It is a commonly repeated falsehood that your bitcoin wallet contains your bitcoin. It does not and making the correct distinction is very important for people to grok if they want to keep their bitcoin safe.
Your bitcoin, my bitcoin, everyone's bitcoin exists on the blockchain. That is it, end of story. You don't have bitcoin in your wallet file. What you have in your wallet file is the key to access the bitcoin at a specific address. I have heard it described like this. The user facing portion of the blockchain is like a post office with a bunch of P.O. boxes. The backend of the blockchain is a system of automated servitors that can put transactions into any of these P.O. boxes. As I stated in a previous post, bitcoin is a unit of measure and these transactions are measured in bitcoin. You enter this post office with your key that will only fit one P.O. box. If that box (bitcoin address) contains transactions, you can take these transactions from your box and command the backend automated servitor to put the transaction into any P.O. box you want. In truth all of this is done in one step. You create a transaction that is signed with your secret key and it is the job of the network to verify that your transaction is legitimate but for purposes of metaphor I am breaking it up into the things that are going on.
The reason that this distinction is important for people wanting to keep their bitcoin secure is that there are ways to attack their bitcoin addresses that have nothing to do with gaining access to their system. The most common mistake is in the use of Brain Wallets. A Brain Wallet is a way to derive a Bitcoin secret key from an easier to remember phrase. SHA256 hash your phrase to generate a 256-bit number which is your key. Now if the concept of having bitcoin in your wallet is true then once you get your bitcoin into your wallet everything would be safe as long as you protect your wallet. But we know that is not true. Bitcoin is stored on the blockchain. What happens is that attackers know that other people are using Brain Wallets and they use sophisticated programs to try words, phrases, and permutations to see if any of them yield bitcoin when hashed into a 256-bit number. This attack is done locally on their machine against the local copy of the blockchain (because every full client has a full copy of the blockchain). Because it is all done locally, they can attack this word space as fast as their computers will let them which turns out to be billions of attacks per second. If they stumble upon the same Brain Wallet you have set up, they have the key to your P.O. box. They don't need access to your computer, it does not matter if your wallet is encrypted.
This attack does not work against raw random Bitcoin secret keys because the full space of 256-bit numbers is so large. The fastest cluster of computers would be working for millions of years before they would have hope of stumbling across the first address that actually contained bitcoin. So my message above does not mean Bitcoin is unsafe, just keys that are derived from the smaller space of memorable phrases.
No comments:
Post a Comment