How secure is a brain wallet with a randomly generated password?

ABCbits

legendary

Activity: 2842

Merit: 7333

Crypto Swap Exchange

Quote from: acuriousmind on January 23, 2023, 07:05:26 AM

I asked my girlfriend to create a 8+ letters passphrase, let's say I use BIP39, send 100 USD and post here the mnemonic, as if the qr code would have been compromised.
Do you think the cost to brute force would be low enough so people will try?

People can't even brute-force when they don't know all detail of your custom setup. And 100 USD isn't worth it when all you know the password has 8 character due to high possible combination (95^8 or about 6.63E15). Take note 95 refer to 26 lower case, 26 upper case, 10 number and 33 ASCII special character.

Quote from: acuriousmind on January 23, 2023, 07:05:26 AM

Do you think it would make a big difference if I use argon2 instead of pbkdf2? (I understand this would break compatibility)

In general, it'd be more resistant against brute-force. But without knowing additional (such as which argon2 version you use or total iteration) and some benchmark, no one can say for sure.

acuriousmind

newbie

Activity: 5

Merit: 8

Hello,

I don't want to reinvent the wheel => this is why I tried to start from something existing I knew (the warp wallet) and why I post on this forum, so I can learn about stuff like the extra word in BIP 39

So, thanks a lot for your feedback.

Pooya perfectly summarized it, right now my algorithm creates 256 bits of entropy and the password only add a bit more.
Actually, this is BIP39 + passphrase but with argon2 instead of pbkdf2 and a QR code instead of a wordlist.

I asked my girlfriend to create a 8+ letters passphrase, let's say I use BIP39, send 100 USD and post here the mnemonic, as if the qr code would have been compromised.
Do you think the cost to brute force would be low enough so people will try?
Do you think it would make a big difference if I use argon2 instead of pbkdf2? (I understand this would break compatibility)

thanks

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

I see no reason to reinvent the wheel here and create your own methods when the widely used systems in place work just fine. It would be recommended to attempt something else if bitcoin's security was flawed. 12/24-word seed have been secure for years. Strong passphrases are a security booster. Brain wallets and their derivatives aren't secure enough.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Quote from: pooya87 on January 22, 2023, 05:06:33 AM

Yeah, but that's a storage issue not the creation process issue.

I don't think you can view the two things in isolation though. I could spend hours with airgapped systems and flipping coins and create the most secure cold storage in existence, but if I then store my seed phrase in my emails then the entire process is pointless.

If OP realizes that publicly displaying a QR code of his seed phrase is a massive security risk and instead opts to keep it secure, then sure, his system is fine. But if he does that, then he doesn't need the brain wallet part at all, and just keeping the seed phrase secure is enough. And if he does still want a human generated password as well, then I agree using a standard approach of a passphrase is better than a self created method.

pooya87

legendary

Activity: 3402

Merit: 10424

Quote from: o_e_l_e_o on January 22, 2023, 04:47:16 AM

Ordinarily yes, but OP has said he wants to print out the seed phrase he is using as a QR code so he can then put it on an object for his mother to display in her house. Going through this process probably exposes the seed phrase to the internet, but more importantly, anyone who visits his mom can scan the QR code and access the seed phrase in 2 seconds. That could be anything from families and friends to babysitters to trades people and so on. Hell, it could be someone looking through the window. I would consider that seed phrase to be highly insecure, and therefore the security of his whole set up hinges on his weak human generated password.

Yeah, but that's a storage issue not the creation process issue. The QR code could be placed behind some sort of seal that has to be broken to reveal the key itself like printed at the bottom under a seal while the front has the QR for the address. Or simply store the seed separately from the object that is used as decoration.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Quote from: pooya87 on January 22, 2023, 12:05:58 AM

This doesn't sound like a brain wallet at all since your passphrase is actually a randomly generated 128+ bits of entropy and you are just adding a tiny bit of entropy on top of that with your salt. That means regardless of what your salt is (even if it is "123") the result should be secure.

Ordinarily yes, but OP has said he wants to print out the seed phrase he is using as a QR code so he can then put it on an object for his mother to display in her house. Going through this process probably exposes the seed phrase to the internet, but more importantly, anyone who visits his mom can scan the QR code and access the seed phrase in 2 seconds. That could be anything from families and friends to babysitters to trades people and so on. Hell, it could be someone looking through the window. I would consider that seed phrase to be highly insecure, and therefore the security of his whole set up hinges on his weak human generated password.

pooya87

legendary

Activity: 3402

Merit: 10424

This doesn't sound like a brain wallet at all since your passphrase is actually a randomly generated 128+ bits of entropy and you are just adding a tiny bit of entropy on top of that with your salt. That means regardless of what your salt is (even if it is "123") the result should be secure. You still have to write down the mnemonic used as passphrase which means it is not a brain-wallet!

As for argon2 and pbkdf2, the only reason why "WarpWallet" uses scrypt is because they know brainwallets are weak and people will use weak passphrases so they tried to increase the cost of brute forcing when the "entropy" is weak. In your case as I said your entropy is big and strong enough that doesn't need that extra cost.
Which also means you are reinventing the wheel! The BIP39 algorithm already has this option for you commonly known as "extra words" and sometimes referred to as "passphrase". It is the 13th word you add to your 12 word seed phrase (or the 25th to 24 words and so on) and does exactly what you want with a standardized algorithm that majority of bitcoin wallets support.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Quote from: acuriousmind on January 18, 2023, 11:37:15 AM

So you think the warp wallet algorithm with argon2 and pbkdf2 does not strengthen it enough?

I care far less about the algorithm you use and far more about the fact that it only requires a human made weak password in order to compromise your wallet.

Quote from: acuriousmind on January 18, 2023, 11:37:15 AM

We are talking about wallets of 20-50 USD. I would have thought that even with the QR code stolen, brute forcing would cost too much.

50 USD today. Who knows how much it will be worth in 10, 20, 50 years?

Quote from: acuriousmind on January 18, 2023, 11:37:15 AM

I want to offer this also to my friends, a different present for each of them.

I do not like gifting bitcoin in this way for two reasons. First of all, the recipient needs to trust you completely, both your competence in setting up the wallet in the first place and your honesty to not keep a copy and swipe it later. Secondly, it teaches them to trust third parties instead of holding their own keys, which as we all know is a terrible idea. Much better for them to set up their own wallet, give you an address from their wallet, and then you can use that address to generate a QR code for their gift.

ABCbits

legendary

Activity: 2842

Merit: 7333

Crypto Swap Exchange

Quote from: acuriousmind on January 18, 2023, 11:37:15 AM

Quote

"physical" Bitcoin

I want to offer this also to my friends, a different present for each of them.
I already offered a funkopop with a QR code to a friend and he was very happy to have crypto money.
Think of a painting for someone, a key chain for another etc. All of them with a QR code.

That could work as present. But when i say "physical" Bitcoin, i mean something like these
1. https://en.bitcoin.it/wiki/Casascius_physical_bitcoins which has coin physical form.
2. https://www.ballet.com/ which has card/paper physical form.

P.S. I only mention those product as example.

acuriousmind

newbie

Activity: 5

Merit: 8

Thanks for all your replies,

Quote

displaying a QR code of the seed phrase, then the security of your wallet is reduced to only that of your weak human-generated password

So you think the warp wallet algorithm with argon2 and pbkdf2 does not strengthen it enough?
We are talking about wallets of 20-50 USD. I would have thought that even with the QR code stolen, brute forcing would cost too much.

Quote

BIP38 encryption

Yes this sounds a great idea, I should use BIP38 instead of my proposed algorithm, then?

Quote

"physical" Bitcoin

I want to offer this also to my friends, a different present for each of them.
I already offered a funkopop with a QR code to a friend and he was very happy to have crypto money.
Think of a painting for someone, a key chain for another etc. All of them with a QR code.

Quote

how are you going to remember the random seed

Quote

qr code / bip39

The random seed is the QR code.
I felt the QR code is more friendly to print on something and more friendly when you scan it.

Quote

Make sure someone other than you knows how to get to the funds

Yes, I want to open-source the algorithm.
I was also thinking of a website, you load it, get offline and then you can scan the QR code and enter your password, to get your private key.

The idea is not to create a multipurpose wallet, this is more like "my first crypto", so people can enter the crypto world, lose their fear about it and then maybe one day will get serious with other wallets.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

1) As pointed out this is a bit of an odd way of doing things. If something goes wrong trying to undo it is going to be very difficult. Why generate more work?

