self-contained Bitcoin accounts that have their private key hidden on the back under beautiful peel-off holograms.  The idea here is that if the hologram is not peeled off yet, then you know that nobody else has seen the private key yet, and so you can accept the coin at face value.  If you need to transform the coin back into electronic form, you simply peel off the hologram, and import the private key into a typical Bitcoin client (there is a handy "Import Private Key" option under the "Import/Export" tab in your Blockchain.info wallet which can be used for this purpose).

However, at the moment our focus is on using the Bitcoin Address Utility to create brain wallets, not physical wallets.  Here's how to do that:
  1. On your PC, go to https://github.com/casascius/Bitcoin-Address-Utility.
  2. Click on the button that says "ZIP" to download.
  3. Save the file to a location that you can easily find again later (e.g., your desktop).
  4. Go to the folder where the file was downloaded, right-click on the file (Bitcoin-Address-Utility-master.zip) and select an option to extract the contents.  
  5. Open the resulting folder named "Bitcoin-Address-Utility-master".
  6. Next you need a cryptography library called BouncyCastle.  Go to http://www.bouncycastle.org/csharp/.  Click on the "compiled assembly" file (latest version as of this writing: bccrypto-net-1.7-bin.zip), download it, and unzip it, then move the BouncyCastle.Crypto.dll file to the Bitcoin-Address-Utility-master folder.
    Cryptographers are a zany bunch.
  7. Next you'll need another library called the ThoughtWorks.QRCode.dll.  Go to https://code.google.com/p/qrcodetip/source/browse/trunk/libs/ThoughtWorks.QRCode.dll?r=2 and click "view raw file".  Download that file also to the Bitcoin-Address-Utility-master folder.
  8. Now that you have all the required libraries, you will need to compile the Bitcoin Address Utility application.  You will need Microsoft's C# compiler.  Visit http://www.microsoft.com/visualstudio/eng/downloads#d-express-windows-desktop .  
  9. Select the "install now" option.  Agree to license terms and click "Install."  This part will take a while, depending on how fast your computer and Internet connection are.  I was able to install it successfully on my Windows 7 laptop, but it might not work on much older computers.
  10. After VS Express is installed, run it and select "Open Project..."  Navigate to the Bitcoin-Address-Utility-master folder (in my case, I moved this folder into "My Documents\Visual Studio 2012\Projects") and select the "solution" file BtcAddress.sln and open it.
  11. On the PROJECT menu, select "Add Existing Item..." and select the BouncyCastle.Crypto.dll and ThoughtWorks.QRCode.dll library files you downloaded earlier, and click Add.
  12. At this point, I surprisingly had to do a couple of extra steps to get it working, maybe because the version of Visual Studio I had was different than the one it was built with.  On the PROJECT menu, select "Add Existing Item...", navigate to the "Model" folder, hit control-a or use shift-click to select all the .cs files, and click "Add," then navigate to the "Reports" folder, again select all the .cs files, and click Add.  I don't know why these files weren't already added to the project.
  13. At this point, under the BUILD menu, you should be able to select "Build Solution" and then the compiler will generate an executable file in bin\Debug\BtcAddress.exe.  You can put a shortcut to this file on your Desktop or somewhere, for easier access.
  14. Now you can run the utility (and if you are paranoid, you can disconnect your computer from the Internet before doing this).  Double-click on BtcAddress.exe to run it.  The current version pops up a window that looks like this:
    Main window of the Bitcoin Address Utility, version of 12/28/12.
  15. Under the Tools menu, click the first item, "Address Utility."  You will see the following dialog box:
    Bitcoin Address Utility's address-generation dialog box.
  16. The first field there is labeled "Minikey / key from SHA256 hash of a string."  This is where you enter your Brain Wallet passphrase.  However, one caveat:  Casascius himself has told me (in a personal email dated 1/27/13) that he is currently leaning towards advocating for the community to migrate to a particular new brainwallet standard involving scrypt for generating secret keys from passphrases; scrypt is designed to make it more computationally expensive for an attacker to compromise your keys by a brute-force search of possible passphrases.  However, for the time being, the de facto standard for brain wallets (proposed by Casascius himself in Nov. 2011) is to use a simpler function called SHA256.  So we'll stick with that for purposes this blog post.  So, try typing your passphrase here:  In our above example, "category platypus ennui toast", and hit Enter.  The remaining fields in the dialog are automatically computed from that, and you see:
    Example of calculating a Bitcoin address from a passphrase.
  17. Let's point out some important results.  The field labeled "Private Key (WIF)", which in this case is 5KVuSusnXeaQyeGyKk63BpoWmpeoto6BhfPdnraCyPWYVoZnSTu, is this account's private key in Wallet Input Format, which can be imported easily into most other Bitcoin clients.
  18. The field labeled "Address" is the Bitcoin address, in this case 19YPrPAQdjwEsT2QnbvhVnyEuyXWxSL2Hq, which is what you give to other people who you want to be able to send Bitcoins to this account.  Note it is the same address that Blockchain.info generated for this passphrase - showing that Blockchain.info is using the same algorithm for computing Bitcoin accounts from brain-wallet passphrases as the Casascius tool.
  19. Now that your brainwallet account has been generated (and note, no connection to the network is needed to do so), people anywhere can start sending you Bitcoins addressed to that account.  The account balance can be checked (by anyone who has the address) using any number of tools; for example, you can paste the address into the search box on the main page at blockchain.info.  
  20. If you like, you can also set up your blockchain.info account to "watch" or monitor that balance as part of your wallet - without ever giving it the private key.  Log in to your blockchain.info wallet account, click Import/Export, and paste the address (not the private key!) under "Add Watch Only Bitcoin Address", enter that, then click on the "Receive Money" tab, and you will see it listed with  "(Watch Only)" in red after it.  This way, you can watch the money coming in to your wallet, without having to worry that you've given your secret information to blockchain.info (or any website).
  21. Later on, if you want to use blockchain.info to easily spend Bitcoins accumulated into that brain wallet, you can at that time (if you trust blockchain.info) import your brain wallet passphrase and gain full (send/receive) access to your brain-wallet Bitcoin account.  Or, if you don't trust Blockchain.info, you can use some other client, and import the passphrase (if it supports brain wallets) or the private key (if not) into it.
By the way, in case you don't want to go to all that trouble of compiling the Casascius Bitcoin Address Utility, a much simpler method is to use another website called BrainWallet.org to do the address-generation calculation; however, as with Blockchain.info, using this service requires you (1) to be online, and (2) to trust (or verify) the site's source code (available in a link at the lower-right corner of the page) to be sure that it is kosher and is not transmitting your passphrase or private key to someone else.  The advantage of the Casascius utility is that you can use it offline on an isolated computer and thereby eliminate that risk, and thus reduce the need to trust other parties.

Backing Up Your Brain Wallet

With brain wallets, there is always a trade-off:  Do I keep the brain-wallet passphrase only in my brain, to make sure no one can steal it, or do I make back-up copies of it, to reduce the chance I will forget it?  (Or, maybe you want to make sure your heirs will be able to access it, in case of your untimely demise or brain-death.)

Well, you can always create multiple brain wallets, and make that trade-off in different ways in different ones.  You can make one where you NEVER give the passphrase to anybody, and never write it down or even keep an electronic copy, but you'd better make darn sure you'll remember that passphrase.  (You might not to put your entire life savings into that one, though!)  Then, you can make another one where you do keep backups, although obviously you'll want to keep those backups in a secure place.  Some possibilities:
  • Give the passphrase to a family member or close friend whom you trust totally, exhort them to memorize it.
  • Write it on a piece of paper and stash it in a fireproof safe in your house; then hide the key or combination to the safe elsewhere - but don't forget where you put it!
  • Put the paper in a box, and bury the box in your back yard or basement, or in the woods at a subtly-marked spot.
  • Put an electronic copy of the passphrase or private key in an encrypted drive (TrueCrypt is a popular tool for this); of course then, you have to remember the passphrase to decrypt the drive, so it doesn't totally solve the problem.  Back up the encrypted drive in multiple places, on USB sticks and/or in cloud storage, or elsewhere (it is safe to do so as long as only you have the decryption key).
You might want to use several of these methods, in case you are concerned that one of them alone might not be enough to prevent your stash of Bitcoins from getting lost.  If you have a large amount of savings in Bitcoin, you may want to go to great lengths to protect it.  Of course, the more ways there are for you to recover your Bitcoins, the more ways there are that someone could potentially steal them, too...  So, ultimately, you have to use your best judgement as to how much, and what kind, of redundancy is warranted.

Filling Up Your Brain With Money

Okay, let's say by now you've created a Brain Wallet (or another type of Bitcoin account), backed it up safely in several places, and now you want to actually put some Bitcoin money into it!  (Note that, unlike with real physical wallets, you can put money into a brain wallet even after it's been buried safely in a box in your back yard, without digging it up first.)  So now, how do you get some Bitcoins?

Of course, one way is simply to have another Bitcoin user send them to you - either in exchange for some goods or services from you, or as a gift.  All they have to do is send them, via the Bitcoin network and whatever client they are using, to the public address associated with your account.  Many tools, including Blockchain.info, will display an address as a QR code which can be scanned by a phone.  Or, you can copy-and-paste the address into an email message.  If the address has been used previously, there is a tool called FirstBits (firstbits.com) which can be used to look up the whole address from the block chain, given only its first several characters (case-insensitive).  For example, firstbits.com/1jwssub will let you easily communicate to others the public account identifier 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T of the "correct horse battery staple" brainwallet.  Just paste your entire address into firstbits.com to find its FirstBits.  For example, one temporary brain-wallet address that I've used before is 1N4Fr7ZrcADmigFXYGoJtQNSidNqQ9Awgs; its FirstBits short name is 1n4fr7z.  It's very easy to tell someone, "Please pay by sending 1 Bitcoin to the address with FirstBits "one-n-four-f-r-seven-z."  Since FirstBits is case-insentive, you don't even have to worry about uppercase vs. lowercase letters.

OK, well, suppose you have nothing particular to sell to some customer who has Bitcoins to give you.  How can you just buy some Bitcoins outright?  Nowadays, there are many ways.  We'll discuss a few below.

Perhaps the easiest method to buy Bitcoins, if you have a Blockchain.info account, is to use the blue "Cash Deposit" button right on your wallet home page.  This uses a popular service called BitInstant to make the transfer, but it may not always give you the very latest exchange rate, and in addition to this, it charges a 4% fee.  However, one advantage of BitInstant is that you can make deposits at many convenient locations, including Chase bank branches, CVS drugstores, Albertson's grocery stores, and even at Wal-Mart.  A direct deposit to your Bitcoin account via BitInstant is therefore probably one of the fastest ways to buy bitcoins for most people.  (Note that your Bitcoin account does not have to be loaded into a Blockchain.info wallet for you to use BitInstant; you can also make the transfer directly using BitInstant's website.)

Another method to buy coins is to directly use a Bitcoin exchange, which will allow you to get an up-to-the-minute exchange rate.  The most popular Bitcoin exchange is Mt. Gox.  (Its name historically derives from an older site, maintained by the previous owners of the domain, that was called "Magic: The Gathering - Online Exchange," LOL, very nerdy.)  There are a number of ways to get US dollars (or other currency) into Mt. Gox, but perhaps the lowest-fee way is to use a reputable money-transfer service called Dwolla which can take money directly out of your bank account.  For everyday-size transfers, Dwolla charges only a $0.25 fee; quite reasonable.  The only problems with using Mt. Gox and Dwolla are that (1) they require a rather cumbersome process to sign up (which involves verifying users' identities in several ways), (2) transfers in and out of your bank generally take a few days to process.

(...To be continued... Write a step-by-step walkthrough of how to buy Bitcoins using one of these methods...)

5 comments:

  1. I don't think your method of selecting a passphrase is sufficiently secure.

    In the future we'll see botnets and unscrupulous miners using their hashing power to try to break brainwallet passphrases.

    If I ever decided to use a brain wallet I'd create a random 246 bit number and convert it to PGP words.

    ReplyDelete
    Replies
    1. Yes, good point. I've edited the section on passphrase selection to include suggestions from Gavin Andreesen (lead Bitcoin developer) and Casascius (author of the Bitcoin Address Utility) on how to add additional, personally-unique information to make it more difficult for attackers to brute-force search everyone's brain-wallet passphrases in parallel.

      Delete
  2. Update: I no longer recommend some of the suggestions in this post. For best security of your offline brain (and/or paper) wallets, see my more recent post...
    http://minetopics.blogspot.com/2013/03/ultimate-bitcoin-security.html

    ReplyDelete
  3. Hello Frndz.....
    Your blog has always been a good source for me to get quality tips on blogging. Thanks once again.

    Documents enclosed wallets

    ReplyDelete
  4. eToro is the #1 forex trading platform for newbie and professional traders.

    ReplyDelete