Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Author

Topic: Brain wallets generated keys mis-match? (Read 544 times)

DannyHamilton
legendary
Activity: 3472
Merit: 4801
Brain wallets generated keys mis-match?
December 01, 2015, 10:46:54 AM
#5
Quote from: pawel7777 on December 01, 2015, 07:55:09 AM
- snip -
you'd need to know which specific algo has been used to create your key in order to recreate it from the passphrase.

Correct.

There is no standard method of turning a passphrase into a private key.  While some methods might be a bit more secure than others (and some possible methods are horrible insecure), everyone is free to implement whatever method they like.  Therefore, if you are going to use a method, you better know what method you used (in case you lose access to the tool you used).
ranochigo
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Re: Brain wallets generated keys mis-match?
December 01, 2015, 08:04:55 AM
#4
Quote from: pawel7777 on December 01, 2015, 07:55:09 AM

OK, did some research and apparently warpwallet uses key-stretching:

Quote
They can be made a heck-of-a-lot safer with simple key-stretching. The WarpWallet runs Scrypt on your passphrase, and outputs a string in the full 256-bit keyspace. It's at least 1000x more expensive to guess a WarpWallet address than a standard brainwallet address. And if you had access to high-end scrypt-computing hardware, you're probably better off using it to mine litecoins rather than go after WarpWallets. See https://keybase.io/warp. There's a 20BTC challenge to solve an 8-letter WarpWallet passphrase that's been open for almost a month

But that kind of sucks, as apparently you not only need to remember your passphrase, but also hope that the site (you created your wallet on) won't go down. Or at least, you'd need to know which specific algo has been used to create your key in order to recreate it from the passphrase.
You can easily download the script from the site. Even brainwallet was opensourced and so people can still use them after they went down permanently.
pawel7777
legendary
Activity: 2436
Merit: 1561
Re: Brain wallets generated keys mis-match?
December 01, 2015, 07:55:09 AM
#3

OK, did some research and apparently warpwallet uses key-stretching:

Quote
They can be made a heck-of-a-lot safer with simple key-stretching. The WarpWallet runs Scrypt on your passphrase, and outputs a string in the full 256-bit keyspace. It's at least 1000x more expensive to guess a WarpWallet address than a standard brainwallet address. And if you had access to high-end scrypt-computing hardware, you're probably better off using it to mine litecoins rather than go after WarpWallets. See https://keybase.io/warp. There's a 20BTC challenge to solve an 8-letter WarpWallet passphrase that's been open for almost a month

But that kind of sucks, as apparently you not only need to remember your passphrase, but also hope that the site (you created your wallet on) won't go down. Or at least, you'd need to know which specific algo has been used to create your key in order to recreate it from the passphrase.
achow101
staff
Activity: 3458
Merit: 6793
Just writing some code
Re: Brain wallets generated keys mis-match?
December 01, 2015, 07:35:04 AM
#2
They use different algorithms to generate the address. I don't think there is any standard way to generate a brain wallet address.
pawel7777
legendary
Activity: 2436
Merit: 1561
Re: Brain wallets generated keys mis-match?
December 01, 2015, 07:23:03 AM
#1

I was just playing around with creating brain wallets and noticed that there's mismatch between addresses/keys generated from the same passphrase on 2 different sites:

pass:
Code:
The following challenges are designed

Results from bitaddress.org:
Btc address: 1BvkjqV6XV3iYTcLcFGehF5nGdpc5bthXa
Private key: 5JNcmZ365RxqGdT1dD3ZvfEAsmcfchp53JbZpWaqjCxUKcmXk1S

Results from https://keybase.io/warp (got on thas site through google search):
Btc address: 1JHoH6oSfxxWtVjR7yCPqkDiDLixWP6uDJ
Private key: 5JPhzgxYpM9eP8Nw1SbopLeSeULwXXDk3xQVuKZYon8vW7EFbvK

Why are the results different? On the latter site I left the 'salt' field blank so I assume the result would be the same.
Does it mean one of those sites is generating faulty keys, or am I missing something?

Are there any trusted sites other than bitaddress where I can cross-check passphrase results? How to make 100% sure that address/key is generated correctly?


ps. I'm very aware of all the risks/flaws attached to brainwallets, no need to lecture me on that.
Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Jump to: