Pages:
Author

Topic: [bip39.org] Open Source BIP39 Mnemonic Generator via Email and Password - page 2. (Read 299 times)

newbie
Activity: 11
Merit: 17
Web: https://bip39.org

IPFS Mirror: https://bip39org.eth.link, https://bip39org.eth.limo, https://bip39-org.ipns.cf-ipfs.com

Github: https://github.com/bip39org/bip39-org

Issues: https://github.com/bip39org/bip39-org/issues

Releases (Standalone Offline Version): https://github.com/bip39org/bip39-org/releases/latest

Every releases are signed with the public PGP key https://github.com/bip39org/bip39-org/blob/main/bip39org.asc

Donate: 1ApLvtViUypng5uunszD6HTVpsoBwK14ZQ

About

Bip39-org is a free, open source html & cli standalone tool to create BIP39 Mnemonic from the combination of Email, Password, security questions, and nonces.

It is a modification from the coinb.in's brain wallet https://coinb.in/#wallet with extra key stretching solution with PBKDF2.

It is not audited and released as a proof of concept, so please use it at your own risk.

Features

bip39.org supports the following features

- Offline BIP39 mnemonic generation with Email and Password

- Offline PBKDF2 cbc encrypted backup generation

- Offline PBKDF2 text encryption

- BIP39 tools https://bip39.org/bip39-standalone.html from the latest signed release of https://iancoleman.io/bip39/.

FAQs

- Is it secure?

Depends on the email and the password combination you are using, make sure those are not leaked or used from other sites, and utilize other key generation factors such as security questions and nonces.

- Is it a brain wallet?

Sort of, the entropy generation with email and password is optimized to have resistance against brain wallet brute forces,

see https://rya.nc/files/cracking_cryptocurrency_brainwallets.pdf about the brain wallet security

and see https://github.com/bip39org/bip39-org/blob/main/src/js/bip39-org.js#L760 for how we optimized them

( With more nonce length it will be hard for the third party to guess your mnemonic )

- Is it deterministic?

We use the WebCrypto Standard https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API

and as long as your browser and the hardware supports it, you can reproduce mnemonic with the same email and password combination.

We don't use other cryptographic libraries other than the WebCrypto API to utilize crypto functions.

- Is it auditable?

We don't use any other frontend frameworks other than the native browser DOM API.

See https://github.com/bip39org/bip39-org/blob/main/src/js/frontend.js for the frontend source code.

Also, the javascript codes we use are embedded in the frontend html file without minification so it will be easy to verify the source code.

( Our ENS IPFS Mirror also guarantees the immutability of the source code of the frontend as well )

Contribute

Please, feel free to make a contribution or an audit of the source code https://github.com/bip39org/bip39-org

TO-DO

- Audit of the full source code by well-known firm & people

- Implement Argon2 password hashing algorithm for the mnemonic entropy stretching via Email and Password which could enhance generated mnemonic aginst possible brute-force attacks by hardwares like FPGAs or an ASIC devices.

- Add Shamir's secret sharing tool to the UI to shard entropy to make a secure backup of mnemonics ( And any kind of strings ).

- Enhance UI to make it more user friendly.

- Add missing test units for browser and node.js

Donation

Every donation will be used to cover audits of the source code

1ApLvtViUypng5uunszD6HTVpsoBwK14ZQ
Pages:
Jump to: