Bitcoin Forum
December 13, 2017, 07:21:12 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Brain wallets generated keys mis-match?  (Read 471 times)
pawel7777
Legendary
*
Offline Offline

Activity: 1428


View Profile
December 01, 2015, 12:23:03 PM
 #1


I was just playing around with creating brain wallets and noticed that there's mismatch between addresses/keys generated from the same passphrase on 2 different sites:

pass:
Code:
The following challenges are designed

Results from bitaddress.org:
Btc address: 1BvkjqV6XV3iYTcLcFGehF5nGdpc5bthXa
Private key: 5JNcmZ365RxqGdT1dD3ZvfEAsmcfchp53JbZpWaqjCxUKcmXk1S

Results from https://keybase.io/warp (got on thas site through google search):
Btc address: 1JHoH6oSfxxWtVjR7yCPqkDiDLixWP6uDJ
Private key: 5JPhzgxYpM9eP8Nw1SbopLeSeULwXXDk3xQVuKZYon8vW7EFbvK

Why are the results different? On the latter site I left the 'salt' field blank so I assume the result would be the same.
Does it mean one of those sites is generating faulty keys, or am I missing something?

Are there any trusted sites other than bitaddress where I can cross-check passphrase results? How to make 100% sure that address/key is generated correctly?


ps. I'm very aware of all the risks/flaws attached to brainwallets, no need to lecture me on that.
1513149672
Hero Member
*
Offline Offline

Posts: 1513149672

View Profile Personal Message (Offline)

Ignore
1513149672
Reply with quote  #2

1513149672
Report to moderator
1513149672
Hero Member
*
Offline Offline

Posts: 1513149672

View Profile Personal Message (Offline)

Ignore
1513149672
Reply with quote  #2

1513149672
Report to moderator
1513149672
Hero Member
*
Offline Offline

Posts: 1513149672

View Profile Personal Message (Offline)

Ignore
1513149672
Reply with quote  #2

1513149672
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513149672
Hero Member
*
Offline Offline

Posts: 1513149672

View Profile Personal Message (Offline)

Ignore
1513149672
Reply with quote  #2

1513149672
Report to moderator
1513149672
Hero Member
*
Offline Offline

Posts: 1513149672

View Profile Personal Message (Offline)

Ignore
1513149672
Reply with quote  #2

1513149672
Report to moderator
1513149672
Hero Member
*
Offline Offline

Posts: 1513149672

View Profile Personal Message (Offline)

Ignore
1513149672
Reply with quote  #2

1513149672
Report to moderator
achow101
Moderator
Legendary
*
Offline Offline

Activity: 1246


17kKQppUsngUiByDsce4JXoZEjjpvX9bpR


View Profile WWW
December 01, 2015, 12:35:04 PM
 #2

They use different algorithms to generate the address. I don't think there is any standard way to generate a brain wallet address.

pawel7777
Legendary
*
Offline Offline

Activity: 1428


View Profile
December 01, 2015, 12:55:09 PM
 #3


OK, did some research and apparently warpwallet uses key-stretching:

Quote
They can be made a heck-of-a-lot safer with simple key-stretching. The WarpWallet runs Scrypt on your passphrase, and outputs a string in the full 256-bit keyspace. It's at least 1000x more expensive to guess a WarpWallet address than a standard brainwallet address. And if you had access to high-end scrypt-computing hardware, you're probably better off using it to mine litecoins rather than go after WarpWallets. See https://keybase.io/warp. There's a 20BTC challenge to solve an 8-letter WarpWallet passphrase that's been open for almost a month

But that kind of sucks, as apparently you not only need to remember your passphrase, but also hope that the site (you created your wallet on) won't go down. Or at least, you'd need to know which specific algo has been used to create your key in order to recreate it from the passphrase.
ranochigo
Legendary
*
Offline Offline

Activity: 1288


View Profile WWW
December 01, 2015, 01:04:55 PM
 #4


OK, did some research and apparently warpwallet uses key-stretching:

Quote
They can be made a heck-of-a-lot safer with simple key-stretching. The WarpWallet runs Scrypt on your passphrase, and outputs a string in the full 256-bit keyspace. It's at least 1000x more expensive to guess a WarpWallet address than a standard brainwallet address. And if you had access to high-end scrypt-computing hardware, you're probably better off using it to mine litecoins rather than go after WarpWallets. See https://keybase.io/warp. There's a 20BTC challenge to solve an 8-letter WarpWallet passphrase that's been open for almost a month

But that kind of sucks, as apparently you not only need to remember your passphrase, but also hope that the site (you created your wallet on) won't go down. Or at least, you'd need to know which specific algo has been used to create your key in order to recreate it from the passphrase.
You can easily download the script from the site. Even brainwallet was opensourced and so people can still use them after they went down permanently.














 

 

█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
BitBlender 

 













 















 












 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
DannyHamilton
Legendary
*
Offline Offline

Activity: 2002



View Profile
December 01, 2015, 03:46:54 PM
 #5

- snip -
you'd need to know which specific algo has been used to create your key in order to recreate it from the passphrase.

Correct.

There is no standard method of turning a passphrase into a private key.  While some methods might be a bit more secure than others (and some possible methods are horrible insecure), everyone is free to implement whatever method they like.  Therefore, if you are going to use a method, you better know what method you used (in case you lose access to the tool you used).

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!