Author

Topic: Question regarding SALT in a Brain Wallet (Read 204 times)

jr. member
Activity: 45
Merit: 35
April 22, 2020, 07:30:51 PM
#9
Thank you so much for your replies. 
I am satisfied that I am headed down the right path.
legendary
Activity: 4466
Merit: 3391
Keep in mind that the purpose of salting is to prevent the results of two hashes (or encryptions using the same key) of the same message from being the same. The salt is different for each hash and it does not need to be secret.

For example, suppose that two users have the same password. If the hashed passwords are not salted, then anyone with access to the hashed passwords and who knows one user's password knows that the other user has the same password.

It also prevents an attacker from precomputing hashes of passwords.

To answer your question, a longer salt is better because it increases the attackers search time. But in your case, since the seed is never reused and the entropy already exceeds 256 bits, salting has no benefit. In fact, a simple SHA-256 hash of the seed is sufficient because the entropy of the seed exceeds the maximum entropy of the private key.

https://en.wikipedia.org/wiki/Salt_(cryptography)

edit: added wikipedia entry
full member
Activity: 152
Merit: 100
I just now noticed your vanity address in your tagline.  That is one LONG vanity address!  Do you have access to it?  Again just curious.
No. I do not have a private key to that address.
jr. member
Activity: 45
Merit: 35
I just now noticed your vanity address in your tagline.  That is one LONG vanity address!  Do you have access to it?  Again just curious.
full member
Activity: 152
Merit: 100
Just curious.  Is your username a coin address?  Or did you just make it to look like one?
It is just a randomly generated username.
jr. member
Activity: 45
Merit: 35
Just curious.  Is your username a coin address?  Or did you just make it to look like one?
jr. member
Activity: 45
Merit: 35
Thanks 27QVUTZj8rgZP1.

That is exactly what I was thinking.  I just wanted to be sure.

Thanks again.  Grin
full member
Activity: 152
Merit: 100
So my question is this.  Does the length of the SALT phrase that I add when generating this Brain Wallet really matter?
Considering your password is truly random: No.

Salt will be used like an extension of the password you provided.
jr. member
Activity: 45
Merit: 35
So for the sake of discussion let's say I have the perfect super long super complicated "Seed" or "Password" if you will for a brain wallet.
Based on what I have read it is better to use the "SCRYPT key derivation function" method of creating one rather then the "JAVA script".
So to that end I have downloaded the webpage "brainwallet.io" to run offline for creating my brain wallet. (Please don't post replies about how insecure brain wallets are. This post is not about that subject)

It requires a minimum of one SALT entry in addition to my "Passphrase" (or what I like to think of as my Seed)

My understanding of SALT is that the longer the SALT phrase the better, within a normal "Storing of Passwords Environment".  And I get that the longer the SALT the larger the "rainbow table" would be for an attacker attempting to decode the passwords etc.

But for this Brain Wallet the SALT is not being used to disguise a normal password.  My perfect super long super complicated password is let's just say for arguments sake one million characters long or in other words lets just say long enough to be TOTALLY SECURE.  For the sake of this discussion.

So my question is this.  Does the length of the SALT phrase that I add when generating this Brain Wallet really matter?  The Passphrase is a one time phrase which will NEVER be used as a password in any other project or login that I have associated with my life.  And it is long enough to be totally secure (I'm not interested in debating the security aspect.  For the sake of this discussion let's assume it IS TOTALLY SECURE).

Obviously I must provide one SALT entry in order to create my wallet address per the requirements of the software.  I'm just trying to determine how important the length really is?  Because I'm thinking the additional SALT is not even really necessary and if the Brain Wallet software would allow me to create it without the SALT I probably would.  I'm thinking it doesn't really matter if my "passphrase" IS ACTUALLY SECURE.  Because my understanding is that the SALT increases the security level.  But if the security level is already pegged at the top does it really need to be increased further?

I would be interested in any intelligent commentary on this question by anyone who actually understands SALT and how it works.  I know enough about it to be dangerous.  I'll freely admit that.

Thank you so much in advance for your time and thought on this subject and the effort you have put forth to reply.  It is very much appreciated!  Grin





Jump to: