Pages:
Author

Topic: [bip39.org] Open Source BIP39 Mnemonic Generator via Email and Password (Read 299 times)

hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
I am pleased to announce that the development of this service is now acquired by CPUchain project.

Thank you.
Hello there!

I was about to consider writing about your project here:

⚡ LIST ⚡ FOSS Brainwallets

Are you its lead developer nowadays?
Are you one of its maintainer?

Have you left the project?
newbie
Activity: 11
Merit: 17
I am pleased to announce that the development of this service is now acquired by CPUchain project.

Thank you.
newbie
Activity: 11
Merit: 17
I do think that this project is an answer in search of a question, since just about every wallet is going to do their own key generation anyway.
If people are more interested in security they will use a hardware wallet.
If they are don't care they will use whatever is provided buy the wallet they are using.

However, you really should force a minimum entropy that is somewhat large.

-Dave


Sure, that is why we will introduce Argon2 as well as improving our UI for generating mnemonics in longer timespacing.

Might be worth looking at the Bitcoin Core's RNG code for me but the RNG of JS which would be `crypto.getRandomBytes()` is already used for wallets like Metamask which more than a million people use to store crypto.

Metamask is running in the browser.  No secure software does that, if you were to compare it with something like electrum, because it introduces more risks than necessary.  Also, suggesting it because many use it holds as much water as suggesting custodial exchanges because millions use it, ignoring all the incidents of compromises there have been.

As long as the computer is running on offline and which we supports it, it will be secure as it will be.
sr. member
Activity: 364
Merit: 298
Might be worth looking at the Bitcoin Core's RNG code for me but the RNG of JS which would be `crypto.getRandomBytes()` is already used for wallets like Metamask which more than a million people use to store crypto.

Metamask is running in the browser.  No secure software does that, if you were to compare it with something like electrum, because it introduces more risks than necessary.  Also, suggesting it because many use it holds as much water as suggesting custodial exchanges because millions use it, ignoring all the incidents of compromises there have been.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
I do think that this project is an answer in search of a question, since just about every wallet is going to do their own key generation anyway.
If people are more interested in security they will use a hardware wallet.
If they are don't care they will use whatever is provided buy the wallet they are using.

However, you really should force a minimum entropy that is somewhat large.

-Dave
newbie
Activity: 11
Merit: 17
Don't wanna be that guy who is skeptical and hopeless with full of negativity but there is really no point into creating this generator. If you wanted to test your skills, then great! But if you think that there could be made a project out of this, then no, don't hope that!

1. You suggest to use unique details. Okay, but then what's the point? If I have to type unique details, I'll just download Electrum and generate my wallet via Electrum.
2. You have to keep in mind that 99% of users will probably enter the information that they have already entered on different platforms. So, 99% of people will experience hacks and loss because this generator generates address according to what I type. If I fill the fields, save information and refill it again, I receive exactly the same seeds, entrophy, etc.
3. The way Electrum generates seed phrases is safe enough to never worry about getting your wallet randomly hacked.


Hello, thank you for your opinions about the project.

1. Not for testing my skills, but this website ( bip39.org ) will be a platform for various tools helping the management of BIP39 Mnemonic phrases.

It is like building a safer, and more utilizable vault for your money, if your house is safe enough to store money in any place you would like it would be fine.

But what I want to provide is a tool to help manage those who aren't and need some extra help.

2. It is true, so I have placed a warning not to use details that could match with credentials that are used for other platforms.

3. You might feel comfortable using Electrum for Bitcoin, but the mnemonics are also used for non-bitcoin wallets like Metamask and they are mostly browser-based ( js-based ) wallets.

So, the security of the wallet generation itself will remain at the same level for other wallets.
hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
Don't wanna be that guy who is skeptical and hopeless with full of negativity but there is really no point into creating this generator. If you wanted to test your skills, then great! But if you think that there could be made a project out of this, then no, don't hope that!

1. You suggest to use unique details. Okay, but then what's the point? If I have to type unique details, I'll just download Electrum and generate my wallet via Electrum.
2. You have to keep in mind that 99% of users will probably enter the information that they have already entered on different platforms. So, 99% of people will experience hacks and loss because this generator generates address according to what I type. If I fill the fields, save information and refill it again, I receive exactly the same seeds, entrophy, etc.
3. The way Electrum generates seed phrases is safe enough to never worry about getting your wallet randomly hacked.
newbie
Activity: 11
Merit: 17
Quote
That's just another thing you'd have to remember. You could accomplish the same by adding a few more random characters. But if the encryption itself is a million times heavier, it gets more secure without requiring the user to remember more data.

Yes, that is the reason why we will be going to improve UI as well as adding Argon2 for the key stretching method
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I tried it, and my browser instantly produced a mnemonic. That means the encryption is easy to brute force.
Now compare WarpWallet: it takes a very long time to create a private key, which means the encryption is very difficult to brute force. If you do anything brain wallet related, at least make use of heavy encryption.
Hello, that is why I recommend you to set enough length of nonce ( > 10000 ) to make it resistant to the brute force attack.
That's just another thing you'd have to remember. You could accomplish the same by adding a few more random characters. But if the encryption itself is a million times heavier, it gets more secure without requiring the user to remember more data.

With your system, the user needs to back up an email address or other ID, a password, one or more "additional phrases", and a nonce. The loss of any one of these results in loss of their seed phrase and their coins. How is this simpler than just backing up a 12 word seed phrase which was properly generated from dev/urandom?
Good point. Also known as KISS.
newbie
Activity: 11
Merit: 17
Bip39-org is a free, open source html & cli standalone tool to create BIP39 Mnemonic from the combination of Email, Password, security questions, and nonces.
I appreciate your efforts, but from my quick testing I see that I can enter anything I want in email field, so this is acting more like additional passphrase.
I don't see any real benefit of adding real email address, and it can only hurt newbies who (by mistake) could generate keys while being online.

Any random generation and mixing several sources is not really creating true randomness (based on my research).
Using something like good old casino dices and calculating last word is much better option in my opinion, but one downside is much slower process.

- Is it auditable?
I wouldn't recommend anyone using this tool until we see code review or audits from security experts, but it should be fine for experimental purposes.


Thank you for your opinion and yes I would recommend the same. While I have examined the codes and the functionalities personally still the codes are released as a proof of concept and you should use them with your own risks
legendary
Activity: 2212
Merit: 7064
Bip39-org is a free, open source html & cli standalone tool to create BIP39 Mnemonic from the combination of Email, Password, security questions, and nonces.
I appreciate your efforts, but from my quick testing I see that I can enter anything I want in email field, so this is acting more like additional passphrase.
I don't see any real benefit of adding real email address, and it can only hurt newbies who (by mistake) could generate keys while being online.

Any random generation and mixing several sources is not really creating true randomness (based on my research).
Using something like good old casino dices and calculating last word is much better option in my opinion, but one downside is much slower process.

- Is it auditable?
I wouldn't recommend anyone using this tool until we see code review or audits from security experts, but it should be fine for experimental purposes.
newbie
Activity: 11
Merit: 17
Quote
I wouldn't recommend that anyone uses a website based javascript generator: https://bitcointalksearch.org/topic/m.56590276

Might be worth looking at the Bitcoin Core's RNG code for me but the RNG of JS which would be `crypto.getRandomBytes()` is already used for wallets like Metamask which more than a million people use to store crypto.
newbie
Activity: 11
Merit: 17
Note that the "additional phrases" and the nonce is an optional values, which means that you could only generate the same seed phrases with the same email and password.
Which would be highly insecure.

Backup option is provided in case you forgot your email or password, or any other values you have used and it is recommended if you tend to store valuable crypto.
Which is entirely my point. Given that you should be backing up your wallet recovery process offline, then why not generate your seed phrase securely and back that up, than risk generating it insecurely by using this method and then backing up your additional phrases and so on (which also don't have a checksum or any way to identify an error).

Of course, you could generate random phrases via the website which is generated by the browser cryptography API, and make an encrypted backup of it https://bip39.org/#mnemonic.
I wouldn't recommend that anyone uses a website based javascript generator: https://bitcointalksearch.org/topic/m.56590276

Yes, as I have said earlier "use it at your own risk" and my recommendation is to store crypto on something more audited and well-used. This website is only at the proof-of-concept stage for those who seek easy binding of the mnemonic against something easy to remember. My idea to publish the website here is to gather any ideas that could lead to improvement and get the audit done. If the function is mature enough, will port to other languages like C or Rust for a secure key generation framework. JS is preferred since it could demonstrate the whole process on Node.js and Web Browsers without sacrificing much time for building a UI.

Still, this tool will provide you with convenient crypto storage as easy-to-remember mnemonic words that could be used across wallets like Metamask or Electrum if you don't intend to store millions worth of crypto.
legendary
Activity: 2268
Merit: 18771
Note that the "additional phrases" and the nonce is an optional values, which means that you could only generate the same seed phrases with the same email and password.
Which would be highly insecure.

