Pages:
Author

Topic: stringwallet - page 3. (Read 556 times)

jr. member
Activity: 42
Merit: 2
December 31, 2017, 01:32:13 AM
#6
Hi guys,

during christmas I was thinking about a way to produce my own brainwallets. You find the code below

https://github.com/curiosity81/brainwallet.

Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.

A Brain Wallet is the one when user remembers their mnemonic phrase or the private key and never writes it down. That is, all is stored in the brain only for security reasons.

So why have a brain wallet and still write you private key or mnemonic phrase down on a piece of paper?

To me brain wallet is not good because it is difficult to manage in case the user forgets his/her mnemonic paraphrase or private key due to any mishap such as  accidents, brain diseases/ damage or even mental stress, he /she will lose his/her crypto-coins and funds.
legendary
Activity: 2053
Merit: 1354
aka tonikt
December 31, 2017, 01:19:59 AM
#5
Is anyone still using brainwallets in earnest?
yes.

i don't trust stored data to stay secret.
newbie
Activity: 13
Merit: 4
December 30, 2017, 07:56:45 PM
#4
The problem is ultimately that the randomness of a brain wallet is only as good as the randomness of the underlying passphrase i.e. terrible. Humans are not good at making random passphrases, and so the search space for an attacker is massively reduced. Instead of searching through every possibility, using a dictionary to search for common words, etc. would likely lead to cracking the wallet relatively quickly.

Is this better than a single iteration of sha256? Probably. Is this a secure key derivation function in any way? Absolutely not.
legendary
Activity: 2912
Merit: 2066
Cashback 15%
December 30, 2017, 01:06:31 PM
#3
Is anyone still using brainwallets in earnest? I always assumed that anyone that used a brainwallet effectively got robbed by now. Then again, any brainwallet that was sufficiently secure wouldn't be identifiable as such.


[...]
Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.

You'll likely have to use a combination of different hashes in varying rounds (eg., 10x Sha256 => 2x Scrypt => Bcrypt => etc) requiring an attacker to reproduce your exact hashing steps. Let's not forget that anyone who is scanning for brainwallets has a lot of time to do so and thus can account for multiple hashing rounds as well.
legendary
Activity: 1778
Merit: 1070
December 30, 2017, 11:55:11 AM
#2
If you can reproduce your own brainwallet and the string is short or common and only hashed once, then I would recommend, that you move your founds to a new more secure address!!!
legendary
Activity: 1778
Merit: 1070
December 30, 2017, 11:28:22 AM
#1
Hi guys,

during christmas I was thinking about a way to produce my own brainwallets. You find the code below

https://github.com/curiosity81/stringwallet.

Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.

Edit: to prevent confusion, I renamed the project to stringwallet.
Pages:
Jump to: