Author Topic: MemoryWallet guide, a wallet you can retrieve with just a passphrase.  (Read 5563 times)

0 Members and 1 Guest are viewing this topic.

Offline FreeTrade

  • Moderator
  • Hero Member
  • *****
  • Posts: 700
    • View Profile
What might be cool is to apply the crazy memory intensive 50 something passes to the address generation transaction/encryption.

That way generation of rainbow tables becomes way harder. Not sure if there is merit in that as it will only slow it down linearly v.s. stronger passwords being exponentially harder to guess.

Yes - I think this would be technically superior, but I'm not sure we want to create a multitude of ways to convert passphrases to memorywallets - it might get confusing.
It would be a linear improvement, but a huge one - maybe 10 billion times more secure, so maybe we should. It's a good idea.
“People should be more sophisticated? How are you gonna get that done?” - Jerry Seinfeld reply to Bill Maher

Offline FreeTrade

  • Moderator
  • Hero Member
  • *****
  • Posts: 700
    • View Profile
I think we haven't given people good advice on how to create them yet.

A good MemoryWallet should have protection from people who don't know you - so should include  phone numbers, birthdays or email.
It should also have protection from people who do know you - so a good password too.

Add a few elements of each - phone number + password + birthday + password2. 

Also users can write it down somewhere too - they don't need to indicate it is a Memory Wallet. I think that's better than a generated wallet because I'm suspicious of RNGs now. Also if it does get lost, you can probably still recall most of it from memory, and you can hire a service to brute force the rest of it if you can't.



“People should be more sophisticated? How are you gonna get that done?” - Jerry Seinfeld reply to Bill Maher

Offline andhar

  • Board Moderator
  • Sr. Member
  • *****
  • Posts: 241
  • *BOH!*
    • View Profile
Sounds good :)

Hope people understand that this is basically the same as a paperwallet.

The only difference is that if you loose your paper/wallet, with memorywallet you can retrieve it again.

Offline seraphim

Going to add this to memorycoin.org tomorrow if there's no more feedback until then
Meet you on STEEM


Offline isaacgoldbourne

  • Sr. Member
  • ****
  • Posts: 322
    • View Profile
That is correct, as mentioned in the guide : A long sentence that is easy for you to remember and hard for others to guess. If you add numbers, punctuation, phonetics and misspellings it’s even better!
Can you please put that numbers, punctuation, phonetics and misspellings are essential because otherwise it is very easy to bruteforce with a dictionary attack, some people have even gone as far as to load thousands of quote pages into bruteforcers that get all the famous quotes from books and movies.
MemoryDice now available! https://bitsharestalk.org/index.php?topic=1886.0
 Vote for me to be CNO of memorycoin if you want these services. Just send 1 satoshi!
CNO: MVTEcno2tbsJWj7AQEyEjgk72j94hbPHFm

Offline belltown

  • Full Member
  • ***
  • Posts: 107
    • View Profile
How I've earned 0.088 BTC for making few forum posts on LetsTalkBitcoin - https://bitsharestalk.org/index.php?topic=6684

Offline s4l1h

  • Full Member
  • ***
  • Posts: 122
    • View Profile
« Last Edit: January 04, 2014, 11:23:50 am by s4l1h »

Offline andhar

  • Board Moderator
  • Sr. Member
  • *****
  • Posts: 241
  • *BOH!*
    • View Profile
That is correct, as mentioned in the guide : A long sentence that is easy for you to remember and hard for others to guess. If you add numbers, punctuation, phonetics and misspellings it’s even better!


Offline isaacgoldbourne

  • Sr. Member
  • ****
  • Posts: 322
    • View Profile
Remember you need high levels of entropy, otherwise they will be cracked very quickly.

For example correcthorsebatterystaple has high levels of entropy, but can easily be cracked with a dictionary based attack. However h0Rs3tra131i3r2k is almost impossible to crack in a reasonable time frame.
MemoryDice now available! https://bitsharestalk.org/index.php?topic=1886.0
 Vote for me to be CNO of memorycoin if you want these services. Just send 1 satoshi!
CNO: MVTEcno2tbsJWj7AQEyEjgk72j94hbPHFm

Offline andhar

  • Board Moderator
  • Sr. Member
  • *****
  • Posts: 241
  • *BOH!*
    • View Profile
MemoryWallet




 
MemoryWallet refers to the concept of storing your MemoryCoins in your mind just by memorizing a chosen passphrase which links to your address.
The phrase is turned into a 256-bit private key with a hashing or key derivation algorithm. That private key is then used to compute a MemoryCoin address, or a deterministic sequence of addresses.
MemoryCoins can be sent to that address. In order to access the MemoryCoins, one must recompute the private key with the same phrase. The private key is imported into a wallet, and the coins can be sent.
You can get a MemoryCoin wallet here: http://memorycoin.org/files
The site we will be using is: http://brainwallet.org/ 
What we basically will be making is a new wallet/address to store your MemoryCoins. The reason we are doing this is because if you lose your pc with your wallet and even lose the backup (in a fire for example) you can retrieve your wallet by going to the link and entering your passphrase.



Let’s go away from all the technical stuff now and let’s start doing something.

After downloading and installing the wallet go to http://brainwallet.org/
You could use the site now, but for security reasons it's recommended to do the following steps on your local machine. Scroll all the way down, in the right hand corner you will see a link called Download as Zip. Click that link and save the folder on your computer or on an empty flash drive.
When that is done double-click or drop the file called index.html in your web browser. Now you need to choose MMC (MemoryCoin) from the top right hand corner (or any other coin you would like to generate an address for).
If you are paranoid because of key loggers and Trojans you should this on a fresh installed pc without connecting it to the internet, or you could just plug out your internet while you are making your wallet, or use a Linux live USB/CD. I would recommend unplugging your internet connection while generating the wallet.


The next thing you need to do is to think of a secure passphrase.  It should be a long phrase and should be complex. A short password, a simple phrase or something picked out of the bible or any other form of public literature is likely to be stolen by hackers who use computers to quickly try combinations, also called brute-force guessing.
An example of a passphrase that is too simple is already preset in the generator: correct horse battery staple. Or something out of the bible: For God so loved the world that he gave his one and only Son, that whoever believes in him shall not perish but have eternal life.
These sentences as explained above can easily be guessed, so they are not safe!
An example of a good passphrase (not so good now since it's public now): commodore 46 is bookshelf and abbreviations in total this excludes the doctor Sheldon cooper monolog hey p1r4te.
A long sentence that is easy for you to remember and hard for others to guess.

OBS!

Adding numbers, punctuation, phonetics and misspellings is essential, because otherwise it is very easy to bruteforce with a dictionary attack. Some people have even gone as far as to load thousands of quote pages into bruteforcers that get all the famous quotes from books and movies..


The address is: MSSco62jAtCRL7Q64jp1tf9CLhH6SnyisR
this is your new public address, all you need to receive MemoryCoin
The private key is: 6zkU548Yzv72wgQUnnyte5XvCHnUfzdLeqDL33WPLL2DfpozHX6
Your private key should be kept a secret and not shared with anyone!
(Note that this address is not used by anyone, and it's not recommended to use it because of obvious reasons)
Now that the address is generated anyone can transfer MemoryCoin to it. You will not be able to access those MemoryCoins until you import the private key to a wallet using the command: importprivkey YOURPRIVATEKEY
To insert this command open your MemoryCoin wallet, press help, and enter the console.

Voila your wallet just got you personal MemoryWallet you can use to receive and send MemoryCoin!


Feedback is appreciated, wrote this guide and followed the instructions myself with no previous experience with MemoryWallet so I think everyone will be able to do so if desired by following this guide I’ve written.

Got any questions regarding this subject? Pm me or just post here.

Sincerely

Andhar
« Last Edit: January 05, 2014, 02:23:51 am by seraphim »