Open Wallet with md5 hash or md5(passphrase)

[JulianTosh]

I would like the app to be able to open a wallet by entering an md5 hash or a passphrase that would be hashed and/or converted to the existing keyword password/seed.

It should be easy to programatically identify which is being entered by length of the input (md5 hash) or by word in the passphrase not being in the word list to determine if the user is entering a keyword list or personal passphrase.

[JulianTosh]

Perhaps, you can make it so the user can enter a MPK as well so that it opens a read-only version of the wallet. And if the read-only wallet could be opened from a URL query string, that would be amazing too.

[carbonwallet]

Hi Julian, what's an MPK ?

Here's my reasoning as to why I'm not using MD5 currently. It's the same reasoning as elektrum so I'll refer you there.

https://bitcointalk.org/index.php?topic=153990.0

I'm not saying I won't consider this, just that it needs some thought.

[JulianTosh]

Electrum actually does allow you to use md5 hashes as a seed. What Thomas is saying is that you cannot use arbitrary words as a seed. To understand what is going on, please read RFC 1751 (IMO, it is very unfortunate that someone chose to write their own implementation of RFC 1751 instead of using a standard like this).

Basically, it is a number/English translator. Input a number, output a sentence built from a static list of words or visa versa. In Electrum, there is nothing stopping you from hashing a string (even sha256 works) and using the hash as the seed - you just can't make up your own arbitrary word list and us that as a seed. The words used in the encoder are fixed and limited.

[carbonwallet]

So if users enter the MD5 hash. i.e

MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6

Do I then just convert that to a number which is the seed ?

[JulianTosh]

That sounds correct. And just to add some more clarification to the two issues I've submitted, I'm suggesting that the user be allowed to enter one of four things in the "Open Wallet" field:

1 - A word list as it is currently implemented. The app computes the word list into an integer which is used to seed the wallet. It is identified by all the words being in the word list.

2 - A md5 hash (The user would compute their own md5 hash from a passphrase they know). The app uses the hash (just an integer) to seed the wallet. It is identified by the text pattern of [0-9a-f]{32}.

3 - A user defined word list (passphrase). The app would hash the string and use the hash to seed the wallet. It is identified when a single user supplied word is not present in the predefined word list.

4 - A Master Public Key. This opens a read-only wallet and history of transaction. It is identified by the text pattern of [0-9a-f]{128}.

[carbonwallet]

Any chance you could do a pull request for these ?

[JulianTosh]

I can read all kinds of code alright, but I'm not a very capable programmer, especially javascript :/

[Rui-Santos]

Hey carbonwallet, mind telling us why is it that your site generates a default wallet when the passphrase entered has words not in the mnemonic.js file? It seems like a malicious error to me. You should just tell the user that it's not possible to use his own passphrase instead of creating a dummy wallet that everybody will have access to.

[carbonwallet]

We now have the ability to generate an AES encrypted URL. The password can be set by the user, it's not pretty but allows quicker access to a wallet.