great answer!  But let me give you an example.  Imagine I forget my password and I try all my known passwords - now your server has them all - or COULD have them all and then could try with known email address to hack into various exchanges BUT

let me give you a safer way to go:    If you hash the password with a CUSTOM initialization number - then it is IMPOSSILBE for that hash to be used on any other exchange.  I am not sure why all the other websites send the actual password and store it in the database even these days.  strainge?  I too am a computer engineer.

I know tokens use Nonces (if they are done correctly - client hashes the password AND does so with a counter/nonce that is sent from the server)  but the danger of a password in a database is absolutely obvious and ridiculous.  So what you are telling me is the most websites these days still store actual plain text passwords in their databases?  or still send them unhashed just through SSL but then store them as plain text?  seriously?

So being James Bond I would do it this way:   I KNOW tokenization for already registered customers requires the password at the client to be hashed with a nonce sent from the server and IF the hashOf(pasword+nonce) is sent that way to the server, itw ould have to be checked against plaintext password at server  but I would do it different:

hashOf(hashed(password)+nonce)     like that   and the hashed(password) is waht is stored in the server.  using a cusomtge IV hash.  That would be the BEST way to go right?   

Also question I am impressed by your clean/simple design and flow, are you using node.js feathers express   or PHP?    I might have a great partnership crypto project for you to be part of if you are interested.   Just had my meeting with Consensys so it is serious stuff - but until they sign on -
I am taking smart devs. wherever I find them!     Where in the world do you live?  I am in NY.  EM at my name at rcn    no spaces --- dot com

nice, but what I dont see is in your JavaScript - a password hash function.  There is no way the password should be sent to your site - it should be hashed BEFORE it is sent  to guarantee that you do not store passwords - no matter what you "say" you do, if you have people's passwords and they store crypto somewhere using the forced emaiol registration address which you require - well obviously that is a bad security leak.  Make your javascript less anonymous - not the minimized versions - make it clearly viewable 1) hash the password before you send it in the form and then 2) for subsequent logins use a nonce each time you establish new sessions - hased with the nonce before the client sends.  would be happy to explain it if needed.

Thanks!

So I needed to think it through for myself:   In the original post on Brain Wallets "brain wallet providers do not use anything more than SHA1-256  because the user is stupid to have a  weak password."  Well, it is clear to me that the ability to crack a private key is directly proportional to not only the entropy but also the memory intensive recusriveness of the KDF.   and even before that, if you dont "trust" the wallet seed creator - you can use a prior  KDF just to create your entropy from the "weak" password to be sure.   So, for example, let's compare a strong ARGON or scrypt hash to SHA1-256 to create more entropy:

Apples to Apples:

Assume per N bits of entropy it takes one core with access to a reserve area of memory, 1 second to crack.    Now assume we are going to create a highly recursive KDF that cannot be broken down by parallel processes on the same check, but we'll allow a memory reserve area so large as to assume that all cores can have access to the same necessary memory at the same time - THAT actually is not likely in a memory intense KDF with so many cores, however, we will allow it for sake of argument:

So, assume an FPGA farm which generates in parallel, 1 billion entropy ==> seed checks per second.  The KDF in question takes some unit time T to compute:

Now, if the KDF is made to take 2T, then that same FPGA farm will take 2 seconds to check through the same entropy, thus we shave 1 bit off the entropy complexity necessary for a 1 second crack (becasue every bit of entropy doubles the entropy and therefore doubles the time to check - all else being equal).

So, a one second KDF changed to a 2 minute KDF per core,  allows one to shave off 7 bits of complexity.  Ok, that is not a lot, but is is something.  2 hours means 11 bits of complexity.  Nobody will wait 2 hours to generate a wallet to save just 11 bits of entropy.   For a 128 bit 12 word (bip39) wallet, that means shaving off only one or two words.

If however, you had a few GPUs in your own setup, --- well then so would everyone else,  so the game stays the same.  Cloud creation of key?  Then its a trust issue.  So , it seems then, there is no solution other than strong entropy.

Encryption of your high entropy 24 word key using ARGON2 or Scrypt-256 is another story.  You can encrypt with a reasonable password and nonce then save those keys online.  but why?  then yo have to write down the nonce adn the whole point of encryption is to have nothing to write down saving only a small weakish password in your head - so at least for now that seems not possible.  While they say aes-256 is not breakable - that assumes a strong nonce and key (more shit to write down).  If there is anything to write down then we are back in the same crap.  So???   Keep the hash algorithm secret?  More shit to write down or store or save somewhere.  Encrypt that?  strong nonce or key to write down.  Dam!

At the very best we can make it that the only way an attacked can succeed is a personal attack =- ie he KNOWS your addres has a lot of coins and he KNOWS your secret key is encrypted in YOUR email, not someone elses.

This gives rise to another method:  a large circle of potential email addresses, for which your encrypted key file is in only one of them.

So while a solution is possible,  and easy to guard against all but a personal attack,  it appears overall a strong entropy is still needed.   if Ive helped anyone think on this more: donations acptd here:  19baMnvNEo3aQwPo7kdmRNAAkr17bLGk3P

It is currently at $12.38.   You can buy at livecoin.net  If Minerium will have anything to do with factilitating erc20 token trades with Bancor or others onto ETH platform it will explode to well over 100.  Threse tokens are designed to accept other tokens to facilitate trading between them.  That concept is an important component of the entire alt-coin eco system.

-I'm your huckleberry

replying to Qartada who  wrote: "As an actual cryptocurrency ETH is mediocre"    I disagree because:     As a smart contracts system - it is awesome,  well documented and with an easy to understand, Java-like,  program language.  and the value is not based on its value as a cryptocurrency relative to itself - but as a service platform.

Any issue of slowdowns can be addressed by a fork (centralization not needed), there could alwys be an "ethereum classic 2"  however the eth symbol will long live on.  

And for fees for smart contract contrtacts?   Yes it is high.   They will go down as eth price stabilizes - which it will when it hits a 1 trillion market cap.   The higher the market cap the less volatility based on the law of large numbers. Where large is relative to the total fiat reserves of 25 trillion.  

the argument about "mediocrity"  is far more applicalbe to bitcoin then Ethereum.  Both are heavily investged in, both will survive.  btc as a reserve and eth as the defacto service platform for smart contracts.   However,  it is possible that eventually btc takes over as platform as counterparty and others might be used on top of bitcoin unlimited (if that is what is ultimately adopted).  

I believe there is room for both parties and that the majority of new altcoins will ride on top of Etherium and whatever the new bitcoin (remaining with symbol btc) will be.

Ken

- I'm your huckleberry.

I'm your huckleberry.  So,  to explain this you need first to consider where the market cap of fiat is at.   25 trillion,  2 to 5 in gold and 1 trill in us dollars?  I am doing this from memory.  It is not important exactly, but what is important is that fiat of the big 3, dollars, euros and pick your favorite third - is well over 1 trill.  Now as main stream banks come on board,  it is inevitable that "some coin" will be selected - or group thereto.    Which one?  Well,  it is clear the eth and btc have both been chosen.  Why?  btc is entrenched as medium for exchanges and   is held in storage by all the old timers (2013 being ancient)  and is, well the first.       As btc rises,  many legendary holders have dumped to alt coin. in fact Ive seen it happen in real time.  I watched my alt coin values rise in dollars and stay the SAME and then also rise wrt to btc value in a 6 hour period at the same time btc was rising, time and time again - during fast rises of btc.  It is very interesting.  

HOWEVER,  the recent rise of eth caused btc to eth and not alt coin, so the others tanked.  while silently btc  inched up.   OK,  my personal trade advise is not important.  What is important is the concept of  fiat market cap and big timers getting in now  and that eth is the platform defacto for smart contracts  and that it has REAL players and BRILLIANT newbie alts coming on every day that all use eth as the fuel - ahem you gotta buy eth to move their system.  (disclaimer:  yes there are ground-up competitors in the smart contract alt-coin space and there  is momentum on bitcoin smart-contract gemneral digital asset systems, like counterparty/omni layer)   however the important thing is the momentum for new players to come on board - and the momentum is on Ethereum.  It will compete with fiat.  but so will bitcoin - like gold reserve.  Both will be trillion dollar market cap assets in a few short years.  Just like Google - you can copy it,  but the market cap is based on its momentum. Its current entrenchment in society.  That is the only place ETh can go becasue the people comitted to it - all these new alt-coins are now so plentiful and largely brilliant. More importantly (poor analogy coming up: like Ripple in Japan),  endorsed by governments.

Now the MAIN point.  The August 1st soft fork of btc? and then launch of BTU which confuses more (form an investment perspective).  So sad, yet inevitable and therefore btc will FALL temporarily - maybe no more than it just did today 25% drop in hours.  (I predict 33% to 2k, but then in Sept. it will quietly rise again and be 2018 go back).  Sorry I digress.   BUT all this time eth is the HEDGE  so now people are coming at eth from all angles.   Russia banking system,  ethereum founder VITALIK meets with Russia?  Russia currency market cap?  Do the math?  

Eth will hit a 1 trill market cap in like 2 years or so in my opinion.  It may dip to $150 but then will go back up to 10k.    

So the Segregated Witness came to my house the other day "God's love is unlimited, but our patience is tempting."

Like the joke (ha!), meager donations accepted here:  19baMnvNEo3aQwPo7kdmRNAAkr17bLGk3P  

There is volatility to consider, when accepting different currencies for escrow during a crowdsale from time of deposit to time of delivery of the converted asset (tokens).  The issue is averted when accepting only one currency for escrow from all investors.  However, for convenience,  ideally, various currencies are accepted during a crowdsale event.

The NVO crowdslae, as an example, is accepting over 5 different currencies for investment.   

If a bitcoin donated now is worth 10 eth and tomorrow it is worth 5 eth, the investment ratios between two parties, party one investing 10 eth and party two investing 1 btc, become skewed.   The conversion at time of distribution is equitably based on some neutral fixed asset measured at time of conversion.

Therefore, the amount of tokens for any given donation cannot be immediately known when accepting various currencies for donation/investment as opposed to just one currency.  It is the most obvious reason preventing the pre-sale conversion amount.

This is obvious to some, but worth mentioning to others in case anyone might be wondering why no token to currency value is stated before investment.

Volatitily is the subject of patent pending(s) I have as applied to decentralization architectures.

So a couple of segregated witnesses came to my door the other day "Gods love is unlimited, but our patience is tempting".

Anyone interested in this elaboration, (or the joke ha!) meager donations accepted here:  19baMnvNEo3aQwPo7kdmRNAAkr17bLGk3P