Bitcoin Forum
April 19, 2014, 05:02:38 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Passphrase utility  (Read 958 times)
theymos
Administrator
Hero Member
*
expert
Offline Offline

Activity: 1540


View Profile
March 03, 2013, 05:42:27 AM
 #1

I've written a little Python utility for securely creating keys (private keys, encryption keys, deterministic wallet seeds, etc.) from passphrases. It asks you for some impossible-to-forget info about yourself for use as seed to prevent hash precomputation attacks, and it hashes your passphrase over one million times to make brute-force attacks very slow.

I created this because several tools seem to be handling passphrases wrongly. brainwallet.org just does one unsalted sha256 hash of passphrases, which is terribly insecure. Electrum wants you to memorize 12 words, which is unnecessarily long. With this tool, a totally random and unique 6-word or 11-character passphrase should be secure.

I tried to make it so non-ASCII characters are hashed the same across all platforms, but I'm not sure whether I got it right. I'd be careful about using non-ASCII characters.


Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397926958
Hero Member
*
Offline Offline

Posts: 1397926958

View Profile Personal Message (Offline)

Ignore
1397926958
Reply with quote  #2

1397926958
Report to moderator
btcusr
Sr. Member
****
Offline Offline

Activity: 385


@_vjy


View Profile

Ignore
March 03, 2013, 01:56:08 PM
 #2

good one.  Smiley

I had similar idea of passphrase utility which would generate passphrase from constant webpage content, like this. I am just using wikipedia article at point of time (date / version), but it can be anything like, even a image / photo, from national geographic, picasa, or google drive, or youtube video, etc.

Stephen Gornick
Hero Member
*****
Offline Offline

Activity: 1232



View Profile WWW

Ignore
March 04, 2013, 02:49:58 AM
 #3

I've written a little Python utility

Y U NO use GitHub (or gitorius or whatever ...)?

misterbigg
Hero Member
*****
Offline Offline

Activity: 504



View Profile WWW

Ignore
March 04, 2013, 03:13:51 AM
 #4

This would be great if it was in javascript...how am I supposed to run Python? I don't have that installed on my Windows 7 machine.

nimda
Hero Member
*****
Offline Offline

Activity: 714


1Nimda | FB0D8D1534241423


View Profile WWW

Ignore
March 04, 2013, 03:36:11 AM
 #5

Why not use python 3?

BTC.sx - Leveraged Bitcoin Trading. Simply use Bitcoin to take advantage of a rising or falling Bitcoin price.
I recommend asking me for a signature from my firstbits or GPG key before doing a trade. I will NEVER deny such a request.
theymos
Administrator
Hero Member
*
expert
Offline Offline

Activity: 1540


View Profile
March 04, 2013, 04:23:09 AM
 #6

I don't have that installed on my Windows 7 machine.

Then install it...

Why not use python 3?

I was originally writing this as an patch to Electrum, but it seemed like it'd take too much time to integrate so I decided to make a standalone utility. This is also why I wrote it in Python at all (which I'm not a big fan of).

theymos
Administrator
Hero Member
*
expert
Offline Offline

Activity: 1540


View Profile
March 04, 2013, 04:38:16 AM
 #7

Y U NO use GitHub (or gitorius or whatever ...)?

https://github.com/theymos/passphrase

ThomasV
Hero Member
*****
Offline Offline

Activity: 1106



View Profile WWW

Ignore
March 19, 2013, 09:12:15 AM
 #8

I was originally writing this as an patch to Electrum, but it seemed like it'd take too much time to integrate so I decided to make a standalone utility. This is also why I wrote it in Python at all (which I'm not a big fan of).

please read my answer here: https://bitcointalk.org/index.php?topic=153990.msg1641145#msg1641145
I do not know how much entropy you get from those 6 words, but that really is the only question you should ask yourself.

Electrum: the convenience of a web wallet, without the risks
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!