|
Title: Good idea to salt? Post by: Teubwel on November 26, 2018, 02:17:39 PM Is it general good practice to salt your Electrum seed with for example your e-mail address in the seed extension? Kind of like WarpWallet does?
Title: Re: Good idea to salt? Post by: OmegaStarScream on November 26, 2018, 02:27:31 PM As long as your seed is hidden somewhere safe and the extension word is not written, that should be okay but for better security, I don't suggest using info that can easily be obtained such as birth date, first name, email address, state of residence etc.
Title: Re: Good idea to salt? Post by: bob123 on November 26, 2018, 04:17:23 PM A salt should be somewhat random. So definitely not an email address (which is guessable in like 5 to 10 trials).
Anyways, the math behind the seed words is 'sufficient' (more than safe). You don't really need an additional salt for security reasons. While it doesn't harm you in any way (except maybe for the case where you don't find / forget your salt and cant recover your wallet), it doesn't increase the security of your wallet. It can add plausible deniability, but security-wise it is not necessary. Title: Re: Good idea to salt? Post by: HCP on November 26, 2018, 09:48:59 PM While it doesn't harm you in any way (except maybe for the case where you don't find / forget your salt and cant recover your wallet), it doesn't increase the security of your wallet. As bob123 has pointed out, the maths of the seed words is currently more than sufficient to prevent the seed mnemonic from being brute forced in the first place. So, "salting" is not really necessary from that perspective... But in my opinion, it does offer an increase in security... for one particular scenario. It can add plausible deniability, but security-wise it is not necessary. By adding such a "salt", it means that even if your seed mnemonic is compromised (for instance, your home is burgled and the thief takes the physical backup of your seed mnemonic) your wallet is still "secure", as without the necessary seed mnemonic extension they will be unable to access your 'actual' wallet. It's like 2FA for your seed mnemonic :) Of course, it should go without saying, that the security will only be as good as the passphrase that you use ;) Title: Re: Good idea to salt? Post by: Teubwel on November 27, 2018, 09:36:46 AM The idea was, that an attacker might rainbow-table the N shortest (as in number of characters) seeds. Like WarpWallet, the e-mail salt would mitigate any such broad attack which isn't specifically aimed at a particular person.
Title: Re: Good idea to salt? Post by: bob123 on November 27, 2018, 12:31:37 PM The idea was, that an attacker might rainbow-table the N shortest (as in number of characters) seeds. Rainbow tables can't be applied in this case. There are no 'shortest' seeds. Seeds are randomly chosen. 12 word seeds have an entropy of Rainbow tables can be used when looking for passwords by having large dictionaries with the initial password and the correct hash being stored together. In case of finding hashes, you simply search the dictionary for this hash to find the corresponding password. But since seeds (which are represented by 12-/24- word mnemonic codes) are random, there is no attack surface using rainbow tables. Edited for correctness Title: Re: Good idea to salt? Post by: igor72 on November 27, 2018, 07:01:41 PM 12 word seeds have an entropy of 121 bits (last 7 bits are a checksum) and 24 word seeds have an entropy of 253 bits (last 11 bits are a checksum). Title: Re: Good idea to salt? Post by: bob123 on November 28, 2018, 02:01:31 PM 12 word seeds have an entropy of 121 bits (last 7 bits are a checksum) and 24 word seeds have an entropy of 253 bits (last 11 bits are a checksum). You are right, thanks for pointing it out! Not that i have only assumed 7 (instead of 4) and 11 (instead of 8 ) bit checksum, i have also made a very embarrassing mistake (256 - 11 = 253) ::) Title: Re: Good idea to salt? Post by: HCP on November 29, 2018, 09:54:32 PM Your math still is not correct...
There are no 'shortest' seeds. Seeds are randomly chosen. 12 word seeds have an entropy of 128 bits... they have 4 bits ADDED as a checksum... making them 132 bits long... 12 words * 11 bits = 132 bits.12 word seeds have an entropy of Edited for correctness The table provided in the BIP39 docs show it all: The following table describes the relation between the initial entropy length (ENT), the checksum length (CS) and the length of the generated mnemonic sentence (MS) in words. CS = ENT / 32 MS = (ENT + CS) / 11 | ENT | CS | ENT+CS | MS | +-------+----+--------+------+ | 128 | 4 | 132 | 12 | | 160 | 5 | 165 | 15 | | 192 | 6 | 198 | 18 | | 224 | 7 | 231 | 21 | | 256 | 8 | 264 | 24 | Title: Re: Good idea to salt? Post by: Abdussamad on November 30, 2018, 11:16:06 AM electrum doesn't use bip39. the security of the electrum seed is explained here: http://docs.electrum.org/en/latest/seedphrase.html#security-implications . i honestly don't understand that math.
|