3
If I'm reading the website right, it's saying that both Wallet passphrase and name should be kept private.
I now have a conundrum of which name to choose. Should I put my default username (public, well-known by those who know me), or should I put something that is hard to guess (like a password)?
How are the wallet name and passphrase even used in the system? Will someone give me his Wallet name, so I will be able to transfer money to him?
3
As a rule of thumb, don't give an attacker any more information than you have to. I would say that you should use your normal username; put the effort of remembering an odd username into remembering a better password.
How are the wallet name and passphrase even used in the system? Will someone give me his Wallet name, so I will be able to transfer money to him?
Nope. The username + password is used to look up a wallet file from something called a 'blob vault'. That blob vault contains your private key and your addressbook.
1
More specifically the blob vault never sees either your username or your passphrase but only a cryptographic hash of them combined. This has been discussed a bunch on the Ripple forums.
– dchapes – 2013-06-01T08:43:17.530@dchapes Ah. So if making your username 5 times harder to guess is as difficult as making your password 5 times harder to guess, then it doesn't matter which one you do? – Nick ODell – 2013-06-01T09:11:35.027
The only concern would be if I had a wallet named "dchapes" and you knew that then you could attempt to guess my pass phrase by generating the hash(username+passphrase) locally and querying the blob vault repeatedly. Using something like "dchapes.blah" would make it marginally harder; but yeah, just use a strong passphrase and it shouldn't matter. – dchapes – 2013-06-01T21:28:23.850