BIPS38 Encrypted Paper Wallet From Bitaddress.org

[Siegfried]

If I make a BIPS38 encrypted paper wallet from bitaddress.org on a clean, offline computer with a secure password, is there any realistic possibility of theft? Would it also be safe to upload a .jpg of the wallet to the cloud?

[bitpop]

It's still as weak as your password

[Siegfried]

It's still as weak as your password

I know, but is it as strong as my password? If my password is unable to be cracked by brute force, is there any other way I could lose my bitcoins (besides torture or me forgetting my password)?

[Siegfried]

It's still as weak as your password

I am considering using a password like this:


1. memorable phrase

[i'll suck cock for bitcoin]

2. SHA-256 hash of memorable phrase

[904cc478b74282c130faaac1c205f19fa618e353a3e98c2a12b96192307b8825]

3. First 6 characters of hash output, dot, significant date

[904cc4.20140115]

4. SHA-256 hash again

[70ce70b2a9e41f3b16f817ed5d604a388db995ae5d85da77e54ccd0f012e827c]

5. That hash output, dot, significant person

[70ce70b2a9e41f3b16f817ed5d604a388db995ae5d85da77e54ccd0f012e827c.andreasantonop]

6. Hash again for final password

[f3e03c29384847dbbb88ec6d3b9420edee46159c2c4452b84f032057884f0e17]


Could it possibly be brute forced?

[bitpop]

Unless encryption is compromised no

[Siegfried]

Unless encryption is compromised no

How strong is BIPS38 encryption compared to SHA-256? Are they related or totally different?

[bitpop]

Unless encryption is compromised no

How strong is BIPS38 encryption compared to SHA-256? Are they related or totally different?

Sha is a hash, not encryption

Not sure what cipher but I do know it adds like another 1000 hashes

[Siegfried]

Unless encryption is compromised no

How strong is BIPS38 encryption compared to SHA-256? Are they related or totally different?

Sha is a hash, not encryption

Not sure what cipher but I do know it adds like another 1000 hashes

OK thanks for your help.

[MNDan]

I'm more concerned about not being able to decode my BIPS38 private key due to the encryption plugin not working anymore on whatever browser/OS. I know about LiveCD and offloading BitAddress and whatnot, but what if you go to decrypt your paper wallet key and you can't get the java script working to decrypt it or you can't install your old version of LiveCD to a newer machine? Paranoia... hehe. Seriously, though.

[Siegfried]

I'm more concerned about not being able to decode my BIPS38 private key due to the encryption plugin not working anymore on whatever browser/OS. I know about LiveCD and offloading BitAddress and whatnot, but what if you go to decrypt your paper wallet key and you can't get the java script working to decrypt it or you can't install your old version of LiveCD to a newer machine? Paranoia... hehe. Seriously, though.

I have experimented with decrypting BIPS38 private keys on blockchain.info and Mycelium android wallet with complete success. I cannot imagine why that would ever stop working. Also, couldn't you just save a copy of the encryption/decryption software to use at the time in the future that you need it?

[cp1]

I am considering using a password like this:


1. memorable phrase
2. SHA-256 hash of memorable phrase
3. First 6 characters of hash output, dot, significant date
4. SHA-256 hash again
5. That hash output, dot, significant person
6. Hash again for final password

Could it possibly be brute forced?

Probably not, but you're not going to remember that in 5 years so it doesn't matter.

[canton]

I cannot imagine why that would ever stop working.

Unfortunately, it is a valid concern. Not hugely widespread, but still concerning. See:

https://bitcointalk.org/index.php?topic=416324.0

[Siegfried]

I am considering using a password like this:


1. memorable phrase
2. SHA-256 hash of memorable phrase
3. First 6 characters of hash output, dot, significant date
4. SHA-256 hash again
5. That hash output, dot, significant person
6. Hash again for final password

Could it possibly be brute forced?

Probably not, but you're not going to remember that in 5 years so it doesn't matter.

Yes, I would.