flatfly (OP)
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
October 10, 2013, 06:04:22 PM Last edit: November 22, 2013, 07:23:58 PM by flatfly |
|
NoBrainr is a little command-line tool that is meant to do only one thing: easily create secure offline addresses with strong yet easy-to-remember private keys, suitable for brain wallets and paper wallets (cold storage.) Classic 7-word mode: Wed 11/20/2013 1:23:27.40> nb_create 1J8QaLPakjqd2yUraHwcehmqnjMgCfiy49 == cream lift usher sliver flux poses husk Wed 11/20/2013 1:23:29.12> nb_create 15iKriJFiNUYwfdUyQ2UPTD9e5EAFDgcus == runes scold ghetto clicks ditch rafts panda Wed 11/20/2013 1:23:30.89> nb_create 1M8uEahVymjwQNquCHnEYN1dCAcHL31dsi == dice barks green pitch tamper snowy cost Wed 11/20/2013 1:23:32.71> nb_create 1G2YmiFZmhrQvvCPapTSXLoXF6Dm6FVWSm == fonts night lab! canon atop dx madly
Physical-dice (uber-paranoid) mode: Wed 11/20/2013 1:25:59.23> nb_create 56231 15421 11454 23665 42325 66242 15524 17nBfyTPeDHZcLXToxCYvLXQXKxJzd8ULj == taint burma aha easy mj prayer well!
Main features: - makes strong AND easy-to-remember passphrases (bit strength can easily be modified, if needed) - 100% open source and SHORT source code (as in, less than 1024 bytes!) - extremely easy to review - runs 100% offline (standard Python 2.x) - supports 2 generation modes: from /dev/urandom OR physical dice! - cross platform: successfully tested on Windows, Linux, OS X, Android and Raspberry Pi Note: For high amounts, it is strongly recommended to print and save a copy of the passphrase in a secure place (such as a personal or bank vault), to mitigate the risk of forgetting your passphrase after a few months/years. Downloads on our web page: http://trax.x10.mx/Hopefully this will help people create safer brainwallets. Feel free to suggest any improvements. Also, any tips/donations are welcome and will encourage further script and wordlist updates. Thanks! Donation address: 1111127SpvabYpoeDoiz5L7QPkfiSh2Q Credits: Idea and implementation: svenfaw Packaging and distribution: flatfly Portions of code: jeromes
|
|
|
|
virtualmaster
|
|
October 10, 2013, 10:35:38 PM |
|
NoBrainr is a new little tool to create hack-proof brainwallets. Main features: - makes 90-bit strong easy-to-remember passphrases - 100% open source - cross platform Hopefully this will help people create safer brainwallets. More details and downloads at the my web page: http://trax.x10.mx/We'd love to have some feedback, so Feel free to play with it, review it and suggest any improvements. I will try it. Thanks
|
|
|
|
flatfly (OP)
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
October 11, 2013, 09:13:57 AM Last edit: October 11, 2013, 12:01:05 PM by flatfly |
|
V1.03 is out, fixing the line endings issue (OSX, Linux) reported on Reddit, and a minor edge case.
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3668
Merit: 1579
|
|
October 11, 2013, 09:29:12 AM |
|
The word list could use some improvement. It has letters and symbols in it too.
|
|
|
|
flatfly (OP)
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
October 11, 2013, 12:05:26 PM Last edit: November 05, 2013, 06:58:09 AM by flatfly |
|
The word list could use some improvement. It has letters and symbols in it too.
The word list is based on the standard diceware word list. Take a look at their FAQ: http://world.std.com/~reinhold/dicewarefaq.html#meaninglessKeep in mind the major benefit of a xkcd/diceware-like approach is to generate passphrases with constant and guaranteed bit strength (which we view as a very important feature. ) We have tweaked the word list a little bit, removing some of the most offensive or least common words.
|
|
|
|
favdesu
Legendary
Offline
Activity: 1764
Merit: 1000
|
|
October 11, 2013, 12:11:13 PM |
|
so, did someone review the source code yet? this looks really promising
|
|
|
|
flatfly (OP)
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
October 11, 2013, 12:18:27 PM Last edit: October 11, 2013, 04:47:28 PM by flatfly |
|
so, did someone review the source code yet? this looks really promising Thanks. Some people looked at it on Reddit, but I would certainly encourage more users and experts to review/test/hack the hell out of it! The great thing is that the source code is really short, and uses only standard Python libraries, making it extremely easy to review and trust.
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3668
Merit: 1579
|
|
October 11, 2013, 12:43:12 PM |
|
The word list could use some improvement. It has letters and symbols in it too.
The word list based on the standard diceware word list. Take a look at their FAQ: http://world.std.com/~reinhold/dicewarefaq.html#meaninglessKeep in mind the major benefit of a diceware-like approach is to generate passphrases with guaranteed, constant, and easy-to-calculate bit strength. We have tweaked the word list a little bit, removing some of the most offensive or least common words. Ok you are right. Good work. I'll try this script out in a VM when I get the chance.
|
|
|
|
viriat0
|
|
October 11, 2013, 03:58:39 PM |
|
good work
|
|
|
|
favdesu
Legendary
Offline
Activity: 1764
Merit: 1000
|
|
October 11, 2013, 04:50:14 PM |
|
run it in a sandbox and it works.
but I'm missing some sort of manual - like how to create it (some people have no idea how to use the shell) and how to use a brain wallet in general
|
|
|
|
Patel
Legendary
Offline
Activity: 1321
Merit: 1007
|
|
October 13, 2013, 04:51:52 PM |
|
Is nb_create the only command? Can you create your own passphrases and it generates the private and public key?
Anyways, excellent tool I like it
|
|
|
|
flatfly (OP)
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
October 13, 2013, 06:36:25 PM Last edit: October 13, 2013, 09:40:04 PM by flatfly |
|
Is nb_create the only command? Can you create your own passphrases and it generates the private and public key?
Anyways, excellent tool I like it
Thanks! At this stage, there is only one command. I like little apps that do only one thing but do it properly. The reason why it doesn't let you select your own passphrase but generates it using a secure RNG is that humans are generally quite bad at choosing high-entropy AND easy to memorize passphrases. This is why people have been repeatedly burned while playing with brainwallets. This tool helps you stay on the safe side. That said, if you are a developer, it is very easy to modify the source code of NoBrainr to make it generate brainwallets based on passphrases of your choosing. However we generally don't want to encourage that, especially as most new users don't have a proper understanding of password entropy.
|
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
October 13, 2013, 07:22:32 PM |
|
I thought this would be a FAQ but my searches turn out empty. $ python NoBrainr.py Traceback (most recent call last): File "NoBrainr.py", line 2, in <module> import ecdsa, binascii, hashlib ImportError: No module named ecdsa I tried to stick a couple of lines to the beginning of the script to reuse electrum's version of ecdsa: import sys sys.path.append ('/home/electrum/Electrum-1.7.4/ecdsa') To no avail: $ python NoBrainr.py Traceback (most recent call last): File "NoBrainr.py", line 9, in <module> secp256k1=ecdsa.curves.Curve('secp256k1',secp256k1curve,secp256k1point,(1,3,132,0,10)) AttributeError: 'module' object has no attribute 'curves' I see a couple of python-ecdsa modules in github. Is one of them the correct one? Isn't there a central repository of python modules a la Perl's CPAN?
|
|
|
|
flatfly (OP)
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
October 13, 2013, 09:12:40 PM |
|
Could you try 'sudo pip install ecdsa'?
I will try to add a little FAQ on the website as time permits.
|
|
|
|
dserrano5
Legendary
Offline
Activity: 1974
Merit: 1029
|
|
October 14, 2013, 10:50:51 AM |
|
Could you try 'sudo pip install ecdsa'?
Thank you, that did it.
|
|
|
|
flatfly (OP)
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
October 15, 2013, 07:59:53 PM Last edit: October 27, 2013, 08:50:29 AM by flatfly |
|
A new release (1.043) is now available. The code is even shorter (999 bytes!), and dozens of entries in the wordlist have been updated with more intuitive words.
Reminder: Linux and Mac versions require the latest release of the ecdsa library: sudo pip install ecdsa
|
|
|
|
flatfly (OP)
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
October 16, 2013, 09:39:38 PM Last edit: October 27, 2013, 08:52:27 AM by flatfly |
|
PGP signatures for the current version:
Windows executable (v1.043):
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32)
iD8DBQBSXwYq0dQqIfkZdf4RAiUUAJ475BKvisVtIVubg2DIYkrdexE+7ACgoL4Q S/jRzIjS2CB+9SFYH4nqnDA= =t1Jq -----END PGP SIGNATURE-----
NOBRAINER.PY signature (v1.043):
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32)
iD8DBQBSXwb00dQqIfkZdf4RAt/8AJsE5Jdnpr152n4puikNOAjTUhBdNwCfcZAW uglVEY6LH99BGoSPrTk0Dlw= =JUcE -----END PGP SIGNATURE-----
|
|
|
|
Luke-Jr
Legendary
Offline
Activity: 2576
Merit: 1186
|
|
October 18, 2013, 09:54:47 PM |
|
- makes 90-bit strong and easy-to-remember passphrases (this can be modified if needed) Contradiction? How is 90-bit strong when the norm is 256-bit? And usually "easy-to-remember" and "strong" are inherently opposites...
|
|
|
|
flatfly (OP)
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
October 18, 2013, 10:29:16 PM Last edit: October 26, 2013, 11:12:10 AM by flatfly |
|
- makes 90-bit strong and easy-to-remember passphrases (this can be modified if needed) Contradiction? How is 90-bit strong when the norm is 256-bit? And usually "easy-to-remember" and "strong" are inherently opposites... Well, what's the point of using 256-bit passwords? Of course there is always a trade-off between "easy-to-remember" and "strong". A 90-bit passphrase, *IF* randomly generated (as this script is doing), has NEVER been cracked and it will most likely not be in our lifetimes. Sure, 256-bit is nicer, but completely overkill in the context of password strength, and who would be able to remember it on the long run? I would be happy to be proven wrong on this choice, and remain open to discussion. Of course the paranoid can always tweak the script to generate even stronger passphrases. But I think 99.99% of brainwallet users would be extremely safe with a standard 7-word NoBrainr passphrase. EDIT: A relevant quote from the Diceware FAQ that I like is: "Of course, if you are worried about an organization that can break a seven-word passphrase, there are a number of other issues you should be concerned with -- such as how well you pay the team of armed guards that are protecting your computer 24 hours a day."
|
|
|
|
flatfly (OP)
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
October 22, 2013, 08:21:06 PM |
|
Could someone with a Raspberry Pi try it out and let me know if it works fine? That would be great.
|
|
|
|
|