curiosity81, it seems (at a glance) that you are deploying a word generator generated from a decent (i.e. non-human) source of randomness. Not a syntactically valid phrase, not something the user comes up with, not something from a book you cross your fingers and hope to be really obscure. Not what most people call a “brainwallet”.
True. That's why I mentioned above that "brainwallet" might be the wrong term. I have to stress again, that I wanted simple code for generating key pairs from strings, either from a concatenated complex list of words (kind of brainwallet) or a complex set of characters (kind of passphrase). And I want to understand the code. A kind of finger exercise. And maybe some of the code is simple enough to be useful for others. For instance, to derive the public key of a private key is the only piece of code, which is not a bash script. I found this code somewhere at stackoverflow (the link is given in the source). It is c, but relatively easy to compile. If I remember correctly only libssl-dev is necessary for compilation. This is the only simple (!) piece of code I found! Another example is the bash script for computing base58. The code you can find online uses a lot of bash magic, so that it is virtually impossible for a normal guy to understand. At least I learned what bc is. So it was easier to write the code by myself with the benefit, that I now know how it works. That raises an obvious question, which I must ask out of—curiosity: Why don’t you simply use BIP 39? It was developed by the same experts whose security acumen you trust when you use Bitcoin anyway. Its wordlists were developed with human use in mind, e.g., all words on the English wordlist are unique within the first four characters. And it will perfectly encode 128–256 bits of randomness in 12–24 words, without any of the pitfalls of trying to develop your own word randomization scheme.
With your wordlist, I presume not tuned to a power of 2, did you avoid the common mistake of introducing modulo bias? (I did not review your code.) Does your wordlist exclude similar, confusable words? (I am guessing not.) Etc.
Honestly, I did not take care of the random generator's entropy yet. But I can assure you, that I am paranoid enough to invest (and already invested) a lot of energy to get the maximum entropy into my systems. In the current version, one bash script simply shuffles (shuf) a complete aspell dictionary and takes the head (the n first words) of the output. That's it. Clearly I have to figure out in detail how shuf works and where it gets its entropy. Entropy pool could be filled with additional entropy via randomsound or similar. But how to connect shuf to /dev/random or /dev/urandom is a question for the future. And should be as simple as possible. I did not wrote my own BIP39 generator, even though I am aware of the proposal. Maybe I even stole some ideas (checksum). Maybe I used them wrongly. Thanks for the suggestion. I will take a look. |
|
|
|
Clearly, using a sentence from a book or similar and adding or replacing characters can make the brainwallet harder to break. Combined with a weird and high number of hashing rounds. Even though keys can be collected in each round. Speed Optimizations in Bitcoin Key Recovery Attacks gives examples of the passwords the researchers cracked. I think most people would consider {1summer2leo3phoebe to be quite strong. I do not think, that this is a secure seed. Take numbers from 1 to 1000 and 100.000 possible words. Then you have roughly 100*(1000^3)*(100.000^3) = 10^26 = 2^86 possibilites if you sample with replacement (I count the "{" as character from the set of all printable character using a standard keyboard, I think there were roughly 100). And in this example the order and alternation is not considered. This is definitely too few. Especially, since you can order the words in a dictionary by their usage since some words are more likely to be used by humans. Moreover, an attacker would compute the key pairs once, maybe with optimized hardware. Each such brainwallet would be robbed in no time. If you are paranoid enough, you would never use a hardware wallet from some manufacturer. Firstly, the hardware can break. Secondly, the hardware can be manipulated. Not necessarily by the manufacturer, but during shipment (except you buy it directly in a shop without providing your identity). Thirdly, the seed sentence can be stolen. I don't worry about your FIrst concern, because of the recovery seed. The Third concern is a risk similar to paper wallets, but it's the Second concern that has until now stopped me from getting a hardware wallet. No matter how much the manufacturer is trusted, a hardware wallet is a black box to me, and I can't possibly check how it generates it's seed phrases. ACK. But, even if your hardware wallet almost never breaks, the law of big numbers dictates, that one will break within a few years, provided enough such wallets exit. My concern is, that at some point in time, the hardware is not supported anymore. What, if someone passes the hardware wallet to his / her children or grandchildren, but the computers have no usb-port anymore. Today, who has a working floppy disk drive at home. And floppy disk drives were relatively common around 2000, even though not state of the art these days. Even today CD/DVD-devices are not standard anymore. I would prefer a system which follows the KISS-principle (KISS = Keep It Simple Stupid) for long term archiving: Firstly, the code should reproducible easily. I am not sure, if the bash is perfect for this. But I like it, since most algorithms are already developed by experts and available on a standard linux system. They only have to be plugged together. Secondly, code should be easy to understand (which might be a little bit contradictory with respect to bash-syntax). (In my case, comments are still missing in some scripts in the moment. And code is not uniformly yet with respect to mathematical computations.) But it should be possible to print out the scripts and the linux version used and archive it in a bookcase or similar. Much better would it be if it can be carved in stone or glas. Yes, one could argue, that Bitcoin might be obsolescent in a few years. But this is no counter-argument against secure long term archiving. But for a coldwallet, I would claim that a "brainwallet" with a complex passphrase / seed is the best choice. I wouldn't trust my own memory to be able to reproduce the password after (say) 20 years. Most of my long passwords are used on a daily basis, so they're easy to remember. The brainwallet needs to have a unique password, and if I don't use a password for a very long time, chances are I forget part of it. I think, that it is not possible to remember a strong passphrase, if you do not use it daily. Thus, you must think about a secure way to archive it. Some non digital method similar to 2FA. |
|
|
|
|
Probably the expression "brainwallet" is badly chosen anyway. Because a good brainwallet is similarly bad to remember like a complex password. Nevertheless, it might be possible to generate a story around the words so that they become more easily to remember.
Clearly, using a sentence from a book or similar and adding or replacing characters can make the brainwallet harder to break. Combined with a weird and high number of hashing rounds. Even though keys can be collected in each round.
Using a hardware wallet is a good idea for speculation, I think, if you need to store and shift around funds. But also those wallets implement brainwallets / seed sentences. So the difference is not big.
If you are paranoid enough, you would never use a hardware wallet from some manufacturer. Firstly, the hardware can break. Secondly, the hardware can be manipulated. Not necessarily by the manufacturer, but during shipment (except you buy it directly in a shop without providing your identity). Thirdly, the seed sentence can be stolen.
I do not claim, that my code is fast / perfect / bug free. Keep that in mind!
But for a coldwallet, I would claim that a "brainwallet" with a complex passphrase / seed is the best choice. Clearly, it is a method not suitable for the average user. Users should know what they do. And I admit, that I am not fully sure, that everything is implemented correctly. Therefore, the project is open source for erveryone. So that it can be corrected.
|
|
|
|
How safe is it to use brainwallet? Clearly, its helpful but is it that safe? I want to try it too since I have trouble memorizing stuffs.
But its quite crucial specially when you forgot your mnemonic phrase. It cannot be recovered.
There is no script for generating a passphrase yet. But I plan to add a simple script which uses aspell to sample 20 or more random words from a dictionary. Four additional words, selected from the 20, will be used as checksum. Security I discussed in my post above. However, I am not a cryptographer. So beware! I do this for fun and educational purposes. And because I did not find corresponding code I understand. |
|
|
|
Hi guys, during christmas I was thinking about a way to produce my own brainwallets. You find the code below https://github.com/curiosity81/brainwallet. Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless. A Brain Wallet is the one when user remembers their mnemonic phrase or the private key and never writes it down. That is, all is stored in the brain only for security reasons. So why have a brain wallet and still write you private key or mnemonic phrase down on a piece of paper? To me brain wallet is not good because it is difficult to manage in case the user forgets his/her mnemonic paraphrase or private key due to any mishap such as accidents, brain diseases/ damage or even mental stress, he /she will lose his/her crypto-coins and funds. The idea is actually, that you need no backup! With a brainwallet in the worst case, you must write the passphrase down. Clearly, you should write it down several times and hide the passphrase at different places. You can even cut the paper into two or more pieces and hide the pieces at different places so that it is unlikely for an attacker to have access to the full passphrase. There are variations of this method which seem more elegant. But everyone can make his/her own thoughts. It is a pain in the ass to get access to the master key in core. Imho it is much too complex for a simple but secure brainwallet. And if you do not use an HD-Wallet, you have to backup your wallet anyway. But hardware can be lost (on a dump) or the hardware breaks one day. Moreover, one can lose the passphrase for the hardware. With a brainwallet, the danger of breaking or losing hardware is not existent. Provided the passphrase for the brainwallet is good enough, for a cold wallet, this method seems more secure to me. There are more passphrases built by 20 words from a dictionary with more than 10.000 words than ECDSA private keys, and assuming that hashing those passphrases several times (> 10.000), distributes the resulting values evenly between 0 and 2^256, this should be secure enough. Especially, since there are only 2^160 adresses, that is many private keys map to the same address anyway. |
|
|
|
Bin gerade beim ersten Link ( http://www.truthcoin.info/blog/pow-and-mining/) und möchte folgenden Satz zitieren: [...] that at all times only those who are most interested in Bitcoin end up owning the coins. [...]
Ich finde dieses Argument interessant, da nur Leute Geld/Bitcoins investieren um zu minen, welche ein Interesse daran haben Bitcoins/Geld durch mining zu verdienen/besitzen (aus welchen Gründen auch immer, z.B. wegen günstigerern Stroms). Diese Bitcoins werden für den Mindestpreis veräussert, welchen das Mining gekostet hat. So wird der Preis gebildet. Bei PoS-Coins bekommt man die Coins für lau, wenn man schon welche hat. Der Preis bildet sich dann irgendwie, z.B. durch gute Werbung. Gut Oberes macht den Braten noch nicht fett. Bin mir auch nicht sicher ob ich das schon richtig verstanden habe. Ich lese weiter. Hmm ... über die Analogie in der Biologie muss ich erstmal nachdenken ... |
|
|
|
|
If you can reproduce your own brainwallet and the string is short or common and only hashed once, then I would recommend, that you move your founds to a new more secure address!!!
|
|
|
|
Hi guys, during christmas I was thinking about a way to produce my own brainwallets. You find the code below https://github.com/curiosity81/stringwallet. Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless. Edit: to prevent confusion, I renamed the project to stringwallet. |
|
|
|
|
Gleich fallen die 13k$. Man möchte offenbar die SKS-Formation fertigstellen.
|
|
|
|
Deshalb kommt mir nur ins Haus was dezentral und proof of work ist  Genau so ist es! Oder sind wir wirklich schon zu alt für diesen neumodischen Kram? Gibt es wirklich gute Argumente dafür bzw. gute dagegen? |
|
|
|
|
Mal schaun ob die 13200$ halten oder ob wir die 13000$ nochmal antesten. Imho schon ziemlich bärisch aktuell.
Edit: auch wenn das Volumen gerade ziemlicher Popelkram ist.
|
|
|
|
Ihr habt vielleicht Probleme. Erst vor 1 Monat saßen alle hier und fiebern voller Euphorie der 10k entgegen. Jetzt sind wir bei 13k und totale Bärenstimmung, und es wird schon panisch nachgedacht wann endlich die Rettung kommt.  Ich denke, dass auch genug kritische Stimmen darunter waren. Ausserdem: Entscheidend ist nicht, was man sagt, sondern was man tut. |
|
|
|
Könnte das auch in Core landen? Ich frage mich immer noch wie man als Nichtchannelbesitzer Wert in einen Paymentchannel bekommt. Alice und Bob legen beide jeweils z.B. 1 BTC per Multisig an und eröffnen einen Paymentchannel. Aber wie bekommt Heino, welcher Wert über Alice und Bob verschicken will seine Coins in den Channel ohne die Blockchain zu benutzen? Das habe ich noch nicht verstanden. |
|
|
|
|
Die 13000$ sind ziemlich genau die 78.6% des Fib-Retracements gezogen von 19666$ (17.12.) bis 11160$ (22.12.) auf Bitstamp.
|
|
|
|
|
Interessant ist, dass praktisch nur nichtminebaren Coins steigen (coinmarketcap.com), als gäbe es kein Morgen: Ripple, Cardano, NEM, Stellar, Qtum, ....
Ausser BitcoinCash sind alle minebaren Coins in den Top20 rot.
|
|
|
|
Heftig. Ich bin nicht investiert  Ich auch nicht. Und fass' das, genauso wie Ethereum, nicht mal mit der Kneifzange an. Mit welcher Begründung? Neben technischen Gründen wie PoS und Zentralisierung durch Blockchain-Snapshots: Ethereum ist Spielwiese zum experimentieren, ja. Programmieren damit führt aber zu Bugs, und diese Bugs führen zu Forks und/oder Verlusten. Siehe DAO und Parity. Das ist an sich nur ein menschliches Problem und kein Prinzipielles. Menschen sind aber fehlerhaft ansonsten wären sie keine Menschen. Und wenn man auf nachweislich sichere Verträge wert legt, dann sollte man sich auf Verträge beschränken, welche in einer Nicht-Turing-Vollständigen-Sprache geschrieben sind. Somit ist der Mehrwert von Ethereum langfristig limitiert. Das was Ethereum kann und was nützlich und ungefährlich ist, das wird irgendwann Einzug in andere, sicherere Coins finden. (Wer verlässt sich denn auf ein Notarsystem, wo, wenn mal wieder Wert vernichtet wird weil jemand fehlerhaften Code produziert hat, ein Fork notwendig wird? Und die sollen dann alle dezentral gehalten werden ...) Ergo braucht bzw. sollte es irgendwann Ethereum nicht mehr brauchen. |
|
|
|
Der Junge sollte mal was essen. |
|
|
|
|
Vielleicht sehen wir dann die 700$ wieder. Eine gute Möglichkeit für viele wieder einzusteigen. [/sarcasm]
|
|
|
|
Heftig. Ich bin nicht investiert Ich auch nicht. Und fass' das, genauso wie Ethereum, nicht mal mit der Kneifzange an. |
|
|
|
|
Show Posts