Backup option is provided in case you forgot your email or password, or any other values you have used and it is recommended if you tend to store valuable crypto.
Which is entirely my point. Given that you should be backing up your wallet recovery process offline, then why not generate your seed phrase securely and back that up, than risk generating it insecurely by using this method and then backing up your additional phrases and so on (which also don't have a checksum or any way to identify an error).

Of course, you could generate random phrases via the website which is generated by the browser cryptography API, and make an encrypted backup of it https://bip39.org/#mnemonic.
I wouldn't recommend that anyone uses a website based javascript generator: https://bitcointalksearch.org/topic/m.56590276
newbie
Activity: 11
Merit: 17
Hello, that is why I recommend you to set enough length of nonce ( > 10000 ) to make it resistant to the brute force attack.
I tried this setting and it still generates my seed pretty fast. As a non-techy user, how would I know if the generated seed is relatively safe from brute force or not? Is there any tool or way for me to check the entropy value?

Check out the "Generated Entropy" area. Copy-pasting those entropy values to https://iancoleman.io/bip39/ will give you the same mnemonic phrases.

To prevent brute force I think the generation time of 1~5 seconds is a safe measure but I don't think people will brute force them if you are using longer and safer password values.

See https://www.security.org/how-secure-is-my-password/.
legendary
Activity: 2170
Merit: 1789
Hello, that is why I recommend you to set enough length of nonce ( > 10000 ) to make it resistant to the brute force attack.
I tried this setting and it still generates my seed pretty fast. As a non-techy user, how would I know if the generated seed is relatively safe from brute force or not? Is there any tool or way for me to check the entropy value?
newbie
Activity: 11
Merit: 17
No offense, but I don't see the point of this at all.

With your system, the user needs to back up an email address or other ID, a password, one or more "additional phrases", and a nonce. The loss of any one of these results in loss of their seed phrase and their coins. How is this simpler than just backing up a 12 word seed phrase which was properly generated from dev/urandom?

Either they are backing up all that information on paper, in which case they should just back up a properly generated seed phrase, or they are relying on their memory for random strings, phrases, and numbers, which puts them at a very high risk of forgetting something and locking themselves out of their coins.

Note that the "additional phrases" and the nonce is an optional values, which means that you could only generate the same seed phrases with the same email and password.

Additional phrases and the nonce could work as same as the BIP85 which enables generating multiple different seeds by a different BIP85 index.

Backup option is provided in case you forgot your email or password, or any other values you have used and it is recommended if you tend to store valuable crypto.

Same as you make a backup for credentials for other websites as well.

Of course, you could generate random phrases via the website which is generated by the browser cryptography API, and make an encrypted backup of it https://bip39.org/#mnemonic.

That is why our website is named "bip39.org". We will add multiple tools related to the seed phrases over time.
legendary
Activity: 2268
Merit: 18771
No offense, but I don't see the point of this at all.

With your system, the user needs to back up an email address or other ID, a password, one or more "additional phrases", and a nonce. The loss of any one of these results in loss of their seed phrase and their coins. How is this simpler than just backing up a 12 word seed phrase which was properly generated from dev/urandom?

Either they are backing up all that information on paper, in which case they should just back up a properly generated seed phrase, or they are relying on their memory for random strings, phrases, and numbers, which puts them at a very high risk of forgetting something and locking themselves out of their coins.
newbie
Activity: 11
Merit: 17
I tried it, and my browser instantly produced a mnemonic. That means the encryption is easy to brute force.
Now compare WarpWallet: it takes a very long time to create a private key, which means the encryption is very difficult to brute force. If you do anything brain wallet related, at least make use of heavy encryption.

Hello, that is why I recommend you to set enough length of nonce ( > 10000 ) to make it resistant to the brute force attack.

I am also planning to adopt some powerful password-hashing functions like Argon2 https://github.com/P-H-C/phc-winner-argon2 but it will not be the default option since not many browsers or user environments support WASM and since Argon2 is not the standard yet. ( As we stated on the FAQ, we are currently only using the standard WebCrypto function to make any modern device compatible ).

About the brute force, our key generation from the email and password is still stronger than the original brain wallet implementation from https://coinb.in/#wallet ( only doing 50 times of SHA256 digest vs 100 x ( nonce ) times of SHA256 digest + PBKDF2 key stretching) and still, we haven't heard a man using coinb.in wallet getting robbed due to the brute force attack so I think it is still secure as it is. ( Unless somebody brings up FPGA loaded with the custom script to brute force with every leaked email and passwords )
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I tried it, and my browser instantly produced a mnemonic. That means the encryption is easy to brute force.
Now compare WarpWallet: it takes a very long time to create a private key, which means the encryption is very difficult to brute force. If you do anything brain wallet related, at least make use of heavy encryption.
Pages:
Jump to: