Author

Topic: BIPS38 Encrypted Paper Wallet From Bitaddress.org (Read 1601 times)

sr. member
Activity: 266
Merit: 250

I am considering using a password like this:


1. memorable phrase
2. SHA-256 hash of memorable phrase
3. First 6 characters of hash output, dot, significant date
4. SHA-256 hash again
5. That hash output, dot, significant person
6. Hash again for final password

Could it possibly be brute forced?


Probably not, but you're not going to remember that in 5 years so it doesn't matter.

Yes, I would.
sr. member
Activity: 261
Merit: 285
I cannot imagine why that would ever stop working.

Unfortunately, it is a valid concern. Not hugely widespread, but still concerning. See:

https://bitcointalksearch.org/topic/psa-do-not-use-safari-6-to-make-bip38-encrypted-paper-wallets-416324
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets

I am considering using a password like this:


1. memorable phrase
2. SHA-256 hash of memorable phrase
3. First 6 characters of hash output, dot, significant date
4. SHA-256 hash again
5. That hash output, dot, significant person
6. Hash again for final password

Could it possibly be brute forced?


Probably not, but you're not going to remember that in 5 years so it doesn't matter.
sr. member
Activity: 266
Merit: 250
I'm more concerned about not being able to decode my BIPS38 private key due to the encryption plugin not working anymore on whatever browser/OS. I know about LiveCD and offloading BitAddress and whatnot, but what if you go to decrypt your paper wallet key and you can't get the java script working to decrypt it or you can't install your old version of LiveCD to a newer machine? Paranoia... hehe. Seriously, though.

I have experimented with decrypting BIPS38 private keys on blockchain.info and Mycelium android wallet with complete success. I cannot imagine why that would ever stop working. Also, couldn't you just save a copy of the encryption/decryption software to use at the time in the future that you need it?
full member
Activity: 287
Merit: 101
I'm more concerned about not being able to decode my BIPS38 private key due to the encryption plugin not working anymore on whatever browser/OS. I know about LiveCD and offloading BitAddress and whatnot, but what if you go to decrypt your paper wallet key and you can't get the java script working to decrypt it or you can't install your old version of LiveCD to a newer machine? Paranoia... hehe. Seriously, though.
sr. member
Activity: 266
Merit: 250
Unless encryption is compromised no

How strong is BIPS38 encryption compared to SHA-256? Are they related or totally different?

Sha is a hash, not encryption

Not sure what cipher but I do know it adds like another 1000 hashes

OK thanks for your help.
legendary
Activity: 2912
Merit: 1060
Unless encryption is compromised no

How strong is BIPS38 encryption compared to SHA-256? Are they related or totally different?

Sha is a hash, not encryption

Not sure what cipher but I do know it adds like another 1000 hashes
sr. member
Activity: 266
Merit: 250
Unless encryption is compromised no

How strong is BIPS38 encryption compared to SHA-256? Are they related or totally different?
legendary
Activity: 2912
Merit: 1060
Unless encryption is compromised no
sr. member
Activity: 266
Merit: 250
It's still as weak as your password

I am considering using a password like this:


1. memorable phrase

[i'll suck cock for bitcoin]

2. SHA-256 hash of memorable phrase

[904cc478b74282c130faaac1c205f19fa618e353a3e98c2a12b96192307b8825]

3. First 6 characters of hash output, dot, significant date

[904cc4.20140115]

4. SHA-256 hash again

[70ce70b2a9e41f3b16f817ed5d604a388db995ae5d85da77e54ccd0f012e827c]

5. That hash output, dot, significant person

[70ce70b2a9e41f3b16f817ed5d604a388db995ae5d85da77e54ccd0f012e827c.andreasantonop]

6. Hash again for final password

[f3e03c29384847dbbb88ec6d3b9420edee46159c2c4452b84f032057884f0e17]


Could it possibly be brute forced?
sr. member
Activity: 266
Merit: 250
It's still as weak as your password

I know, but is it as strong as my password? If my password is unable to be cracked by brute force, is there any other way I could lose my bitcoins (besides torture or me forgetting my password)?
legendary
Activity: 2912
Merit: 1060
It's still as weak as your password
sr. member
Activity: 266
Merit: 250
If I make a BIPS38 encrypted paper wallet from bitaddress.org on a clean, offline computer with a secure password, is there any realistic possibility of theft? Would it also be safe to upload a .jpg of the wallet to the cloud?
Jump to: