|
ryanc
|
 |
August 31, 2015, 01:09:51 AM |
|
At the time that wallet was made, brainwallet.org had "correct horse battery staple" as the placeholder text. Nothing on the site said not to used phrases like that. |
|
|
|
|
|
Financisto
|
|
August 31, 2015, 01:56:44 AM |
|
Unfortunately that brainwallet.org project seemed too malicious by leaving that "correct horse battery staple" phrase as standard without leaving any previous (and visible) warning.
|
|
|
|
|
RGBKey
|
|
August 31, 2015, 02:01:34 AM |
|
People should understand what makes brainwallets not safe/safe. It's possible for them to be safe, and that's where they can be beneficial, but it's also very easy to make them easily crackable.
|
|
|
|
|
|
Klestin
|
|
August 31, 2015, 02:12:19 AM
Last edit: August 31, 2015, 02:26:49 AM by Klestin |
|
Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.
This means nothing, if people are using brainwallets, they are not less safe automatically. Yes, they absolutely are less safe automatically. A person who wants to break your wallet.dat password must have your wallet.dat file. Brainwallets have no file. Brainwallet cracking tools can run extremely fast - the cracking can be run offline against an indexed version of the blockchain, and can be distributed among many bots. A password of "m2wAHUnF91z" for instance (created from LastPass, and bearing approximately 51-57 bits of entropy, depending on how it's calculated) is absolutely reasonable for a wallet.dat password. It is absolutely NOT fine as a brainwallet key. Brainwallets should have no less than 128 bits of true entropy. Creating a safe brainwallet is possible, but it is very difficult to do correctly. You have to forget everything you've learned about how to pick a good password. |
|
|
|
|
erik777
Sr. Member
 Offline
Activity: 504
Merit: 250
Earn with impressio.io
|
|
August 31, 2015, 02:35:07 AM |
|
Next we'll hear about some moron using as a passphrase "peter piper picked a peck of picked peppers". That would be secure, since Peter piper picked a peck of pickled peppers, not picked peppers. |
|
|
|
|
Linuld
|
|
August 31, 2015, 10:03:23 AM |
|
Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.
This means nothing, if people are using brainwallets, they are not less safe automatically. Yes, they absolutely are less safe automatically. A person who wants to break your wallet.dat password must have your wallet.dat file. Brainwallets have no file. Brainwallet cracking tools can run extremely fast - the cracking can be run offline against an indexed version of the blockchain, and can be distributed among many bots. A password of "m2wAHUnF91z" for instance (created from LastPass, and bearing approximately 51-57 bits of entropy, depending on how it's calculated) is absolutely reasonable for a wallet.dat password. It is absolutely NOT fine as a brainwallet key. Brainwallets should have no less than 128 bits of true entropy. Creating a safe brainwallet is possible, but it is very difficult to do correctly. You have to forget everything you've learned about how to pick a good password. That is interesting. But i don't understand yet why there is such a big difference in safety for having that passkey as a password for the wallet.dat or having it as the seed for a private key. Where does the difference come from? I mean bruteforcing should work at the same speed for both isn't it? Or are there iterations of the pass for the wallet.dat so that the time to bruteforce gets extended? |
|
|
|
|
|
louise123
|
|
August 31, 2015, 11:43:04 AM |
|
Next we'll hear about some moron using as a passphrase "peter piper picked a peck of picked peppers". That would be secure, since Peter piper picked a peck of pickled peppers, not picked peppers. LOL! That is actually very funny.  |
|
|
|
|
Mickeyb
|
|
August 31, 2015, 11:54:43 AM |
|
Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.
This means nothing, if people are using brainwallets, they are not less safe automatically. Yes, they absolutely are less safe automatically. A person who wants to break your wallet.dat password must have your wallet.dat file. Brainwallets have no file. Brainwallet cracking tools can run extremely fast - the cracking can be run offline against an indexed version of the blockchain, and can be distributed among many bots. A password of "m2wAHUnF91z" for instance (created from LastPass, and bearing approximately 51-57 bits of entropy, depending on how it's calculated) is absolutely reasonable for a wallet.dat password. It is absolutely NOT fine as a brainwallet key. Brainwallets should have no less than 128 bits of true entropy. Creating a safe brainwallet is possible, but it is very difficult to do correctly. You have to forget everything you've learned about how to pick a good password. Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper. The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead. |
|
|
|
|
favdesu
Legendary
Offline
Activity: 1764
Merit: 1000
|
|
August 31, 2015, 12:04:03 PM |
|
luckily, a white hat did it first. imagine you would wake up one day to check your paper wallet and it's emptied without any chance to get your coins back.
|
|
|
|
|
mallard
|
|
August 31, 2015, 01:46:53 PM |
|
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.
The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.
As shown by this thread, people aren't very good with random-ness. You should let the computer do this for you. |
|
|
|
|
|
Klestin
|
|
August 31, 2015, 02:36:17 PM |
|
As shown by this thread, people aren't very good with random-ness.
You should let the computer do this for you. Ideally, you should NOT let the computer do this for you. Use diceware or something similar that uses real-world randomness. |
|
|
|
|
|
Klestin
|
|
August 31, 2015, 02:38:05 PM |
|
That is interesting. But i don't understand yet why there is such a big difference in safety for having that passkey as a password for the wallet.dat or having it as the seed for a private key. Where does the difference come from? I mean bruteforcing should work at the same speed for both isn't it? Or are there iterations of the pass for the wallet.dat so that the time to bruteforce gets extended? There are two functional differences: 1) For wallet.dat encryption, they need your wallet file, and can't attack your account without it. 2) Even if they have the wallet file, they have to expend their effort attacking your file. In stark contrast, attacks against brainwallets attack ALL brainwallets simultaneously. |
|
|
|
|
|
Mickeyb
|
|
August 31, 2015, 02:46:27 PM |
|
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.
The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.
As shown by this thread, people aren't very good with random-ness. You should let the computer do this for you. People are terrible in choosing passwords for themselves, I know that. But I kind of got from this thread that all brainwallets are doomed since they can be cracked with this software which is just not true if you have a strong and random password. Concept of brainwallets works for NXT pretty well, OK they did have some hacks in the beginning, just because the users used famous phrases which you can look for with these kind of softwares very quickly and successfully. Now, when the users know what the strong password is and when they have option for client to choose it for them, brainwallets work well. |
|
|
|
|
|
ryanc
|
|
August 31, 2015, 02:57:41 PM |
|
That is interesting. But i don't understand yet why there is such a big difference in safety for having that passkey as a password for the wallet.dat or having it as the seed for a private key. Where does the difference come from? I mean bruteforcing should work at the same speed for both isn't it? Or are there iterations of the pass for the wallet.dat so that the time to bruteforce gets extended? There are two functional differences: 1) For wallet.dat encryption, they need your wallet file, and can't attack your account without it. 2) Even if they have the wallet file, they have to expend their effort attacking your file. In stark contrast, attacks against brainwallets attack ALL brainwallets simultaneously. There's also 3: 3) The wallet encryption uses a slow hash that takes a significant fraction to compute, whereas brainwallets can be attacked pretty much as fast as you an compute the public keys. |
|
|
|
|
|
Financisto
|
|
September 01, 2015, 01:32:00 AM |
|
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.
The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.
As shown by this thread, people aren't very good with random-ness. You should let the computer do this for you. People are terrible in choosing passwords for themselves, I know that. But I kind of got from this thread that all brainwallets are doomed since they can be cracked with this software which is just not true if you have a strong and random password. Concept of brainwallets works for NXT pretty well, OK they did have some hacks in the beginning, just because the users used famous phrases which you can look for with these kind of softwares very quickly and successfully. Now, when the users know what the strong password is and when they have option for client to choose it for them, brainwallets work well. I almost forgot that NXT is a brainwallet per se. I did some research some time ago but couldn't find how NXT hashes the passphrase which locks/unlocks the account. Does anyone here know about it? Is it just sha256(passphrase)? It can't be that easy... |
|
|
|
NorrisK
Legendary
Offline
Activity: 1946
Merit: 1007
|
|
September 01, 2015, 06:37:32 AM |
|
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.
The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.
As shown by this thread, people aren't very good with random-ness. You should let the computer do this for you. People are terrible in choosing passwords for themselves, I know that. But I kind of got from this thread that all brainwallets are doomed since they can be cracked with this software which is just not true if you have a strong and random password. Concept of brainwallets works for NXT pretty well, OK they did have some hacks in the beginning, just because the users used famous phrases which you can look for with these kind of softwares very quickly and successfully. Now, when the users know what the strong password is and when they have option for client to choose it for them, brainwallets work well. I almost forgot that NXT is a brainwallet per se. I did some research some time ago but couldn't find how NXT hashes the passphrase which locks/unlocks the account. Does anyone here know about it? Is it just sha256(passphrase)? It can't be that easy... I think it would be best to ask that in the NXT thread or on the NXT forums. You will probably get a prompt answer and may even change their hashing methods by asking  |
|
|
|
|
|
Linuld
|
|
September 01, 2015, 01:36:44 PM |
|
I think a good way to beat this bad behaviour of some bitcoiners would be that a hacker (not cracker) would check out all possible combinations, create a huge wallet with it and everytime he finds someone is using such a stupid brainwallet then he might withdraw, let's say 0.00001337 Bitcoins. The user would be warned and can push his coins.
Of course there is the risk that a cracker finds the same coins and withdraws them. But there is no way for the hacker to withdraw all and give it back to the real owner of the address.
|
|
|
|
|
|
|
|
Mickeyb
|
|
September 01, 2015, 03:36:43 PM |
|
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.
The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.
As shown by this thread, people aren't very good with random-ness. You should let the computer do this for you. People are terrible in choosing passwords for themselves, I know that. But I kind of got from this thread that all brainwallets are doomed since they can be cracked with this software which is just not true if you have a strong and random password. Concept of brainwallets works for NXT pretty well, OK they did have some hacks in the beginning, just because the users used famous phrases which you can look for with these kind of softwares very quickly and successfully. Now, when the users know what the strong password is and when they have option for client to choose it for them, brainwallets work well. I almost forgot that NXT is a brainwallet per se. I did some research some time ago but couldn't find how NXT hashes the passphrase which locks/unlocks the account. Does anyone here know about it? Is it just sha256(passphrase)? It can't be that easy... I am sure it's not that easy, otherwise all people's NXT would just be gone. I have forwarded this thread to my good friend who's deeper with NXT, I am sure somebody will reply and let us know. Cheers! |
|
|
|
|
|
box0214
|
|
September 01, 2015, 03:46:23 PM |
|
NXT uses sha256() i believe. not sure, best to ask the nxt ppl.
regardless i think many people use simple passphrases and it gets cracked. especially if its all alphanumeric only. anyone know if this cracker that's been released that can crack 150+ passphrase if it was all alphabets? what if you used non-standard characters like chinese or russian???
i wonder how nxt is compared to ethereum? has anyone compared the two? aside from the price, nxt seems kinda cheap with all the development going on there.
|
|
|
|
|
|