2) Also as pointed out any collectable with a self generated key is also fine.
2a) A couple of small collectables each with part of a Shamir’s Secret Sharing would also work and you / trusted others could also keep parts of it.

3) Make sure someone other then you knows how to get to the funds. It's the bus tomorrow morning you could get hit by a bus. If someone comes here or to other places for support there MAY be a chance that if you use a standard method someone could help you mom get the funds out. With your way they are lost forever.

-Dave

ABCbits

legendary

Activity: 2842

Merit: 7333

Crypto Swap Exchange

Quote from: acuriousmind on January 18, 2023, 04:57:20 AM

Do you think it is secure enough?

Secure enough? Maybe yes.
Easy to recover? Probably no since your setup is unusual.

Quote from: acuriousmind on January 18, 2023, 05:53:05 AM

This is because I want to give her not only the QR code, but a nice object with the QR printed on it.

So she can "feel" it, something she could put in her home and show her hosts she now has bitcoins.

Then giving her "physical" Bitcoin would be better choice. But you have to TRUST the one who create it, unless you generate private key and fund the address by yourself.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Brain wallets are never secure. And if you are planning on displaying a QR code of the seed phrase, then the security of your wallet is reduced to only that of your weak human generated password. A recipe for disaster.

Further, if you want to have a QR code on display, then you should use the QR code of the address. This lets people scan it to see that it is a bitcoin address without risking the funds. You should instead create a seed phrase or key pair securely and give the written down seed phrase or private key to your mother to store securely. Then print the QR code of the address on to an object as you desire.

LoyceMobile

hero member

Activity: 1643

Merit: 683

LoyceV on the road. Or couch.

No. I think you risk losing your funds. This isn't a brain wallet, how are you going to remember the random seed? The warp-site isn't the problem, your interpretation is.
If you want to print a QR-code, why not use BIP38 encryption? I wouldn't show it off though, just like you don't leave a pile of cash on the table to impress visitors.

NeuroticFish

legendary

Activity: 3500

Merit: 6205

Looking for campaign manager? Contact icopress!

Quote from: acuriousmind on January 18, 2023, 04:57:20 AM

I plan to create a brain wallet by doing the following

I think that you better skip the idea of the brain wallet. They were proven insecure for years.

Why you don't just set up a safe offline OS, maybe without persistence too, and just run from there either Electrum or Sparrow, either run there Ian Coleman's bip39 page?
Then you should have a proper HD seed to work with.

Or, if you want only to give a nice present that maybe won't be used too, you can look for a good old and reputed vanity generator you can maybe use offline (just beware, not all vanity generators are reputable!), getting a nice address like 1NfiSHBCB4qYoQZTzGe3Er5f9gb7X1hVRj, which (together with private key) you can use for some hand-made paper wallet.

In any case, I would not use printer, unless maybe if I install it from start onto that offline OS; the private key or seed should not touch systems that will ever go online.

acuriousmind

newbie

Activity: 5

Merit: 8

Hello Charles,

This is because I want to give her not only the QR code, but a nice object with the QR printed on it.

So she can "feel" it, something she could put in her home and show her hosts she now has bitcoins.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Why using brain wallet when you can use HD wallet? Use HD wallet, generate the seed phrase, fund one of the addresses or the addresses of your choice and give the seed phrase as a gift to your mum, telling her how the seed phrase is very important, how to avoid it and her coin not to be stolen and telling her how the seed phrase is the coin that you gave her.

acuriousmind

newbie

Activity: 5

Merit: 8

Hello,

I plan to create a brain wallet by doing the following:

* Create securely a random seed and print its QR code
* Use the https://keybase.io/warp/warp_1.0.9_SHA256_a2067491ab582bde779f4505055807c2479354633a2216b22cf1e92d1a6e4a87.html algorithm with my seed as the password and a classic/human-made/weak password (that my mother can remember) as the salt.
* Instead of using Scrypt, use argon2
* Generate a wallet
* Send some satoshis
* Give the QR code to my mum as a gift

Do you think it is secure enough?

Thanks

Topic: How secure is a brain wallet with a randomly generated password? (Read 154 times)