Author

Topic: Non-random words patterns more vulnerable for attacks? (Read 423 times)

legendary
Activity: 3808
Merit: 7912
A password could be grapes, apples, oranges and pineapples.  A fruit salad is any combination of grapes, apples, oranges and pineapples.  You don't care what order it's in, because it's just a fruit salad!  Now, should everyone's fruit salad be able to open your wallet?  That would be cause for concern.  Order matters.

If any combination of words can be valid - then it makes it harder for brute force your wallet by scanning text files in your hard drive.


 Then perhaps I fail to understand your concern properly.
If you remove the order,  you reduce the complexity and it becomes easier to cracker your passphrase.


   
member
Activity: 73
Merit: 10
A password could be grapes, apples, oranges and pineapples.  A fruit salad is any combination of grapes, apples, oranges and pineapples.  You don't care what order it's in, because it's just a fruit salad!  Now, should everyone's fruit salad be able to open your wallet?  That would be cause for concern.  Order matters.

If any combination of words can be valid - then it makes it harder for brute force your wallet by scanning text files in your hard drive.
legendary
Activity: 3808
Merit: 7912
A password could be grapes, apples, oranges and pineapples.  A fruit salad is any combination of grapes, apples, oranges and pineapples.  You don't care what order it's in, because it's just a fruit salad!  Now, should everyone's fruit salad be able to open your wallet?  That would be cause for concern.  Order matters.

hero member
Activity: 686
Merit: 500
Maybe the phrase has to hash to a key in wallet import format that validates in Base58, so certain phrases don't work?
member
Activity: 73
Merit: 10
With Electrum 2.5.4 I noticed that generated words following certain pattern where order of words matters.

For example " ... word1 word2 word3" pattern is valid, but " ... word1 word3 word2" pattern is not considered as valid - Electrum won't allow to restore wallet like this.

I want to understand why is this so - because if words are sequenced according to certain predefined algorithm - than it is possible for attacker to scan web/computer for "valid" sequences of 12-13 words that might belong to Electrum wallets.

Ideally I want Electrum to allow any order of words to prevent such guessing.
Jump to: