Bitcoin Forum
November 25, 2017, 04:48:03 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: ---  (Read 1133 times)
unchi
Newbie
*
Offline Offline

Activity: 29


View Profile
---
August 19, 2015, 03:39:05 AM
 #1

---
1511585283
Hero Member
*
Offline Offline

Posts: 1511585283

View Profile Personal Message (Offline)

Ignore
1511585283
Reply with quote  #2

1511585283
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511585283
Hero Member
*
Offline Offline

Posts: 1511585283

View Profile Personal Message (Offline)

Ignore
1511585283
Reply with quote  #2

1511585283
Report to moderator
1511585283
Hero Member
*
Offline Offline

Posts: 1511585283

View Profile Personal Message (Offline)

Ignore
1511585283
Reply with quote  #2

1511585283
Report to moderator
1511585283
Hero Member
*
Offline Offline

Posts: 1511585283

View Profile Personal Message (Offline)

Ignore
1511585283
Reply with quote  #2

1511585283
Report to moderator
johoe
Full Member
***
Offline Offline

Activity: 217


View Profile
August 19, 2015, 06:24:47 AM
 #2

To brute force every 2-character alphanumeric passphrase with no salt, you would have to run the scrypt function 38.4 billion times (each with 2^16 iterations). Adding an email address as your salt could make it impractical to brute force.

In my short test, the time-consuming part (at least in the javascript implementation) seems to be the iteration of the PIN.  Now by your construction one doesn't have to brute-force this part, since computing this part for PIN=9999999 will also compute this part for all smaller PINs.

Wouldn't it be better to just append the PIN to the salt and instead increase the number of scrypt iterations until the code has roughly the same run-time as before with a seven digit PIN?

Donations to 1CF62UFWXiKqFUmgQMUby9DpEW5LXjypU3
Kazimir
Legendary
*
Offline Offline

Activity: 1134



View Profile
August 19, 2015, 08:03:10 AM
 #3

Instead of this:
 
Code:
for(n=1;n<=PIN;n++) {passphrase=sha256(passphrase+salt)}

I would do:

Code:
for (n=1; n≤PIN; n++) { passphrase = hmac_sha256(passphrase, PIN+salt) }

Or perhaps even:

Code:
key = '';
for (n=1; n≤PIN; n++) { key = hmac_sha256(key+passphrase, PIN+salt) }

And make the 216 scrypt iterations depend on PIN as well.

hmac_sha256 is stronger than just plain sha256, and mixing in the original passphrase every iteration (instead of just hashing the previous hash value) could avoid some loss of entropy.

GUI-wise I would initially only show the address, and hide the private key (WIF + QR) with a button "Show Private Key".

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
Kazimir
Legendary
*
Offline Offline

Activity: 1134



View Profile
August 19, 2015, 08:28:27 AM
 #4

By the way, just saying: https://keybase.io/warp has been around for more than a year and it seems to do a pretty decent job.

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
TheButterZone
Legendary
*
Offline Offline

Activity: 1974


Nemo me impune lacessit


View Profile WWW
August 20, 2015, 06:27:10 AM
 #5

By the way, just saying: https://keybase.io/warp has been around for more than a year and it seems to do a pretty decent job.

Scroll to the bottom of their page and they have a BTC20 wallet with an unsolved passphrase.

peligro
Hero Member
*****
Offline Offline

Activity: 596


1NoBanksLuJPXf8Sc831fPqjrRpkQPKkEA


View Profile
August 20, 2015, 05:18:39 PM
 #6

I would be already happy when a website would offer the signature verification tool. It was a very quick and easy way to copy paste a signature and check it there. Wallets and coinig need 3 times copy past, including carefully chosing the signs to copy.

I would like to have this tool. I don't need anything other that was on brainwallet.org. I guess bringing that tool online would be no risk at the moment right? So hopefully someone does.

█    █     ██    ███     ███    ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████     ███     ███    ██     █    █
..BREAKOUT COIN ..
  M U L T I C U R R E N C Y   S M A R T   C O N T R A C T S   +   S I D E C H A I N S
★     B I T C O I N T A L K   T H R E A D     |     W E B S I T E     |     T W I T T E R     |     G I T H U B     ★
.
█    █     ██    ███     ███    ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████     ███     ███    ██     █    █
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!