Topic: stringwallet - page 2. (Read 556 times)

they also need backups.
and can be hacked (private key extracted) once the attacker gets his hands in the physical device itself.

The most common recommendation nowadays is to just get a hardware wallet. Which in my opinion offer an excellent combination of security and usability. They are fairly idiot-safe, so to speak



I guess Spendulus refers to using machine learning and / or neural networks trained on English syntax and semantics for creating lists of phrases that are more likely to be used for a brain wallet than others. Seems unviable without a sufficiently large set of existing passphrases to train the network on though.

Also, I would like to say once again that when you say "submit them to brute force attacks using English grammar and a million or so common phrases", you don't really know what you are saying.

I mean "million or so common phrases" - fine, you can probably find "million or so common phrases", from books, magazines, news articles, and films..
But WTF does it mean "brute force attacks using English grammar"? It is a meaningless term. There is no such thing!

How about you try this.

Take 1000 humans, ask each of them to generate some phrase / sentence that will be used for "a password."

Tell them that the sentence may be as long as they like, but you have a very powerful computer that will try to guess the password they came out with.

Also tell them that if the computer will not guess their password in 1 year, but they still remember it, then they will be rewarded with $1000000.

Now, good luck with cracking that!

That's your subjective perception.

Try this view.

Take 1000 humans, ask each of them to generate some phrase / sentence that will be used for "a password."

Now take the results, the 1000 sentences, and submit them to brute force attacks using English grammar and a million or so common phrases. I wager we break 10 within a couple of weeks.

That's unacceptable, right?

Sorry. You're obviously not going to change your dogmatic rhetoric, whilst I am not interested in debating non science on this forum.

sure, I understand that.

but we are abstracting here from the fact that if the "general populace" is bad at creating sufficiently secure passwords, then it is quite likely also bad at securing the copies of their wallet's secret files.

so if they were consistent in heir recommendations, they should basically recommend everyone to stay away form bitcoin. but they don't - they only recommend to not use brain wallets, like it was the very thing that is going to save an idiot from loosing his coins.

No, please try to think through these things.

Your arguments say are A B C.

A is not "ridiculous" because issue is discoverable key, and f() moves the human-phrase from determinable low entropy to high entropy difficult to determine. Yes I can pick method which is simple yet generates huge difficulty. (see EX f() )

B this f() is common knowledge, so an attacker always applies it as part of his algorithm. I refer to an f() which the attacker can only guess at.

C Human phrases are in fact recognized and accepted as bad idea. Time to break these phrases is the proof not opinion

EX f()
Require user of a brain wallet to a four digit base 58 value "c"
To increase entropy of the phases strip spaces from the phrase, than
Apply simple function based on "c" to characters of the brain wallet.

Brute force attack is now 58^4 or 10M times harder. And that's the "best case," where the attacker knew some sort of human-generated brain wallet was used. If attacker did not know that, he's out of luck.

But show me wrong. I'm certainly not expert at this.

Very true.

I'd still argue that this recommendation was aimed at the general populace that is notoriously bad at creating sufficiently secure passwords and passphrases. And I think there's enough evidence for that

yeah.. I've read that "general recommendation" and none of the people who stand behind them is actually able to give me an answer on how exactly would they approach a brute forcing of a complex passphrase - one that is not just a word or a phrase from a dictionary.

they don't give the answer because they don't have any - that's the kind of 'experts' they are.
for me, they are just full of shit - what they do has zero to do with science and 100% to do with their beliefs driven by a subjective perception.

seriously, I am not aware of any hacking tool, or even a serious theoretical paper, that would successfully address a problem of brute forcing original sentences made by a human brain. make an original sentence (one that you can't just google) of ~20 words and I am betting all my bitcoins that no man armed with the fastest computer is going to brute force it before we both die.

if I wanted to crack brain wallets, I'd rather put my effort in finding a way to calculate the EC-private key from the EC-public, rather than try to brute force a creativity (or insanity) of a human brain. the first one not only seems less complex and more straight forward to me, but (most of all) it would then crack all the wallets

I think what Spendulus is referring to is that brainwallets that are derived from human generated passphrases tend to get bruteforced sooner or later. At least those that are purely based on words that can be found in dictionaries and quotes that stem from books and song lyrics.

There are many examples of brainwallets that got swiped by attackers, however it is of course impossible tell what percentage of brainwallets is affected since the total number of brainwallets is unknown. Nonetheless the general recommendation on these forums and other social platforms has been to stay clear of brainwallets (whether justified or not).

that's ridiculous as f() is also produced by human.

Not to mention that in order to get a 256 private key value from the memorable passphrase,  you need some kind of f() anyway.

WTF does it even mean that something 'is recognized and accepted as a bad idea'?
Sounds to me like an argument brought by someone who has no arguments

I think it is good to use some brainwallet but I think it is more good to those people who can grasp easily about their passwords made or the people who have good memories in terms of it. It would be nice if that brainwallet has some hints options so that slow grasp individual can easily manage on the wallet.

Question being, whether a simple obfuscation algorithm that can be done in your head or with a piece of paper is sufficient, as opposed to a computer-supported one. Unless you can mentally sha256

Given the amount of possible simple obfuscation algorithms I guess one can achieve sufficient security without computer support, assuming you don't rely on any well known methods (rot13 anyone?). In other words, this could be a use case where rolling your own "crypto" and security by obscurity might be a good thing.

Although (brain wallet produced by human) --> seed key

is recognized and accepted as a bad idea,

    f(brain wallet produced by human) --> seed key

where f is a easily remembered math procedure such as modulo(x), may form an acceptable key

What does it matter?

However I hardened my passphrase, I'm not going to unharden it now by telling you about this.

Fair enough.

If you don't mind me asking: Do you (a) harden your brainwallet using a script, similar to OP, or do you (b) rely on a technique that you can apply off the top of your head, without relying on a computer? (eg. a long passphrase that is not part of a known body of literature, changing / shifting letters around in a way that can be easily remembered...)

Both make sense when trying to avoid storing data outside your head, but (a) seems more secure while (b) gives you full flexibility regardless of whether you have access to your hardening script.

There is no script for generating a passphrase yet. But I plan to add a simple script which uses aspell to sample 20 or more random words from a dictionary. Four additional words, selected from the 20, will be used as checksum. Security I discussed in my post above.

However, I am not a cryptographer. So beware! I do this for fun and educational purposes. And because I did not find corresponding code I understand.

The idea is actually, that you need no backup!

With a brainwallet in the worst case, you must write the passphrase down. Clearly, you should write it down several times and hide the passphrase at different places. You can even cut the paper into two or more pieces and hide the pieces at different places so that it is unlikely for an attacker to have access to the full passphrase. There are variations of this method which seem more elegant. But everyone can make his/her own thoughts.

It is a pain in the ass to get access to the master key in core. Imho it is much too complex for a simple but secure brainwallet. And if you do not use an HD-Wallet, you have to backup your wallet anyway. But hardware can be lost (on a dump) or the hardware breaks one day. Moreover, one can lose the passphrase for the hardware.

With a brainwallet, the danger of breaking or losing hardware is not existent. Provided the passphrase for the brainwallet is good enough, for a cold wallet, this method seems more secure to me.

There are more passphrases built by 20 words from a dictionary with more than 10.000 words than ECDSA private keys, and assuming that hashing those passphrases several times (> 10.000), distributes the resulting values evenly between 0 and 2^256, this should be secure enough. Especially, since there are only 2^160 adresses, that is many private keys map to the same address anyway.

How safe is it to use brainwallet? Clearly, its helpful but is it that safe? I want to try it too since I have trouble memorizing stuffs.

But its quite crucial specially when you forgot your mnemonic phrase. It cannot be recovered.