|
Title: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on October 10, 2013, 06:04:22 PM NoBrainr is a little command-line tool that is meant to do only one thing: easily create secure offline addresses with strong yet easy-to-remember private keys, suitable for brain wallets and paper wallets (cold storage.)
Quote Classic 7-word mode: Wed 11/20/2013 1:23:27.40> nb_create 1J8QaLPakjqd2yUraHwcehmqnjMgCfiy49 == cream lift usher sliver flux poses husk Wed 11/20/2013 1:23:29.12> nb_create 15iKriJFiNUYwfdUyQ2UPTD9e5EAFDgcus == runes scold ghetto clicks ditch rafts panda Wed 11/20/2013 1:23:30.89> nb_create 1M8uEahVymjwQNquCHnEYN1dCAcHL31dsi == dice barks green pitch tamper snowy cost Wed 11/20/2013 1:23:32.71> nb_create 1G2YmiFZmhrQvvCPapTSXLoXF6Dm6FVWSm == fonts night lab! canon atop dx madly Physical-dice (uber-paranoid) mode: Wed 11/20/2013 1:25:59.23> nb_create 56231 15421 11454 23665 42325 66242 15524 17nBfyTPeDHZcLXToxCYvLXQXKxJzd8ULj == taint burma aha easy mj prayer well! Main features: - makes strong AND easy-to-remember passphrases (bit strength can easily be modified, if needed) - 100% open source and SHORT source code (as in, less than 1024 bytes!) - extremely easy to review - runs 100% offline (standard Python 2.x) - supports 2 generation modes: from /dev/urandom OR physical dice! - cross platform: successfully tested on Windows, Linux, OS X, Android and Raspberry Pi Note: For high amounts, it is strongly recommended to print and save a copy of the passphrase in a secure place (such as a personal or bank vault), to mitigate the risk of forgetting your passphrase after a few months/years. Downloads on our web page: http://trax.x10.mx/ Hopefully this will help people create safer brainwallets. Feel free to suggest any improvements. Also, any tips/donations are welcome and will encourage further script and wordlist updates. Thanks! Donation address: 1111127SpvabYpoeDoiz5L7QPkfiSh2Q Credits: Idea and implementation: svenfaw Packaging and distribution: flatfly Portions of code: jeromes Title: Re: NoBrainr - a simple and strong brainwallet generator Post by: virtualmaster on October 10, 2013, 10:35:38 PM NoBrainr is a new little tool to create hack-proof brainwallets. I will try it. ThanksMain features: - makes 90-bit strong easy-to-remember passphrases - 100% open source - cross platform Hopefully this will help people create safer brainwallets. More details and downloads at the my web page: http://trax.x10.mx/ We'd love to have some feedback, so Feel free to play with it, review it and suggest any improvements. Title: Re: NoBrainr - a simple and strong brainwallet generator Post by: flatfly on October 11, 2013, 09:13:57 AM V1.03 is out, fixing the line endings issue (OSX, Linux) reported on Reddit, and a minor edge case.
Title: Re: NoBrainr - a simple and strong brainwallet generator Post by: Abdussamad on October 11, 2013, 09:29:12 AM The word list could use some improvement. It has letters and symbols in it too.
Title: Re: NoBrainr - a simple and strong brainwallet generator Post by: flatfly on October 11, 2013, 12:05:26 PM The word list could use some improvement. It has letters and symbols in it too. The word list is based on the standard diceware word list. Take a look at their FAQ: http://world.std.com/~reinhold/dicewarefaq.html#meaningless Keep in mind the major benefit of a xkcd/diceware-like approach is to generate passphrases with constant and guaranteed bit strength (which we view as a very important feature. ) We have tweaked the word list a little bit, removing some of the most offensive or least common words. Title: Re: NoBrainr - a simple and strong brainwallet generator Post by: favdesu on October 11, 2013, 12:11:13 PM so, did someone review the source code yet? this looks really promising :D
Title: Re: NoBrainr - a simple and strong brainwallet generator Post by: flatfly on October 11, 2013, 12:18:27 PM so, did someone review the source code yet? this looks really promising :D Thanks. Some people looked at it on Reddit, but I would certainly encourage more users and experts to review/test/hack the hell out of it! The great thing is that the source code is really short, and uses only standard Python libraries, making it extremely easy to review and trust. Title: Re: [ANN] NoBrainr - a super-simple, hackproof offline brainwallet generator Post by: Abdussamad on October 11, 2013, 12:43:12 PM The word list could use some improvement. It has letters and symbols in it too. The word list based on the standard diceware word list. Take a look at their FAQ: http://world.std.com/~reinhold/dicewarefaq.html#meaningless Keep in mind the major benefit of a diceware-like approach is to generate passphrases with guaranteed, constant, and easy-to-calculate bit strength. We have tweaked the word list a little bit, removing some of the most offensive or least common words. Ok you are right. Good work. I'll try this script out in a VM when I get the chance. Title: Re: [ANN] NoBrainr - a super-simple, hackproof offline brainwallet generator Post by: viriat0 on October 11, 2013, 03:58:39 PM good work
Title: Re: [ANN] NoBrainr - a super-simple, hackproof cold brainwallet generator Post by: favdesu on October 11, 2013, 04:50:14 PM run it in a sandbox and it works.
but I'm missing some sort of manual - like how to create it (some people have no idea how to use the shell) and how to use a brain wallet in general Title: Re: [ANN] NoBrainr - a super-simple, hackproof cold brainwallet generator Post by: Patel on October 13, 2013, 04:51:52 PM Is nb_create the only command? Can you create your own passphrases and it generates the private and public key?
Anyways, excellent tool I like it Title: Re: [ANN] NoBrainr - a super-simple, hackproof cold brainwallet generator Post by: flatfly on October 13, 2013, 06:36:25 PM Is nb_create the only command? Can you create your own passphrases and it generates the private and public key? Anyways, excellent tool I like it Thanks! At this stage, there is only one command. I like little apps that do only one thing but do it properly. The reason why it doesn't let you select your own passphrase but generates it using a secure RNG is that humans are generally quite bad at choosing high-entropy AND easy to memorize passphrases. This is why people have been repeatedly burned while playing with brainwallets. This tool helps you stay on the safe side. That said, if you are a developer, it is very easy to modify the source code of NoBrainr to make it generate brainwallets based on passphrases of your choosing. However we generally don't want to encourage that, especially as most new users don't have a proper understanding of password entropy. Title: Re: [ANN] NoBrainr - a super-simple, hackproof cold brainwallet generator Post by: dserrano5 on October 13, 2013, 07:22:32 PM I thought this would be a FAQ but my searches turn out empty.
Code: $ python NoBrainr.py I tried to stick a couple of lines to the beginning of the script to reuse electrum's version of ecdsa: Code: import sys To no avail: Code: $ python NoBrainr.py I see a couple of python-ecdsa modules in github. Is one of them the correct one? Isn't there a central repository of python modules a la Perl's CPAN? Title: Re: [ANN] NoBrainr - a super-simple, hackproof cold brainwallet generator Post by: flatfly on October 13, 2013, 09:12:40 PM Could you try 'sudo pip install ecdsa'?
I will try to add a little FAQ on the website as time permits. Title: Re: [ANN] NoBrainr - a super-simple, hackproof cold brainwallet generator Post by: dserrano5 on October 14, 2013, 10:50:51 AM Could you try 'sudo pip install ecdsa'? Thank you, that did it. Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold generator in 1024 bytes Post by: flatfly on October 15, 2013, 07:59:53 PM A new release (1.043) is now available.
The code is even shorter (999 bytes!), and dozens of entries in the wordlist have been updated with more intuitive words. Reminder: Linux and Mac versions require the latest release of the ecdsa library: sudo pip install ecdsa Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: flatfly on October 16, 2013, 09:39:38 PM PGP signatures for the current version:
Windows executable (v1.043): -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQBSXwYq0dQqIfkZdf4RAiUUAJ475BKvisVtIVubg2DIYkrdexE+7ACgoL4Q S/jRzIjS2CB+9SFYH4nqnDA= =t1Jq -----END PGP SIGNATURE----- NOBRAINER.PY signature (v1.043): -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQBSXwb00dQqIfkZdf4RAt/8AJsE5Jdnpr152n4puikNOAjTUhBdNwCfcZAW uglVEY6LH99BGoSPrTk0Dlw= =JUcE -----END PGP SIGNATURE----- Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: Luke-Jr on October 18, 2013, 09:54:47 PM - makes 90-bit strong and easy-to-remember passphrases (this can be modified if needed) Contradiction? How is 90-bit strong when the norm is 256-bit?And usually "easy-to-remember" and "strong" are inherently opposites... Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: flatfly on October 18, 2013, 10:29:16 PM - makes 90-bit strong and easy-to-remember passphrases (this can be modified if needed) Contradiction? How is 90-bit strong when the norm is 256-bit?And usually "easy-to-remember" and "strong" are inherently opposites... Well, what's the point of using 256-bit passwords? Of course there is always a trade-off between "easy-to-remember" and "strong". A 90-bit passphrase, *IF* randomly generated (as this script is doing), has NEVER been cracked and it will most likely not be in our lifetimes. Sure, 256-bit is nicer, but completely overkill in the context of password strength, and who would be able to remember it on the long run? I would be happy to be proven wrong on this choice, and remain open to discussion. Of course the paranoid can always tweak the script to generate even stronger passphrases. But I think 99.99% of brainwallet users would be extremely safe with a standard 7-word NoBrainr passphrase. EDIT: A relevant quote from the Diceware FAQ that I like is: "Of course, if you are worried about an organization that can break a seven-word passphrase, there are a number of other issues you should be concerned with -- such as how well you pay the team of armed guards that are protecting your computer 24 hours a day." Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: flatfly on October 22, 2013, 08:21:06 PM Could someone with a Raspberry Pi try it out and let me know if it works fine? That would be great.
Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: riplin on October 22, 2013, 08:46:50 PM Code: random.SystemRandom().randrange(0,len(words)) Given all the recent discussions about compromised randomisers, it would be wise to do some form of whitening on the output. Feeding it through HMACSHA256 with a random key and input of, say another 256 bits of data is pretty strong. Title: . Post by: KenKaniff on October 23, 2013, 05:55:47 AM .
Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: jago25_98 on October 26, 2013, 10:39:48 PM Code: [user@localhost bin]$ python NoBrainr.py Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: knowitnothing on October 27, 2013, 12:47:44 AM Code: [user@localhost bin]$ python NoBrainr.py Your python-ecdsa is too old (more than 1 year old), check out https://github.com/warner/python-ecdsa for the latest version. Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold generator in 1024 bytes Post by: knowitnothing on October 27, 2013, 02:14:40 AM An new release (1.043) is now available. The code is now even shorter (999 bytes!), and dozens of entries in the wordlist have been updated with more intuitive words. Reminder: Linux and Mac versions require the latest release of the ecdsa library: sudo pip install ecdsa If you are interested in keeping it even shorter, here is a cooler version at 888 bytes: Code: import random,ecdsa,binascii,hashlib It is possible to make it even shorter (ignoring renaming stuff to single letters or other meaningless names) by using from binascii import * and building the address in a single line. Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: TheButterZone on October 27, 2013, 03:07:11 AM OSX 10.6.8
$ sudo pip install ecdsa Password: sudo: pip: command not found $ Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: gmaxwell on October 27, 2013, 03:22:29 AM I'm unhappy with the subject line describing this as "hack proof", it's strictly weaker than other similar systems. (E.g. what electrum does)
Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: flatfly on October 27, 2013, 06:32:30 AM I'm unhappy with the subject line describing this as "hack proof", it's strictly weaker than other similar systems. (E.g. what electrum does) Well for all practical purposes 90-bit real entropy does effectively prevent bruteforcing. IMHO, it is unlikely to be cracked in our lifetimes. If someone would like to do the math once again, they are welcome. Sure Electrum uses 128-bit seeds, but at the expense of having to remember 12 words (versus only 7 here) while providing little extra benefit *in practice* (from a security point of view) Also, if needed, one could just change 'range(7)' into 'range(10)' in the code and instantly higher bit strength than Electrum (130 bits.) Still, I may change the title to 'bruteforce resistant' or 'lifetime secure' if you prefer. Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: flatfly on October 27, 2013, 10:05:11 AM OSX 10.6.8 $ sudo pip install ecdsa Password: sudo: pip: command not found $ You probably need homebrew: http://brew.sh Then, at a prompt: "brew install pip" Title: Re: [BRAINWALLETS] NoBrainr - a secure cold wallet generator in 1024 bytes Post by: flatfly on November 02, 2013, 10:47:43 PM Release 1.047 (http://trax.x10.mx/) is ready!
Release notes: - greatly improved word list - generates CONSTANT strength passphrases, regardless of the character length (actually, this is not new - just a reminder!) - a secondary script has been added, which can be used to perform basic integrity checks on the word list - path issues have been fixed in the windows version https://i.imgur.com/X2avMsk.png Title: Re: [BRAINWALLETS] NoBrainr - a secure cold wallet generator in 1024 bytes Post by: flatfly on November 04, 2013, 06:43:57 PM OK, just something that may interest the most paranoid among us: the next version will also support a PHYSICAL entropy source (guess which... here's a hint: 6**5 ;)), and will still be under 1024 bytes!
Title: Re: [BRAINWALLETS] NoBrainr - a secure cold wallet generator in 1024 bytes Post by: Five Points on November 05, 2013, 06:47:42 AM At the risk of sounding like a complete dumbass: couldn't a hacker create a rainbow database with all of these brainwallet combinations, and see which ones are filled with dough?
Is it inconceivable that the hacker will be successful in finding BTC in some of his computer generated brainwallet phrases? Title: Re: [BRAINWALLETS] NoBrainr - a secure cold wallet generator in 1024 bytes Post by: flatfly on November 05, 2013, 07:20:00 AM At the risk of sounding like a complete dumbass: couldn't a hacker create a rainbow database with all of these brainwallet combinations, and see which ones are filled with dough? Is it inconceivable that the hacker will be successful in finding BTC in some of his computer generated brainwallet phrases? Hi, I'm responding from my phone, so sorry for the short answer, but basically the passphrases produced by NoBrainr are each guaranteed to be above 90-bit strong, which makes any brute-force attack (including rainbow tables) prohibitively expensive - think billions of dollars and centuries to crack one passphrase, even for massively distributed supercomputers or botnets. In my view, higher bit strength in this case is overkill, but the paranoid can further increase the bit strength by changing one line in the code, or even use physical entropy as input (more on that soon!) Title: Re: [BRAINWALLETS] NoBrainr - a secure cold wallet generator in 1024 bytes Post by: Five Points on November 05, 2013, 07:41:41 AM At the risk of sounding like a complete dumbass: couldn't a hacker create a rainbow database with all of these brainwallet combinations, and see which ones are filled with dough? Is it inconceivable that the hacker will be successful in finding BTC in some of his computer generated brainwallet phrases? Hi, I'm responding from my phone, so sorry for the short answer, but basically the passphrases produced by NoBrainr are each guaranteed to be above 90-bit strong, which makes any brute-force attack (including rainbow tables) prohibitively expensive - think billions of dollars and centuries to crack one passphrase, even for massively distributed supercomputers or botnets. In my view, higher bit strength in this case is overkill, but the paranoid can further increase the bit strength by changing one line in the code, or even use physical entropy as input (more on that soon!) Thanks for the speedy reply, appreciate it. I have been getting hammered for favoring brainwallets lately. I have proposed inventing my own language and coming up with a passphrase that way, which has been deemed as a terrible idea. So please forgive me for displaying shock at your seven plain-English word phrases. The general feedback I seem to get from the naysayers is that it is folly to have the computer generate a passphrase for you, and use that generated passphrase for a brainwallet. The only appropriate solution that has been offered is to play with some dice, and only to generate the the private keys at that. If your brainwallets are indeed actually safe, I would rather go with brainwallets than roll dice for just private keys each time. Title: Re: [BRAINWALLETS] NoBrainr - a secure cold wallet generator in 1024 bytes Post by: flatfly on November 05, 2013, 08:28:20 AM At the risk of sounding like a complete dumbass: couldn't a hacker create a rainbow database with all of these brainwallet combinations, and see which ones are filled with dough? Is it inconceivable that the hacker will be successful in finding BTC in some of his computer generated brainwallet phrases? Hi, I'm responding from my phone, so sorry for the short answer, but basically the passphrases produced by NoBrainr are each guaranteed to be above 90-bit strong, which makes any brute-force attack (including rainbow tables) prohibitively expensive - think billions of dollars and centuries to crack one passphrase, even for massively distributed supercomputers or botnets. In my view, higher bit strength in this case is overkill, but the paranoid can further increase the bit strength by changing one line in the code, or even use physical entropy as input (more on that soon!) Thanks for the speedy reply, appreciate it. I have been getting hammered for favoring brainwallets lately. I have proposed inventing my own language and coming up with a passphrase that way, which has been deemed as a terrible idea. So please forgive me for displaying shock at your seven plain-English word phrases. The general feedback I seem to get from the naysayers is that it is folly to have the computer generate a passphrase for you, and use that generated passphrase for a brainwallet. The only appropriate solution that has been offered is to play with some dice, and only to generate the the private keys at that. If your brainwallets are indeed actually safe, I would rather go with brainwallets than roll dice for just private keys each time. If most NoBrainr passphrases look so deceptively simple to you, it means we are achieving our objective, which is to provide brainwallets and paper wallets that are both easy to remember, and highly resistant to any type of automated guessing/cracking. It is scary to see how misunderstood the concept of passphrase entropy is, even within the otherwise tech-savvy bitcoin community. We do recommend users to proceed with caution when using brainwallets. In other words, you really need to know what you are doing. However, one thing that you will NOT see happen is a cold NoBrainr generated brainwallet being snatched by a random hacker. We will even consider putting up a bounty to anyone who can show a real-life example of a vulnerability in NoBrainr leading to theft of BTC. Title: Re: [BRAINWALLETS] NoBrainr - a secure cold wallet generator in 1024 bytes Post by: scribe on November 05, 2013, 08:36:12 AM Great stuff, looks perfect for a small project I'm thinking about, so will be taking a look soon. Any tips for running it on something that's never been connected to the net to avoid risks? Eg a useful live Linux distro plus way to get this script across to the machine in question?
Title: Re: [BRAINWALLETS] NoBrainr - a secure cold wallet generator in 1024 bytes Post by: Five Points on November 05, 2013, 02:59:29 PM At the risk of sounding like a complete dumbass: couldn't a hacker create a rainbow database with all of these brainwallet combinations, and see which ones are filled with dough? Is it inconceivable that the hacker will be successful in finding BTC in some of his computer generated brainwallet phrases? Hi, I'm responding from my phone, so sorry for the short answer, but basically the passphrases produced by NoBrainr are each guaranteed to be above 90-bit strong, which makes any brute-force attack (including rainbow tables) prohibitively expensive - think billions of dollars and centuries to crack one passphrase, even for massively distributed supercomputers or botnets. In my view, higher bit strength in this case is overkill, but the paranoid can further increase the bit strength by changing one line in the code, or even use physical entropy as input (more on that soon!) Thanks for the speedy reply, appreciate it. I have been getting hammered for favoring brainwallets lately. I have proposed inventing my own language and coming up with a passphrase that way, which has been deemed as a terrible idea. So please forgive me for displaying shock at your seven plain-English word phrases. The general feedback I seem to get from the naysayers is that it is folly to have the computer generate a passphrase for you, and use that generated passphrase for a brainwallet. The only appropriate solution that has been offered is to play with some dice, and only to generate the the private keys at that. If your brainwallets are indeed actually safe, I would rather go with brainwallets than roll dice for just private keys each time. If most NoBrainr passphrases look so deceptively simple to you, it means we are achieving our objective, which is to provide brainwallets and paper wallets that are both easy to remember, and highly resistant to any type of automated guessing/cracking. It is scary to see how misunderstood the concept of passphrase entropy is, even within the otherwise tech-savvy bitcoin community. We do recommend users to proceed with caution when using brainwallets. In other words, you really need to know what you are doing. However, one thing that you will NOT see happen is a cold NoBrainr generated brainwallet being snatched by a random hacker. We will even consider putting up a bounty to anyone who can show a real-life example of a vulnerability in NoBrainr leading to theft of BTC. That's why I'm surprised you are so confident about it. Most people have dreaded the brainwallet, so to see someone champion it with only seven plain English words is bewildering. People are losing their money over horrible brainwallets, yet all they needed were seven easy to remember English words, and they are totally unhackable. Unbelievable... Title: Re: [BRAINWALLETS] NoBrainr - a secure cold wallet generator in 1024 bytes Post by: dserrano5 on November 05, 2013, 03:11:54 PM That's why I'm surprised you are so confident about it. Most people have dreaded the brainwallet, so to see someone champion it with only seven plain English words is bewildering. The problem isn't the brainwallet concept in and of itself, but people's poor choices when picking up a passphrase. NoBrainr takes care of that. Title: Re: [BRAINWALLETS] NoBrainr - a secure cold wallet generator in 1024 bytes Post by: Five Points on November 05, 2013, 03:14:20 PM That's why I'm surprised you are so confident about it. Most people have dreaded the brainwallet, so to see someone champion it with only seven plain English words is bewildering. The problem isn't the brainwallet concept in and of itself, but people's poor choices when picking up a passphrase. NoBrainr takes care of that. I was going to invent my own language, I thought that would be more than sufficient for me. But these initial worries from detractors had me stopped in my tracks... Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: gmaxwell on November 05, 2013, 05:29:44 PM A 90-bit passphrase, *IF* randomly generated (as this script is doing), has Bitcoin has now done ~2^74 hash operations. I'm reasonably confident that it will do 2^90 of them in my lifetime, I am not confident that it will be the only 2^90 search.NEVER been cracked and it will most likely not be in our lifetimes. Also the workfactor to break one of your 90 bit keys is less than 2^90 the moment two of your keys have been used... If your scheme were widely used, it would be much easier to find one at random. It may also turn out that your RNG is less uniform than believed and after careful analysis doesn't require a 2^90 search to match even a single key. Your scheme also only generates a single address, so users are stuck reusing it, compromising their privacy. In general symmetric cryptography applications 128 bits has arisen as a general standard. Is 128 meaningfully better than 90? Is it meaningfully better than 120? Meaningfully better than 65? Part of the purpose of having a standard size is so that you don't have to constantly engage in a complicated tradeoff discussion: you just demand that everything is 128 bits. Is 128 bits more to memorize than 90? Yes. But relying on memorizing keys which can never be recovered via any other means is already skating on thin ice. People are used to it being possible to recover access if you forget— though sometimes with great effort. Crypto is different. Memory is just reliable enough for its unreliability to be surprising, especially since you don't remember all that you've forgotten by definition. Of course, once you're up to that size you could just use the scheme electrum uses (or the one that it will use). Of course, the implementation isn't 1024 bytes— but neither is yours: The dictionary is an utterly essential part of the implementation. Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: flatfly on November 06, 2013, 08:06:05 AM A 90-bit passphrase, *IF* randomly generated (as this script is doing), has Bitcoin has now done ~2^74 hash operations. I'm reasonably confident that it will do 2^90 of them in my lifetime, I am not confident that it will be the only 2^90 search.NEVER been cracked and it will most likely not be in our lifetimes. Quote Also the workfactor to break one of your 90 bit keys is less than 2^90 the moment two of your keys have been used... If your scheme were widely used, it would be much easier to find one at random. It may also turn out that your RNG is less uniform than believed and after careful analysis doesn't require a 2^90 search to match even a single key. The script is feeding straight from /dev/urandom (SystemRandom in python). That's easy to verify from the 25-line source code. :) It will also support another randomness method that totally bypasses the OS provided RNG, which should cater to the most paranoid amongst us... Quote In general symmetric cryptography applications 128 bits has arisen as a general standard. Is 128 meaningfully better than 90? Is it meaningfully better than 120? Meaningfully better than 65? Part of the purpose of having a standard size is so that you don't have to constantly engage in a complicated tradeoff discussion: you just demand that everything is 128 bits. The objective of this tool is to provide keys that can be remembered by a normal human being and can't be cracked easily. 2^90 achieves this, which is also the view that many password strength experts hold (eg: agilebits, diceware, Schneier, us gov internal recommendations, etc) Also as stated earlier, just changing one digit in the code makes it generate much stronger passphrases, if required for whatever reason or belief. Quote Your scheme also only generates a single address, so users are stuck reusing it, compromising their privacy. This is a well-known brainwallet limitation that affects all commonly used brainwallet generators (bitaddress, brainwallet.org, etc). This is why it is recommended to use a brainwallet address only once (just like any other bitcoin address, really). At least NoBrainr provides random generation for brainwallets, which the other approaches don't, and provides strong 90-bit + keys, compared to the 30 to 40 bit (song lyrics, poems, etc) that many people use to generate their brainwallets on those sites. The slightly confusing thing with the "brainwallet" moniker is that it is actually just one address, so not a wallet in the regular bitcoin-client sense. This is part of the reasons that only advanced users should even consider using brainwallets, and only after researching them properly. Quote Is 128 bits more to memorize than 90? Yes. But relying on memorizing keys which can never be recovered via any other means is already skating on thin ice. People are used to it being possible to recover access if you forget— though sometimes with great effort. Crypto is different. Memory is just reliable enough for its unreliability to be surprising, especially since you don't remember all that you've forgotten by definition. Of course, once you're up to that size you could just use the scheme electrum uses (or the one that it will use). Of course, the implementation isn't 1024 bytes— but neither is yours: The dictionary is an utterly essential part of the implementation. Of course the dictionary is essential, but the point is that 1024 bytes / 25 lines of code makes NoBrainr orders of magnitude easier to audit and review, compared to any other alternative. This can make all the difference for non-developers or anyone who doesn't have days to waste just to make sure nothing malicious is going on in the source code. Title: Re: [BRAINWALLET] NoBrainr - a secure cold address generator in 1024 bytes Post by: flatfly on November 06, 2013, 12:02:25 PM Just a little example to help measure and understand the safety of a 7-word NoBrainr brainwallet more intuitively:
consider a random 15-character password with upper case, lower case, and digits. For instance: uhTmb41M5k9ijWr this is 89-bit strong (but hard to remember): log((26+26+10)^15,2) == 89.31294465580312 (2^89 = 7.82 x 10^26) Test it at: https://www.grc.com/haystack.htm Quote Time required by Massively Cracking Array Scenario: (Assuming one hundred trillion guesses per second) -> 2.48 thousand centuries At 90 bits, any 7-word NoBrainr brainwallet is at least as safe: log(7776^7,2) == 90.47368752524046 Code: 1LGHodpRUXaE4q3Z3LiHSU8TT7czxsxccc == salt dorm reduce fab! truck kind pi! Title: Re: [BRAINWALLET] NoBrainr - a secure cold address generator in 1024 bytes Post by: whiskers75 on November 07, 2013, 07:02:04 PM Could someone with a Raspberry Pi try it out and let me know if it works fine? That would be great. Code: whiskers75@WhiskPi ~$ python NoBrainr.py Title: Re: [BRAINWALLET] NoBrainr - a secure cold address generator in 1024 bytes Post by: flatfly on November 07, 2013, 08:18:34 PM Could someone with a Raspberry Pi try it out and let me know if it works fine? That would be great. Code: whiskers75@WhiskPi ~$ python NoBrainr.py Great news! Thanks for trying it :) Title: Re: NoBrainr - a secure cold address generator in 1024 bytes Post by: flatfly on November 07, 2013, 08:33:04 PM OK, version 1.052 is out, which has a much-improved dictionary (again!) and adds support for one of the cheapest forms of physical randomness available: dice! This is the simplest way to apply the diceware method to bitcoin address generation and be totally free of any potentially backdoored RNG.
Required equipment: To generate a secure storage address using dice, simply throw them and record the result on the NoBrainr command line as shown below. 5 throws yield a word. Example of a 90-bit strong (seven words) address generated by throwing dice: Code: 07/11/2013 15:29:32.27> nb_create 35412 13263 66533 45163 13165 41255 62216 Another example: this one's a ridiculously strong 130-bit (10 words) address: Code: Thu 11/07/2013 21:36:21.37> nb_create 23541 25631 55422 25321 56411 53151 42323 55221 16246 52131 Enjoy! It would be nice if somebody could make a little video tutorial, or blog post out of this at some point ;) PS: GPG signatures coming soon. Title: Re: NoBrainr - a secure cold address generator in 1024 bytes Post by: dserrano5 on November 08, 2013, 08:50:44 AM I know one of NoBrainr's selling points is its reduced size, however: is there any chance to get BIP38 encryption into the mix? Being able to generate an encrypted privkey from real life entropy would be really nice. Right now bitaddress.org doesn't support encrypting arbitrary keys so we can't generate a key with NoBrainr and feed it to ba.org to encrypt it.
Title: Re: NoBrainr - a secure cold address generator in 1024 bytes Post by: RoxxR on November 09, 2013, 09:06:35 AM Any chance you could release a commented version of the script? Would be great for educational purposes.
Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: gmaxwell on November 09, 2013, 04:25:36 PM Of course the dictionary is essential, but the point is that 1024 bytes / 25 lines of code makes NoBrainr orders of magnitude easier to audit and review, compared to any other alternative. Not so, it just means that the security is outsourced. E.g. your security depends on python randrange doing the right thing. Look how well that worked out for that PHP bitcoin shopping cart interface package (http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03062.html).Quote This is a well-known brainwallet limitation that affects all commonly used brainwallet generators [...] At least NoBrainr provides random generation for brainwallets, which the other approaches don't, and provides strong 90-bit + keys Electrum provides a whole wallet, and an easily memorable, strongly generated, 128 bit key which also has strengthening to help preserve security even if someone shoulder surfs the key. Electrum has an enormous number of users.Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: flatfly on November 10, 2013, 11:43:49 AM Of course the dictionary is essential, but the point is that 1024 bytes / 25 lines of code makes NoBrainr orders of magnitude easier to audit and review, compared to any other alternative. Not so, it just means that the security is outsourced. E.g. your security depends on python randrange doing the right thing. Look how well that worked out for that PHP bitcoin shopping cart interface package (http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03062.html).Are you aware of any flaws with python's randrange? Electrum is using it too, IIRC. EDIT: Electrum seems to be using the ecdsa randrange. Quote Quote This is a well-known brainwallet limitation that affects all commonly used brainwallet generators [...] At least NoBrainr provides random generation for brainwallets, which the other approaches don't, and provides strong 90-bit + keys Electrum provides a whole wallet, and an easily memorable, strongly generated, 128 bit key which also has strengthening to help preserve security even if someone shoulder surfs the key. Electrum has an enormous number of users.Certainly Electrum is a great client, but the latest versions have been a little unstable, the codebase is growing at fast rate and hard to constantly review, and wallets generated with it unfortunately can't be used in other clients (yet.) That said, of course I'm not claiming that NoBrainr can compete with a full-fledged client. Title: Re: NoBrainr - a secure cold address generator in 1024 bytes Post by: flatfly on November 10, 2013, 12:00:07 PM I know one of NoBrainr's selling points is its reduced size, however: is there any chance to get BIP38 encryption into the mix? Being able to generate an encrypted privkey from real life entropy would be really nice. Right now bitaddress.org doesn't support encrypting arbitrary keys so we can't generate a key with NoBrainr and feed it to ba.org to encrypt it. The BIP38 spec is still not final and has been reported to be a little flaky on slower devices. We have no plans to implement this right now, although it certainly has a lot of potential. Title: Re: [BRAINWALLET] NoBrainr - a hackproof cold wallet generator in 1024 bytes Post by: flatfly on November 16, 2013, 07:50:30 AM Of course the dictionary is essential, but the point is that 1024 bytes / 25 lines of code makes NoBrainr orders of magnitude easier to audit and review, compared to any other alternative. Not so, it just means that the security is outsourced. E.g. your security depends on python randrange doing the right thing. Look how well that worked out for that PHP bitcoin shopping cart interface package (http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg03062.html).Are you aware of any flaws with python's randrange? I'm not aware of any flaws with python's randrange. But I haven't reviewed the code for it, either. I'd say it's misleading to say that there are only 25 lines of code to review. Yes, of course all applications re-use existing code to a certain extent. Perhaps I should have said 25 "unique" or "non-library" lines of code. That said, I don't think there are many open-source projects that receive more expert scrutiny than Python, and especially its security related libraries. I for one consider it even more trustable and robust than any major web browser. Also, there's a new bounty program that gives you nice rewards (starting at USD 5000, IIRC) for finding a security bug anywhere in Python (and reporting it responsibly.) Quote I'm still looking for something really simple that runs on stock ubuntu and can give me a private key in WIF format and a public address, given a sha256 hash. So far it looks like bitaddress.org in offline mode is going to be the best I can do. I'm surprised you couldn't find any such tools. I thought I'd seen some on this forum. Actually, this should be rather quick to cook up in a few lines of Python as well. I guess it would take me a day or two to do it, if you're ok with the ecdsa dependency - it's much smaller than the bitaddress source code anyway. [EDIT] Just some additional info on the python ecdsa library that we are using: it is part of the official python repository, it is maintained by a non-anonymous Mozilla engineer it is getting close to 200,000 downloads per month it is extensively used by Electrum it is very small [EDIT2] Check out the hexwif script by bkkcoins on github. It's just 10 lines and has no dependencies, but only outputs the WIF - for the bitcoin address you would still need to use ecdsa. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: Financisto on November 17, 2013, 11:12:29 PM Nice app.
Congratulations! Just posted an idea here https://bitcointalk.org/index.php?topic=251037.msg3526933#msg3526933 (https://bitcointalk.org/index.php?topic=251037.msg3526933#msg3526933) that might give you (or anyone else) some additional insights! ::) Keep up the good work in order to provide security enhancement to brainwallets. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on November 18, 2013, 07:25:04 AM Nice app. Congratulations! Just posted an idea here https://bitcointalk.org/index.php?topic=251037.msg3526933#msg3526933 (https://bitcointalk.org/index.php?topic=251037.msg3526933#msg3526933) that might give you (or anyone else) some additional insights! ::) Keep up the good work in order to provide security enhancement to brainwallets. Thanks, we'll check it out. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on November 19, 2013, 11:47:57 PM New release of NoBrainr: 1.07
Main changes: - improved handling of "leading 1s" in bitcoin addresses - removed *tons* of obscure words from dictionary GPG sig for Windows executable: Code: -----BEGIN PGP SIGNATURE----- Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: Dabs on November 20, 2013, 02:48:09 AM Suggestions:
1. Have it print or save the private key in WIF format as well, as an option. 2. Make it generate compressed keys (private keys begin with letter L or letter K instead of number 5.) If size is a problem (to fit in 30 lines), make it a separate app? Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on November 20, 2013, 08:18:02 PM Suggestions: 1. Have it print or save the private key in WIF format as well, as an option. 2. Make it generate compressed keys (private keys begin with letter L or letter K instead of number 5.) If size is a problem (to fit in 30 lines), make it a separate app? Great suggestions. We'll look into that - or anyone can contribute a patch, of course. Also you may want to have a look at Urandom2Wif - it has a small WIF format function (courtesy of JeromeS), which could very easily be added to NoBrainr: https://bitcointalk.org/index.php?topic=338219.0 Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on November 20, 2013, 09:04:12 PM Suggestions: 1. Have it print or save the private key in WIF format as well, as an option. 2. Make it generate compressed keys (private keys begin with letter L or letter K instead of number 5.) If size is a problem (to fit in 30 lines), make it a separate app? Great suggestions. We'll look into that - or anyone can contribute a patch, of course. Also you may want to have a look at Urandom2Wif - it has a small WIF format function (courtesy of JeromeS), which could very easily be added to NoBrainr: https://bitcointalk.org/index.php?topic=338219.0 Shouldn't this sort of application be using /dev/random rather than /dev/urandom? It's a good question, and one which I've actually researched quite a bit. I won't elaborate on this too much right now, but the short answer is no - it doesn't make a difference in practice, at least for this tool. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: moderate on November 20, 2013, 09:50:28 PM Suggestions: 1. Have it print or save the private key in WIF format as well, as an option. 2. Make it generate compressed keys (private keys begin with letter L or letter K instead of number 5.) If size is a problem (to fit in 30 lines), make it a separate app? Great suggestions. We'll look into that - or anyone can contribute a patch, of course. Also you may want to have a look at Urandom2Wif - it has a small WIF format function (courtesy of JeromeS), which could very easily be added to NoBrainr: https://bitcointalk.org/index.php?topic=338219.0 Shouldn't this sort of application be using /dev/random rather than /dev/urandom? It's a good question, and one which I've actually researched quite a bit. I won't elaborate on this too much right now, but the short answer is no - it doesn't make a difference in practice, at least for this tool. You might not want to elaborate too much, but at least elaborate a little then. I will start it. urandom may reuse the entropy pool or whatever else a specific OS might want to do to ensure a call to that never blocks. Why do you say it doesn't make a difference when compared to /dev/random which doesn't reuse the pool and is thus considered safer for crypto purposes ? Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: Dabs on November 21, 2013, 01:17:17 AM I'm guessing, this should be run offline. When you turn off the offline computer immediately after generating the cold wallet address, then how much does the reuse of entropy pool matter?
Let it run a few hundred times, pick one or two in the middle and use those. I still prefer the compressed private key shown in WIF (with corresponding compressed public key or bitcoin address.) Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: moderate on November 21, 2013, 01:37:47 AM When you turn off the offline computer immediately after generating the cold wallet address, then how much does the reuse of entropy pool matter? That has no meaning whatsoever. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: Dabs on November 21, 2013, 02:30:24 AM When you turn off the offline computer immediately after generating the cold wallet address, then how much does the reuse of entropy pool matter? That has no meaning whatsoever. Okay, I'm confused. What has no meaning? What I said? Or, the reuse of entropy pool has no meaning? I'm guessing, this should be run offline. When you turn off the offline computer immediately after generating the cold wallet address, then how much does the reuse of entropy pool matter? Let it run a few hundred times, pick one or two in the middle and use those. What if you're running from a LiveCD? Roll a pair of dice, take a picture of the dice, run the jpeg through SHA-256, use that as your key, and then securely delete the picture :). I've also suggested that, but use 100 actual dice per private key you want to generate, the maximum resolution (or RAW format), and the highest ISO setting. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: Dabs on November 21, 2013, 03:19:40 AM I was kind of kidding about the dice, actually. I think I could just take a picture of my closet, tell everyone that I'm taking a picture of my closet, invite people to come visit my house and look at my closet, let anyone who wanted to borrow my camera do so, and yet trying to recreate a picture with the exact same SHA-256 still wouldn't be a viable attack vector. Once, I'm going to go around town or around the block or something, and start taking random pictures of things I don't really like. Highest ISO. Highest shutter speed. Highest resolution. RAW if possible, or largest JPEG. I'll end up with 1000 pictures that can be deleted after I've gotten the SHA-256 of each one. I think that's just for the fun of it. It's overkill. NoBrainr and almost any other offline generating tool will work fine. I use one called PWGen. http://pwgen-win.sourceforge.net/ It's also fun to try memorizing an actual randomly generated 32+ character password. Thousands of people do it with Pi to 50~100 places. A 3 year old girl memorized 31 digits of Pi. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on November 21, 2013, 08:24:20 AM Suggestions: 1. Have it print or save the private key in WIF format as well, as an option. 2. Make it generate compressed keys (private keys begin with letter L or letter K instead of number 5.) If size is a problem (to fit in 30 lines), make it a separate app? Great suggestions. We'll look into that - or anyone can contribute a patch, of course. Also you may want to have a look at Urandom2Wif - it has a small WIF format function (courtesy of JeromeS), which could very easily be added to NoBrainr: https://bitcointalk.org/index.php?topic=338219.0 Shouldn't this sort of application be using /dev/random rather than /dev/urandom? It's a good question, and one which I've actually researched quite a bit. I won't elaborate on this too much right now, but the short answer is no - it doesn't make a difference in practice, at least for this tool. You might not want to elaborate too much, but at least elaborate a little then. I will start it. urandom may reuse the entropy pool or whatever else a specific OS might want to do to ensure a call to that never blocks. Why do you say it doesn't make a difference when compared to /dev/random which doesn't reuse the pool and is thus considered safer for crypto purposes ? AFAIK, it could only make a tangible difference in one specific scenario: if you were to run the command immediately (in the first few seconds) after a cold boot of a livecd distro. This has been discussed multiple times on this forum, and even the most secure bitcoin apps/wallets choose to use urandom. If you're a little paranoid, just mash your keyboard for a couple seconds before generating an address. And if you're extremely paranoid, use the physical dice mode of NoBrainr. EDIT: This might be an interesting thread to follow: https://bitcointalk.org/index.php?topic=341476.0 Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: Dabs on November 22, 2013, 01:25:57 AM Now that I think about it, there's probably a tiny advantage to doing it that way in that 1000 pictures are less likely to be recoverable if your secure deletion doesn't work that well. At least if you fill up the card, dump it to your air gapped computer, delete the card, and then fill the card up again. That's the poor man's secure delete or wipe method. Fill up the memory card again.Here are the steps to do this securely: 1. Turn off wifi or bluetooth on your camera. 2. Take 1000 pictures (or until card is full.) 3. Download those pictures to an air-gapped offline computer using sneakernet methods (do not use wireless) 4. Format the card in your camera again. 5. Take pictures until card is full (or take video if your camera can do it, so it fills up faster.) If you use a secure delete or secure overwrite/wipe utility, you might ruin your card (which is just as well.) Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: frito_mosquito on November 30, 2013, 08:39:20 PM Hi All,
Perhaps this would be worth starting a new topic, but I thought would dip my toes in here first, as I think the NoBrainr software touches on several of my requirements. I too seek a slick, light, wallet (a stand alone operating system that can be run on a LARGE percentage of machines, regardless of architecture), that supports entropy given from the user. I have one put together, but I don't yet trust my programming with anything of value (it is still being tested (https://bitcointalk.org/index.php?topic=333452.0)). And furthermore, I want my light wallet to broadcast transactions! Electrum seems like the answer, but as I tested it today I was not able to log into their servers from the client. Obviously, a computer with a freshly installed operating system would not be able to construct a transaction. The client must know something about the blockchain to construct transactions, but what exactly? What is the minimum amount of information required to construct a transaction? tl;dr: Are you currently aware of any wallets that meet the following criteria:
Clearly I need to learn more about transactions, and the current debate about fees, mining, and block-size has my head spinning. Regards, Frito_Mosquito Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: dhingydog on November 30, 2013, 10:41:51 PM One thing the generator doesn't (and probably can't?) guarantee is that the user actually took the password the generator first gave out.
A user not familiar with the math of password strength, I believe, is highly likely to generate a set of passwords and then choose the most pleasing one. The result: Possibly a significant loss of entropy. Have you considered adding an output of instructions and warnings about how and how not to use the generator? Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: moderate on November 30, 2013, 10:49:40 PM A user not familiar with the math of password strength, I believe, is highly likely to generate a set of passwords and then choose the most pleasing one. The result: Possibly a significant loss of entropy. That makes no sense whatsoever. Except if the generator is broken. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: dhingydog on November 30, 2013, 11:56:34 PM A user not familiar with the math of password strength, I believe, is highly likely to generate a set of passwords and then choose the most pleasing one. The result: Possibly a significant loss of entropy. That makes no sense whatsoever. Except if the generator is broken. Well, picking one favourite password out of 10 random ones adds human emotion, which isn't exactly random, is it? Say, something like: "Hey, that one has my girlfriend's name in it, I'll choose that!". Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: moderate on December 01, 2013, 01:38:40 AM A user not familiar with the math of password strength, I believe, is highly likely to generate a set of passwords and then choose the most pleasing one. The result: Possibly a significant loss of entropy. That makes no sense whatsoever. Except if the generator is broken. Well, picking one favourite password out of 10 random ones adds human emotion, which isn't exactly random, is it? You're still failing to see why it makes no sense, so I will try to be clearer this time. IF the generator was generating passwords where one of them was weaker than the others, it doesn't matter if you picked the first one, the second one, the 1231212312313th one, because you don't know* if the first one was weak, or the second one, etc, so they are all equally weak. Either the generator always generates good passwords, or it doesn't and is a broken generator. Please don't reply to this just to reply, think about it. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: thezerg on December 01, 2013, 04:35:54 AM You may know this, but, "salting" a password is the technique of putting a completely obvious but mostly unique phrase into the password so that an attacker must specifically attack each individual rather than allowing him to attack everyone at the same time by creating a brute-force dictionary for all combinations. At the same time this additional data is chosen to be very easy to remember. For example, the passphrase "thezerg hello world" is much harder than just "hello world". I think NoBrainr could benefit from salting.
def main(salt=None): if salt: salt = salt + " " else: salt = "" f = open('DICT') if len(sys.argv)>1: wd = dict(x.split() for x in f) pp = salt + ' '.join([wd
wd = [x.strip('\n') for x in f] pp = salt + ' '.join([wd[random.SystemRandom().randrange(0,len(wd))][6:] for _ in range(7)]) pr = S(pp).hexdigest() print addr(int(pr,16)),'==',pp Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on December 01, 2013, 02:50:12 PM You may know this, but, "salting" a password is the technique of putting a completely obvious but mostly unique phrase into the password so that an attacker must specifically attack each individual rather than allowing him to attack everyone at the same time by creating a brute-force dictionary for all combinations. At the same time this additional data is chosen to be very easy to remember. For example, the passphrase "thezerg hello world" is much harder than just "hello world". I think NoBrainr could benefit from salting. def main(salt=None): if salt: salt = salt + " " else: salt = "" f = open('DICT') if len(sys.argv)>1: wd = dict(x.split() for x in f) pp = salt + ' '.join([wd
wd = [x.strip('\n') for x in f] pp = salt + ' '.join([wd[random.SystemRandom().randrange(0,len(wd))][6:] for _ in range(7)]) pr = S(pp).hexdigest() print addr(int(pr,16)),'==',pp Thanks for your contribution. In general, I'm all for salting, but it mostly helps protect _weaker_ (human-chosen) passwords against "en masse" cracking. As the passphrases we are generating here are all equally strong (90+ bits, or much more if you are comfortable with remembering longer passphrases), I think that salting wouldn't bring that much additional benefit _in this context_. Also you could simply generate passphrases with one more word - just by changing range(7) into range(8) - and think of the first word as the salt... You can even allow yourself to cherrypick it (generate passphrase upon passphrase until you get a first word that you like), since it is your "salt." Most words in the NoBrainr wordlist can be described as "completely obvious" anyway. And I'm constantly improving the wordlist (by replacing the less common and offensive words.) Edit: Hmm not sure how to avoid that emoticon... read: range ( 8 ) Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on December 05, 2013, 04:58:36 PM AFAIK, it could only make a tangible difference in one specific scenario: if you were to run the command immediately (in the first few seconds) after a cold boot of a livecd distro. If you do that with /dev/urandom, you'll have created an insecure key. If you do it with /dev/random, you block for a short while. What's the advantage to using /dev/urandom? Is it because some platforms don't support /dev/random? (Depending on how you're implementing things there are probably other potential problems if you're creating lots of keys.) /dev/urandom and /dev/random each have their pros and cons, which you can find with a little bit of googling. Bottom line is, everyone agrees on /dev/urandom being just fine for cryptography. Here's a first link to get you started: http://security.stackexchange.com/questions/40633/java-securerandom-doesnt-block-how Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: nimda on December 14, 2013, 06:49:41 PM Edit: Hmm not sure how to avoid that emoticon... read: range ( 8 ) Under the post box:"Additional Options..." "Don't use smileys." Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on December 17, 2013, 01:22:10 AM Edit: Hmm not sure how to avoid that emoticon... read: range ( 8 ) Under the post box:"Additional Options..." "Don't use smileys." Good to know - thanks! Title: This message was too old and has been purged Post by: Evil-Knievel on January 26, 2014, 10:58:29 AM This message was too old and has been purged
Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: nimda on January 26, 2014, 09:50:59 PM Is there an estimate how many people used NoBrainr so far and whether they have used it for large high-roller cold wallets? If so, when did NoBrainr come out? flatfly might be able to give you a downloads total, but no cold wallet generated by NoBrainr can be identified as such. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on February 01, 2014, 10:00:22 PM Is there an estimate how many people used NoBrainr so far and whether they have used it for large high-roller cold wallets? If so, when did NoBrainr come out? Sorry, I don't keep track of that. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on February 01, 2014, 10:08:25 PM I have uploaded a new revision of DICT, with 94 additional words replaced with less obscure alternatives.
Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on February 28, 2014, 06:30:07 AM AFAIK, it could only make a tangible difference in one specific scenario: if you were to run the command immediately (in the first few seconds) after a cold boot of a livecd distro. If you do that with /dev/urandom, you'll have created an insecure key. If you do it with /dev/random, you block for a short while. What's the advantage to using /dev/urandom? Is it because some platforms don't support /dev/random? (Depending on how you're implementing things there are probably other potential problems if you're creating lots of keys.) /dev/urandom and /dev/random each have their pros and cons, which you can find with a little bit of googling. Bottom line is, everyone agrees on /dev/urandom being just fine for cryptography. Here's a first link to get you started: http://security.stackexchange.com/questions/40633/java-securerandom-doesnt-block-how Another good piece, strongly favoring urandom over random (in general): http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/ Of course, one has to be aware of the caveats of urandom when relying on it. But then again, NoBrainr is intended for advanced users anyway. Title: Re: NoBrainr - a secure and transparent cold address generator in 1024 bytes Post by: flatfly on February 28, 2014, 06:34:32 AM I'm also working on a version that produces English sentence-like output. Some find that easier to remember (even if the sentences sound kinda crazy and are obviously not 100% correct).
Examples: Code: Fri 02/28/2014 7:25:36.32> python gibb.py I still have to clean up some |
