Author Topic: [Proposal] Deterministic Initial Wallet Key Generation  (Read 3017 times)

0 Members and 1 Guest are viewing this topic.

Offline monsterer

Someone should do some research to find out how much entropy each of these components provide. Which probably is rather difficult because one should expect a certain correlation between for example first name and birthday, or either name and mail.

Remember: early adopters are cryptocurrency enthusiasts, who are vigilantly against divulging their personal information. This is why I suggested plain username/password for entropy.
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
2) generate the private key according to
   HASH(first name + last name + id number + mail + birthday + brainwallet)

Someone should do some research to find out how much entropy each of these components provide. Which probably is rather difficult because one should expect a certain correlation between for example first name and birthday, or either name and mail.
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline monsterer

I actually think brain wallets are a nice idea, but I wouldn't ask the user to type in all that personal information.

Instead you could just ask for a username and password, then hmac them together to create the private key. The extra entropy of the user name will make it safer than the NXT brain wallet single password.

Cheers, Paul.
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline cass

  • Hero Member
  • *****
  • Posts: 4311
  • /(┬.┬)\
    • View Profile
:) that was fast ... when i have time i will sketch something for you about multisig .. we'd like to have sth. easy to understand for end users .. and also an easy implementation for the GUI ..

that's how we do it  +5%
█║▌║║█  - - -  The quieter you become, the more you are able to hear  - - -  █║▌║║█

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
:) that was fast ... when i have time i will sketch something for you about multisig .. we'd like to have sth. easy to understand for end users .. and also an easy implementation for the GUI ..

Offline cass

  • Hero Member
  • *****
  • Posts: 4311
  • /(┬.┬)\
    • View Profile
█║▌║║█  - - -  The quieter you become, the more you are able to hear  - - -  █║▌║║█

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
So we need an easy way to let users kno of these possibilities ..

paging @cass ;)


Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
By the way this is another place multisig would be incredibly useful. You can have all your balances be secured by a 2-of-4 multisig where one key is the one on the hot client (which could also update votes and claim yield for convenience), another key is one stored on a paper wallet / flash drive and only used with an offline live Linux environment, another key is one controlled by some multisig security company, and the fourth one is a key that was generated on an offline computer, split into multiple parts using a secret sharing algorithm, each part of the key was encrypted on the offline computer specifically for a particular trusted BTS user (like friends and family), and then the encrypted key fragments were broadcast to the respective users.

If you lose your hot client key, you can use your offline backup and the multisig company's keys to get access to your funds.

If you lose both your hot client key and your offline backup (say your house burns down or it was robbed, and also you didn't have any encrypted cloud backups), then you can still get access by going to your friends and family, getting the key fragments from them, putting it back together and using that along with the multisig company's key to get back access to you funds.

If the multisig company disappears and your house was robbed, but you still have your phone that has the hot client key on it, you can use that and the reconstructed key from your friends and family to get access back to your funds.

If you die and the hot client key is inaccessible because no one alive knows the password. Your friends and family could recover the funds using the plaintext paper backup in your home and their reconstructed fourth key. If the paper backup was also encrypted, they can prove to the multisig company that you are dead, prove to them that they are the beneficiaries of the deceased, and use the company's signature along with the reconstructed key to get access to the funds.

So many possibilities become available with multisig.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
That's why the GUI should educate the users on how to properly backup the file.
I agree .. let's do it that way ..

Maybe some day we will have something like TreZor to help out security-wise.

Thanks for the discussion anyway.

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
That issue can be solved by letting the computer through some 128 bits of randomness for the brainwallet .. and let the user note it down ..and maybe reenter it in a second step to verify the "backup" ..

Well then it is no longer a brain wallet if the computer is generating the entropy is it? If the user forgets to write it down, or they do and then lose the piece of paper they wrote it down on, then they will be just as screwed as when they forget to backup the exported JSON file.

an initial export of the JSON file might end up being stored just on the computer .. once the disk crashes you lose both .. the wallet and the backup ..

That's why the GUI should educate the users on how to properly backup the file.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I think there can be a GUI option for generating a brainwallet (rather than only a CLI-only method available to do that like there is now). But I don't like the idea of it being the default system. I don't think typical users can be trusted to generate a passphrase with enough entropy to be resistant to bruteforce attacks. While the personal information does make it more difficult for an attacker attempting to bruteforce all keys out there at once, an attacker targeting a particular user can very easily get the victim's basic personal information and likely be successful in bruteforcing their most likely weak passphrase to get the wallet private key. And all of this would be possible without needing to accomplish the relatively difficult task of stealing the exported JSON file containing the encrypted wallet private key (which can be a flash drive, on the user's computer, or a cloud storage service).

I think the GUI just needs to be updated to make it absolutely clear to the user that they need to safely backup the initial exported JSON file (or at least just the encrypted wallet private key) or else they could lose access to their funds and identity.

That issue can be solved by letting the computer through some 128 bits of randomness for the brainwallet .. and let the user note it down ..and maybe reenter it in a second step to verify the "backup" ..

an initial export of the JSON file might end up being stored just on the computer .. once the disk crashes you lose both .. the wallet and the backup ..

and yes .. people are that stupid

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
reminds me I wanted to write a wiki page about best practices for end users concerning security of private keys ..
maybe I will find some time next week for that

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
I think there can be a GUI option for generating a brainwallet (rather than only a CLI-only method available to do that like there is now). But I don't like the idea of it being the default system. I don't think typical users can be trusted to generate a passphrase with enough entropy to be resistant to bruteforce attacks. While the personal information does make it more difficult for an attacker attempting to bruteforce all keys out there at once, an attacker targeting a particular user can very easily get the victim's basic personal information and likely be successful in bruteforcing their most likely weak passphrase to get the wallet private key. And all of this would be possible without needing to accomplish the relatively difficult task of stealing the exported JSON file containing the encrypted wallet private key (which can be on a flash drive, on the user's computer, or a cloud storage service).

I think the GUI just needs to be updated to make it absolutely clear to the user that they need to safely backup the initial exported JSON file (or at least just the encrypted wallet private key) or else they could lose access to their funds and identity.
« Last Edit: November 07, 2014, 07:54:55 am by arhag »

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I think we need to train users to treat their wallets with respect and care rather than attempting to make it so "easy" that they take it for granted.
Now THAT would be ideal .. but I am not sure if everyone is .. let's say "capable" .. of understand the value of bits and bytes ..

some people just won't understand that you can make you funds unaccessible (read:lose) by deleting your bits and bytes .. or destroying your computer ... not having a backup ..

Offline bytemaster

I think that assuming the user is downloading the full wallet and taking personal responsibility for their keys they can be expected to learn enough to understand the value/complexity of doing this. 

I think we need to train users to treat their wallets with respect and care rather than attempting to make it so "easy" that they take it for granted. 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.