BIPS38 Encrypted Paper Wallet From Bitaddress.org

Siegfried

sr. member

Activity: 266

Merit: 250

Quote from: cp1 on January 20, 2014, 11:47:17 PM

Quote from: Siegfried on January 20, 2014, 08:48:08 PM

I am considering using a password like this:

1. memorable phrase
2. SHA-256 hash of memorable phrase
3. First 6 characters of hash output, dot, significant date
4. SHA-256 hash again
5. That hash output, dot, significant person
6. Hash again for final password

Could it possibly be brute forced?

Probably not, but you're not going to remember that in 5 years so it doesn't matter.

Yes, I would.

canton

sr. member

Activity: 261

Merit: 285

Quote from: Siegfried on January 20, 2014, 11:43:59 PM

I cannot imagine why that would ever stop working.

Unfortunately, it is a valid concern. Not hugely widespread, but still concerning. See:

https://bitcointalksearch.org/topic/psa-do-not-use-safari-6-to-make-bip38-encrypted-paper-wallets-416324

cp1

hero member

Activity: 616

Merit: 500

Stop using branwallets

Quote from: Siegfried on January 20, 2014, 08:48:08 PM

I am considering using a password like this:

1. memorable phrase
2. SHA-256 hash of memorable phrase
3. First 6 characters of hash output, dot, significant date
4. SHA-256 hash again
5. That hash output, dot, significant person
6. Hash again for final password

Could it possibly be brute forced?

Probably not, but you're not going to remember that in 5 years so it doesn't matter.

Siegfried

sr. member

Activity: 266

Merit: 250

Quote from: MNDan on January 20, 2014, 10:51:25 PM

I'm more concerned about not being able to decode my BIPS38 private key due to the encryption plugin not working anymore on whatever browser/OS. I know about LiveCD and offloading BitAddress and whatnot, but what if you go to decrypt your paper wallet key and you can't get the java script working to decrypt it or you can't install your old version of LiveCD to a newer machine? Paranoia... hehe. Seriously, though.

I have experimented with decrypting BIPS38 private keys on blockchain.info and Mycelium android wallet with complete success. I cannot imagine why that would ever stop working. Also, couldn't you just save a copy of the encryption/decryption software to use at the time in the future that you need it?

MNDan

full member

Activity: 287

Merit: 101

I'm more concerned about not being able to decode my BIPS38 private key due to the encryption plugin not working anymore on whatever browser/OS. I know about LiveCD and offloading BitAddress and whatnot, but what if you go to decrypt your paper wallet key and you can't get the java script working to decrypt it or you can't install your old version of LiveCD to a newer machine? Paranoia... hehe. Seriously, though.

Siegfried

sr. member

Activity: 266

Merit: 250

Quote from: bitpop on January 20, 2014, 09:46:32 PM

Quote from: Siegfried on January 20, 2014, 09:08:17 PM

Quote from: bitpop on January 20, 2014, 08:54:11 PM

Unless encryption is compromised no

How strong is BIPS38 encryption compared to SHA-256? Are they related or totally different?

Sha is a hash, not encryption

Not sure what cipher but I do know it adds like another 1000 hashes

OK thanks for your help.

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: Siegfried on January 20, 2014, 09:08:17 PM

Quote from: bitpop on January 20, 2014, 08:54:11 PM

Unless encryption is compromised no

How strong is BIPS38 encryption compared to SHA-256? Are they related or totally different?

Sha is a hash, not encryption

Not sure what cipher but I do know it adds like another 1000 hashes

Siegfried

sr. member

Activity: 266

Merit: 250

Quote from: bitpop on January 20, 2014, 08:54:11 PM

Unless encryption is compromised no

How strong is BIPS38 encryption compared to SHA-256? Are they related or totally different?

bitpop

legendary

Activity: 2912

Merit: 1060

Unless encryption is compromised no

Siegfried

sr. member

Activity: 266

Merit: 250

Quote from: bitpop on January 20, 2014, 08:31:32 PM

It's still as weak as your password

I am considering using a password like this:

1. memorable phrase

[i'll suck cock for bitcoin]

2. SHA-256 hash of memorable phrase

[904cc478b74282c130faaac1c205f19fa618e353a3e98c2a12b96192307b8825]

3. First 6 characters of hash output, dot, significant date

[904cc4.20140115]

4. SHA-256 hash again

[70ce70b2a9e41f3b16f817ed5d604a388db995ae5d85da77e54ccd0f012e827c]

5. That hash output, dot, significant person

[70ce70b2a9e41f3b16f817ed5d604a388db995ae5d85da77e54ccd0f012e827c.andreasantonop]

6. Hash again for final password

[f3e03c29384847dbbb88ec6d3b9420edee46159c2c4452b84f032057884f0e17]

Could it possibly be brute forced?

Siegfried

sr. member

Activity: 266

Merit: 250

Quote from: bitpop on January 20, 2014, 08:31:32 PM

It's still as weak as your password

I know, but is it as strong as my password? If my password is unable to be cracked by brute force, is there any other way I could lose my bitcoins (besides torture or me forgetting my password)?

bitpop

legendary

Activity: 2912

Merit: 1060

It's still as weak as your password

Siegfried

sr. member

Activity: 266

Merit: 250

If I make a BIPS38 encrypted paper wallet from bitaddress.org on a clean, offline computer with a secure password, is there any realistic possibility of theft? Would it also be safe to upload a .jpg of the wallet to the cloud?

Topic: BIPS38 Encrypted Paper Wallet From Bitaddress.org (Read 1597 times)