Usable Mnemonic/Brainwallet Generation

bitshares / bitshares1-qtwallet

Qt Wallet for BitShares 0.x (before 2015-10-13)

The Unlicense

11 stars 34 forks source link

Usable Mnemonic/Brainwallet Generation #86

Closed indolering closed 9 years ago

indolering commented 9 years ago

A few enhancements would make the brainwallet/mnemonic wallet backup generation more usable:

Spell check
Order independent word entry
Word list optimized for correction of verb forms, alternate spellings, etc.

Thankfully, @ryancdotorg has already worked out such a system and kindly posted a demo that is entirely client-side JS, it has everything including the wordlist.

Paraphrasing Ryan,

12 words -> 80 bits, 15 words -> 96 bits, 18 words -> 112 bits, 21 words -> 128 bits. Aggressive key stretching can provide up to an additional 24 bits of effective security. 12 words (with key stretching) should be the minimum.

Visually group words into tiplets, the encoding is designed so that each group of three words is a "thing" (verb, adjetive, noun) and 3 happens to be a cognitive sweet spot.

ryancdotorg commented 9 years ago

128 bits actually requires 21 words (I remembered wrong). You get 64 bits for 9 words.

If being used as key material, key stretching with scrypt using a high work factor is necessary.

See http://www.keylength.com/en/3/ for an overview of security levels.

vikramrajkumar commented 9 years ago

@indolering Please move this to https://github.com/BitShares/web_wallet/issues.

nathanielhourt commented 9 years ago

Brain wallet generation is done by the backend, I believe. This should be in bitshares/issues, no?

vikramrajkumar commented 9 years ago

We do have basic brain seed support in the backend, but I assumed this was a JS implementation that would be specific to a frontend. If that's the case it can go in web_wallet and @valzav can decide if he needs backend support. I'm not sure I think we should even deal with brain seeds in the backed, but if this is not about integrating an existing web implementation as I had assumed, it can go in https://github.com/BitShares/bitshares/issues.

theoreticalbts commented 9 years ago

This is a little off-topic, but somewhere we need to write down some guidelines for new contributors about what repos we have, and where various sorts of bugs should be filed.

theoreticalbts commented 9 years ago

Also, while the existing code is in JS, I'm wondering if we might not need to put it in C++. @indolering quotes @ryancdotorg who rightly notes we can should use scrypt or another designed-to-be-slow/memory-hard hash algorithm to derive the new key.

ryancdotorg commented 9 years ago

FWIW, I also have a python implementation of the same thing. I don't think a C++ version would be difficult.

indolering commented 9 years ago

Moved to https://github.com/BitShares/bitshares/issues/1208