Bitcoin Forum
August 14, 2018, 08:38:00 PM *
News: Latest stable version of Bitcoin Core: 0.16.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: ⛓LIST⛓ Brainwallet & Paper Wallet projects.  (Read 8492 times)
Financisto
Hero Member
*****
Offline Offline

Activity: 556
Merit: 539




View Profile WWW
August 28, 2015, 07:20:20 AM
 #1

I've just started the following list in order to promote development of good open-source tools to provide secure and alternate ways to create cryptocurrencies' wallets and addresses – specially the popular known tools entitled “Paper Wallet” and “Brainwallet”.

Great tools have been created all those past years by skilled programmers and by a community of dedicated volunteers. So I decided to create this list as means to promote a “healthy” competition among those programmers, so cryptocurrency users and all the related community can benefit from that.

What is:

Paper Wallet ← click to learn the basics about it.

Brainwallet ← click to learn the basics about it.

If you think your project deserve to be listed here PM me. Requirements for participants:

1st) The project must be a Brainwallet or Paper wallet of some kind of cryptocurrency or crypto-asset;

2nd) The project must be open-source;

3rd) The project's code must be available at https://github.com

4th) The project can't be a newer identical clone version of an (already existing other person's) older original app (it must have - at least - one reasonable innovation or add-on).

All parameters here are subject to change, this is a work in progress...

If you got an idea, share with us!

This is not meant to be an exhaustive list, just a compilation of similar projects and source of data for the community about development of those mentioned tools. This list will be updated frequently.

IMPORTANT STATEMENT: This List is offered without any warranty whatsoever; we do not guarantee the ideal operation or funcionality of no tool nor app mentioned here. No professional code auditing were performed by us. If you lose your coins using one or any of those tools, we are not to be blamed and we're not responsible for it. We'd be very sorry, but we cannot help you about that. Cryptocurrencies are new stuff yet, so many experiments are still in early stages. We also cannot guarantee any member's reliability and that your coins will be 100% safe 100% of the time (even in the future). This is just a simple list and a competition. Due diligence, research, revision, auditing is still necessary. Be smart and do your job. Use those tools/apps at your own risk!

Note one: please read and pay attention to the above statement and don't ever post here something like “Someone stole my coins because my password is 'coin123'”

Note two: please support those projects donating some coins.

Projects:

bitaddress.org: Open Source JavaScript Client-Side Bitcoin Wallet Generator. The bitaddress.org project provides an all-in-one HTML document with embedded JavaScript/Css/Images. Some features: Paper Wallet, Bulk Wallet, Brainwallet (SHA256(passphrase)), Vanity Wallet, Split Wallet, multi wallet formats. Warning: using this app's Brainwallet option is not recommended due to security issues (no KDF + Salt implemented). Author: pointbiz. Website: http://bitaddress.org. Forum thread: https://bitcointalk.org/index.php?topic=43496.0. GitHub Repository: https://github.com/pointbiz/bitaddress.org

bitcoinpaperwallet: Open Source JavaScript Client-Side Bitcoin Wallet Generator. Based on bitaddress.org project, it provides an all-in-one HTML document with embedded JavaScript/Css/Images with additional features and a beautiful layout. Some features: Paper Wallet with support for altcoins, Brainwallet (SHA256(passphrase)) and more. They also ship tamper-evident hologram stickers anywhere in the world. Warning: using this app's Brainwallet option is not recommended due to security issues (no KDF + Salt implemented). Author: Canton < c a n t o n @ g m a i l . c o m > aka canton. Website: http://bitcoinpaperwallet.com. Forum thread: https://bitcointalk.org/index.php?topic=169836.0. GitHub Repository: https://github.com/cantonbecker/bitcoinpaperwallet

brainwallet.io: Deterministic bitcoin address generator. Address generation takes place in your browser, and no information is ever sent to server. Some features: Brain Wallet, word list for pseudorandom passphrase generation, passphrase generation by file hashing, uses scrypt as KDF, custom salt input method supported. Author: Daniel Routman < r o u t m a n @ p r o t o n m a i l . c h > aka unchi. Website: http://brainwallet.io. Forum thread: https://bitcointalk.org/index.php?topic=1160038.0. GitHub Repository: https://github.com/routman/brainwallet.io

Cointoolkit: it's a Coinb.in fork implementing support for Nubits, Nushares, Blockshares, Blockcredits, Peercoin besides Bitcoin. IT keeps the original features like: Offline Compressed & uncompressed Address creation, Offline Multisignature Address creation, Send and receive payments, Ability to decode transactions, redeem scripts and more offline; Build custom transactions offline, Sign transactions offline, Broadcast transactions, nLockTime support, Brain wallet support (even for HD wallet creation), Offline qrcode creator and scanning tool, HD (bip32) support, CHECKLOCKTIMEVERIFY (op_hodl) supported for time locked addresses and more. Warning: using this app's Brainwallet option is not recommended due to security issues (no KDF + Salt implemented). Author: ttutdxh < t t u t d x h . n u b i t s @ g m a i l . c o m >. Website: https://ttutdxh-nubits.github.io/cointoolkit/. Forum thread: https://discuss.nubits.com/t/cointoolkit-flot-guide-and-changelog/. GitHub Repository: https://github.com/ttutdxh-nubits/cointoolkit

Dash Paper Wallet Generator: Open Source JavaScript Client-Side Dash Paper Wallet Generator based on bitaddress.org. Some features: Paper Wallet, Bulk Wallet, Brainwallet (SHA256(passphrase)), BIP 0038 support, Vanity Wallet, Split Wallet, wallet formats converter. Warning: using this app's Brainwallet option is not recommended due to security issues (no KDF + Salt implemented). Author: < e v a n @ d a s h p a y . i o > Website: http://paper.dash.org. Forum thread: N/A. GitHub Repository: https://github.com/dashpay/paper.dash.org

EthAddress.org: Open Source Client-Side Ethereum Wallet Generator. It generates ETH addresses and JSON file wallets. Some features: Paper Wallet, Bulk Wallet, Vanity Wallet and Split Wallet. Author: ryepdx. Website: https://ryepdx.github.io/ethaddress.org. Forum thread: N/A. GitHub Repository: https://github.com/ryepdx/ethaddress.org

Lisk Paper Wallet: Open Source JavaScript Client-Side Lisk Paper Wallet Generator. Some features: mouse movement to generate random bytes, generates Secret Passphrase and Public Address. It also shows generated entropy, seed, passphrase sha256, public and private keys. Printing of paper wallet with two artwork options available. Author: ferrr. Website: http://liskpaperwallet.com. Forum thread: https://forum.lisk.io/viewtopic.php?t=199. GitHub Repository: https://github.com/rferro/liskpaperwallet

Liteaddress.org: Open Source JavaScript Client-Side Litecoin Wallet Generator based on bitaddress.org. Some features: Paper Wallet, Bulk Wallet, Brainwallet (SHA256(passphrase)), BIP 0038 support, Vanity Wallet, Split Wallet, wallet formats converter. Warning: using this app's Brainwallet option is not recommended due to security issues (no KDF + Salt implemented). Author: coblee. Website: http://liteaddress.org. Forum thread: https://litecointalk.org/index.php?topic=6762.0. GitHub Repository: https://github.com/litecoin-project/liteaddress.org

Moneroaddress.org: Open Source JavaScript Client-Side Monero Offline Wallet Generator. Some features: PRNG of addresses, QR Code key, Brainwallet (SHA3(passphrase)), Vanity Address creation,  (multi-language) Mnemonic seed supported. Warning: using this app's Brainwallet option is not recommended due to security issues (no KDF + Salt implemented). Author: MoneroMooo. Website: http://moneroaddress.org. Forum thread: N/A. GitHub Repository: https://github.com/moneromooo-monero/monero-wallet-generator/

MyEtherWallet: Open Source Client-Side Ethereum Wallet Generator. It generates ETH addresses and JSON file wallets. Google Chrome Extension also available. Some features: Paper Wallet, Bulk Wallet, Encrypted Wallet, Import Address, Send Online or Offline Transaction and more. Author: tayvano & kvhnuke. Website: https://www.myetherwallet.com. Forum thread: N/A. GitHub Repository: https://github.com/kvhnuke/etherwallet

