Topic: [Electrum] a brainwallet in twelve words - page 2. (Read 13302 times)

I'm just switching over to Electrum because the std client is now using 4GB of my SSD and I want that space back. So far it's looking awesome but there are a few things I'd like to tweak. I'll look at the code on gitHub and see what I can do. I'm new to GitHub but fairly proficient in Python.

Another thing I'd like is SOCKS proxy support, and that's easy to do in Python but depends on how network stuff is done.

2^128 = 3.402823669×10³⁸ so that's very close to the space for 12 words from 1626 word dict. In terms of brute forcing I think it's roughly the same as using a 21 char password.

Can you comment on what data is visible on the network to the server? I see it says TCP mode and HTTP isn't clickable but is encryption or SSL used? I realize that the keys are not sent over the network but I'm wondering about side channel and contextual info. ie. an eavesdropper could monitor blockchain info retrieval and be able to piece together enough to know if further effort (breaking in to steal notebook) is worthwhile.

Having SOCKS support would allow using Electrum via a ssh tunnel more easily (eg. at web cafes or public access) providing protection from monitoring and MITM type attacks.

edit: Oh. I just read on another thread that genjix is now the dev for Electrum....

I don't think it is possible at the moment. I find it annoying too; your patch will be welcome.


the seed length is 128 bits. not sure how to map that into 'chars'

Is there some way to make Electrum start in Pro Mode? It doesn't seem to remember mode and not window position either (one of my pet peeves!). It's kind of annoying to have to use the menu to switch mode every time started.

If not, then is it acceptable for me to contribute a patch on github that provides these options?

Also, I take it that the seed "word" space is 1626^12 = 3.4154387×10³⁸ - seems like a big enough space roughly close to 64^21, or a 21 char password. Sound about right?

If I understand correctly what you did, I don't think that's a very good idea. An attacker having gained access to your drive could quite easily search for the words in lib/mnemonic.py and find your sentence pretty quickly.

Just got this client, it looks cool. Of course I copied my words to a random notepad doc I was using for other stuff.

loss of entropy aside, I believe that gramatically correct sentences are easier to learn, but they are also easier to forget.
if you make the effort to memorize a non-structured list you are more likely to remember it.

It's not hard to remember a "nonsensical" list of words. I use a trick: make some picture(s) in your mind, moving ones if you like. The weirder the pictures the better you'll remember the words.

I've been hiking with my girlfreind in Nepal for 3 weeks... while walking the whole day we got bored and we made up lists of words and kept repeating them... a childs game about packing your stuff and going on vacation. We both used this method and we had multiple lists of 100 words each memorized perfectly. After that got boring, we even managed to assign numbers from 0 to 99 to the words of one of the lists and memorized phone numbers using this code and the mentioned method of making a mental picture.

Maybe if you could generate grammatically correct (but likely nonsensical) sentences it would be more memorable?

Could mnemonic.py be used by any other client to produce a set of English words for a regularly produced address?  Thus being able to print out the 12 word sets of a regularly produced set of private keys for archival backup?

WARNING
A new website popped up, that lets users generate addresses from their Electrum or Armory seed: http://brainwallet.org/

Currently, it is not clear who created that website.
I previously thought it was Joric, but he just said he is not the author.

After a quick inspection, the javascript does not send your seed to a remote server.
However, nothing guarantees that the server will always send you the same javascript

In other words: this could very well be a phishing attempt.
If you ever used that website, move your funds to a new wallet immediately!

thanks for spotting that. I just fixed it and released version 0.43e, whith the patch

It lacks support for codes with trailing zero (it's quite likely if keys considered random, the existing generator uses "%032x").
Importing 0e590e7dcd80a54737e49d4f95db4fd and "blank delight sanctuary demand peach sharp knife never meant" gives different results.

the sequence of word you quoted was used by me as a demonstration screenshot on the website.
the actual dictionary NEVER changed since the release of the software.

Worldist has changed and there is no 'pain' anymore. Doesn't seem very reliable   Better use rfc1751.

Nice, I don't know who exactly coind the term "brainwallet", but I like it

Cool! Now we just need "Brainmining" to work 

thanks to this feature of Electrum, it is now cited in Forbes:

http://www.forbes.com/sites/jonmatonis/2012/03/12/brainwallet-the-ultimate-in-mobile-money/

oh, and the 2012 official buzzword to say this is "Brainwallet"

seems pretty cool

Very interesting. Reminds me of "correct horse battery staple" - http://xkcd.com/936/ .

The new Electrum client uses mnemonic codes to represent random wallet seeds.
A seed is encoded with 12 words from a 1626 words dictionary.
If you lose your wallet, these 12 words are the only thing you need in order to recover it.

Screenshot: