|
ok, so how badly do people want this?
I can implement a command line PBKDF2 wallet.dat generator(in Java) if enough people would use it.
-bm
|
|
|
|
Please read what DeathandTaxes said about KDFs. If you take the first one he mentions, PBKDF2, you can see that the salt is used at each stage of iteration. http://en.wikipedia.org/wiki/PBKDF2I'm far from an expert, but the principle here is that constant re-hashing introduces the possibility of convergence. Now whether that is just a theoretical possibility, or has been shown to actually occur, I have no idea. But, by re-introducing entropy at each round, that problem is mitigated. 2 hashes are fine, but 100,000 hashes might not be. yes, this looks like the right standard for this. Of course this invites in the 'NSA conspiracy' discussion but certainly standards are favorable to 'roll ur own'. in the case of PBKDF2 you have a 'c' parameter similar to the exponent I just described. I'll try and read D&T closer next time. -bm |
|
|
|
I suggest an option to hash the passphrase multiple times. This will be barely noticeable for the user but will make bruteforcing much more expensive. This tiny code, added at brainwallet.org's HTML at line 9086, does the trick: for (var i = 0; i < 100000; i++) {
key = Crypto.SHA256(key, { asBytes: false });
}for even better security, the user can specify a hashing exponent. This makes brute forcing incredibly difficult because it's adds an entirely new dimension to the search space. for (var i = 0; i < exponent; i++) {
key = Crypto.SHA256(key, { asBytes: false });
}where exponent is an input variable. thus they can specify a very high number for better security. Of course they must be able to remember this number as well. -bm |
|
|
|
|
I gave this some thought last night-
(somewhat reiterating on what I already stated)
A very secure Brain Wallet would employ both a passphrase and a numerical exponent. The user would need to remember both the phrase and the exponent. This way they can choose the level of security. If the exponent is a variable, then the number of keys required to compute would be enormous(not to mention the number of keys the hacker would need to track). This would offer fairly good security for a mnemonic security token.
You could easily modify the java code supplied above to perform this.
-bm
|
|
|
|
Probably have something to do with UK law.
Newegg is headquartered in California, and California just declared bitcoin a legal currency.
Yep, it's all to do with the law situation regarding Bitcoin and other countries so they've probably cleared the law side of things on the U.S but not in the UK. If you're looking for computer components http://www.scan.co.uk accepts Bitcoins I plan on using them to buy stuff when I get enough money  An odd point of view considering the UK gave explicit guidance back in March (Bitcoin to be treated as foreign currency, taxes on sales due at sterling at time of transaction), while the US hasn't given such clear guidance, California only repealed law that previously made them technically illegal there, and federal agency sale implicitly recognising they are an asset with value. I'd say its more because large US based companies do stuff in their home market first, then roll out globally later. yes, I've worked in European E-Commerce and generally the laws in Europe are far more constraining than the US. Some states in the US have virtually no restrictions on BTC(Nevada). -bm |
|
|
|
|
btw Greg, if you're into JTR I'd be interested to know how quickly it would arrive at my example.
Lets say for demonstration purposes that we already know it's Shakespeare. Even that alone would be a massive computation.
-bm
|
|
|
|
|
Certainly interesting but even in my example you are very far combinatorially from what you might call *easily computable*. Remember first they have to guess the basic passphrase, then run through each and every numbering schema, and even manage to arrive at the % special character usage. So lets say there are a few billion base passphrases that the cracker wants to cover, lets say a million numbering schema, another million special character schema, and lets say a thousand capitalization schema.
that would be:
BILLION X MILLION X MILLION X THOUSAND = very large number of private keys to compute
Back to OP, so if you increase the computation required for each one of these possibilities(as you suggest), you are miles away from crackability. You might be able to enhance the security a bit by using a non-standard hashing algo(back to the commodification problem). You could even have a custom definable hashing exponent, this would make the keys even more difficult to enumerate ie. you pick how many times the brain wallet system hashes your basic passphrase.
It is true that a fully randomized private key is the best security by far. If you have a large Bitcoin balance a brain wallet is simply not recommended.
-bm
|
|
|
|
|
which cracking software are you referring to?
|
|
|
|
and you have a brainwallet with fairly good security.
There are attackers that are already precisely searching patterns like this. Every sentence in every book in your local library (much less just the memorable ones) is only about 32 bits of entropy. Scheme selection is 8 bits. The prefix template of decimal digits (assuming uniform probability, which you probably won't get with a human selecting them) is at most 26 more bits. This is not an impressively secure scheme, though you've just convinced yourself that it is. This is why you should not be using anything like this, the human capacity for self deception is too great. You're right it's not a good idea to use plain text from literature(my original base text is Shakespeare). Someone had their brainwallet cracked who used 'one small step for man one great leap for mankind'. So yes you should use something that is personally memorable but not universally identifiable. The technique I suggested though makes it virtually impossible to crack with any known NL processing technique, and fairly easy to remember. Plain text Shakespeare is absolutely not a good idea. -bm |
|
|
|
Key stretching does nothing to improve entropy, which is the real problem with so-called brainwallets.
It is simply impossible to have a human-chosen passphrase as a secure key, no matter how you do it.
A high-entropy passphrase will almost certainly be very difficult to memorise for a human.
While that is true, attackers do not have unlimited resources and there are some situations where people really like brain wallets. I wouldn't say it is appropriate for many use cases, but I'd say it is for some. you're absolutely correct. beefing up the hash function will make it considerably more difficult to enumerate passphrases and crack the brain wallet. It is possible to make a mnemonic passphrase that is nearly impossible to crack in this scenario - just don't use simple and plain NL text. ex. it's best to think up some method to include numbers in the passphrase, so take some memorable english text "The common curse of mankind, - folly and ignorance" , and find some way to include numbers that is easy to remember "1The 2common 3curse 4of 5mankind, - 6folly 7and 8ignorance" and maybe an additional way to include special characters "1The% 2common% 3curse% 4of% 5mankind%, - 6folly% 7and% 8ignorance%"and you have a brainwallet with fairly good security. -bm -bm |
|
|
|
|
post your death threats to Bitcointalk.org. Fun for the whole family.
-bm
|
|
|
|
you seriously cannot make this stuff up:  -bm |
|
|
|
|
wow. Some woman name Tanya Panita just got on the nxtforum.org, said she was against terrorism and they banned her. Then, someone named 'ConcernedInvestor' just posted 'why did you just ban Tanya Panita'? and then they erased it!
-bm
|
|
|
|
|
Dirk(aka Data aka l8orre) confirmed that these problems existed and was very concerned about them.
Keep pretending(or acting as though) these problems don't exist.
-bm
|
|
|
|
NXT is definitely leading in amount of talented devs
such as? -bm |
|
|
|
... If you critisize this Coin then show proofs. I like the functions in NXT and for me its the most undervalued coin but thats only my point of view.
...
I don't have nothing big against NXT but initial distribution was bad. Proff ? simple Volume $ 71,760 today usually bounce between 50 000 - 200 000$ with such market cap ~70m... Good distribution from TOP: LTC - Doge - DRK - even BC have better liquid than NXT. (and market cap 8x lower POS coin too ) ... Everyone see that is something wrong in that dystrybution full premined coins don't have usually liquid MSC RIPLE... __________ About development NXT is very good but you need note that Java is much simpler than C++... Bad side of that is java critical bugs and most malware is targeted on Java environment. BTC wallet is so simple for security. don't get too critical- or they will send their thugs to come and get you. something you want to invest in? I think not. -bm |
|
|
|
|
Show Posts