WalletGenerator.net: javascript Client-Side multi-cryptocurrencies supported paper wallet generator based on bitaddres.org. Some features: support for near 100 of cryptocurrencies, Bulk Wallet, Brainwallet (SHA256(passphrase)), BIP0038 encryption and multi wallet formats. Warning: using this app's Brainwallet option is not recommended due to security issues (no KDF + Salt implemented). Author: Michael Muré < b a t o l e t t r e @ g m a i l . c o m >. Website: https://walletgenerator.net. Forum thread: N/A. GitHub Repository: https://github.com/MichaelMure/WalletGenerator.net

Wallet.Peercointalk.org: JavaScript Client-Side Peercoin Wallet Generator. Forked from bitaddress.org this project provides an all-in-one features: Paper Wallet, Bulk Wallet, Brainwallet (SHA256(passphrase)) plus random word generator (word list from Electrum), Vanity Wallet, Split Wallet, multi wallet formats. Warning: using this app's Brainwallet option is not recommended due to security issues (no KDF + Salt implemented). Author: FuzzyBear. Website: https://wallet.peercointalk.org. Forum thread: http://www.peercointalk.org/index.php?topic=1943.0. GitHub Repository: https://github.com/FuzzyBearBTC/peercoin-walletgenerator

WarpWallet: is a deterministic bitcoin address generator that adds two improvements: WarpWallet uses scrypt KDF to make address generation both memory and time-intensive. And you can "salt" your passphrase with your email address. Some features: it makes use of scrypt and PBKDF2 as KDF making it more brute-force attack resistant. Author: Maxwell Krohn < t h e m a x & g m a i l . c o m > and Chris Coyne < c c o y n e 7 7 @ g m a i l . c o m >. Website: http://keybase.io/warp. Forum thread: N/A. GitHub Repository: https://github.com/keybase/warpwallet

Miscellaneous & related projects:

BIP39 Tool: JavaScript Client-Side implementation of the BIP 39 'Mnemonic code for generating deterministic keys' proposal. This tool can be downloaded and used offline in an air-gapped machine. User may supply his own source of entropy (accepts binary, base 6, 6-sided dice, base 10, hexadecimal, cards) for mnemonic phrase creation. User may also decide to protect his keys with password/passphrase. Mnemonic passphrase available in several languages. Hierarchical Deterministic Wallets generators also implemented for Bitcoin, Bitcoin Cash, Ethereum (and all ERC20 tokens), Litecoin, Dogecoin, Dash, Peercoin, Namecoin and others. Author: mav. Website: https://iancoleman.github.io/bip39. Forum thread: N/A. GitHub Repository: https://github.com/iancoleman/bip39.

Bitgen: software that generates bitcoin addresses from a given or generated random number. Some features: The output is saved as a ps file that can be converted to pdf; The private key can be generated by the following inputs: Hex number; Dice random numbers (1-6); Brainwallet (uses Argon2 as KDF + custom salt input method supported); Hash input; Computer generated pseudorandom key (/dev/random); Bulk; Mnemonic. It also supports: Bitcoin mini private keys; Invoice generation; Hierarchial pseudorandom generation; Vanity address generation. Support for split wallets using one-time-pads also available. Author: bit22gen. Website: http://bitcoin-gen.org/. Forum thread: https://bitcointalk.org/index.php?topic=1107927.0. GitHub Repository: N/A.

brainflayer: is a Proof-of-Concept brainwallet cracking tool that uses libsecp256k1 for pubkey generation. It was released as part of a DEFCON 23 talk about cracking brainwallets. Some features: it does ~130k guesses/second (as per 2015). Good tool to test your brainwallet security. Author: Ryan Castellucci aka ryanc. Website: https://rya.nc/defcon-brainwallets.html. (Unofficial) Forum thread: https://bitcointalk.org/index.php?topic=1147035.0. Paper: https://rya.nc/cracking_cryptocurrency_brainwallets.pdf. Video: https://rya.nc/b6. Github Repository: https://rya.nc/brainflayer

Coinb.in: open source web based wallet with transparent multisig solution which works seamlessly offline and with other bitcoin clients. Some features: compressed and uncompressed private/public keys supported; brainwallet supported (even for HD wallet creation); up to 15of15 multisignature address supported; BIP 32 - Hierarchical Deterministic Wallets support; create, verify, sign and broadcast custom raw transactions online; TOR onion link available; client-side implementation, can be run offline. Warning: using this app's Brainwallet option is not recommended due to security issues (no KDF + Salt implemented). Author: OutCast3k < o u t c a s t 3 k @ g m a i l . c o m >. Website: https://coinb.in. Forum thread: https://bitcointalk.org/index.php?topic=390046.0. GitHub Repository: https://github.com/OutCast3k/coinbin/

Multi-signature P2SH: JavaScript Client-Side Multisignature P2SH Address and Transaction Generator. Some features: BIP 32 - Hierarchical Deterministic Wallets support; Create Multisignature P2SH Addresses (supports 1/2/3 of 1/2/3); Spend from P2SH multisignature outputs; Online converter; Supports partial signing and incomplete transactions. Author: Sarchar. Website: https://ms-brainwallet.org. Forum thread: http://ms-brainwallet.org/. GitHub Repository: https://github.com/ms-brainwallet/ms-brainwallet.github.io

PassGuardian: Store and share your secrets (Secret Sharing) safely by splitting them into cryptographically-secure pieces. To reconstruct the original, combine a specific number of these pieces. PassGuardian is built on secrets.js, an open-source implementation of Shamir's secret sharing scheme. Some features: All computations are done in your browser. No secrets or secret shares are ever transmitted back to our servers. Once the PassGuardian page is loaded in your browser, it can be run offline. Author: Alexander Stetsyuk < a l e x @ p a s s g u a r d i a n . c o m > aka amper5and. Website: passguardian.com. Forum thread: https://bitcointalk.org/index.php?topic=142875.0. GitHub Repository: https://github.com/amper5and/secrets.js/tree/gh-pages


P.S. Please remove spaces from any <email address> copied from above. «Last updated on February 11th, 2018»

BitcoinTalk's Escrow Providers: Ranking & Blacklist Brainwallet & Paper Wallet projects If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor Tails Qubes OS Whonix ProtonMail Tutanota VeraCrypt PrivacyTools.io
1534279080
Hero Member
*
Offline Offline

Posts: 1534279080

View Profile Personal Message (Offline)

Ignore
1534279080
Reply with quote  #2

1534279080
Report to moderator
BOUNTY PORTALS
BLOG
WHERE BOUNTY MANAGEMENT
MEETS AUTOMATION
SIGNATURE CAMPAIGNS
TWITTER
FACEBOOK
MEDIA CAMPAIGNS
AND MORE!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1534279080
Hero Member
*
Offline Offline

Posts: 1534279080

View Profile Personal Message (Offline)

Ignore
1534279080
Reply with quote  #2

1534279080
Report to moderator
Financisto
Hero Member
*****
Offline Offline

Activity: 556
Merit: 539




View Profile WWW
August 28, 2015, 07:22:48 AM
 #2

WARNING: DOs and DON'Ts

About passwords: DO NOT use obsolete methods (weak passwords) for wallet protection. Spend some time educating yourself about Password/Passphrase strength, Entropy as a measure of password strength and the importance of randomness when generating passphrases. Due to brute-force attack unstopable and increasing power & Moore's law, simple password protection is getting obsolete. Remember: you're your own bank, apply some pro-security mesures to protect your coins. Info: http://blog.codinghorror.com/passwords-vs-pass-phrases/ & https://www.random.org/

About random passphrases: DO NOT create passphrases thinking that you (a human) can be naturally very random and generate good bits of entropy by your own will. Humans tend to be predictable in their behavior and in their actions (and reactions). Idioms and languages - which words are used most of the time as passphrases - are structured in a logical and sequential way. i.e. no randomness in any way. What I'm trying to explain here is that: "it's really a bad idea for people to come up with passphrases themselves". Suggestion: use Diceware. Use (at least) a group of twelve words.

About paper wallets: DO choose versions that use/allow true randomness methods (e.g. flipping a fair coin, rolling a fair dice, draw playing cards from shuffled decks, atmospheric noise measurements, etc) instead of pseudorandom machine methods for key generation. P.s. keep in mind that in general humans are not good at generating (decent bits of) entropy for passphrases and machines are not a good source of true randomness either, so you have to use "the best of both worlds" and avoid the worst cenario. Info: http://bit.ly/1PEOHoO & http://bitzuma.com/posts/bitcoin-paper-wallets-from-scratch

About brainwallets: DO NOT use brainwallets which run fast hash functions (MD5, SHA family etc.) in order to hash your passphrase and for key pair creation. Avoid them! They are widely recognized as insecure and vulnerable to GPU brute-force attacks! You'd better choose those versions that use more secure methods such as Salt + Key Derivation Function e.g. scrypt, bcrypt and PBKDF2. And if you're new in this "field", don't use brainwallets at all, just remain safe with your paper wallets. Further info: http://blog.codinghorror.com/speed-hashing/ & https://rya.nc/cracking_cryptocurrency_brainwallets.pdf

About change addresses: DO make sure you fully understand how change addresses work when dealing with brainwallets and paper wallets while spending your coins. When used correctly, change addresses help increasing privacy of cryptocurrencies. But also with this capability comes the potential for loss and theft when its use isn't completely understood. "To avoid potentially costly mistakes, familiarize yourself with change addresses and how your wallet software implements them". Beware while importing your single address' private key on different wallet softwares: "wallet developers can implement this feature in a number of ways". "Learn how to prevent and Recover from Change Address Disasters" reading this excellent article: http://bitzuma.com/posts/five-ways-to-lose-money-with-bitcoin-change-addresses

About use of applications: DO NOT generate wallets nor addresses when conected to the Internet. Download the app, review the code, check the file's hashsum to verify it's the original file and only work with it in an air-gapped machine (use Live-DVD OS to help all the process) and never touch the net while doing it. Before sending funds to an address, it is recommended that you first check for compatibility of addresses generated by those apps by importing some of their private keys into the official (and most popular unofficial too) client. This can be done most of the time through the debug console using the "importprivkey" command. If you are able to successfully import keys, the tested generator/app is compatible.

About security paranoia: DO NOT consider yourself an InfoSec expert. If you think your coins are safe because you have an "ultimate unbreakable encryption scheme", you'd better think twice: https://xkcd.com/538/ P.s Reality is always tougher than we thought it might be.  Cheesy

BitcoinTalk's Escrow Providers: Ranking & Blacklist Brainwallet & Paper Wallet projects If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor Tails Qubes OS Whonix ProtonMail Tutanota VeraCrypt PrivacyTools.io
ryanc
Member
**
Offline Offline

Activity: 101
Merit: 40


View Profile WWW
August 29, 2015, 09:12:19 PM
 #3

coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?
ryanc
Member
**
Offline Offline

Activity: 101
Merit: 40


View Profile WWW
August 29, 2015, 09:48:31 PM
 #4

I also think that rating based on the number of KDFs combined does not make sense. You need to take the work factors into account.
Financisto
Hero Member
*****
Offline Offline

Activity: 556
Merit: 539




View Profile WWW
August 30, 2015, 09:45:22 AM
 #5

coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?
I PMed the author of coinb.in some days ago and I'm still waiting for some answers about that project.

I also think that rating based on the number of KDFs combined does not make sense. You need to take the work factors into account.

Yes, in fact I thought it was awkward adding pts by combining KDFs types by the time I first generated the Table's 1st version (I was so asleep at that time lol).

1st idea: For brainwallets I guess I'll add some pts for using different types of KDF according to their resistance to ASIC and GPU attacks. Maybe something like:

PBKDF2 = 20pts

bcrypt = 30pts

scrypt = 50pts

2nd idea: And maybe we could add some additional pts for some additonal KDF algo iteration and/or extra rounds (over those recommended by standards).

P.s. for this one, I'll need some deeper research and estimate what are the standard numbers (of rounds/iterations of scrypt, bcrypt and PBKDF2) used to protect from brute-force attacks today and I'll estimate safer (higher) numbers considering the increase in brute-force attack strenght (GPU + ASIC) in the next (at least) 5 to 10 years. (BTW Do you have any numbers - for scrypt, bcrypt and PBKDF2 - in mind?)

The list is gonna change soon to reflect those changes...

Thanks for your comments, I really appreciate it.

BitcoinTalk's Escrow Providers: Ranking & Blacklist Brainwallet & Paper Wallet projects If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor Tails Qubes OS Whonix ProtonMail Tutanota VeraCrypt PrivacyTools.io
CryptInvest
Legendary
*
Offline Offline

Activity: 1498
Merit: 1022



View Profile
August 30, 2015, 10:12:30 AM
 #6

With regard to the generators purses question. Where is the guarantee of key generation, the developer does not receive access to the private key?

                  ▄▄▄
              ▄▓▓▓▓▓▓▓▓▓▄▄
         ▄▄▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▄
     ░▒▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▒░

     ▐▄▄░░▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀░░▄▄▒
     ▐█████▄▄░░▀▓▓▓▓▓▓▓▀▀░▄▄█████▌
     ▐██████████▄▄░▀░▄▄██████████▌
     ▐█████████████ ▓████████████▌
     ▐█████████████ ▓████████████▌
     ▐█████████████ ▓████████████▌
     ▐█████████████ ▓████████████▌
      ▀▀███████████ ▓██████████▀▀
           ▀▀██████ ▓█████▀▀
                ▀▀█ ▓▀▀
VoxelX██  ██
█  █
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
█  █
██  ██
██  ██
█  █
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
██  ██
█  █
██  ██
██  ██
.


                              ▄████▄
                        ▄▄█████▀▀███
                    ▄▄████▀▀     ███
              ▄▄▄████▀▀    ▄▄   ▐██
          ▄▄█████▀       ▄█▀    ██▌
     ▄▄████▀▀▀       ▄███▀      ██▌
    ████▀        ▄▄████▀       ▐██
     ██████▄▄  ▄█████▀         ██▌
          ▀████████           ▐██
            ▀████▌            ███
             ▀███  ▄██▄▄     ▐██▀
              ███▄███▀███▄   ███
              ▀███▀▀   ▀▀███▄██▌
                          ▀▀█▀▀
.

                      ▄▄▄██▄▄▄    ▄
     ██▄            ▄████████████▀
     █████▄▄       ▐█████████████▀
      █████████▄▄▄▄▐████████████▌
     █▄█████████████████████████▌
     ▀██████████████████████████
       ▀███████████████████████
       ▐██████████████████████
         ▀██████████████████▀
           ▄▄█████████████▀
     ▀████████████████▀▀
          ▀▀▀▀▀▀▀▀
Financisto
Hero Member
*****
Offline Offline

Activity: 556
Merit: 539




View Profile WWW
August 30, 2015, 10:47:32 AM
 #7

With regard to the generators purses question. Where is the guarantee of key generation, the developer does not receive access to the private key?

In fact there's no guarantee at all. They're all free of warranty as you'll notice at their websites.

As a pratical measure, the guarantee is the open-source code that is accessible to you to review it so that you can be assured that the app runs client-side only and is expected that you will be a smart guy that will run it offline in an air-gapped machine and will come up with VERY GOOD security measurements.

Doing that way (respecting all security procedures), developer won't have access to your (offline) generated private keys.

BitcoinTalk's Escrow Providers: Ranking & Blacklist Brainwallet & Paper Wallet projects If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor Tails Qubes OS Whonix ProtonMail Tutanota VeraCrypt PrivacyTools.io
ryanc
Member
**
Offline Offline

Activity: 101
Merit: 40


View Profile WWW
August 30, 2015, 05:44:17 PM
 #8

Regarding KDFs, I would score them on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt. I would be very surprised if someone made ASICs to try to crack Bitcoin keys generated via brainwallet or otherwise due to very large (well over a million dollars) one time costs. GPUs are likely, FPGAs may be difficult due to memory requirements.

Helpfulness of KDFs is also a little unusual because the public key computations themselves take a bit of work. For example, PBKDF2 with 64 rounds would only double the cracking cost vs a classic brainwallet.
Financisto
Hero Member
*****
Offline Offline

Activity: 556
Merit: 539




View Profile WWW
August 31, 2015, 02:12:37 AM
 #9

Regarding KDFs, I would score them on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt. I would be very surprised if someone made ASICs to try to crack Bitcoin keys generated via brainwallet or otherwise due to very large (well over a million dollars) one time costs. GPUs are likely, FPGAs may be difficult due to memory requirements.

Helpfulness of KDFs is also a little unusual because the public key computations themselves take a bit of work. For example, PBKDF2 with 64 rounds would only double the cracking cost vs a classic brainwallet.
I guess we'll adopt your approach in some way: "score them (KDFs) on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt".

I'll just need some time to think about a fair way in order to compare different types of KDFs (scrypt, bcrypt, PBKDF2) and their respective "spot instance cracking cost" or some estimation of those values.

Any further suggestions?

BitcoinTalk's Escrow Providers: Ranking & Blacklist Brainwallet & Paper Wallet projects If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor Tails Qubes OS Whonix ProtonMail Tutanota VeraCrypt PrivacyTools.io
ryanc
Member
**
Offline Offline

Activity: 101
Merit: 40


View Profile WWW
August 31, 2015, 05:22:52 AM
 #10

Any further suggestions?

Prominently mention that it's a really bad idea for people to come up with passphrases themselves and link to diceware. At least eight words.
OutCast3k
Hero Member
*****
Offline Offline

Activity: 706
Merit: 502


View Profile WWW
August 31, 2015, 10:59:43 AM
 #11

coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?

You realise that bitaddress.org also uses the same brain wallet algorithm as coinb.in, so I'm not sure why its been singled out. That being said, the next version will allow the user to select a bunch of different algorithms.

Also what third party JavaScript? Google analytics? If that actually puts you and others off I'll remove it.

*edit*: removed analytics.

coinb.in - Open Source, Multi Signature, HD Wallet and more! | Donate: 3K1oFZMks41C7qDYBsr72SYjapLqDuSYuN
ryanc
Member
**
Offline Offline

Activity: 101
Merit: 40


View Profile WWW
August 31, 2015, 03:13:50 PM
 #12

coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?

You realise that bitaddress.org also uses the same brain wallet algorithm as coinb.in, so I'm not sure why its been singled out.

bitaddress.org should also remove the brainwallet option, but it does at least require a minimum of 15 characters and warns about cracking/theft.

That being said, the next version will allow the user to select a bunch of different algorithms.

This is possibly an unpopular opinion, but offering a bunch of security choices that most people don't really understand isn't actually a good thing. What I would suggest is using WarpWallet's scheme with the salt *required* and a strong recommendation that a random passphrase be used (provide a generator). You could also provide a "classic brainwallet" option with a warning that makes it clear that it's very weak and should only be used to sweep old brainwallets.

Also what third party JavaScript? Google analytics? If that actually puts you and others off I'll remove it.

*edit*: removed analytics.

Yes, I was talking about Google Analytics. If I were a bad person and could get one SSL certificate for any site of my choosing, it would be Google Analytics - it's a super high value target because of how widely used it is.

Cloudflare is also a tremendously high value target, but I doubt arguing against it would get very far.
Financisto
Hero Member
*****
Offline Offline

Activity: 556
Merit: 539




View Profile WWW
September 01, 2015, 03:59:21 AM
 #13

UPDATE #1 of year 2015.

The ranking calculation has been changed.

Brainwallets that don't support Salt have been penalized.

Brainwallets that support KDF get different points according to the type implemented.

Multigenerators (Brainwallets, paper wallets and multisig: all-in-one) get weighted so we can compare every generator easily and fairly.

Github numbers are now "square rooted".

List updated and scores upgraded as well.

New changes may apply soon...

Keep up the good work all developers and programmers!

BitcoinTalk's Escrow Providers: Ranking & Blacklist Brainwallet & Paper Wallet projects If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor Tails Qubes OS Whonix ProtonMail Tutanota VeraCrypt PrivacyTools.io
OutCast3k
Hero Member
*****
Offline Offline

Activity: 706
Merit: 502


View Profile WWW
September 01, 2015, 05:24:31 AM
 #14

I think you miss understood why coinb.in was created, its primary a learning tool, a way to deal with multisig and build and sign raw transactions, because of this I'd be greatful if you can remove it from this list. I don't see any point in being involved in this discussion as coinb.in is being treated as a brain wallet, when its not! its much more than that and your scoring system doesn't take this into account.

For example are signatures of signed transactions RFC 6979 complient? Is TOR supported? Are stealth addresses supported? Is bip32/HD supported? Is op_return working and can that be combined with multisig? are multiple networks accepted? Is the site compatable with other leading sites? Can the site be downloaded and fully run offline, whilst still being able to create and sign transactions. Further more can you even create and sign a transaction with the other sites listed or is it purely for address generation? as i beleive all the sites listed except coinb.in have no way to actually build a transaction and spend the funds. I could go on and on and on.

Thanks and good luck.




*edited to fix typos and add a couple of points.

coinb.in - Open Source, Multi Signature, HD Wallet and more! | Donate: 3K1oFZMks41C7qDYBsr72SYjapLqDuSYuN
ryanc
Member
**
Offline Offline

Activity: 101
Merit: 40


View Profile WWW
September 01, 2015, 06:00:44 AM
 #15

For example are signatures of signed transactions RFC 6979 complient? Is TOR supported? Are stealth addresses supported? Is bip32 and HD supported? Is op_return working and can that be combined with multisig? are multiple networks accepted? Is the site compatable with other leading sites? Can the site be downloaded and fully run offline, whilst still being able to create and create and sign transactions. Can you create and sign a transaction with the other sites listed or is it purely for address generation? I could go on and on and on.

These are all excellent points.
ryanc
Member
**
Offline Offline

Activity: 101
Merit: 40


View Profile WWW
September 01, 2015, 08:54:14 PM
 #16

Thanks for putting this together.  It's nice to see brainwallet.io on the list!

I'm surprised to see bitaddress.org ranked so low.  Is theirs not considered true random?

It is random (using SJCL). It's penalized for offering classic brainwallet. I'm not sure how much the scoring methodology makes sense.
Financisto
Hero Member
*****
Offline Offline

Activity: 556
Merit: 539




View Profile WWW
September 02, 2015, 03:39:47 AM
 #17

UPDATE #2 of year 2015.

The ranking calculation has been simplified.

Brainwallets are now compared only with Brainwallets and the same goes for Paper wallets.

P.s. Although the main feature will be considered (Paper wallet OR Brainwallet) in order to fill the list, warnings may apply when there are security issues found in multigenerators (Paper wallet + Brainwallet).

Multisignature projects have been removed until I find a good way to compare them.

"Client-side" and "Offline Use" criterions were incorporated to "Security".

Added "Inclusive Web Design" (IWD).

Added "Number of cryptocurrencies supported" (CCY).

Weight (for average purpose) is now 6 for security matters.

List updated and scores upgraded as well.

* Edited:

New "Miscellaneous and related projects" added --> Bitgen; brainflayer; Coinb.in & Multi-signature P2SH

New Paper wallet generators added --> WalletGenerator.net; Liteaddress.org & ethaddress.org

BitcoinTalk's Escrow Providers: Ranking & Blacklist Brainwallet & Paper Wallet projects If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor Tails Qubes OS Whonix ProtonMail Tutanota VeraCrypt PrivacyTools.io
Financisto
Hero Member
*****
Offline Offline

Activity: 556
Merit: 539




View Profile WWW
September 15, 2015, 05:21:15 AM
 #18

Thanks for putting this together.  It's nice to see brainwallet.io on the list!

I'm surprised to see bitaddress.org ranked so low.  Is theirs not considered true random?
Those distortions have been corrected by using new calculation method.

i.e. Security features are 3x more important than collaborative development (Git points) AND Security features are 6x more important than everything else...

Maybe I'll raise that Security weight even more (to 8x OR even 10x).

Let's see how everything "behaves".

BitcoinTalk's Escrow Providers: Ranking & Blacklist Brainwallet & Paper Wallet projects If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor Tails Qubes OS Whonix ProtonMail Tutanota VeraCrypt PrivacyTools.io
bit22gen
Jr. Member
*
Offline Offline

Activity: 45
Merit: 1


View Profile
October 17, 2015, 11:01:52 PM
 #19

bitgen has been updated with KDF and salt for the brainwallet option:

http://bitcoin-gen.org/

The KDF is "Argon2", which is supposed to be improved compared to scrypt:

https://password-hashing.net/candidates.html

https://www.cryptolux.org/images/0/0d/Argon2.pdf

Financisto
Hero Member
*****
Offline Offline

Activity: 556
Merit: 539




View Profile WWW
October 19, 2015, 05:53:06 AM
 #20

Good to hear that!

I guess your brainwallet function is the first to offer Argon2 algo as an encryption option.

Congratulations!

I'm gonna update bitgen's info here as soon as I review and test your new brainwallet option.

Keep up the good work!

BitcoinTalk's Escrow Providers: Ranking & Blacklist Brainwallet & Paper Wallet projects If you think freedom matters, please help keeping these privacy projects alive (donating some coins): Tor Tails Qubes OS Whonix ProtonMail Tutanota VeraCrypt PrivacyTools.io
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!