stringwallet - page 3. | Bitcointalksearch.org

hopeAo

jr. member

Activity: 42

Merit: 2

Quote from: curiosity81 on December 30, 2017, 11:28:22 AM

Hi guys,

during christmas I was thinking about a way to produce my own brainwallets. You find the code below

https://github.com/curiosity81/brainwallet.

Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.

A Brain Wallet is the one when user remembers their mnemonic phrase or the private key and never writes it down. That is, all is stored in the brain only for security reasons.

So why have a brain wallet and still write you private key or mnemonic phrase down on a piece of paper?

To me brain wallet is not good because it is difficult to manage in case the user forgets his/her mnemonic paraphrase or private key due to any mishap such as accidents, brain diseases/ damage or even mental stress, he /she will lose his/her crypto-coins and funds.

piotr_n

legendary

Activity: 2053

Merit: 1354

aka tonikt

Quote from: HeRetiK on December 30, 2017, 01:06:31 PM

Is anyone still using brainwallets in earnest?

yes.

i don't trust stored data to stay secret.

colatkinson

newbie

Activity: 13

Merit: 4

The problem is ultimately that the randomness of a brain wallet is only as good as the randomness of the underlying passphrase i.e. terrible. Humans are not good at making random passphrases, and so the search space for an attacker is massively reduced. Instead of searching through every possibility, using a dictionary to search for common words, etc. would likely lead to cracking the wallet relatively quickly.

Is this better than a single iteration of sha256? Probably. Is this a secure key derivation function in any way? Absolutely not.

HeRetiK

legendary

Activity: 2912

Merit: 2066

Is anyone still using brainwallets in earnest? I always assumed that anyone that used a brainwallet effectively got robbed by now. Then again, any brainwallet that was sufficiently secure wouldn't be identifiable as such.

Quote from: curiosity81 on December 30, 2017, 11:28:22 AM

[...]
Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.

You'll likely have to use a combination of different hashes in varying rounds (eg., 10x Sha256 => 2x Scrypt => Bcrypt => etc) requiring an attacker to reproduce your exact hashing steps. Let's not forget that anyone who is scanning for brainwallets has a lot of time to do so and thus can account for multiple hashing rounds as well.

curiosity81

legendary

Activity: 1778

Merit: 1070

If you can reproduce your own brainwallet and the string is short or common and only hashed once, then I would recommend, that you move your founds to a new more secure address!!!

curiosity81

legendary

Activity: 1778

Merit: 1070

Hi guys,

during christmas I was thinking about a way to produce my own brainwallets. You find the code below

https://github.com/curiosity81/stringwallet.

Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.

Edit: to prevent confusion, I renamed the project to stringwallet.

Topic: stringwallet - page 3. (Read 556 times)