Topic: Here is how to make a brain wallet 100 times more secure. - page 3. (Read 6470 times)
I have a way that is better, but if I told you then everybody would know!
I keep hearing that brain wallets are not viable solutions and that we have to use hardware/software wallets with a bitcoin client to have a secure wallet, because of the lack of entropy in wallets generated by brainwallet passwords. Rubbish! There is a really simple way to fix this problem and make your brain wallet 100 times more secure.
Just generate a giant random alphanumber (at least 256 bits to provide maximum entropy) and store it somewhere. You can call this your 'entropy key', your 'salt', your 'seed', or whatever. Then use it in addition to a memorized password when generating a brainwallet. For example could store a salt somewhere "a3fE3f92kOe2p4d0" (it would actualy be much longer than this), memorize a password "correcthorsebatterystaple", and then your password would be "a3fE3f92kOe2p4d0correcthorsebatterystaple". So now instead of your private key being SHA256(passphrase), it is SHA256(salt+passphrase), or you could make it something more complicated than that - it's up to you.
This completely solves the entropy problem of a brainwallet by adding the maximum amount of entropy possible to your password right off the bat. It's kind of like two-factor authentication. It is also solves the physical security issue of a paper wallet where if the wallet is stolen, it is compromised. If an attacker steals your seed, no big deal - they still don't have the password component. An attacker would have to first know that what they were looking at was a brainwallet seed and then they'd have a to run a bruteforce cracking operation just on your brainwallet seed specifically. Of course this is not impossible but it is kind of far fetched and much less easy/likely than the attacks involved in a plain brainwallet, a plain paperwallet, or even hardware/software wallets.
Now some people might complain that this isn't a true brainwallet solution, because there is some information you need to store somewhere outside of your brain. That is true. However, it is the closest you can get and is a much easier solution than running a dedicated hardware or software bitcoin client. Also, to mitigate this issue, you could take measures to make it very easy for yourself to access your seed and make sure that it is always available to you. You can store it in one, many, or all of many places. For example, you could
-Store it on a pc
-Store it on a thumbrive
-Write it down or print it on paper
-Keep it in a bank vault
-Store it hidden away somewhere on some websites you can log into
-Embed it inside the code of an image you post on facebook
-Store it in a file on your web server, possibly behind password protection/htaccess
-Store it in a database
-Email it yourself
-If you are really brave, store it on the blockchain - then you know even in a worst case apocalytic scenario, as long as bitcoin still exists you will have access to your seed.
You can be really lax with security on your seed because as I said earlier, you also need the memorized password to add to it. If you are concerned with security, you can also encrypt your seed using some encryption algorithm and another password that you use to decrypt the seed before using it. You can also use multiple seeds and store them in different places, and then use them all together with your password to generate your wallet.
Secure solution
I hope this helps. Once I got serious about moving into cold storage and was ready to send, it only took me a few hours to think of and perfect this solution. I'm surprised more people aren't doing it.
Code:
Private key = SHA256(salt+passphrase)
Just generate a giant random alphanumber (at least 256 bits to provide maximum entropy) and store it somewhere. You can call this your 'entropy key', your 'salt', your 'seed', or whatever. Then use it in addition to a memorized password when generating a brainwallet. For example could store a salt somewhere "a3fE3f92kOe2p4d0" (it would actualy be much longer than this), memorize a password "correcthorsebatterystaple", and then your password would be "a3fE3f92kOe2p4d0correcthorsebatterystaple". So now instead of your private key being SHA256(passphrase), it is SHA256(salt+passphrase), or you could make it something more complicated than that - it's up to you.
This completely solves the entropy problem of a brainwallet by adding the maximum amount of entropy possible to your password right off the bat. It's kind of like two-factor authentication. It is also solves the physical security issue of a paper wallet where if the wallet is stolen, it is compromised. If an attacker steals your seed, no big deal - they still don't have the password component. An attacker would have to first know that what they were looking at was a brainwallet seed and then they'd have a to run a bruteforce cracking operation just on your brainwallet seed specifically. Of course this is not impossible but it is kind of far fetched and much less easy/likely than the attacks involved in a plain brainwallet, a plain paperwallet, or even hardware/software wallets.
Now some people might complain that this isn't a true brainwallet solution, because there is some information you need to store somewhere outside of your brain. That is true. However, it is the closest you can get and is a much easier solution than running a dedicated hardware or software bitcoin client. Also, to mitigate this issue, you could take measures to make it very easy for yourself to access your seed and make sure that it is always available to you. You can store it in one, many, or all of many places. For example, you could
-Store it on a pc
-Store it on a thumbrive
-Write it down or print it on paper
-Keep it in a bank vault
-Store it hidden away somewhere on some websites you can log into
-Embed it inside the code of an image you post on facebook
-Store it in a file on your web server, possibly behind password protection/htaccess
-Store it in a database
-Email it yourself
-If you are really brave, store it on the blockchain - then you know even in a worst case apocalytic scenario, as long as bitcoin still exists you will have access to your seed.
You can be really lax with security on your seed because as I said earlier, you also need the memorized password to add to it. If you are concerned with security, you can also encrypt your seed using some encryption algorithm and another password that you use to decrypt the seed before using it. You can also use multiple seeds and store them in different places, and then use them all together with your password to generate your wallet.
Secure solution
Code:
Private key = SHA256(seed1+password1+seed2+password2+seed3)
I hope this helps. Once I got serious about moving into cold storage and was ready to send, it only took me a few hours to think of and perfect this solution. I'm surprised more people aren't doing it.
Jump to: