Pages:
Author

Topic: ⚡ LIST ⚡ FOSS Brainwallets - page 3. (Read 9725 times)

hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 31, 2015, 10:59:21 PM
#13
UPDATE #1 of year 2015.

The ranking calculation has been changed.

Brainwallets that don't support Salt have been penalized.

Brainwallets that support KDF get different points according to the type implemented.

Multigenerators (Brainwallets, paper wallets and multisig: all-in-one) get weighted so we can compare every generator easily and fairly.

Github numbers are now "square rooted".

List updated and scores upgraded as well.

New changes may apply soon...

Keep up the good work all developers and programmers!
member
Activity: 105
Merit: 59
August 31, 2015, 10:13:50 AM
#12
coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?

You realise that bitaddress.org also uses the same brain wallet algorithm as coinb.in, so I'm not sure why its been singled out.

bitaddress.org should also remove the brainwallet option, but it does at least require a minimum of 15 characters and warns about cracking/theft.

That being said, the next version will allow the user to select a bunch of different algorithms.

This is possibly an unpopular opinion, but offering a bunch of security choices that most people don't really understand isn't actually a good thing. What I would suggest is using WarpWallet's scheme with the salt *required* and a strong recommendation that a random passphrase be used (provide a generator). You could also provide a "classic brainwallet" option with a warning that makes it clear that it's very weak and should only be used to sweep old brainwallets.

Also what third party JavaScript? Google analytics? If that actually puts you and others off I'll remove it.

*edit*: removed analytics.

Yes, I was talking about Google Analytics. If I were a bad person and could get one SSL certificate for any site of my choosing, it would be Google Analytics - it's a super high value target because of how widely used it is.

Cloudflare is also a tremendously high value target, but I doubt arguing against it would get very far.
hero member
Activity: 714
Merit: 601
August 31, 2015, 05:59:43 AM
#11
coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?

You realise that bitaddress.org also uses the same brain wallet algorithm as coinb.in, so I'm not sure why its been singled out. That being said, the next version will allow the user to select a bunch of different algorithms.

Also what third party JavaScript? Google analytics? If that actually puts you and others off I'll remove it.

*edit*: removed analytics.
member
Activity: 105
Merit: 59
August 31, 2015, 12:22:52 AM
#10
Any further suggestions?

Prominently mention that it's a really bad idea for people to come up with passphrases themselves and link to diceware. At least eight words.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 30, 2015, 09:12:37 PM
#9
Regarding KDFs, I would score them on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt. I would be very surprised if someone made ASICs to try to crack Bitcoin keys generated via brainwallet or otherwise due to very large (well over a million dollars) one time costs. GPUs are likely, FPGAs may be difficult due to memory requirements.

Helpfulness of KDFs is also a little unusual because the public key computations themselves take a bit of work. For example, PBKDF2 with 64 rounds would only double the cracking cost vs a classic brainwallet.
I guess we'll adopt your approach in some way: "score them (KDFs) on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt".

I'll just need some time to think about a fair way in order to compare different types of KDFs (scrypt, bcrypt, PBKDF2) and their respective "spot instance cracking cost" or some estimation of those values.

Any further suggestions?
member
Activity: 105
Merit: 59
August 30, 2015, 12:44:17 PM
#8
Regarding KDFs, I would score them on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt. I would be very surprised if someone made ASICs to try to crack Bitcoin keys generated via brainwallet or otherwise due to very large (well over a million dollars) one time costs. GPUs are likely, FPGAs may be difficult due to memory requirements.

Helpfulness of KDFs is also a little unusual because the public key computations themselves take a bit of work. For example, PBKDF2 with 64 rounds would only double the cracking cost vs a classic brainwallet.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 30, 2015, 05:47:32 AM
#7
With regard to the generators purses question. Where is the guarantee of key generation, the developer does not receive access to the private key?

In fact there's no guarantee at all. They're all free of warranty as you'll notice at their websites.

As a pratical measure, the guarantee is the open-source code that is accessible to you to review it so that you can be assured that the app runs client-side only and is expected that you will be a smart guy that will run it offline in an air-gapped machine and will come up with VERY GOOD security measurements.

Doing that way (respecting all security procedures), developer won't have access to your (offline) generated private keys.
legendary
Activity: 2156
Merit: 1132
August 30, 2015, 05:12:30 AM
#6
With regard to the generators purses question. Where is the guarantee of key generation, the developer does not receive access to the private key?
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 30, 2015, 04:45:22 AM
#5
coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?
I PMed the author of coinb.in some days ago and I'm still waiting for some answers about that project.

I also think that rating based on the number of KDFs combined does not make sense. You need to take the work factors into account.

Yes, in fact I thought it was awkward adding pts by combining KDFs types by the time I first generated the Table's 1st version (I was so asleep at that time lol).

1st idea: For brainwallets I guess I'll add some pts for using different types of KDF according to their resistance to ASIC and GPU attacks. Maybe something like:

PBKDF2 = 20pts

bcrypt = 30pts

scrypt = 50pts

2nd idea: And maybe we could add some additional pts for some additonal KDF algo iteration and/or extra rounds (over those recommended by standards).

P.s. for this one, I'll need some deeper research and estimate what are the standard numbers (of rounds/iterations of scrypt, bcrypt and PBKDF2) used to protect from brute-force attacks today and I'll estimate safer (higher) numbers considering the increase in brute-force attack strenght (GPU + ASIC) in the next (at least) 5 to 10 years. (BTW Do you have any numbers - for scrypt, bcrypt and PBKDF2 - in mind?)

The list is gonna change soon to reflect those changes...

Thanks for your comments, I really appreciate it.
member
Activity: 105
Merit: 59
August 29, 2015, 04:48:31 PM
#4
I also think that rating based on the number of KDFs combined does not make sense. You need to take the work factors into account.
member
Activity: 105
Merit: 59
August 29, 2015, 04:12:19 PM
#3
coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 28, 2015, 02:22:48 AM
#2
⚠️ WARNING ⚠️ YOU MUST READ THIS BEFORE MESSING WITH BRAINWALLETS!

⚠️ About passwords: DO NOT use obsolete methods (weak passwords) for wallet protection. Spend some time educating yourself about Password/Passphrase strength, Entropy as a measure of password strength and the importance of randomness when generating passphrases. Due to brute-force attack unstopable and increasing power & Moore's law, simple password protection is getting obsolete. Remember: you're your own bank, apply some pro-security mesures to protect your coins. Info: http://blog.codinghorror.com/passwords-vs-pass-phrases/ & https://www.random.org/

⚠️ About random passphrases: DO NOT create passphrases thinking that you (a human) can be naturally very random and generate good bits of entropy by your own will. Humans tend to be predictable in their behavior and in their actions (and reactions). Idioms and languages - which words are used most of the time as passphrases - are structured in a logical and sequential way. i.e. no randomness in any way. What I'm trying to explain here is that: "it's really a bad idea for people to come up with passphrases themselves". Suggestion: use Diceware. Use (at least) a group of twelve words.

⚠️ About brainwallets: DO NOT use brainwallets which run fast hash functions (MD5, SHA family etc.) in order to hash your passphrase and for key pair creation. Avoid them! They are widely recognized as insecure and vulnerable to GPU brute-force attacks! You'd better choose those versions that use more secure methods such as Salt + Key Derivation Function e.g. scrypt, bcrypt, PBKDF2 and Argon2. And if you're a newbie, don't use brainwallets at all! Just remain safe with your paper wallets. Further info: http://blog.codinghorror.com/speed-hashing/ & https://rya.nc/cracking_cryptocurrency_brainwallets.pdf

⚠️ About change addresses: DO make sure you fully understand how change addresses work when dealing with brainwallets and paper wallets while spending your coins. When used correctly, change addresses help increasing privacy of cryptocurrencies. But also with this capability comes the potential for loss and theft when its use isn't completely understood. "To avoid potentially costly mistakes, familiarize yourself with change addresses and how your wallet software implements them". Beware while importing your single address' private key on different wallet softwares: "wallet developers can implement this feature in a number of ways". "Learn how to prevent and Recover from Change Address Disasters" reading this excellent article: http://bitzuma.com/posts/five-ways-to-lose-money-with-bitcoin-change-addresses

⚠️ About use of applications: DO NOT generate wallets neither addresses when conected to the Internet. Download the app, review the code, check the file's hashsum in order to verify it's the original file, only work with it in an air-gapped machine (use a Live Operating System) and never touch the net while doing it. Before sending funds to an address, it is recommended that you first check for compatibility of addresses generated by those apps by importing some of their private keys into the official (and most popular unofficial too) client. This can be done most of the time through the debug console using the "importprivkey" command. If you are able to successfully import keys, the tested generator/app is compatible.

⚠️ About security paranoia: DO NOT consider yourself an InfoSec expert. If you think your coins are safe because you have an "ultimate unbreakable encryption scheme", you'd better think twice: https://xkcd.com/538/
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 28, 2015, 02:20:20 AM
#1
Cataloging FOSS Brainwallets since 2015. Last Update: July, 2024

BRAINWALLETS: awesome tools have been created all those past years by skilled developers and by a community of dedicated volunteers. So I decided to create this list as reference of research and development. i.e. cryptocurrency users and all related community might benefit from that. Be warned: don't risk your funds recklessly using brainwallets (don't risk coins if you don't fully understand what you're doing). This list is for research and development purposes only!

WHAT IT IS: Brainwallet ← click to learn the basics about it.

If you think your project should be listed here, PM me. Requirements for participants:

1st) The project must be (primarily) a Brainwallet for cryptocurrencies or crypto-assets;

2nd) The project must be open-source;

3rd) The project's code must be available at https://github.com

4th) The project must not be just an identical clone version of a previously available original app (it must have - at least - one reasonable innovation or add-on built-in).

All parameters here are subject to change, this is a work in constant progress...

If you've got an idea, share it with us!

This is not meant to be an exhaustive list, just a compilation of similar projects and source of data for the community about development of those mentioned tools.

⚠️ IMPORTANT STATEMENT: This List is offered without any warranty whatsoever; we do not guarantee the ideal operation or funcionality of no tool nor app mentioned here. No professional code auditing were performed by us. If you lose your coins using one or any of those tools, we are not to be blamed and we're not responsible for it. We'd be very sorry, but we cannot help you about that. Cryptocurrencies are new stuff yet, so many experiments are still in early stages. We also cannot guarantee any member's reliability and that your coins will be 100% safe 100% of the time (even in the future). This is just a simple list for didactic purposes only. Due diligence, research, revision, and auditing is still necessary. Be smart and DO YOUR OWN RESEARCH - DYOR! Use those tools/apps at your own risk!

Note one: please read and pay attention to the above statement and don't ever post here something like “Someone stole my coins because my password was 'password123456'”

Note two: please support those projects donating some coins.

Brainwallets:

Bitgen: software that generates bitcoin addresses from a given or generated random number. Some features: The output is saved as a ps file that can be converted to pdf; The private key can be generated by the following inputs: Hex number; Dice random numbers (1-6); Brainwallet (uses Argon2d as KDF + custom salt input method supported); Hash input; Computer generated pseudorandom key (/dev/random); Bulk; Mnemonic. It also supports: Bitcoin mini private keys; Invoice generation; Hierarchial pseudorandom generation; Vanity address generation. Support for split wallets using one-time-pads also available. Author: bit22gen. Website: http://bitgen.org/. Forum thread: https://bitcointalksearch.org/topic/bitgen-tool-for-addresses-signatures-encryption-and-transactions-1107927. GitHub Repository: N/A.

brainwallet.io: Deterministic bitcoin address generator. Address generation takes place in your browser, and no information is ever sent to server. Some features: Brain Wallet, word list for pseudorandom passphrase generation, passphrase generation by file hashing, uses scrypt as Key Derivation Function (KDF), custom salt input method supported. Author: Daniel Routman < r o u t m a n @ p r o t o n m a i l . c h > < d a n i e l @ n c r y p t . o r g > aka unchi. Forum thread: https://bitcointalksearch.org/topic/--1160038. GitHub Repository: https://github.com/routman/brainwallet.io

MemWallet: It is a deterministic cryptocurrency address generator, like WarpWallet, but it works for Ethereum, Litecoin, Monero and Bitcoin. You never have to save or store your private key anywhere. MemWallet is a re-implementation of WarpWallet, but it works for other currencies. WarpWallet and MemWallet use the same algorithm, so WarpWallet and MemWallet will generate the same Bitcoin address for a given Passphrase and salt. Author: David Bengoa http://bengoarocandio.com Website: https://dvdbng.github.io/memwallet Forum thread: N/A. GitHub Repository: https://github.com/dvdbng/memwallet

MindWallet: A wallet generator based on memwallet for bitcoin, ethereum, monero and litecoin using argon2 instead of scrypt. MindWallet is a deterministic cryptocurrency address generator heavily based on MemWallet but using argon2 instead scrypt as hashing function, it's like WarpWallet, but it works for Ethereum, Litecoin, Monero and Bitcoin. Some features: implementation of MindWallet in JavaScript and Go. It makes use of Argon2i and PBKDF2 as KDF making it more brute-force attack resistant. Author: Patrick Aljord @patcito < p a t c i t o @ g m a i l . c o m >. Website: https://patcito.github.io/mindwallet. Forum thread: N/A. GitHub Repository: https://github.com/patcito/mindwallet

monero-wallet-generator: Deterministic Monero address generator. Address generation takes place in your browser, and no information is ever sent to server. Some features: Brain Wallet, custom entropy for deterministic wallet, mnemonic seeds available in EN, JP, EO, ES, and JP. Made by moneromooo, based on code from MyMonero. Author: moneromooo. GitHub Repository: https://github.com/moneromooo-monero/monero-wallet-generator

Nowallet: This project is a secure Bitcoin brainwallet app that will ultimately be meant for desktop and mobile platforms. NOWALLET is written in Python, it uses Electrum servers on the back end, and communicates exclusively over Tor. It uses a variant of the 'WarpWallet' technique for key derivation, rather than the typical, highly insecure method that your average brainwallet uses. Full native and P2SH SegWit address support. You will only need to remember an email address and passphrase combination, rather than an entire 24 word mnemonic seed. Main features: Easy and intuitive Material Design based UI; Full SegWit support out of the box; Smart fee estimation and custom fees; Replace by Fee support, on by default; Live exchange rates and block explorer integration Author: Marc D. Wood @metamarcdw < m a r c d w 8 7 @ g m a i l . c o m >. Website: https://www.nowallet.org. Forum thread: N/A. GitHub Repository: https://github.com/metamarcdw/nowallet

PortalWallet A fork of WarpWallet that adds support to also generate BIP39 Mnemonic sentences and BIP32 extended public/private keys for easy import into any supporting wallet software. Author: Logicwax. Website: N/A. Forum thread: N/A. GitHub Repository: https://github.com/Logicwax/PortalWallet

WarpWallet (GUI): is a deterministic bitcoin address generator that adds two improvements: WarpWallet uses scrypt KDF to make address generation both memory and time-intensive. And you can "salt" your passphrase with your email address. Some features: it makes use of scrypt and PBKDF2 as KDF making it more brute-force attack resistant. Author: Maxwell Krohn < t h e m a x @ g m a i l . c o m > and Chris Coyne < c c o y n e 7 7 @ g m a i l . c o m >. Website: http://keybase.io/warp. Forum thread: N/A. GitHub Repository: https://github.com/keybase/warpwallet

WarpWallet (CLI): a fork from WarpWallet written in Go ready to run on terminal (CLI). Author: moncho Website: N/A. Forum thread: N/A. GitHub Repository: https://github.com/moncho/warpwallet

Related projects:

BIP39 Tool (iancoleman's): JavaScript Client-Side implementation of the BIP 39 'Mnemonic code for generating deterministic keys' proposal. This tool can be downloaded and used offline in an air-gapped machine. User may supply his own source of entropy (accepts binary, base 6, 6-sided dice, base 10, hexadecimal, cards) for mnemonic phrase creation. User may also decide to protect his keys with password/passphrase. Mnemonic passphrase available in several languages. Hierarchical Deterministic Wallets generators also implemented for Bitcoin, Bitcoin Cash, Ethereum (and all ERC20 tokens), Litecoin, Dogecoin, Dash, Peercoin, Namecoin and others. Author: mav. Website: https://iancoleman.io/bip39/. Forum thread: N/A. GitHub Repository: https://github.com/iancoleman/bip39.

python-mnemonic: Python implementation of the BIP 39 'Mnemonic code for generating deterministic keys' proposal. User may supply his own source of entropy for mnemonic phrase creation. Mnemonic passphrase available in several languages. This CLI tool can be used offline in an air-gapped machine. It might also be automated using shell scripts. In many Linux distros there's no need to install anything in order to use this (i.e. It's like iancolemans's tool but for CLI use) • Author: trezor.io • Website: https://pypi.org/project/mnemonicForum thread: N/A • GitHub Repository: N/A

Border Wallets: A poweful way to quickly memorise and easily recall Bitcoin seed words. Border Wallets solve a problem faced by many Bitcoiners; how to quickly, easily, securely and reliably memorise 12 or 24 (or more) seed words. The idea draws on a concept known as the Picture Superiority Effect, and employs the use of user-generated patterns applied to a randomised map of (BIP-39 compliant) seed words - offline, in a secure, air-gapped setting. The creation of Bitcoin, and Improvement Proposals such as BIP39, have transformed our ability to store and transport value over space and time. However, in the case of people who struggle to maintain their property rights in the physical domain, or who move around a lot, paper or even steel backups can present storage and transportation challenges. By making the process of creating and memorising secure Bitcoin Wallets more simple and robust, people and families can now carry their wealth in their heads using a combination of attack-tolerant Entropy Grids or Deterministic Recovery Phrases and memorable patterns that only they know. Contrast this with the problems and risks presented with any one individual carrying a written seedphrase backup and it should become reasonably clear that the protections offered by Entropy Grids and Border Wallets give a higher degree of transportability, security and recovery assuredness. For Bitcoin, Border Wallets and Entropy Grids offer new applications and solutions for Bitcoin cold storage and transportation, legacy ownership transfers, gifting, 3rd-party custody assistance and, most obviously, border crossings. Sparrow Wallet’s Border Wallets integration available! Author(s): MTC & SuperPhatArrow. Website: https://www.borderwallets.com. Github Repository: https://github.com/microchad/borderwallets

brainflayer: is a Proof-of-Concept brainwallet cracking tool that uses libsecp256k1 for pubkey generation. It was released as part of a DEFCON 23 talk about cracking brainwallets. Some features: it does ~130k guesses/second (as per 2015). Good tool to test your brainwallet security. Author: Ryan Castellucci aka ryanc. Website: https://rya.nc/defcon-brainwallets.html. (Unofficial) Forum thread: https://bitcointalksearch.org/topic/why-im-releasing-a-brainwallet-cracker-at-defcon-23-1147035. Paper: https://rya.nc/cracking_cryptocurrency_brainwallets.pdf. Video: https://rya.nc/b6. Github Repository: https://github.com/ryancdotorg/brainflayer

PassGuardian: Store and share your secrets (Secret Sharing) safely by splitting them into cryptographically-secure pieces. To reconstruct the original, combine a specific number of these pieces. PassGuardian is built on secrets.js, an open-source implementation of Shamir's secret sharing scheme. Some features: All computations are done in your browser. No secrets or secret shares are ever transmitted back to servers. Once the PassGuardian page is loaded in your browser, it can be run offline. Author: Alexander Stetsyuk < a l e x @ p a s s g u a r d i a n . c o m > aka amper5and. Website: passguardian.com. Forum thread: https://bitcointalksearch.org/topic/ann-passguardiancom-client-side-threshold-secret-sharing-142875. GitHub Repository: https://github.com/amper5and/secrets.js/tree/gh-pages
Pages:
Jump to: