Bitcoin Forum
October 22, 2017, 04:08:25 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: (!) Armory Brain Wallet  (Read 4676 times)
timz
Member
**
Offline Offline

Activity: 113


View Profile
October 04, 2014, 12:27:39 PM
 #1

Hi all!
I like armory a lot. You can make a paper backup and restore whole your wallet in case of hdd failure or pc lost.
It is a great feature, but I really do not trust to paper. The paper could be stolen, lost, confiscated, burned, etc. I want to be sure I can restore my wallet at any time, even if all my papers are lost. I mean brainwallet. The one phrase restoring all my bitcoin addresses.

So I created an open source



Just enter a passphrase and you'll get a Root Key to restore (or create new one) wallet.
It is a client-side javascript application, no data leaves your computer. I use hash256(passphrase) as a base to generate Root Key. The Root Key generation procedure (makeSixteenBytesEasy()) was rewritten to javascript using original Armory code.

You still can make fragmented backup, print root key if you like and use all armory's features. But additionally you can restore your wallet using your passphrase! And we use your password's entropy to create wallet, I think it is not so bad too. Just use long several-words phrases.

Download for local use.

Mirrors:
https://armorybrainwallet.com (10 years domain, hosting paid for 3 years)
http://armorybrainwallet.org/ (10 years domain, freehosting)

Regards,
Tim.

1508688505
Hero Member
*
Offline Offline

Posts: 1508688505

View Profile Personal Message (Offline)

Ignore
1508688505
Reply with quote  #2

1508688505
Report to moderator
1508688505
Hero Member
*
Offline Offline

Posts: 1508688505

View Profile Personal Message (Offline)

Ignore
1508688505
Reply with quote  #2

1508688505
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508688505
Hero Member
*
Offline Offline

Posts: 1508688505

View Profile Personal Message (Offline)

Ignore
1508688505
Reply with quote  #2

1508688505
Report to moderator
1508688505
Hero Member
*
Offline Offline

Posts: 1508688505

View Profile Personal Message (Offline)

Ignore
1508688505
Reply with quote  #2

1508688505
Report to moderator
timz
Member
**
Offline Offline

Activity: 113


View Profile
October 04, 2014, 12:34:23 PM
 #2

Just want to copy here the source code.

brainwallet.js
Code:
/*
      Open source under the BSD License.
      Author: Tim Zakirov, 2014
     */

       function sha256(bits) {
return CryptoJS.SHA256(bits);
}

function hash256(bits) {
return CryptoJS.SHA256(CryptoJS.SHA256(bits));
}

function computeChecksum(binaryStr, nBytes, hashFunc) {
nBytes = typeof nBytes !== 'undefined' ? nBytes : 4;
hashFunc = typeof hashFunc !== 'undefined' ? hashFunc : hash256;
return hashFunc(binaryStr).toString(CryptoJS.enc.Latin1).slice(0, nBytes);
}

function binary_to_hex(b) {
return CryptoJS.enc.Latin1.parse(b).toString();
}

NORMALCHARS = '0123 4567 89ab cdef'.replace(/ /g, '');
EASY16CHARS = 'asdf ghjk wert uion'.replace(/ /g, '');
hex_to_base16_map = {};
base16_to_hex_map = {};
len = NORMALCHARS.length;
for (i = 0; i < len; ++i) {
n = NORMALCHARS[i];
b = EASY16CHARS[i];
hex_to_base16_map[n] = b;
base16_to_hex_map[b] = n;
}

function binary_to_easyType16(binstr) {
return Array.prototype.map.call(binary_to_hex(binstr), function (c) { return hex_to_base16_map[c]; }).join('');
}

function makeSixteenBytesEasy(b16) {
if (b16.length !== 16) {
throw 'Must supply 16-byte input';
}
chk2 = computeChecksum(CryptoJS.enc.Latin1.parse(b16), 2);
et18 = binary_to_easyType16(b16 + chk2);
nineQuads = [];
for (i = 0; i < 9; ++i) {
nineQuads[i] = et18.slice(i * 4, (i+1) * 4);
}
return nineQuads.join(' ');
}

function calc(password) {
var entropy=hash256(password);
var line1=makeSixteenBytesEasy(entropy.toString(CryptoJS.enc.Latin1).slice(0, 16));
var line2=makeSixteenBytesEasy(entropy.toString(CryptoJS.enc.Latin1).slice(16));
document.getElementById('line1').innerHTML=line1;
document.getElementById('line2').innerHTML=line2;

}

index.html
Code:
<!DOCTYPE html>
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta charset="utf-8" />
    <title>Armory Brainwallet - JavaScript Client-Side Armory Wallet Generator</title>
    <meta content="Client-side passphrase-based ARMORY deterministic wallets generator" name="description" />
    <meta content="width=device-width, initial-scale=1.0" name="viewport" />
    <link href="cs.css" rel="stylesheet" />
    <link href="favicon.ico" rel="shortcut icon" />
<script src="sha256.js"></script>
<script src="brainwallet.js"></script>
 </head>
  <body>
  <div class='logo'></div>
  <div class='tit'>Passphrase</div> 
  <input id='pass' type="text" autofocus onchange="calc(this.value);" onkeypress="this.onchange();" oncut="this.onchange();" onpaste="this.onchange();" oninput="this.onchange();"></input>
<div class='tit1'>Root Key</div> 
<div class='line' id='line1'>&nbsp;</div>
<div class='line' id='line2'>&nbsp;</div>
<div class='comment'>How to use. Enter your long passprase, open your <a target='_blank' href='https://bitcoinarmory.com/'>Armory wallet</a> application <br>and "restore" the wallet using Root Key (select '2 lines Unencrypted')</div>
  </body>

</html>

cs.css
Code:
html {
  font-family: geneva, sans-serif;
  -webkit-text-size-adjust: 100%;
      -ms-text-size-adjust: 100%;
}
body {
  margin: 0; background-color: #fff; text-align: center;
}
.logo {
height: 350px;
background: url('armory.png') no-repeat center; min-height: 100%;
margin: 50px 0 0 0;
}
.tit {
color: #162959;
font-size: 18px;
margin-bottom: 15px;
}
.tit1 {
color: #bc214c;
font-size: 18px;
margin-top: 60px;
margin-bottom: 15px;
}

input {
color: #1c59b4; width: 55%; border:1px solid #162959;font-size: 16px; padding: 5px; text-align: center;
}
.line {font-family: Courier; font-size: 18px; color: #162959; margin-bottom: 10px;}
.comment {
font-size: 12px;
margin-top: 120px;
color: #1c59b4;
}

sha256.js (from google)
Quote
/*
CryptoJS v3.1.2
code.google.com/p/crypto-js
(c) 2009-2013 by Jeff Mott. All rights reserved.
code.google.com/p/crypto-js/wiki/License
*/
var CryptoJS=CryptoJS||function(h,s){var f={},t=f.lib={},g=function(){},j=t.Base={extend:function(a){g.prototype=this;var c=new g;a&&c.mixIn(a);c.hasOwnProperty("init")||(c.init=function(){c.$super.init.apply(this,arguments)});c.init.prototype=c;c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}},
q=t.WordArray=j.extend({init:function(a,c){a=this.words=a||[];this.sigBytes=c!=s?c:4*a.length},toString:function(a){return(a||u).stringify(this)},concat:function(a){var c=this.words,d=a.words,b=this.sigBytes;a=a.sigBytes;this.clamp();if(b%4)for(var e=0;e<a;e++)c[b+e>>>2]|=(d[e>>>2]>>>24-8*(e%4)&255)<<24-8*((b+e)%4);else if(65535<d.length)for(e=0;e<a;e+=4)c[b+e>>>2]=d[e>>>2];else c.push.apply(c,d);this.sigBytes+=a;return this},clamp:function(){var a=this.words,c=this.sigBytes;a[c>>>2]&=4294967295<<
32-8*(c%4);a.length=h.ceil(c/4)},clone:function(){var a=j.clone.call(this);a.words=this.words.slice(0);return a},random:function(a){for(var c=[],d=0;d<a;d+=4)c.push(4294967296*h.random()|0);return new q.init(c,a)}}),v=f.enc={},u=v.Hex={stringify:function(a){var c=a.words;a=a.sigBytes;for(var d=[],b=0;b<a;b++){var e=c[b>>>2]>>>24-8*(b%4)&255;d.push((e>>>4).toString(16));d.push((e&15).toString(16))}return d.join("")},parse:function(a){for(var c=a.length,d=[],b=0;b<c;b+=2)d[b>>>3]|=parseInt(a.substr(b,
2),16)<<24-4*(b%8);return new q.init(d,c/2)}},k=v.Latin1={stringify:function(a){var c=a.words;a=a.sigBytes;for(var d=[],b=0;b<a;b++)d.push(String.fromCharCode(c[b>>>2]>>>24-8*(b%4)&255));return d.join("")},parse:function(a){for(var c=a.length,d=[],b=0;b<c;b++)d[b>>>2]|=(a.charCodeAt(b)&255)<<24-8*(b%4);return new q.init(d,c)}},l=v.Utf8={stringify:function(a){try{return decodeURIComponent(escape(k.stringify(a)))}catch(c){throw Error("Malformed UTF-8 data");}},parse:function(a){return k.parse(unescape(encodeURIComponent(a)))}},
x=t.BufferedBlockAlgorithm=j.extend({reset:function(){this._data=new q.init;this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=l.parse(a));this._data.concat(a);this._nDataBytes+=a.sigBytes},_process:function(a){var c=this._data,d=c.words,b=c.sigBytes,e=this.blockSize,f=b/(4*e),f=a?h.ceil(f):h.max((f|0)-this._minBufferSize,0);a=f*e;b=h.min(4*a,b);if(a){for(var m=0;m<a;m+=e)this._doProcessBlock(d,m);m=d.splice(0,a);c.sigBytes-=b}return new q.init(m,b)},clone:function(){var a=j.clone.call(this);
a._data=this._data.clone();return a},_minBufferSize:0});t.Hasher=x.extend({cfg:j.extend(),init:function(a){this.cfg=this.cfg.extend(a);this.reset()},reset:function(){x.reset.call(this);this._doReset()},update:function(a){this._append(a);this._process();return this},finalize:function(a){a&&this._append(a);return this._doFinalize()},blockSize:16,_createHelper:function(a){return function(c,d){return(new a.init(d)).finalize(c)}},_createHmacHelper:function(a){return function(c,d){return(new w.HMAC.init(a,
d)).finalize(c)}}});var w=f.algo={};return f}(Math);
(function(h){for(var s=CryptoJS,f=s.lib,t=f.WordArray,g=f.Hasher,f=s.algo,j=[],q=[],v=function(a){return 4294967296*(a-(a|0))|0},u=2,k=0;64>k;){var l;a:{l=u;for(var x=h.sqrt(l),w=2;w<=x;w++)if(!(l%w)){l=!1;break a}l=!0}l&&(8>k&&(j[k]=v(h.pow(u,0.5))),q[k]=v(h.pow(u,1/3)),k++);u++}var a=[],f=f.SHA256=g.extend({_doReset:function(){this._hash=new t.init(j.slice(0))},_doProcessBlock:function(c,d){for(var b=this._hash.words,e=b[0],f=b[1],m=b[2],h=b[3],p=b[4],j=b[5],k=b[6],l=b[7],n=0;64>n;n++){if(16>n)a[n]=
c[d+n]|0;else{var r=a[n-15],g=a[n-2];a[n]=((r<<25|r>>>7)^(r<<14|r>>>18)^r>>>3)+a[n-7]+((g<<15|g>>>17)^(g<<13|g>>>19)^g>>>10)+a[n-16]}r=l+((p<<26|p>>>6)^(p<<21|p>>>11)^(p<<7|p>>>25))+(p&j^~p&k)+q[n]+a[n];g=((e<<30|e>>>2)^(e<<19|e>>>13)^(e<<10|e>>>22))+(e&f^e&m^f&m);l=k;k=j;j=p;p=h+r|0;h=m;m=f;f=e;e=r+g|0}b[0]=b[0]+e|0;b[1]=b[1]+f|0;b[2]=b[2]+m|0;b[3]=b[3]+h|0;b[4]=b[4]+p|0;b[5]=b[5]+j|0;b[6]=b[6]+k|0;b[7]=b[7]+l|0},_doFinalize:function(){var a=this._data,d=a.words,b=8*this._nDataBytes,e=8*a.sigBytes;
d[e>>>5]|=128<<24-e%32;d[(e+64>>>9<<4)+14]=h.floor(b/4294967296);d[(e+64>>>9<<4)+15]=b;a.sigBytes=4*d.length;this._process();return this._hash},clone:function(){var a=g.clone.call(this);a._hash=this._hash.clone();return a}});s.SHA256=g._createHelper(f);s.HmacSHA256=g._createHmacHelper(f)})(Math);

dabura667
Sr. Member
****
Offline Offline

Activity: 478


View Profile
October 04, 2014, 05:54:10 PM
 #3

Human generated entropy is ALWAYS a good idea. /s

My Tip Address:
1DXcHTJS2DJ3xDoxw22wCt11FeAsgfzdBU
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
October 04, 2014, 11:01:28 PM
 #4


Armory Technologies strongly advises against the use of brain wallets under any circumstances.

  • For most humans, a wallet with sufficient entropy to be secure would not be memorizable.  Thus, if it is memorizable, you're at significant risk of someone being able to steal your funds with brute-force searching.
  • Human-generated passwords have terrible entropy.  You must use a cryptographically-secure random number generator to create your wallets.  Armory provides this for you, but not if you use a brain wallet.
  • Humans brains are not well-adapted to remembering such information for long periods of time.  You may remember it now.  You might remember it in 6 months.  What about 3 years?  10 years?  If you've ever forgotten a password, do not use a brain-wallet.
  • Even if you think you can get around the three points above, it still means that you take your Bitcoins to your grave with you.  If I was your parent/spouse/kid, I would hope that if something unfortunate happens to you that I'll have a way to get access to your savings.  Brain-wallets have no such mechanism and the coins will be lost forever.

To anyone who wants to better protect their wallets, we strongly encourage you to use a regular Armory wallet with fragmented backups instead.  They provide a flexible combination of physical security, redundancy, will have sufficient entropy, and be recoverabe by family members if needed.  

We can't stop people who are really determined to make brain wallets, just don't say you weren't warned!

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
timz
Member
**
Offline Offline

Activity: 113


View Profile
October 05, 2014, 04:54:05 AM
 #5

    • For most humans, a wallet with sufficient entropy to be secure would not be memorizable.  Thus, if it is memorizable, you're at significant risk of someone being able to steal your funds with brute-force searching.
    That is why you have to use unique several-words phrases, your own ditty etc.

    • Human-generated passwords have terrible entropy.  You must use a cryptographically-secure random number generator to create your wallets.  Armory provides this for you, but not if you use a brain wallet.
    Oh, REALLY??? Could you please prove the terrible entropy of sha256(sha256('any password'))? I think predetermined computer's random is worse.


    • Humans brains are not well-adapted to remembering such information for long periods of time.  You may remember it now.  You might remember it in 6 months.  What about 3 years?  10 years?  If you've ever forgotten a password, do not use a brain-wallet.
    • Even if you think you can get around the three points above, it still means that you take your Bitcoins to your grave with you.  If I was your parent/spouse/kid, I would hope that if something unfortunate happens to you that I'll have a way to get access to your savings.  Brain-wallets have no such mechanism and the coins will be lost forever.
    To anyone who wants to better protect their wallets, we strongly encourage you to use a regular Armory wallet with fragmented backups instead.  They provide a flexible combination of physical security, redundancy, will have sufficient entropy, and be recoverabe by family members if needed.  
    You may print fragmented backups as well if you use brain wallet. The brain wallet just an additional feature helps you if goes something wrong with your pieces of paper.

    We can't stop people who are really determined to make brain wallets, just don't say you weren't warned!
    Thank you for warning. I developed this feature for people who has own brain.

    etotheipi
    Legendary
    *
    Offline Offline

    Activity: 1428


    Core Armory Developer


    View Profile WWW
    October 05, 2014, 05:30:57 AM
     #6

    Could you please prove the terrible entropy of sha256(sha256('any password'))? I think predetermined computer's random is worse.

    The act of hashing a password doesn't increase its entropy.  The number of possible passwords is the total entropy.    You can use sha256100('bob') as your brain wallet, but anyone who looks at your applet will see that it uses sha256100(pwd) and will write a program to start guessing through possible passwords passed through that function.   All users that used "bob" as their password will immediately have their coins stolen, regardless of how many times you hash it.

    A while back there was a user here who write a program to do a brute force search of brainwallets that use sha256(sha256()).  I believe they found in excess of 100 BTC.  Because people pick memorizable passwords and wanted to believe that no one would find it.   And in reality, people don't realize just how fast computers are at guessing and how weak their own entropy is.  For your reddit login, the stakes aren't very high.  For $100,000 bitcoin wallet, I would be horrified if someone used a brain wallet.

    Admittedly, your little javascript applet is very slick.  But Armory Technologies will not be supporting the functionality since it so easily leads to lost coins.  Our job is to not only create secure software, but to promote best security practices.  Having a solid backup solution is one of those best practices.

    Founder and CEO of Armory Technologies, Inc.
    Armory Bitcoin Wallet: Bringing cold storage to the average user!
    Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

    Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
    timz
    Member
    **
    Offline Offline

    Activity: 113


    View Profile
    October 05, 2014, 09:28:57 AM
     #7

    Just don't use 'bob' as a password. Use something like 'Two beer, or bottle of wine? That is the question of my silly brain.'
    Do you have even one reasons why I shouldn't use not-bruteforceable password combined with fragmented backups? All your previous arguments are untenable to this usage.

    goatpig
    Moderator
    Legendary
    *
    Offline Offline

    Activity: 1638

    Armory Developer


    View Profile
    October 05, 2014, 02:08:42 PM
     #8

    Do you have even one reasons why I shouldn't use not-bruteforceable password

    Think of entropy as search space:

    1) By using brain wallets you will most likely reduce your search space per byte from 2^8 to 2^6 (A-Z a-z 0-9 and some punctuation signs). On a 32 bytes/characters passphrase that's significant, and that's assuming people use passphrases that long.

    2) To support such long passphrases people will probably resort to mnemonics. This will crush the search space to brute force your key, opening up the way for dictionary attacks and rainbow tables.

    3) People who would rather not resort to mnemonics will reduce their passphrase length and expose themselves that way instead.

    4) 2 sha iterations for a password derivation function is terribly weak. It's not unusual to see forum passwords hashes at 10k+ iterations. At least use something like scrypt to involve some RAM in the derivation function (like it's done in Armory as an example)

    Overall you are taking these comments as attacks directed at you, when they state a couple simple truths: not everyone understands entropy and it's consequences, and less informed/involved users will usually turn towards the simplest solution.

    Also you fail to see our standpoint. We can't support a tool that will have users do stupid things and lose coins, because we'll end up being liable in some way. We are an open source company. We don't have the resources to support customers who won't follow the proper security guidelines, so we simply won't promote bad practices.

    timz
    Member
    **
    Offline Offline

    Activity: 113


    View Profile
    October 06, 2014, 09:07:03 AM
     #9

    I understand your position. Actually I made this for myself. I'm waiting for 2 years for passphrase determined wallet, but nothing appears. So I'm going to use Armory with my password addition. Of course this solution for people who understand what is password entropy, what password is secure.

    spin
    Sr. Member
    ****
    Offline Offline

    Activity: 360


    View Profile
    October 06, 2014, 10:20:42 AM
     #10

    I understand your position. Actually I made this for myself. I'm waiting for 2 years for passphrase determined wallet, but nothing appears. So I'm going to use Armory with my password addition. Of course this solution for people who understand what is password entropy, what password is secure.

    But from your comments, it's not clear that you do understand. For example this comment:
    Oh, REALLY??? Could you please prove the terrible entropy of sha256(sha256('any password'))? I think predetermined computer's random is worse.



    If you liked this post buy me a beer.  Beers are quite cheap where I live!
    194YjsiwmGm3hcbPcJWWyzRAS9CQLX1fJL
    timz
    Member
    **
    Offline Offline

    Activity: 113


    View Profile
    October 06, 2014, 02:21:51 PM
     #11

    But from your comments, it's not clear that you do understand. For example this comment:
    Oh, REALLY??? Could you please prove the terrible entropy of sha256(sha256('any password'))? I think predetermined computer's random is worse.
    If we are talking about entropy of string, sha256() always has good entropy. Example:
    3333333377777777444444443333333377777777444444443333333333333 - Bad entropy.
    7ba996c43e44eb1976019d31960bf21873d6d24ba469ccc03f626f8a2a856137 - Good entropy.
    You may evaluate the entropy by compressing string. If you can zip the string, the string has bad entropy.

    I guess you mean entropy of password, not sha256 string. It is the also object of dictionary brute forcing besides low entropy of real languages.

    About brute forcing. Why I didn't make more iterations? If Armory does complicated scrypt-like work to restore wallet's private key from the Root Key, I really don't need more. Because brute-forcer have to do this work too. So our password is additionally protected from brute-forcing by Armory's algorithm.

    spin
    Sr. Member
    ****
    Offline Offline

    Activity: 360


    View Profile
    October 06, 2014, 03:00:18 PM
     #12

    entropy of sha256(sha256('3333333377777777444444443333333377777777444444443333333333333'))
    is the same as the entropy of '3333333377777777444444443333333377777777444444443333333333333'


    If you liked this post buy me a beer.  Beers are quite cheap where I live!
    194YjsiwmGm3hcbPcJWWyzRAS9CQLX1fJL
    goatpig
    Moderator
    Legendary
    *
    Offline Offline

    Activity: 1638

    Armory Developer


    View Profile
    October 06, 2014, 03:50:08 PM
     #13

    About brute forcing. Why I didn't make more iterations? If Armory does complicated scrypt-like work to restore wallet's private key from the Root Key, I really don't need more. Because brute-forcer have to do this work too. So our password is additionally protected from brute-forcing by Armory's algorithm.

    We use a precursor to scrypt and a target derivation time on the extend wallet passphrases, that are used to encrypt the entries in your wallet if you choose to encrypt the wallet, on disk.

    Wallet passphrases are completely different from root keys. Root keys come from a CSPRNG. Passphrases are created by users, so they are extended properly for added security.

    timz
    Member
    **
    Offline Offline

    Activity: 113


    View Profile
    October 06, 2014, 03:51:24 PM
     #14

    entropy of sha256(sha256('3333333377777777444444443333333377777777444444443333333333333'))
    is the same as the entropy of '3333333377777777444444443333333377777777444444443333333333333'
    Only in case of password. And in case of low-cost brute forcing. But generally no. I mean if entropy of '3333333377777777444444443333333377777777444444443333333333333' is low, for example equal to 2^3 bytes phrase, it doesn't mean you may find the 8-bytes phrase that
    hash256(8-byte-phrase)=hash256('3333333377777777444444443333333377777777444444443333333333333').

    timz
    Member
    **
    Offline Offline

    Activity: 113


    View Profile
    October 06, 2014, 03:54:40 PM
     #15

    Wallet passphrases are completely different from root keys. Root keys come from a CSPRNG. Passphrases are created by users, so they are extended properly for added security.
    Could you tell the algorithm for generate chain key and first private key from Root Key? The restoring wallet takes a time, I though it is complicated procedure.

    goatpig
    Moderator
    Legendary
    *
    Offline Offline

    Activity: 1638

    Armory Developer


    View Profile
    October 06, 2014, 11:42:24 PM
     #16

    Address chain extension:

    https://github.com/etotheipi/BitcoinArmory/blob/master/armoryengine/PyBtcWallet.py#L1047

    Deriving the first key:

    https://github.com/etotheipi/BitcoinArmory/blob/master/armoryengine/PyBtcWallet.py#L912

    spin
    Sr. Member
    ****
    Offline Offline

    Activity: 360


    View Profile
    October 07, 2014, 07:34:34 AM
     #17

    entropy of sha256(sha256('3333333377777777444444443333333377777777444444443333333333333'))
    is the same as the entropy of '3333333377777777444444443333333377777777444444443333333333333'
    Only in case of password. And in case of low-cost brute forcing. But generally no. I mean if entropy of '3333333377777777444444443333333377777777444444443333333333333' is low, for example equal to 2^3 bytes phrase, it doesn't mean you may find the 8-bytes phrase that
    hash256(8-byte-phrase)=hash256('3333333377777777444444443333333377777777444444443333333333333').

    Users often chose low entropy passwords, x.
    If entropy of x is low then entropy of sha256(sha256(x)) is also low...
    Which means people can easily crack their wallets.

    This is why everyone thinks brain wallets are a bad idea.

    If you liked this post buy me a beer.  Beers are quite cheap where I live!
    194YjsiwmGm3hcbPcJWWyzRAS9CQLX1fJL
    picobit
    Hero Member
    *****
    Offline Offline

    Activity: 547


    Decor in numeris


    View Profile
    October 09, 2014, 05:44:36 PM
     #18

    Use something like 'Two beer, or bottle of wine? That is the question of my silly brain.'

    One year from from now, typing 'Two beer, or a bottle of wine? That is the question of my silly brain.'  Wait??? Where are all my coins???  I am sure I remembered my password.

    This is the other reason brain wallets are such a terrible idea.
    timz
    Member
    **
    Offline Offline

    Activity: 113


    View Profile
    October 09, 2014, 06:53:07 PM
     #19

    One year from from now, typing 'Two beer, or a bottle of wine? That is the question of my silly brain.'  Wait??? Where are all my coins???  I am sure I remembered my password.

    This is the other reason brain wallets are such a terrible idea.
    Well, I don't remember the password, but I still have my paper fragmented backup.
    But if papers were lost, you may try to recall the password. It is just additional possibility to restore wallet.

    picobit
    Hero Member
    *****
    Offline Offline

    Activity: 547


    Decor in numeris


    View Profile
    October 09, 2014, 07:08:14 PM
     #20

    Well, I don't remember the password, but I still have my paper fragmented backup.
    But if papers were lost, you may try to recall the password. It is just additional possibility to restore wallet.
    That actually makes sense - at least if your passphrase is long and cryptic enough to be secure. 

    The demands for a brain wallet is many orders of magnitude higher than for a password, since you do not need access to anything other than the block chain to break it - and can attack all the world's brain wallets in parallel at no extra cost.  A lot of people have a lot of specialized hardware for doing rapid hashes - and they no longer pay for themselves mining bitcoin.  Some of these are going to try for brainwallets instead.  And since "Two beer, or bottle of wine? That is the question of my silly brain." is (almost) grammatically correct and uses sensible punctuation, it has much lower entropy than one would expect.  I *think* it is barely out of reach of a brute force search, but honestly I have no clue.
    Pages: [1] 2 »  All
      Print  
     
    Jump to:  

    Sponsored by , a Bitcoin-accepting VPN.
    Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!