Indeed, it seems to be the closest to my idea, if I understand you can spend the funds with only one key with ntimelock to be proceed ans multisig to be instantly.

How can it be setup? is it easy to use for not power user? Once setup the single sig transaction could be braodcast from any software or hardwre wallet?

Like I explain in my last answer, it is pretty different from using a multisig wallet since one key is enought for most use, the second one will be only for emergency cases. For example the main one could be even use with hot wallet and the second one stored in much safer place or even escrow service.


I am not, an expert, could you explain me what a CLTV setup is please?

I think this is not exactly for the same purpose, multisig is not as simple to use for not power user or big entity imo, it has some pitfalls (https://medium.com/shiftcrypto/the-pitfalls-of-multisig-when-using-hardware-wallets-9b0e98e4c19c)
With my solution the user will have to carry only his main key, the failover will be use only in emergency cases.

But I already see a weakness with this that could be exploit: the bad guy could also see there is a contract and monitor the "unlock" message and could be the first to boradcast after the locktime.

That's why I imagine another better solution. The contact could remain the same but instaead of using a message to unock, any outcoming transaction will be delayed between the  broadcast to broadcast + RTL. In the same period only transactions to the failover adress will be imediatly processed.

I don't know if my idea is stupid, realistic or have already been sugested, I checked the bip list and found some related propositions like this one: BIP: 68

Motivation: Preventing unlegitimate transaction from a compromised bitcoin wallet whatever if it is cold or hot wallet

So the idea is to submit a contract with in parameters: A1:owner public address, RTL:relative time lock(probably in days) and A2:failover address (could be third party escrow or another owner address not related to the same seed)

Any outcoming transaction from A1 will be rejected by the network until an empty transaction would be brodcasted with OP_RETURN message "unlock" , any outcoming transaction between the "unlock" + RTL will also be rejected

In this lock period only transactions to A2 would be allowed


I hope you understand what I have in mind: people often write there hardware wallets mnemonic on paper and it could be compromised without they know it, adding a relative time lock will alow owner to secure there funds to another secure place once it has been compromised.

Of course I suppose it have to be part of hardfork since all the network has to implement it to be functional.

Thanks for reading, hope it wasn't so silly idea

Yes, this are good ideas indeed, but the problem of to much redundancy is the abilty to be stolen, the places need to be really really safe and commercial safes are way to weaks. You can also have the need to get access to your funds when far from home or other place you store it.


You mark here some points the memory can be an issue also, there is no 100 percent magic method to have those seeds safe forever. I may part my funds in brain wallet and another one on paper with some redundancy. Imo a really long passphrase have to be test at least once a week, and of course in secure offline device.

Thank you, but I know what a collision is.


Of course I know those stories but imo the cases are from weak passphrases, or some quote of poems, movies lyrics... And how many other stories of people loosing there keys/mnemonics???


Of course again, the grammatical structure of a phrase make it easier to guess for a well done bruteforce tool that will mix with a language AI construction. but this is the compromise of total randomness and the probability I will forget it someday... I belive evrybody have some intimate memories which are very personal and he won't forget ever. that's why my example passphrase was a mix of 2 sentences not related at all to each other. I strongly beleive that even it is in correct in english that is not the kind of passphrase that may be hacked one day.

Anyway for my real passphrase I plan to use much more intimate souvenirs and mix my 2 natives languages (how you can guess are not english)

Thanks for your answer!

Like I said, I todly understand that human brain is very weak at making entropy compaired to the randomness of computer.

But there are imo some issues of keeping the keys or random generated mnemonics, it can be stolen, loose or destroyed. How many people did already experienced that? (I did)

We know that it is pretty much impossible to find collision in SHA256, so if I use it with my passphrase there is no other way for attacker to guess it, am I wrong?

Lets assume that I use a passphrase from my memories like "At christmas 2002 my oncle Joe came drunk for the dinner. My first girlfriend did not like french fries" and use 1000000 iterations what are the chance somebody will bruteforce it ever seriously?

I can understand that in this case 1 or 1M iterations will not really mater.

Lets now assume somebody will use with something weaker like "I like pasta with chocolate" and use iteration of 5555 wont it be fair enough that no bruteforce atack will ever solve it? I think that in this case the iteration.

In conclusion, from my experience I know I have much more chance to loose a peace of paper where I wrote the mnemonic than forgetting a long personal passphrase.

How do you guys are carring your keys or mnemonics? how can you be so confident you won't loose the access to it one day?

Thank you this was very helpful, I added an iteration field which will loop sha256 before generating the mnemonic to discourage bruteforce attack, in my browser  1000000 will take approx 20 seconds to compute.

Hi!

I think about such a brainwallet since many time now. Thank you for making it available and opensource.

I know brainwallets have very bas reputation and that human brain entropy is known to be very bad.
But I am still convince that for people like me it could be much better than keeping my mnemonic in some paper. wrtiting the mnemonic on paper is imo a really security issue, it can be lost, destructed or even stolen, but I can generate a strong passphrase between 40 or 60 chars, that will mix my child memories and other thing that could be very very personal and that I could not forget for years...

I also like to travel(even if not the best period now ) and whish to be able to get access to my crypto without carring anything on me.

So why using a brain to bip(mnemonic) and not only a standart brainwallet? it is obvious for me  I want to be able to use it one day with hardware or software bip complient wallet.

I am glad you did it, but I want to do my own for some reasons. Fisrt I need only to generate the mnemonic because I can use the bip39 for generate the seeds and if I use it on hardware or software wallet it will do it for me. And the sourcecode could be very short and understable.
Second reason if I use your tool and one day your website and git repo will be unavilable my passphrase will be useless... And if I put it on usb stick, this is also something I need to carry and could possibly be lost, destroyed...

Thats why I have some questions, what algorithm did u use to generate the mnemonic from the passphrase?

What I thaught is to do like this:

first word = sha256*10(passphrase) mod 2048
second world = sha256*10(first word) mod 2048
....
last word = hash(mnemonic)

*10 or maybe more if we want to make it harder to bruteforce...

Thank you for reading, will enjoy any feedback about this!