In this post we consider a simple way to generate easy recoverable Ethereum private/public keys and also an address on the Ethereum blockchain. This triplet is an Ethereum wallet. If you will lose your private key, you will be able to recover it by repeating the steps (1-3) of the procedure below. For better security you should not save and store your private key in any place. You can generate it on demand when you need to make a transaction.
According to crypto currency data firm Chainalysis, over three million bitcoins are considered lost due to forgotten passwords/keys (see [1]). Stefan Thomas, San Francisco-based investor became famous when he revealed that he lost his private key to the hardware based crypto wallet IronKey, which holds 7,002 bitcoins (see [2]). The value of this loss (in dollars) was $479,784,042 on November 5, 2021. The value of losses from lost private keys to encrypted data, files, drives is not possible to estimate accurately.
Step 1. Enter an easy memorable key and date into a dynamical passwords generator (DPG).
In the example below it is used a public DPG (https://dynpass.online). For better security you should use a private DPG or a combination of private DPGs (https://dynpass.xyz). (You use output from one DPG as input to other DPG and repeat this process as long as you want).
In the example, the key is “John Lenon” and the date is his birth date.
Step 2. Generate dynamical passwords.
By clicking on the “Go” button, 20 dynamical passwords will be generated.
Step 3. Create a private key from 32 symbols in 20 dynamical passwords.
In this example we use 20 symbols from 19-th password and 12 symbols from 20-th password. You can use any combination of 32 symbols from 20 passwords (total 400 symbols for public DPGs or 3,200 symbols for private DPGs). No one will know what selections are, except you. There are more than 1.96*10^47 combinations of 32 symbols from 400 and over 4.75*10^76 combinations of 32 symbols from 3,200. It is a hard problem to test all the combinations even for modern supercomputers.
Step 4. Convert the private key in the form of a string to the hexadecimal format.
We go to the URL: https://www.binaryhexconverter.com/ascii-text-to-hex-converter and enter the private key in the form of a string of symbols into the left text field. When we click on the “Convert” button, the string will be converted to the hexadecimal format in the text field on the right side.
Step 5. Generate an address and a public key from the private key in the hex format.
We go to the URL: https://www.rfctools.com/ethereum-address-test-tool/ and enter the private key in hex format into the field “Private ECDSA key”. When we click on the button “calculate public key”,
public key (field 1) and an address (field 6) will be generated.
Step 6. Check if the address is correct.
To validate the Ehereum address we use the validator tool at URL: https://www.rfctools.com/ethereum-address-validator/. We enter the Ethereum address into the “address” field.
When we click on the “check” button, the message “The address is a valid ethereum address” should appear, if the address is valid.
Step 7. Test if the Ethereum address is in use.
On the last step we should verify that the Etherium address is not used by other people. We go to the URL: https://etherscan.io/ and enter the Ethereum address into the text field at the top.
When we click on the search button (on the right side of the field), a report will be generated for this Ethereum address.
As we can see there were no transactions on this Ethereum address.
Congratulations! You just have created your own private offline wallet (private/public keys+address). You can make many such wallets and use them to receive/send ETH. To send a transaction you will need to sign it (with the private key) offline and send the signed transaction via an online wallet or a client node or a full node. To receive ETH you need to give the Ethereum address to senders of ETH.
The important advantage of this method is that you do not need to store your private key in any place (encrypted file, hardware wallet, safe box, etc), because you can generate it on demand when it needed (by 3 steps above). If your computer/smartphone/flash drive will be lost or stolen there are no risks that someone will find your private key on the stolen devices. If you use private DPGs, your private key will be secure even if someone will learn about your input parameters, but will not know your private DPGs locations.
Let us consider a hypothetical example, in which you had participated in a protest, demonstration or meeting that government officials do not like. They give orders to “wallets” providers to reveal to them your or private keys, so that they will be able to confiscate your cryptos. Even in the case when you do not keep your private keys in online wallets but in hardware wallets or safe boxes, they can send police to confiscate your hardware wallets and recover your private keys. As you can see, your private keys can be confiscated or stolen if you store them in some places. The solution to this problem is to not store your private keys in any place, but generate them on demand when you need them to make transactions. Such generated on demand private keys (GOD_PKs), can not be confiscated or stolen, because they do not exist in our physical world or any digital universe, except a short time interval when you generate them and make transactions. No one will be able to reconstruct your GOD_PKs, until she/he will learn:
a) where your private DPGs are;
b) how you use these DPGs
c) what input parameters are;
d) which symbols you had selected from the output.
If you will feel that you offline wallet may be compromised, you quickly will be able to create a new offline wallet, by this method, and transfer or swap your funds into the new offline wallet.
Offline wallets with GOD_PKs offer crypto owners options to insure all or part of their crypto wealth against adverse events with online wallets such as hacks, frozen accounts, confiscations, etc. A realistic scenario is a case when crypto owners split their crypto wealth in two parts. The first part will be earning passive income in online accounts/wallets, but the second part will be in offline wallets as insurance against adverse events to the first part of the crypto wealth.
P.S. For security reasons it is recommended that step 5 should be performed offline.
In the next post we consider a simple way to turn your old laptop into a security monitoring device.
References
1. Tens of billions worth of Bitcoin have been locked by people who forgot their key.
2. Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes.
https://www.nytimes.com/2021/01/12/technology/bitcoin-passwords-wallets-fortunes.html