--- - page 4. | Bitcointalksearch.org

jdebunt

legendary

Activity: 1596

Merit: 1010

UPDATE

Brainwallet.io now gives you the choice between two different salt types. If you don't feel comfortable entering your personal info, now you can enter a username, password, and 4-digit PIN instead.

Having options is never a bad thing. Maybe this service can restore some of the faith in brain wallets, even though there will always be people opposing the idea [and perhaps rightfully so].

hexafraction

sr. member

Activity: 392

Merit: 259

Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ

Quote from: hdbuck on August 24, 2015, 10:14:43 AM

Quote from: hexafraction on August 24, 2015, 10:02:57 AM

Quote from: hdbuck on August 24, 2015, 10:00:56 AM

Bitcoin “Brainwallets” and why they are a bad idea

http://insecurety.net/?p=866

considering using a website app for making a brainwallet is as dumb as increasing blocksize.

people are just stupid. its amazing.

Yes, but you are missing a key aspect of this new site. The algorithm involves 524288 rounds of hashing, which is impractical to bruteforce. Instead of copy pasting that link, you should discuss what technical weaknesses are still applicable for this specific brainwallet site.

yea alrite, just go for it then.

No, seriously. You're not addressing any of the points I'm giving (I personally don't use brainwallets as I don't have a reason to. Others might). You pasted a link to article whose points don't all apply and when discourse begins you dismissively disregard it. Granted, it does apply to those who pick passwords like "Mittens is a cute cat" and "password123", but it doesn't undermine the security any more than someone that allows malware on their computer and has no wallet passphrase. Like any tool, it's useless or dangerous when given to an idiot.

Also, I'd be very interested if you come up with a way to bruteforce 2^18 rounds of Scrypt KDF over a space of passwords combined with names, emails, and other info accepted by the fields of the site. And more so, I'd be very interested if you came up with a program that managed to find a passphrase like "NiSiLLy71622--Green/Loss\\5114. Ugly goblins eat pound cake gladly 724287!" that someone actually used in a reasonable amount of time.

hdbuck

legendary

Activity: 1260

Merit: 1002

Quote from: hexafraction on August 24, 2015, 10:02:57 AM

Quote from: hdbuck on August 24, 2015, 10:00:56 AM

Bitcoin “Brainwallets” and why they are a bad idea

http://insecurety.net/?p=866

considering using a website app for making a brainwallet is as dumb as increasing blocksize.

people are just stupid. its amazing.

Yes, but you are missing a key aspect of this new site. The algorithm involves 524288 rounds of hashing, which is impractical to bruteforce. Instead of copy pasting that link, you should discuss what technical weaknesses are still applicable for this specific brainwallet site.

yea alrite, just go for it then.

hexafraction

sr. member

Activity: 392

Merit: 259

Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ

Quote from: hdbuck on August 24, 2015, 10:00:56 AM

Bitcoin “Brainwallets” and why they are a bad idea

http://insecurety.net/?p=866

considering using a website app for making a brainwallet is as dumb as increasing blocksize.

people are just stupid. its amazing.

Yes, but you are missing a key aspect of this new site. The algorithm involves 524288 rounds of hashing, which is impractical to bruteforce. Instead of copy pasting that link, you should discuss what technical weaknesses are still applicable for this specific brainwallet site.

hdbuck

legendary

Activity: 1260

Merit: 1002

Bitcoin “Brainwallets” and why they are a bad idea

http://insecurety.net/?p=866

considering using a website app for making a brainwallet is as dumb as increasing blocksize.

people are just stupid. its amazing.

coinableS

legendary

Activity: 1442

Merit: 1179

Quote from: ?? on ??

If you'd like to see for yourself, use this online scrypt generator:

http://kclnn.github.io/js-scrypt-async/test_scrypt_browser.html

And type in a passphrase and salt (where the salt is your name, email, phone, and DoB combined with no spaces), with parameters N=262144, r=8, p=1, and # of bytes = 32.

Then copy and paste the output into the brainwallet generator at https://bitaddress.org.

You will arrive at the same private key.

Thanks for replying. Ahh, this is very cool. Tested it out and it works. In fact I can just input the scrypt hash directly into "wallet details" section on bitaddress and it's done.

hexafraction

sr. member

Activity: 392

Merit: 259

Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ

Quote from: ?? on ??

Quote from: tsoPANos on August 23, 2015, 01:02:43 PM

Quote from: ?? on ??

Quote from: RappelzReborn on August 23, 2015, 12:37:24 PM

What's the difference betewen this website and the old brainwallet.org that shutdown lately andhow this is safe from being cracked like the other one aswell ? using real informations may makei t easier to crack and not harder if you ask me , because if someone know you well then you are screwed

Please see the "about" section for a detailed explanation. Brainwallet.org only used one round of SHA256 to generate addresses, which made it extremely easy to brute force. Brainwallet.io uses 262,144 iterations of the scrypt KDF. As you can see, it takes a very long time to generate an address, and even with specialized hardware it would be too costly and impractical to conduct brute force attacks.

The personal information that you enter is used as a salt for additional protection. An attacker would have to target you personally, but they would still have to brute force your passphrase. This would still be a very time consuming process, so you would not be screwed. It would be significantly more secure than using brainwallet.org.

Wow I just tested it and I have to say it takes very much time.
I think that time is not necessary though.
A good passphrase hashed about 1000 times could withstand most if not all types of attacks...

I would beg to differ. For a few hundred bucks you can buy an ASIC that can run through 1,000,000,000,000 SHA256 hashes per second.

Such an ASIC can only hash 80 byte block headers by incrementing a nonce. However, I'd reasonably agree that 500k is necessary for security in the context of Bitcoin.

hexafraction

sr. member

Activity: 392

Merit: 259

Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ

Quote from: unchi on August 23, 2015, 12:34:49 PM

https://brainwallet.io

Deterministic Bitcoin Address Generator

Is there any chance you could also include the other tools the old brainwallet had, such as secret exponent <-> WIF, converter, sign and verify? Having those in one place, even though I never used the brainwallet feature itself, was very useful to me.

tsoPANos

hero member

Activity: 602

Merit: 500

In math we trust.

Quote from: ?? on ??

Quote from: RappelzReborn on August 23, 2015, 12:37:24 PM

What's the difference betewen this website and the old brainwallet.org that shutdown lately andhow this is safe from being cracked like the other one aswell ? using real informations may makei t easier to crack and not harder if you ask me , because if someone know you well then you are screwed

Please see the "about" section for a detailed explanation. Brainwallet.org only used one round of SHA256 to generate addresses, which made it extremely easy to brute force. Brainwallet.io uses 262,144 iterations of the scrypt KDF. As you can see, it takes a very long time to generate an address, and even with specialized hardware it would be too costly and impractical to conduct brute force attacks.

The personal information that you enter is used as a salt for additional protection. An attacker would have to target you personally, but they would still have to brute force your passphrase. This would still be a very time consuming process, so you would not be screwed. It would be significantly more secure than using brainwallet.org.

Wow I just tested it and I have to say it takes very much time.
I think that time is not necessary though.
A good passphrase hashed about 1000 times could withstand most if not all types of attacks...

coinableS

legendary

Activity: 1442

Merit: 1179

Quote from: ?? on ??

Quote from: RappelzReborn on August 23, 2015, 12:37:24 PM

What's the difference betewen this website and the old brainwallet.org that shutdown lately andhow this is safe from being cracked like the other one aswell ? using real informations may makei t easier to crack and not harder if you ask me , because if someone know you well then you are screwed

Please see the "about" section for a detailed explanation. Brainwallet.org only used one round of SHA256 to generate addresses, which made it extremely easy to brute force. Brainwallet.io uses 262,144 iterations of the scrypt KDF. As you can see, it takes a very long time to generate an address, and even with specialized hardware it would be too costly and impractical to conduct brute force attacks.

The personal information that you enter is used as a salt for additional protection. An attacker would have to target you personally, but they would still have to brute force your passphrase. This would still be a very time consuming process, so you would not be screwed. It would be significantly more secure than using brainwallet.org.

So then the user could only reclaim their brainwallet funds as long as your service is operational or unless they saved the site files locally. This can be a downside to many people if they want to hold their coins for a long time in a brainwallet.

RappelzReborn

hero member

Activity: 686

Merit: 500

Quote from: unchi on August 23, 2015, 12:34:49 PM

https://brainwallet.io

Deterministic Bitcoin Address Generator

What's the difference betewen this website and the old brainwallet.org that shutdown lately andhow this is safe from being cracked like the other one aswell ? using real informations may makei t easier to crack and not harder if you ask me , because if someone know you well then you are screwed

unchi

newbie

Activity: 23

Merit: 0

---

Topic: --- - page 4. (Read 10317 times)