Bitcoin Forum
January 20, 2019, 08:27:34 AM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: stringwallet  (Read 295 times)
piotr_n
Legendary
*
Offline Offline

Activity: 1960
Merit: 1039


aka tonikt


View Profile WWW
January 01, 2018, 09:07:53 PM
 #21

C Human phrases are in fact recognized and accepted as bad idea. Time to break these phrases is the proof not opinion

Sorry. You're obviously not going to change your dogmatic rhetoric, whilst I am not interested in debating non science on this forum.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
1547972854
Hero Member
*
Offline Offline

Posts: 1547972854

View Profile Personal Message (Offline)

Ignore
1547972854
Reply with quote  #2

1547972854
Report to moderator
1547972854
Hero Member
*
Offline Offline

Posts: 1547972854

View Profile Personal Message (Offline)

Ignore
1547972854
Reply with quote  #2

1547972854
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1547972854
Hero Member
*
Offline Offline

Posts: 1547972854

View Profile Personal Message (Offline)

Ignore
1547972854
Reply with quote  #2

1547972854
Report to moderator
Spendulus
Legendary
*
Offline Offline

Activity: 2128
Merit: 1138



View Profile
January 01, 2018, 09:12:18 PM
 #22

....

they don't give the answer because they don't have any - that's the kind of 'experts' they are.
for me, they are just full of shit - what they do has zero to do with science and 100% to do with their beliefs driven by a subjective perception.

seriously, I am not aware of any hacking tool, or even a serious theoretical paper, that would successfully address a problem of brute forcing original sentences made by a human brain. make an original sentence (one that you can't just google) of ~20 words and I am betting all my bitcoins that no man armed with the fastest computer is going to brute force it before we both die......

That's your subjective perception.

Try this view.

Take 1000 humans, ask each of them to generate some phrase / sentence that will be used for "a password."

Now take the results, the 1000 sentences, and submit them to brute force attacks using English grammar and a million or so common phrases. I wager we break 10 within a couple of weeks.

That's unacceptable, right?



piotr_n
Legendary
*
Offline Offline

Activity: 1960
Merit: 1039


aka tonikt


View Profile WWW
January 01, 2018, 09:19:24 PM
 #23

....

they don't give the answer because they don't have any - that's the kind of 'experts' they are.
for me, they are just full of shit - what they do has zero to do with science and 100% to do with their beliefs driven by a subjective perception.

seriously, I am not aware of any hacking tool, or even a serious theoretical paper, that would successfully address a problem of brute forcing original sentences made by a human brain. make an original sentence (one that you can't just google) of ~20 words and I am betting all my bitcoins that no man armed with the fastest computer is going to brute force it before we both die......

That's your subjective perception.

Try this view.

Take 1000 humans, ask each of them to generate some phrase / sentence that will be used for "a password."

Now take the results, the 1000 sentences, and submit them to brute force attacks using English grammar and a million or so common phrases. I wager we break 10 within a couple of weeks.

Give them some time (e.g. one week) to create this password.

That's unacceptable, right?

How about you try this.

Take 1000 humans, ask each of them to generate some phrase / sentence that will be used for "a password."

Tell them that the sentence may be as long as they like, but you have a very powerful computer that will try to guess the password they came out with.

Also tell them that if the computer will not guess their password in 1 year, but they still remember it, then they will be rewarded with $1000000.

Now, good luck with cracking that! Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
piotr_n
Legendary
*
Offline Offline

Activity: 1960
Merit: 1039


aka tonikt


View Profile WWW
January 01, 2018, 09:25:41 PM
 #24

Also, I would like to say once again that when you say "submit them to brute force attacks using English grammar and a million or so common phrases", you don't really know what you are saying.

I mean "million or so common phrases" - fine, you can probably find "million or so common phrases", from books, magazines, news articles, and films..
But WTF does it mean "brute force attacks using English grammar"? It is a meaningless term. There is no such thing!

