Bitcoin Forum
November 14, 2024, 12:17:11 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How to Generate and Use a STRONG Bitcoin Password / Pasphrase  (Read 1315 times)
BADecker (OP)
Legendary
*
Offline Offline

Activity: 3976
Merit: 1382


View Profile
January 27, 2014, 04:49:52 PM
 #1

The basics about how to generate a strong password/passphrase using a random character generator.

You start with a program that can generate random characters. The scripting for a simple html page that uses javascript to generate a list of 10,000 random characters is listed below.

You generate a list of at least 10,000 random characters. Inside this list of random characters, you select a group of consecutive characters as your password. Here is a potential password taken from a real randomly generated character list:

ySpx2DtPFqAUY5Bxkn7VNdESw5Q4skZPZ9UlGjgJ19CQpfIerebOKxCMe3H4pF

The password can be any length. Usually, the longer the password, the better safety you have.

Now, how do you remember the password? You do it by making a password key. A simple password key for the above password might be "ySpx262". The first 5 characters of this password key are the first 5 characters of the password. The "62" at the end of the key indicates that there are 62 characters in the password. There are many other ways for making password keys. Use your imagination.

You have saved the list of 10,000 random characters in a text file. You have made many copies of this file, and even printed out paper copies. You are making sure that you always have backups of your password available.

To get your password from the list using your password key, you search the computer or paper file for the first 5 characters of your key: "ySpx2". Then you simply count out a total of 62 characters to find your password. Copy and paste the password (or type it if it is on a paper list), and you have it.

The odds are great that nobody will be able to guess your password out of the 10,000 characters, if they happen to find your random character file. And it is even more difficult because they don't know how many characters long it might be. Yet, you can always find your password easily from the simple key... a key that you can easily memorize, or one that you can hide on a slip of paper behind the closet door, etc. Even if someone found the key, they wouldn't know how or where to use it - what its purpose was.

There are simpler ways to make the random character than the generator script below, using arrays, for example. This script may not work with some older browsers because javascript has evolved over the years.

-------------------- THE HTML CODE

<html>
<head>

<script type="text/javascript" language="JavaScript">
<!--

var i = 0;
var characters = '';
var newchar = 0;

function calc3(){
  characters = "";
  document.validate.activegenerate.value = characters;
  calc1();
}

function calc1(){
  for (i=0; i<10000; i==i){
    newchar = Math.floor((Math.random()*70)+1);
    if (newchar == 1){ characters += "a"; i++; }
    if (newchar == 2){ characters += "b"; i++; }
    if (newchar == 3){ characters += "c"; i++; }
    if (newchar == 4){ characters += "d"; i++; }
    if (newchar == 5){ characters += "e"; i++; }
    if (newchar == 6){ characters += "f"; i++; }
    if (newchar == 7){ characters += "g"; i++; }
    if (newchar ==8){ characters += "h"; i++; }
    if (newchar == 9){ characters += "i"; i++; }
    if (newchar == 10){ characters += "j"; i++; }
    if (newchar == 11){ characters += "k"; i++; }
    if (newchar == 12){ characters += "l"; i++; }
    if (newchar == 13){ characters += "m"; i++; }
    if (newchar == 14){ characters += "n"; i++; }
    if (newchar == 15){ characters += "o"; i++; }
    if (newchar == 16){ characters += "p"; i++; }
    if (newchar == 17){ characters += "q"; i++; }
    if (newchar == 18){ characters += "r"; i++; }
    if (newchar == 19){ characters += "s"; i++; }
    if (newchar == 20){ characters += "y"; i++; }
    if (newchar == 21){ characters += "u"; i++; }
    if (newchar == 22){ characters += "v"; i++; }
    if (newchar == 23){ characters += "w"; i++; }
    if (newchar == 24){ characters += "z"; i++; }
    if (newchar == 25){ characters += "y"; i++; }
    if (newchar == 26){ characters += "z"; i++; }
    if (newchar == 27){ characters += "A"; i++; }
    if (newchar == 28){ characters += "B"; i++; }
    if (newchar == 29){ characters += "C"; i++; }
    if (newchar == 30){ characters += "D"; i++; }
    if (newchar == 31){ characters += "E"; i++; }
    if (newchar == 32){ characters += "F"; i++; }
    if (newchar == 33){ characters += "G"; i++; }
    if (newchar == 34){ characters += "H"; i++; }
    if (newchar == 35){ characters += "I"; i++; }
    if (newchar == 36){ characters += "J"; i++; }
    if (newchar == 37){ characters += "K"; i++; }
    if (newchar == 38){ characters += "L"; i++; }
    if (newchar == 39){ characters += "M"; i++; }
    if (newchar == 40){ characters += "N"; i++; }
    if (newchar == 41){ characters += "O"; i++; }
    if (newchar == 42){ characters += "P"; i++; }
    if (newchar == 43){ characters += "Q"; i++; }
    if (newchar == 44){ characters += "R"; i++; }
    if (newchar == 45){ characters += "S"; i++; }
    if (newchar == 46){ characters += "Y"; i++; }
    if (newchar == 47){ characters += "U"; i++; }
    if (newchar == 48){ characters += "V"; i++; }
    if (newchar == 49){ characters += "W"; i++; }
    if (newchar == 50){ characters += "X"; i++; }
    if (newchar == 51){ characters += "Y"; i++; }
    if (newchar == 52){ characters += "Z"; i++; }
    if (newchar == 53){ characters += "0"; i++; }
    if (newchar == 54){ characters += "1"; i++; }
    if (newchar == 55){ characters += "2"; i++; }
    if (newchar == 56){ characters += "3"; i++; }
    if (newchar == 57){ characters += "4"; i++; }
    if (newchar == 58){ characters += "5"; i++; }
    if (newchar == 59){ characters += "6"; i++; }
    if (newchar == 60){ characters += "7"; i++; }
    if (newchar == 61){ characters += "8"; i++; }
    if (newchar == 62){ characters += "9"; i++; }
  }
  document.validate.activegenerate.value = characters;
}

-->
</script>
</head>
<body >
&nbsp;
<table ALIGN=CENTER BORDER CELLSPACING=0 CELLPADDING=10 WIDTH="80%" >
<tr>
<td>
<form name="validate">
<input onClick="return calc3()" type="button" name="" value="Click to create the character content in the box.">
<center><textarea name="activegenerate" id="activegenerate" cols=80 rows=15 wrap="hard" ></textarea></center>
</form>
</td>
</tr>
</table>
</body>
</html>


Covid is snake venom. Dr. Bryan Ardis https://thedrardisshow.com/ - Search on 'Bryan Ardis' at these links https://www.bitchute.com/, https://www.brighteon.com/, https://rumble.com/, https://banned.video/.
xDan
Hero Member
*****
Offline Offline

Activity: 688
Merit: 500

ヽ( ㅇㅅㅇ)ノ ~!!


View Profile
January 27, 2014, 05:21:53 PM
 #2

but you probably shouldn't use that for a brainwallet or a private key.

HODLing for the longest time. Skippin fast right around the moon. On a rocketship straight to mars.
Up, up and away with my beautiful, my beautiful Bitcoin~
jongameson
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
January 27, 2014, 06:17:36 PM
 #3

encrypt something everybody knows like, take pi-billion.txt (pi to a billion places)
then to a sha256sum on it

bingo, there's your brainwallet key!!   Wink
hilariousandco
Global Moderator
Legendary
*
Online Online

Activity: 3990
Merit: 2717


Join the world-leading crypto sportsbook NOW!


View Profile
January 27, 2014, 06:22:32 PM
 #4

The length/strength of your password wont mean shit if you've got a keylogger.

  ▄▄███████▄███████▄▄▄
 █████████████
▀▀▀▀▀▀████▄▄
███████████████
       ▀▀███▄
███████████████
          ▀███
 █████████████
             ███
███████████▀▀               ███
███                         ███
███                         ███
 ███                       ███
  ███▄                   ▄███
   ▀███▄▄             ▄▄███▀
     ▀▀████▄▄▄▄▄▄▄▄▄████▀▀
         ▀▀▀███████▀▀▀
░░░████▄▄▄▄
░▄▄░
▄▄███████▄▀█████▄▄
██▄████▌▐█▌█████▄██
████▀▄▄▄▌███░▄▄▄▀████
██████▄▄▄█▄▄▄██████
█░███████░▐█▌░███████░█
▀▀██▀░██░▐█▌░██░▀██▀▀
▄▄▄░█▀░█░██░▐█▌░██░█░▀█░▄▄▄
██▀░░░░▀██░▐█▌░██▀░░░░▀██
▀██
█████▄███▀▀██▀▀███▄███████▀
▀███████████████████████▀
▀▀▀▀███████████▀▀▀▀
█████████████LEADING CRYPTO SPORTSBOOK & CASINO█████████████
MULTI
CURRENCY
1500+
CASINO GAMES
CRYPTO EXCLUSIVE
CLUBHOUSE
FAST & SECURE
PAYMENTS
.
..PLAY NOW!..
Bostonbitcoin
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
January 27, 2014, 06:27:56 PM
 #5

The length/strength of your password wont mean shit if you've got a keylogger.


That's excellent, I've had 1000 coins on Mt Gox for a while with password 12345 which someone told me was bad, I've now changed the password to ySpx262.  I understand perfectly, thank you.




Smiley



Seriously, good post, thanks
BADecker (OP)
Legendary
*
Offline Offline

Activity: 3976
Merit: 1382


View Profile
January 27, 2014, 06:28:29 PM
 #6

The length/strength of your password wont mean shit if you've got a keylogger.

Thank Goodness that you can do all your Bitcoining offline. If you don't have enough sense to protect your computer from hacking... well, it's your own fault.

Smiley


Covid is snake venom. Dr. Bryan Ardis https://thedrardisshow.com/ - Search on 'Bryan Ardis' at these links https://www.bitchute.com/, https://www.brighteon.com/, https://rumble.com/, https://banned.video/.
BADecker (OP)
Legendary
*
Offline Offline

Activity: 3976
Merit: 1382


View Profile
January 27, 2014, 06:29:59 PM
 #7

The length/strength of your password wont mean shit if you've got a keylogger.


That's excellent, I've had 1000 coins on Mt Gox for a while with password 12345 which someone told me was bad, I've now changed the password to ySpx262.  I understand perfectly, thank you.




Smiley



Seriously, good post, thanks

Ha, ha, ha, chuckle, chuckle, snicker, snicker!

Smiley


Covid is snake venom. Dr. Bryan Ardis https://thedrardisshow.com/ - Search on 'Bryan Ardis' at these links https://www.bitchute.com/, https://www.brighteon.com/, https://rumble.com/, https://banned.video/.
Phrenico
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
January 27, 2014, 06:44:42 PM
 #8


The odds are great that nobody will be able to guess your password out of the 10,000 characters, if they happen to find your random character file. And it is even more difficult because they don't know how many characters long it might be.


However, if they do find the file, it will take about 10,000^2 attempts to brute force the password. That's less than 27 bits of entropy. I would print out the text for added security.
BADecker (OP)
Legendary
*
Offline Offline

Activity: 3976
Merit: 1382


View Profile
January 27, 2014, 06:52:43 PM
 #9


The odds are great that nobody will be able to guess your password out of the 10,000 characters, if they happen to find your random character file. And it is even more difficult because they don't know how many characters long it might be.


However, if they do find the file, it will take about 10,000^2 attempts to brute force the password. That's less than 27 bits of entropy. I would print out the text for added security.

I really wanted to use Auntie's middle name...


Smiley


Covid is snake venom. Dr. Bryan Ardis https://thedrardisshow.com/ - Search on 'Bryan Ardis' at these links https://www.bitchute.com/, https://www.brighteon.com/, https://rumble.com/, https://banned.video/.
porcupine87
Hero Member
*****
Offline Offline

Activity: 546
Merit: 500


hm


View Profile
March 13, 2014, 01:31:16 AM
 #10

encrypt something everybody knows like, take pi-billion.txt (pi to a billion places)
then to a sha256sum on it

bingo, there's your brainwallet key!!   Wink

interesting idea. Just remeber a number like 20031980 (which seem to be your birthday) and take the first 20031980 numbers to make a sha256. But if the attacker knows your strategy, you are fucked Smiley

"Morality, it could be argued, represents the way that people would like the world to work - whereas economics represents how it actually does work." Freakonomics
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1736
Merit: 1014

Let's talk governance, lipstick, and pigs.


View Profile
March 13, 2014, 02:11:03 PM
 #11

Everyone talks about dictionary attacks, so fool them with a thesaurus.  Grin

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
bitcoiner49er
Sr. Member
****
Offline Offline

Activity: 457
Merit: 250



View Profile
March 13, 2014, 02:31:25 PM
 #12

During a recent password audit, it was found that a blonde was using the following password:

"Mickey Minnie Pluto Huey Louie Dewey Donald Goofy Sacramento"

When asked why she had such a long  password, she said she was told that it had to be at least 8 characters long and include at least one capital.

 Cheesy

Homo doctus is se semper divitias habet
jbrnt
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500



View Profile
March 13, 2014, 03:15:31 PM
 #13

During a recent password audit, it was found that a blonde was using the following password:

"Mickey Minnie Pluto Huey Louie Dewey Donald Goofy Sacramento"

When asked why she had such a long  password, she said she was told that it had to be at least 8 characters long and include at least one capital.

 Cheesy

I like this one, put a smile on my face  Cheesy
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!