Author Topic: [Proposal] Deterministic Initial Wallet Key Generation  (Read 3018 times)

0 Members and 1 Guest are viewing this topic.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
As we had some issues with newcomers not backup up their wallets properly (the passphrase is not a brainwallet as in NXT) .. I'd like to propose a new initial scheme for the generation of the wallet master key (which is used to derive account keys)
It's quite simple and those of you that have a keyhotee founder id should be pretty familiar with it:

1) the first time a user opens up the wallet he will be asked to enter the following information:
  - first name
  - last name
  - id number
  - mail address
  - birthday
  - BRAINWALLET / passphrase / secret .. or something else that is SOLELY used to generate the key
2) generate the private key according to
   HASH(first name + last name + id number + mail + birthday + brainwallet)
3) Further ask for a passphrase to encrypt the private key after generation
  store ENCRYPT(HASH)
4) done

This way you can force the user initially to make a backup of the most important private key (the wallet master key) and thus also makes a backup of all further used keys as they are hierarchically derived from it!

Note, that basically all (except one) user input can be considered OPTIONAL .. they are only there to increase the entropy ..
the user should be told that no information he enters is stored anywhere ..

Thoughts?