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
HeRetiK
Hero Member
*****
Offline Offline

Activity: 980
Merit: 904


the forkings will continue until morale improves


View Profile
January 01, 2018, 09:50:49 PM
 #25

I'd still argue that this recommendation was aimed at the general populace that is notoriously bad at creating sufficiently secure passwords and passphrases. And I think there's enough evidence for that Smiley
sure, I understand that.

but we are abstracting here from the fact that if the "general populace" is bad at creating sufficiently secure passwords, then it is quite likely also bad at securing the copies of their wallet's secret files.

so if they were consistent in heir recommendations, they should basically recommend everyone to stay away form bitcoin. but they don't - they only recommend to not use brain wallets, like it was the very thing that is going to save an idiot from loosing his coins.

The most common recommendation nowadays is to just get a hardware wallet. Which in my opinion offer an excellent combination of security and usability. They are fairly idiot-safe, so to speak Smiley


[...]

But WTF does it mean "brute force attacks using English grammar"? It is a meaningless term. There is no such thing!

I guess Spendulus refers to using machine learning and / or neural networks trained on English syntax and semantics for creating lists of phrases that are more likely to be used for a brain wallet than others. Seems unviable without a sufficiently large set of existing passphrases to train the network on though.

piotr_n
Legendary
*
Offline Offline

Activity: 1960
Merit: 1039


aka tonikt


View Profile WWW
January 01, 2018, 09:55:30 PM
 #26

The most common recommendation nowadays is to just get a hardware wallet. Which in my opinion offer an excellent combination of security and usability. They are fairly idiot-safe, so to speak Smiley
they also need backups.
and can be hacked (private key extracted) once the attacker gets his hands in the physical device itself.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Spendulus
Legendary
*
Offline Offline

Activity: 2128
Merit: 1138



View Profile
January 01, 2018, 09:56:36 PM
 #27

Also, I would like to say once again that when you say "submit them to brute force attacks using English grammar and a million or so common phrases", you don't really know what you are saying.

I mean "million or so common phrases" - fine, you can probably find "million or so common phrases", from books, magazines, news articles, and films..
But WTF does it mean "brute force attacks using English grammar"? It is a meaningless term. There is no such thing!

Such things as looking for the most common symbol, tagging it as the letter "e."
 
BTCrecover has many examples of incorporating English grammar into password cracking. How many examples would you like?
bigvito19
Full Member
***
Offline Offline

Activity: 408
Merit: 100


Trade Assets, Trade Crypto, Trade Ideas


View Profile WWW
January 01, 2018, 10:02:51 PM
 #28

good luck with brainwallet

Trade Nexi  Trade Nexi Market     
Trade Nexi is a total eCommerce project focused on creating commercially viable on-chain–off-chain linked solutions.
Spendulus
Legendary
*
Offline Offline

Activity: 2128
Merit: 1138



View Profile
January 01, 2018, 10:04:24 PM
 #29

....

they don't give the answer because they don't have any - that's the kind of 'experts' they are.
for me, they are just full of shit - what they do has zero to do with science and 100% to do with their beliefs driven by a subjective perception.

seriously, I am not aware of any hacking tool, or even a serious theoretical paper, that would successfully address a problem of brute forcing original sentences made by a human brain. make an original sentence (one that you can't just google) of ~20 words and I am betting all my bitcoins that no man armed with the fastest computer is going to brute force it before we both die......

That's your subjective perception.

Try this view.

Take 1000 humans, ask each of them to generate some phrase / sentence that will be used for "a password."

Now take the results, the 1000 sentences, and submit them to brute force attacks using English grammar and a million or so common phrases. I wager we break 10 within a couple of weeks.

Give them some time (e.g. one week) to create this password.

That's unacceptable, right?

How about you try this.

Take 1000 humans, ask each of them to generate some phrase / sentence that will be used for "a password."

Tell them that the sentence may be as long as they like, but you have a very powerful computer that will try to guess the password they came out with.

Also tell them that if the computer will not guess their password in 1 year, but they still remember it, then they will be rewarded with $1000000.

Now, good luck with cracking that! Smiley
Well, now you are shifting the goal post from your prior argument of "some English sentence with 20 words."

It's easy to show that

So what is your argument?



A. That self-selected, human generated phrases within a certain length "might or could be" safe from attack?

B. Or that they "are safe from attack?"

(A) nobody would disagree.

(B) is not defensible without narrowly constricting the domain and the premises.
HeRetiK
Hero Member
*****
Offline Offline

Activity: 980
Merit: 904


the forkings will continue until morale improves


View Profile
January 01, 2018, 11:14:15 PM
 #30

The most common recommendation nowadays is to just get a hardware wallet. Which in my opinion offer an excellent combination of security and usability. They are fairly idiot-safe, so to speak Smiley
they also need backups.
and can be hacked (private key extracted) once the attacker gets his hands in the physical device itself.

The main objective when it comes to securing Bitcoin has been to be safe of online attacks. Hardware wallets are the most secure in this regard, even assuming physical backups. Which are not even necessary, should one memorize their seed.

Regarding physical attacks -- I'm not sure if you have followed Trezor, but they have a great track record of thwarting physical attack vectors. In other words, the physical extraction of private keys from a Trezor is currently a purely academic question. The many eyes principle has worked exceptionally well in this case. I reckon that Ledger is in a similar position, however I don't follow them quite as closely.

Even should an attacker get their hands on your wallet seed, there's still the user defined passphrase to break -- which in terms of complexity can be that of a brainwallet. So the security of a hardware wallet is that of a brainwallet -- plus 24 seed words.

piotr_n
Legendary
*
Offline Offline

Activity: 1960
Merit: 1039


aka tonikt


View Profile WWW
January 02, 2018, 02:44:40 AM
Last edit: January 02, 2018, 03:12:25 AM by piotr_n
 #31

Regarding physical attacks -- I'm not sure if you have followed Trezor, but they have a great track record of thwarting physical attack vectors. In other words, the physical extraction of private keys from a Trezor is currently a purely academic question. The many eyes principle has worked exceptionally well in this case. I reckon that Ledger is in a similar position, however I don't follow them quite as closely.

Nee. Who told you that?

Getting a private key out of trezor is kind of trivial as the device doesn't even use any kind of a secure hardware.
See here for example: https://jochen-hoenicke.de/trezor-power-analysis/ - this is without even opening the case!

Ledger is harder as it uses ST secure chip, and the cost of peeling the layers of silicon to get into the memory is estimated at $300k or so.
But it also can be done - it has been done. There are even videos on Youtube of people dumping the entire memory of the chip.

The science of hacking (secure) chips is an actual science and is far more advanced than the non existing science of hacking brain wallets.
Like take this presentation for instance - that's from 2010: https://www.youtube.com/watch?v=62DGIUpscnY - see what he has done here? This is what I call hacking, not the bloody brain wallet hacking charlatans who just make empty claims without proving shit.

Anyway.
If you think that a hardware wallet is secure but a brain wallet isn't - it only shows how much you have been brainwashed by the brain wallet pseudo-scientists and how much they made you to loose touch with the reality. In reality everything can be hacked. And personally I am quite sure that any of the hardware wallet on the market is easier/cheaper to hack than my brain. Can't speak for your though Smiley

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Yabuy92
Full Member
***
Offline Offline

Activity: 389
Merit: 100



View Profile WWW
January 02, 2018, 06:27:15 AM
 #32

Hi guys,

during christmas I was thinking about a way to produce my own brainwallets. You find the code below

https://github.com/curiosity81/brainwallet.

Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.
Is it true....
as much as using the brain wallet is not safe, research on the implementation of brain wallet and find a gap in the brain wallet. because the process to make the brainwallet itself is quite simple.

LoyceV
Legendary
*
Offline Offline

Activity: 1372
Merit: 2639


Self-made Legendary!


View Profile WWW
January 02, 2018, 10:22:36 AM
 #33

yeah.. I've read that "general recommendation" and none of the people who stand behind them is actually able to give me an answer on how exactly would they approach a brute forcing of a complex passphrase - one that is not just a word or a phrase from a dictionary.
~
seriously, I am not aware of any hacking tool, or even a serious theoretical paper, that would successfully address a problem of brute forcing original sentences made by a human brain. make an original sentence (one that you can't just google) of ~20 words and I am betting all my bitcoins that no man armed with the fastest computer is going to brute force it before we both die.
A agree with you, but I also agree with the general statement that most users should stay away from brainwallets. If you know what you're doing, it can be safe. All that's left is to keep your identity secret, so the passphrase can't be tortured out of you.

Take 1000 humans, ask each of them to generate some phrase / sentence that will be used for "a password."

Tell them that the sentence may be as long as they like, but you have a very powerful computer that will try to guess the password they came out with.

Also tell them that if the computer will not guess their password in 1 year, but they still remember it, then they will be rewarded with $1000000.
I expect most of those 1000 humans to quickly write down their phrase the moment you stop observing them in your little experiment. Your powerful computer won't find it, but a neighbour can.

From my own experience, I can remember some very long passwords, and I've known them for many years. But adding a new password to my "brain list" is very difficult and takes a very long time to completely rely on my memory to reproduce it. It gets even worse if I want to use 10 different wallets.


Last year user ArcCsch had an idea for brainwallets: Brain wallet, step-by-step guide (FIXED!)[Mod note: DO NOT USE BRAINWALLETS]. He uses a two-step brainwallet with BIP38 in between. Even though the title got adjusted to a big fat warning, the very heavy BIP38 encryption makes it much harder to brute-force than normal brain wallets.

curiosity81
Legendary
*
Offline Offline

Activity: 1778
Merit: 1059



View Profile
January 02, 2018, 10:54:49 AM
 #34

Probably the expression "brainwallet" is badly chosen anyway. Because a good brainwallet is similarly bad to remember like a complex password. Nevertheless, it might be possible to generate a story around the words so that they become more easily to remember.

Clearly, using a sentence from a book or similar and adding or replacing characters can make the brainwallet harder to break. Combined with a weird and high number of hashing rounds. Even though keys can be collected in each round.

Using a hardware wallet is a good idea for speculation, I think, if you need to store and shift around funds. But also those wallets implement brainwallets / seed sentences. So the difference is not big.

If you are paranoid enough, you would never use a hardware wallet from some manufacturer. Firstly, the hardware can break. Secondly, the hardware can be manipulated. Not necessarily by the manufacturer, but during shipment (except you buy it directly in a shop without providing your identity). Thirdly, the seed sentence can be stolen.

I do not claim, that my code is fast / perfect / bug free. Keep that in mind!

But for a coldwallet, I would claim that a "brainwallet" with a complex passphrase / seed is the best choice. Clearly, it is a method not suitable for the average user. Users should know what they do. And I admit, that I am not fully sure, that everything is implemented correctly. Therefore, the project is open source for erveryone. So that it can be corrected.

          ▄▄██▄▄
      ▄▄██████████▄▄
  ▄▄██████▀▀  ▀▀██████▄▄

███████▀          ▀███████
████       ▄▄▄▄     ▄█████
████     ███████▄▄██████▀
████     ██████████████
████     ████████▀██████▄
████       ▀▀▀▀     ▀█████
███████▄          ▄███████
  ▀▀██████▄▄  ▄▄██████▀▀
      ▀▀██████████▀▀
          ▀▀██▀▀
COINVEST
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
WEBSITE  ●  WHITEPAPER  ●  DEMO
ANN  ●  TELEGRAM  ●  BLOG

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ▄▄█████████▄▄
    ▄██████▀▀▀▀▀██████▄
  ▄████▀▀         ▀▀████▄
 ▄████    ▄▄███▄▄    ████▄
▄████  ▄███▀▀ ▀▀███▄  ████▄
████   ██▌  ▄▄▄  ███   ████
████   ██▌ ▐███████    ████
████   ██▌  ▀▀▀  ███   ████
▀████  ▀███▄▄ ▄▄███▀  ████▀

 ▀████    ▀▀███▀▀    ████▀
  ▀████▄▄         ▄▄████▀

    ▀██████▄▄▄▄▄██████▀
       ▀▀█████████▀▀
COINTOKEN
LoyceV
Legendary
*
Offline Offline

Activity: 1372
Merit: 2639


Self-made Legendary!


View Profile WWW
January 02, 2018, 11:52:47 AM
Last edit: January 02, 2018, 05:50:20 PM by LoyceV
 #35

Clearly, using a sentence from a book or similar and adding or replacing characters can make the brainwallet harder to break. Combined with a weird and high number of hashing rounds. Even though keys can be collected in each round.
Speed Optimizations in Bitcoin Key Recovery Attacks gives examples of the passwords the researchers cracked. I think most people would consider {1summer2leo3phoebe to be quite strong.

Quote
If you are paranoid enough, you would never use a hardware wallet from some manufacturer. Firstly, the hardware can break. Secondly, the hardware can be manipulated. Not necessarily by the manufacturer, but during shipment (except you buy it directly in a shop without providing your identity). Thirdly, the seed sentence can be stolen.
I don't worry about your First concern, because of the recovery seed. The Third concern is a risk similar to paper wallets, but it's the Second concern that has until now stopped me from getting a hardware wallet. No matter how much the manufacturer is trusted, a hardware wallet is a black box to me, and I can't possibly check how it generates it's seed phrases.

Quote
But for a coldwallet, I would claim that a "brainwallet" with a complex passphrase / seed is the best choice.
I wouldn't trust my own memory to be able to reproduce the password after (say) 20 years. Most of my long passwords are used on a daily basis, so they're easy to remember. The brainwallet needs to have a unique password, and if I don't use a password for a very long time, chances are I forget part of it.

HeRetiK
Hero Member
*****
Offline Offline

Activity: 980
Merit: 904


the forkings will continue until morale improves


View Profile
January 02, 2018, 01:07:41 PM
 #36

Regarding physical attacks -- I'm not sure if you have followed Trezor, but they have a great track record of thwarting physical attack vectors. In other words, the physical extraction of private keys from a Trezor is currently a purely academic question. The many eyes principle has worked exceptionally well in this case. I reckon that Ledger is in a similar position, however I don't follow them quite as closely.

Nee. Who told you that?

Getting a private key out of trezor is kind of trivial as the device doesn't even use any kind of a secure hardware.
See here for example: https://jochen-hoenicke.de/trezor-power-analysis/ - this is without even opening the case!

That's actually one of the physical attacks that I was referring to, and it is one of the vulnerabilities that got fixed early on. It even says so in the conclusion.


Ledger is harder as it uses ST secure chip, and the cost of peeling the layers of silicon to get into the memory is estimated at $300k or so.
But it also can be done - it has been done. There are even videos on Youtube of people dumping the entire memory of the chip.

The science of hacking (secure) chips is an actual science and is far more advanced than the non existing science of hacking brain wallets.
Like take this presentation for instance - that's from 2010: https://www.youtube.com/watch?v=62DGIUpscnY - see what he has done here? This is what I call hacking, not the bloody brain wallet hacking charlatans who just make empty claims without proving shit.

I'm not saying it's impossible to extract the private key from a hardware wallet, I'm just saying it's an academic exercise rather than a practical attack. If you have videos / articles on data extraction at the hardware level for current generations, or more precisely the chips that Trezor / Ledger are using, I'd love to see them (not being sarcastic, just being honestly curious). Smartcard hacks from 2010 are interesting for historical purposes, but likely not as relevant today.

And as mentioned above, this is ignoring the custom passphrase that acts as the 25th seed word. Which by itself already can have the complexity of a brainwallet passphrase. And that this passphrase can be hardly be extracted from your biological brain is something we both agree on. Apart from the $5 wrench attack of course Wink


Anyway.
If you think that a hardware wallet is secure but a brain wallet isn't - it only shows how much you have been brainwashed by the brain wallet pseudo-scientists and how much they made you to loose touch with the reality. In reality everything can be hacked. And personally I am quite sure that any of the hardware wallet on the market is easier/cheaper to hack than my brain. Can't speak for your though Smiley

I never said that brain wallets aren't secure if you know what you're doing Smiley

All I'm saying is that hardware wallets are easier to secure for the average user, which makes them the better recommendation for the general populace.

(and that hardware wallets are more secure than brainwallets in that they extend the passphrase that is stored in your brain by 24 randomly selected seed words)

curiosity81
Legendary
*
Offline Offline

Activity: 1778
Merit: 1059



View Profile
January 02, 2018, 02:49:04 PM
Last edit: January 02, 2018, 03:13:45 PM by curiosity81
 #37

Clearly, using a sentence from a book or similar and adding or replacing characters can make the brainwallet harder to break. Combined with a weird and high number of hashing rounds. Even though keys can be collected in each round.
Speed Optimizations in Bitcoin Key Recovery Attacks gives examples of the passwords the researchers cracked. I think most people would consider {1summer2leo3phoebe to be quite strong.

I do not think, that this is a secure seed. Take numbers from 1 to 1000 and 100.000 possible words. Then you have roughly 100*(1000^3)*(100.000^3) = 10^26 = 2^86 possibilites if you sample with replacement (I count the "{" as character from the set of all printable character using a standard keyboard, I think there were roughly 100). And in this example the order and alternation is not considered. This is definitely too few. Especially, since you can order the words in a dictionary by their usage since some words are more likely to be used by humans. Moreover, an attacker would compute the key pairs once, maybe with optimized hardware. Each such brainwallet would be robbed in no time.

Quote
Quote
If you are paranoid enough, you would never use a hardware wallet from some manufacturer. Firstly, the hardware can break. Secondly, the hardware can be manipulated. Not necessarily by the manufacturer, but during shipment (except you buy it directly in a shop without providing your identity). Thirdly, the seed sentence can be stolen.
I don't worry about your FIrst concern, because of the recovery seed. The Third concern is a risk similar to paper wallets, but it's the Second concern that has until now stopped me from getting a hardware wallet. No matter how much the manufacturer is trusted, a hardware wallet is a black box to me, and I can't possibly check how it generates it's seed phrases.

ACK. But, even if your hardware wallet almost never breaks, the law of big numbers dictates, that one will break within a few years, provided enough such wallets exit. My concern is, that at some point in time, the hardware is not supported anymore. What, if someone passes the hardware wallet to his / her children or grandchildren, but the computers have no usb-port anymore. Today, who has a working floppy disk drive at home. And floppy disk drives were relatively common around 2000, even though not state of the art these days. Even today CD/DVD-devices are not standard anymore.

I would prefer a system which follows the KISS-principle (KISS = Keep It Simple Stupid) for long term archiving: Firstly, the code should reproducible easily. I am not sure, if the bash is perfect for this. But I like it, since most algorithms are already developed by experts and available on a standard linux system. They only have to be plugged together. Secondly, code should be easy to understand (which might be a little bit contradictory with respect to bash-syntax). (In my case, comments are still missing in some scripts in the moment. And code is not uniformly yet with respect to mathematical computations.) But it should be possible to print out the scripts and the linux version used and archive it in a bookcase or similar. Much better would it be if it can be carved in stone or glas.

Yes, one could argue, that Bitcoin might be obsolescent in a few years. But this is no counter-argument against secure long term archiving.

Quote
Quote
But for a coldwallet, I would claim that a "brainwallet" with a complex passphrase / seed is the best choice.
I wouldn't trust my own memory to be able to reproduce the password after (say) 20 years. Most of my long passwords are used on a daily basis, so they're easy to remember. The brainwallet needs to have a unique password, and if I don't use a password for a very long time, chances are I forget part of it.

I think, that it is not possible to remember a strong passphrase, if you do not use it daily. Thus, you must think about a secure way to archive it. Some non digital method similar to 2FA.

          ▄▄██▄▄
      ▄▄██████████▄▄
  ▄▄██████▀▀  ▀▀██████▄▄

███████▀          ▀███████
████       ▄▄▄▄     ▄█████
████     ███████▄▄██████▀
████     ██████████████
████     ████████▀██████▄
████       ▀▀▀▀     ▀█████
███████▄          ▄███████
  ▀▀██████▄▄  ▄▄██████▀▀
      ▀▀██████████▀▀
          ▀▀██▀▀
COINVEST
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
WEBSITE  ●  WHITEPAPER  ●  DEMO
ANN  ●  TELEGRAM  ●  BLOG

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ▄▄█████████▄▄
    ▄██████▀▀▀▀▀██████▄
  ▄████▀▀         ▀▀████▄
 ▄████    ▄▄███▄▄    ████▄
▄████  ▄███▀▀ ▀▀███▄  ████▄
████   ██▌  ▄▄▄  ███   ████
████   ██▌ ▐███████    ████
████   ██▌  ▀▀▀  ███   ████
▀████  ▀███▄▄ ▄▄███▀  ████▀

 ▀████    ▀▀███▀▀    ████▀
  ▀████▄▄         ▄▄████▀

    ▀██████▄▄▄▄▄██████▀
       ▀▀█████████▀▀
COINTOKEN
HeRetiK
Hero Member
*****
Offline Offline

Activity: 980
Merit: 904


the forkings will continue until morale improves


View Profile
January 02, 2018, 05:33:32 PM
 #38

[...]

ACK. But, even if your hardware wallet almost never breaks, the law of big numbers dictates, that one will break within a few years, provided enough such wallets exit. My concern is, that at some point in time, the hardware is not supported anymore. What, if someone passes the hardware wallet to his / her children or grandchildren, but the computers have no usb-port anymore. Today, who has a working floppy disk drive at home. And floppy disk drives were relatively common around 2000, even though not state of the art these days. Even today CD/DVD-devices are not standard anymore.

I would prefer a system which follows the KISS-principle (KISS = Keep It Simple Stupid) for long term archiving: Firstly, the code should reproducible easily. I am not sure, if the bash is perfect for this. But I like it, since most algorithms are already developed by experts and available on a standard linux system. They only have to be plugged together. Secondly, code should be easy to understand (which might be a little bit contradictory with respect to bash-syntax). (In my case, comments are still missing in some scripts in the moment. And code is not uniformly yet with respect to mathematical computations.) But it should be possible to print out the scripts and the linux version used and archive it in a bookcase or similar. Much better would it be if it can be carved in stone or glas.

Yes, one could argue, that Bitcoin might be obsolescent in a few years. But this is no counter-argument against secure long term archiving.

[...]

Regarding hardware breakage and obsolescence: Hardware wallets follow an industry standard (or whatever you may call it in our ecosystem) as far as seed words and private key derivation is concerned. This enables recovery of hardware wallets using software wallets such as Electrum.

Worst case you can still run a virtual machine / emulator once Electrum reaches end of life and is not supported by modern operating systems anymore. Best case you have other implementations to choose from, which will likely be the case since the private key derivation scheme used by current hardware wallets is an open standard.

Granted, it requires more code than just deriving a single private key from a complex passphrase, but at least to me this looks like a reasonable approach at securing Bitcoin wallets for the foreseeable future.

Mnemonic recovery seeds:
https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

Deterministic private key derivation:
https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki

nullius
Copper Member
Full Member
***
Offline Offline

Activity: 168
Merit: 770


Help! I’ve got the Pleurodelinaemia! @nym.zone


View Profile WWW
January 02, 2018, 05:35:37 PM
 #39

Preface

Brainwallet fans, I’ll tell you what:  Why don’t you generate a 12-word BIP 39 mnemonic representing a piddling 128 bits off /dev/urandom, then “secure” it with a BIP 39 passphrase consisting of the very mostest unguessablist sentence your oh so creative mind can imagine.  You will feel better; and yet despite your own desire for foot-shooting, you will be secured by 128 bits of entropy.  Sound fair?

On second thought, no.  Don’t do what I just said.  If you are so stupid as to use a “brainwallet”, then others deserve that money more than you do.  My sincere advice is to use the brainwallet.



curiosity81, it seems (at a glance) that you are deploying a word generator generated from a decent (i.e. non-human) source of randomness.  Not a syntactically valid phrase, not something the user comes up with, not something from a book you cross your fingers and hope to be really obscure.  Not what most people call a “brainwallet”.

That raises an obvious question, which I must ask out of—curiosity:  Why don’t you simply use BIP 39?  It was developed by the same experts whose security acumen you trust when you use Bitcoin anyway.  Its wordlists were developed with human use in mind, e.g., all words on the English wordlist are unique within the first four characters.  And it will perfectly encode 128–256 bits of randomness in 12–24 words, without any of the pitfalls of trying to develop your own word randomization scheme.

With your wordlist, I presume not tuned to a power of 2, did you avoid the common mistake of introducing modulo bias?  (I did not review your code.)  Does your wordlist exclude similar, confusable words?  (I am guessing not.)  Etc.

In that context, this:

I would prefer a system which follows the KISS-principle (KISS = Keep It Simple Stupid) for long term archiving: Firstly, the code should reproducible easily. I am not sure, if the bash is perfect for this. But I like it, since most algorithms are already developed by experts and available on a standard linux system. They only have to be plugged together. Secondly, code should be easy to understand (which might be a little bit contradictory with respect to bash-syntax). (In my case, comments are still missing in some scripts in the moment. And code is not uniformly yet with respect to mathematical computations.) But it should be possible to print out the scripts and the linux version used and archive it in a bookcase or similar. Much better would it be if it can be carved in stone or glas.

...makes it irresistable for me to plug my own utility (red highlight added):

I have released an initial version of the easyseed(1) utility for secure generation of BIP 39 mnemonic seed phrases.  As any worthwhile software, it comes replete with a manpage, q.v.  It generates mnemonic phrases in these languages and writing systems:

  • Chinese (Simplified) (汉语)
  • Chinese (Traditional) (漢語)
  • English [default]
  • French (Français)
  • Italian (Italiano)
  • Japanese (日本語)
  • Korean (한국어)
  • Spanish (Español)

My original motivation for writing this was that I needed a lightweight, reliable BIP 39 seed phrase generator with easily auditable sources and minimal dependencies for use on a stripped-down airgap machine.  The source code is short, easy to read, and lovingly commented; it can be readily understood by anybody with a basic knowledge of the C programming language.  Its only dependencies are cc(1), make(1), and a library SHA256 implementation—available on most platforms via libcrypto or otherwise.

It’s admittedly growing a little bit more complex—with much of the complexity being in self-testing code.  However, I have a priority to keep it auditable and avoid external dependencies.  I still need to add the seed output, which per BIP 39 requires normalization of phrases to Unicode NFKD; no, I will not link ICU!  I’m working on a solution to that.


Quick comments on a skim down the thread:

seriously, I am not aware of any hacking tool, or even a serious theoretical paper, that would successfully address a problem of brute forcing original sentences made by a human brain. make an original sentence (one that you can't just google) of ~20 words and I am betting all my bitcoins that no man armed with the fastest computer is going to brute force it before we both die.

if I wanted to crack brain wallets, I'd rather put my effort in finding a way to calculate the EC-private key from the EC-public, rather than try to brute force a creativity (or insanity) of a human brain. the first one not only seems less complex and more straight forward to me, but (most of all) it would then crack all the wallets :)

C Human phrases are in fact recognized and accepted as bad idea. Time to break these phrases is the proof not opinion

Sorry. You're obviously not going to change your dogmatic rhetoric, whilst I am not interested in debating non science on this forum.

(And more posts like this.)

piotr_n, you have no idea what you’re talking about.  A human-made natural language phrase is a horrible, stupid idea.  I don’t care how creative you claim to be, or how much you bluster about how amazingly scientific you are (versus all the people who know more than you about this subject).

You are giving bad advice which will get somebody hurt; and from how you’re talking, it’s evident that you will then turn around and say they didn’t do it right, like you could.  How very kind of you.


You'll likely have to use a combination of different hashes in varying rounds (eg., 10x Sha256 => 2x Scrypt => Bcrypt => etc) requiring an attacker to reproduce your exact hashing steps. Let's not forget that anyone who is scanning for brainwallets has a lot of time to do so and thus can account for multiple hashing rounds as well.

Question being, whether a simple obfuscation algorithm that can be done in your head or with a piece of paper is sufficient, as opposed to a computer-supported one. Unless you can mentally sha256 :P

Given the amount of possible simple obfuscation algorithms I guess one can achieve sufficient security without computer support, assuming you don't rely on any well known methods (rot13 anyone?). In other words, this could be a use case where rolling your own "crypto" and security by obscurity might be a good thing.

Using the word “algorithm” loosely, if you can’t design an algorithm which remains secure when your adversary knows it, then you will certainly be unable to design an algorithm which is secure when “unknown”.

Note the subtle difference from what you usually hear.

xcoinbrkr
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
January 02, 2018, 06:06:18 PM
 #40

No data stays secret for ever.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!