0
Brainwallet is a well-known tool that lets you generate an address from a passphrase. I think Brainwallet just performs a single SHA256 hash on the passphrase to get the 256-bit private key of the address.
Is there a BIP-standard formulated for this calculation?
Now that HD wallets are making there way to become mainstream, I think it is useful to have a standard to generate an HD wallet from a passphrase. Electrum and CarbonWallet seem to already have implemented HD wallet generation from passphrase and they are using 100,000 rounds of SHA256, which sounds already a much safer process than a single round.
The original BIP0032 that defines HD wallets doesn't define a way to generate them from passphrases (and it shouldn't), so maybe it is a good idea to make a separate BIP for this purpose if it does not already exists.
I want to be able to switch between wallet apps just taking my master key with me. Or for HD wallets, f.e. use a different wallet for watching (using the public root key) than for signing.
Double hashing should be the minimum good to generate wallets. – John T – 2014-01-04T21:53:01.170
1Except that now I know you've double hashed, all I have to do is double hash every phrase in my book and compare the result, which will always be the same. It's not the hash that is the security - don't confuse these two issues. – T9b – 2014-01-07T14:27:34.863
@T9b In fact a the hash can provide the security. In this case, a hash method that is so resource-intensive that brute-forcing would be infeasible would profile the perfect security. An example is the AES 256 CBC encryption method, which is proven to be secure against brute-forcing because of the computational complexity. – Steven Roose – 2014-01-07T16:26:56.707
Not everything is in the same way subject to a brute-force attack. F.e. Bitcoin addresses could also be brute-forced, but we don't see that as a threat either because it is not feasible for someone to try to brute-force it. – Steven Roose – 2014-01-07T16:28:42.467
1I think you have completely misunderstood the scope of "brute-force" attacks. You are limiting your understanding to "trying to reverse a hash" which is, of course, very difficult. However bitcoin addresses are being compromised all the time, by people who assume that the hash is providing the security on a passphrase. The best example of this is brain wallets, which are being compromised all the time by brute-force attacks using a dictionary of possible phrases. The hash doesn't make them secure. – T9b – 2014-01-08T12:26:18.207
Suggest you read this... http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
– T9b – 2014-01-08T13:46:51.860I think you don't understand what I mean here. BF is done by guessing. Smart hackers can reduce the amount of guesses required by using dictionaries etc. But that's beside my point. If a hash is used that takes an average computer 1 second to compute instead of less than a millisecond like MD5 or SHA256, even the smartest crackers won't be able to do it within reasonable time. – Steven Roose – 2014-01-08T21:36:02.173