|
|
avadhuta (OP)
Newbie
 Offline
Activity: 19
Merit: 11
|
 |
March 01, 2021, 12:04:38 PM |
|
You might want to add README.md on your GitHub repository
Yes, you are right. Thank. .zip Source Code  Do you think BtcIO is open source? Sources: https://github.com/avadhuta/BtcIO |
|
|
|
|
|
|
NotATether
Legendary
Offline
Activity: 1778
Merit: 7372
Top Crypto Casino
|
|
March 02, 2021, 09:21:13 AM |
|
It is more secure, in that method, to use the System.Security.Cryptography.RNGCryptoServiceProvider class than Random and then use it's GetBytes method to get a byte value which OP then takes the modulus of words.Length. For example: using System.Security.Cryptography;
# ...
public static String RandomSeed() {
RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();
byte[] randomNumber = new byte[1];
string res = "";
for (int i = 0; i < 12; i++) {
rngCsp.GetBytes(randomNumber);
int r = (int) randomNumber[0] % words.Length;
res += words[r].ToLower() + (i < 11 ? " " : "");
}
rngCsp.Dispose();
return res;
}
# ...
Note: I did not test this code for syntax errors. |
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11020
Crypto Swap Exchange
|
RNGCryptoServiceProvider
It is safer but not safe, you should never use the bare RNG provided by the framework because if a vulnerability is found in it or if there is a backdoor everything built on top of it will become vulnerable. It should always be mixed with another source of entropy. Your code is broken by the way, all the words in the string will be the same and only from 0 to 255 index is covered. |
|
|
|
avadhuta (OP)
Newbie
Offline
Activity: 19
Merit: 11
|
|
March 04, 2021, 03:06:33 PM |
|
You are absolutely right, my logic for generating the passphrase is made elementary, although it is dangerous to use any software RNG for this, especially in open source. An intelligent user can create seed himself or add any of words and symbols as entropy. As an option, I will add the ability to use any arbitrary file as a seed, and multiple hash (>100000) to slow down brute-force, this will be really reliable, I believe.  It is more secure, in that method, to use the System.Security.Cryptography.RNGCryptoServiceProvider class than Random and then use it's GetBytes method to get a byte value which OP then takes the modulus of words.Length. For example: using System.Security.Cryptography;
# ...
public static String RandomSeed() {
RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider();
byte[] randomNumber = new byte[1];
string res = "";
for (int i = 0; i < 12; i++) {
rngCsp.GetBytes(randomNumber);
int r = (int) randomNumber[0] % words.Length;
res += words[r].ToLower() + (i < 11 ? " " : "");
}
rngCsp.Dispose();
return res;
}
# ...
Note: I did not test this code for syntax errors. Thanks for the code, but I don't think that a more complex RNG will change anything in this case, especially in open source, manual entropy is needed. |
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11020
Crypto Swap Exchange
|
|
March 05, 2021, 04:14:22 AM |
|
An intelligent user can create seed himself or add any of words and symbols as entropy.
You can and should not ever rely on the user to be the source of entropy, they will never create strong ones ever. As an option, I will add the ability to use any arbitrary file as a seed, and multiple hash (>100000) to slow down brute-force, this will be really reliable, I believe. This makes your program to be a brainwallet which are very unsafe and 100k hashes does not make brute forcing slow. |
|
|
|
NotATether
Legendary
Offline
Activity: 1778
Merit: 7372
Top Crypto Casino
|
|
March 05, 2021, 06:26:33 AM |
|
...and multiple hash (>100000) to slow down brute-force, this will be really reliable, I believe. I don't think that will be effective in the long run. An Nvidia V100 can theoretically do 10x as many hashes as a K520 and they were released just 3 years apart. So I imagine if not the current Ampere cards or next year's cards, one of these years someone's going to be able to pass 100K hashes/s at the same speed people pass 2000 hashes/s (number of PBKDF2 rounds of seed phrase) today. |
|
|
|
avadhuta (OP)
Newbie
Offline
Activity: 19
Merit: 11
|
|
March 06, 2021, 11:59:06 AM
Last edit: March 06, 2021, 05:09:26 PM by avadhuta |
|
An intelligent user can create seed himself or add any of words and symbols as entropy.
You can and should not ever rely on the user to be the source of entropy, they will never create strong ones ever. As an option, I will add the ability to use any arbitrary file as a seed, and multiple hash (>100000) to slow down brute-force, this will be really reliable, I believe. This makes your program to be a brainwallet which are very unsafe and 100k hashes does not make brute forcing slow. ...and multiple hash (>100000) to slow down brute-force, this will be really reliable, I believe. I don't think that will be effective in the long run. An Nvidia V100 can theoretically do 10x as many hashes as a K520 and they were released just 3 years apart. So I imagine if not the current Ampere cards or next year's cards, one of these years someone's going to be able to pass 100K hashes/s at the same speed people pass 2000 hashes/s (number of PBKDF2 rounds of seed phrase) today. I read more about RNGCryptoServiceProvider, it inspires trust, for now I limit myself to it and a 100k hashes. public static string[] words = ReadResource("words.txt").Split('\n');
public static string RandomSeed()
{
string res = "";
for (int i = 0; i < 12; i++) res += words[Rnd2()].ToLower() + (i < 11 ? " " : "");
return res;
}
static RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
public static uint Rnd2()
{
var data = new byte[sizeof(uint)];
rng.GetBytes(data);
return (uint) (BitConverter.ToUInt32(data, 0) % (words.Length - 1));
}
public static byte[] Sha256(string seed, int itter = 1)
{
byte[] b = Encoding.UTF8.GetBytes(seed);
for (int i = 0; i < itter; i++) b = SHA256.Create().ComputeHash(b);
b = SHA256.Create().ComputeHash(b);
return b;
}
public static (string address, string wif) newWifAddr(string seed, string net = "test3", int addrtype = 2)
{
var b = Tech.Sha256(seed, 1000000);
var network = net == "test3" ? Network.TestNet : Network.Main;
var privateKey = new Key(b);
return (privateKey.PubKey.GetAddress((ScriptPubKeyType) addrtype, network).ToString(), privateKey.GetWif(network).ToString());
}
|
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11020
Crypto Swap Exchange
|
|
March 07, 2021, 04:05:21 AM |
|
I read more about RNGCryptoServiceProvider, it inspires trust, for now I limit myself to it and a 100k hashes.
If the result provided by RNGCryptoServiceProvider were weak or flawed then hash of that result is no different than the original entropy and it too would be weak. In other words by hashing it n times you aren't really making a meaningful difference. The correct way is to mix it with another source of entropy. For example some use Guid.NewGuid() and mix (eg. using a KDF) the returned 128 bit with the 256 bit entropy, you could use a user input, etc. |
|
|
|
Kirsting
Newbie
Offline
Activity: 4
Merit: 0
|
|
March 12, 2021, 12:51:28 PM |
|
It is better to hide private keys, they cannot be entered from the keyboard  or by copying, it is not safe. The seed phrase generates an encrypted wallet with a password. User entropy is also needed, one RNG is not reliable. |
|
|
|
|
avadhuta (OP)
Newbie
Offline
Activity: 19
Merit: 11
|
|
March 15, 2021, 11:42:39 AM |
|
If the result provided by RNGCryptoServiceProvider were weak or flawed then hash of that result is no different than the original entropy and it too would be weak.
In other words by hashing it n times you aren't really making a meaningful difference. The correct way is to mix it with another source of entropy. For example some use Guid.NewGuid() and mix (eg. using a KDF) the returned 128 bit with the 256 bit entropy, you could use a user input, etc.
100k hashes will slow down brute-force by 100k times, even if the entropy was weak. But you may be right, I will remove the multi hash and add custom entropy. Thank. It is better to hide private keys, they cannot be entered from the keyboard or by copying, it is not safe. The seed phrase generates an encrypted wallet with a password. User entropy is also needed, one RNG is not reliable. Yes, I'll think about it. |
|
|
|
|
|
|
|
