|
|
|
"Governments are good at cutting off the heads of a centrally
controlled
networks like Napster, but pure P2P networks like Gnutella and Tor seem
to be holding their own." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
achow101
Moderator
Legendary
Offline
Activity: 3360
Merit: 6505
Just writing some code
|
80 bits of security is not considered secure. It is within the realm of practical. In cryptography terms, taking 2500 years to brute force something is weak. There's a reason you don't see anything with less than 128 bits of security actually in use for applications that need serious security.
|
|
|
|
RGBKey
|
With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words. You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces. You've got a good idea going, it could just use some improvement.
|
|
|
|
blockchainapps (OP)
Newbie
Offline
Activity: 2
Merit: 0
|
|
February 11, 2018, 10:21:39 PM |
|
With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words. You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces. You've got a good idea going, it could just use some improvement. Thank you very much for the SSS tipp and the calculation. I have tested this with https://github.com/iancoleman/shamir project. Works really fine. Maybe I can use this for my passwords. But for my ledger I am using the method above, I think this is easier for my wife , if something happens to me.
|
|
|
|
RGBKey
|
|
February 11, 2018, 10:27:39 PM |
|
With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words. You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces. You've got a good idea going, it could just use some improvement. Thank you very much for the SSS tipp and the calculation. I have tested this with https://github.com/iancoleman/shamir project. Works really fine. Maybe I can use this for my passwords. But for my ledger I am using the method above, I think this is easier for my wife , if something happens to me. That's a very valid point. Someone is very unlikely to understand how to use SSS to recreate your seed unless there are detailed instructions included with each seed (which is possible). Your strategy is still better than storing multiple copies of the full seed in different locations. There's usually a tradeoff between convenience and security, and that's very apparent here.
|
|
|
|
nicosey
|
|
February 12, 2018, 05:53:20 AM |
|
With your approach, an attacker gets access to one sheet and they have 16 out of your 24 words. This gives them a significant advantage, as they only need to brute force the remaining 8 words. To brute force 8 words, they would need to check 2048^8 possibilities, and each possibility would require 2048 HMAC-SHA512 hashes as described here. This means an attacker would need to compute at maximum (2048^8)*2048 HMAC-SHA512 hashes to find your wallet. While this is still a very large number, it's nowhere near the security provided by 24 words. That's why we use 24-word seeds instead of 8-word seeds. Even though if the entire Bitcoin network was performing HMAC-SHA512 hashes instead of SHA256, and they were all searching for your wallet seed, it would take them around 1000 years (maximum) to find your seed, that's way way less than the security provided by 24 words. You could do this much better by using Shamir's Secret Sharing. This would allow you to split up your seed into 3 pieces (or nearly as many as you like really) and require 2 (or more) pieces to put it back together. The best part about this is with SSS, an attacker having one or anywhere up to one less than the required number of pieces means nothing, as they don't know anything about your seed until they have all the required pieces. You've got a good idea going, it could just use some improvement. Thank you very much for the SSS tipp and the calculation. I have tested this with https://github.com/iancoleman/shamir project. Works really fine. Maybe I can use this for my passwords. But for my ledger I am using the method above, I think this is easier for my wife , if something happens to me. Do you leave instructions somewhere for family members?
|
|
|
|
Kakmakr
Legendary
Offline
Activity: 3430
Merit: 1957
Leading Crypto Sports Betting & Casino Platform
|
|
February 12, 2018, 07:11:30 AM |
|
I wrote a little story with my 24 words and I left a template for my relatives to figure out the pattern in this story to get the sequence of these words. Nobody will be able to figure out how this work, because they do not have the template. The story and the template are stored away from each other. < several duplicates are kept in different locations >
They cannot do anything with the template, but as soon as I am dead, they will be presented with the story and steps to follow to retrieve these coins. The people with the story, cannot do anything without the template. < They do not know what they have > ^lol^
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
spiker777
|
|
February 13, 2018, 10:40:56 AM |
|
If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18504
|
If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.
As an intensive care physician in real life, I would strongly recommended against memorizing your seed. I see people with catastrophic head injuries, sepsis, meningitis, encephalopathies, etc, etc that can lose significant portions of their memory, on a daily basis. I also see young fit people dying suddenly and unexpectedly. Whatever method you use, make sure there is a way for your loved ones to recover your coins if something like what I've mentioned above were to happen to you. Otherwise, your whole crypto journey will have been for nothing.
|
|
|
|
jtipt
|
|
February 13, 2018, 05:51:22 PM |
|
If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.
As an intensive care physician in real life, I would strongly recommended against memorizing your seed. I see people with catastrophic head injuries, sepsis, meningitis, encephalopathies, etc, etc that can lose significant portions of their memory, on a daily basis. I also see young fit people dying suddenly and unexpectedly. Even a healthy person's memory isn't good enough to memorize a set of 24 words in order for a long period of time, hell even for a short period of time it's hard. With certain techniques you might be able to remover them, like with a mnemonic paragraph but it's still not worth the risk.
|
|
|
|
tbalazs
Jr. Member
Offline
Activity: 126
Merit: 7
|
|
February 13, 2018, 05:53:44 PM |
|
If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase. You can also use something like the method of loci, or similar methods to permanently store the seed phrase in your memory. Alternatively, you can generate a seed phrase, and circle the words in sequence in a book that you own. If you want to go one step further, circle those words in invisible ink, then use a UV light to read it.
As an intensive care physician in real life, I would strongly recommended against memorizing your seed. I see people with catastrophic head injuries, sepsis, meningitis, encephalopathies, etc, etc that can lose significant portions of their memory, on a daily basis. I also see young fit people dying suddenly and unexpectedly. Even a healthy person's memory isn't good enough to memorize a set of 24 words in order for a long period of time, hell even for a short period of time it's hard. With certain techniques you might be able to remover them, like with a mnemonic paragraph but it's still not worth the risk. And what if you have any issues, your family would never have access to your money...
|
DGTX Airdrop // Crypto exchange without commission (https://digitexfutures.com/join-waitlist?kid=15JQ42/)
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3008
Welt Am Draht
|
|
February 13, 2018, 06:06:40 PM |
|
If you really want to be safe, don't store the recovery sheet anywhere, use a mnemonic system to memorize the seed phrase.
Only a nutter would attempt that. Unless you practice every single hour for the rest of one's life, at some point a word will go and then everything else will as well. As for theme of this thread, would it not be more sensible to write these things down on a plain sheet of paper rather than one that says 'LEDGER RECOVERY' at the top of it? You're probably removing rather a lot of potential disaster by at least not announcing what it is.
|
|
|
|
Samarkand
|
|
February 14, 2018, 12:30:38 PM |
|
...
As for theme of this thread, would it not be more sensible to write these things down on a plain sheet of paper rather than one that says 'LEDGER RECOVERY' at the top of it? You're probably removing rather a lot of potential disaster by at least not announcing what it is.
This probably will only decrease the potential for a disaster temporarily. If Bitcoin becomes increasingly mainstream in the future (and an introduction to Bitcoin is taught in every school) everyone will know what a mnemonic seed is. I agree that memorizing is a bad strategy if it is the only method of securing your mnemonic seed, because there are too many possible situations where you will lose parts of your memory even if you possess a world-class memory now (e.g. loss of memory due to an accident, onset of an illness like dementia ...).
|
|
|
|
|