2
We all know that private address is a 256bit number. But is the process of converting your password to this 256bit number standard across different clients?
I can imagine that a "strong random 40 character password" after transformation/hashing et c might become the stupid 0...000000123 or something like this :)
If this process is standard, does this mean, that backup of wallet.dat is not required, you should remember only the password?
3
It's not standard across all clients. You mentioned wallet.dat, which I associate with the Bitcoin Core client; that does not use a password to generate private keys; it generates each set of private keys randomly when a new supply of them is needed for transactions.
Some other kinds of wallets, however, are known as HD, or hierarchical deterministic, wallets. When they are initialized they generate a random master key that they use as a basis for generating all of the wallet's subsequent private keys in a deterministic (non-random) way. And many HD wallets, the very first time they're used, display a sequence of natural language words known as a recovery seed. You write down the recovery seed word list on paper and keep it securely secret. If the wallet is lost or destroyed you can input the words into another one of the same type of wallet to re-generate your private keys and hence your coin balance. If you're interested in the technical details, look at the specifications for BIP32 (HD wallets) and BIP39 (recovery seeds).
An HD wallet which uses a recovery seed may allow the user to specify a passphrase, typically intended to be memorized rather than written down, which is used along with the recovery seed to (re-)generate the private keys. For the ones that I've encountered a passphrase is optional.
1Those sequence of words (known as BIP 39 mnemonics) are not used for key generation. They are an encoding of some other random number (the seed) in a human memorable way. Furthermore, a wallet can be an HD wallet without using BIP 39 mnemonics. most follow the BIP 32 standard which does not mention BIP 39 anywhere. – Andrew Chow – 2017-12-06T06:28:39.597
From BIP39 - "The described method also provides plausible deniability, because every passphrase generates a valid seed (and thus a deterministic wallet) but only the correct one will make the desired wallet available."
Can someone explain what this means? – Childishforlife – 2017-12-06T15:35:40.010
@Childishforlife It means you can have, in effect, multiple wallets in one file or device; the passphrase that is input unlocks only the one with which it's associated without disclosing the existence of any other(s). So if you're required to unlock your wallet under duress, you could provide a passphrase to a "sub-wallet" (my terminology) that is less valuable to you, and (hope that would) satisfy the party responsible for the duress. – brec – 2017-12-06T17:49:00.450
Big thanks for the answer! That was a big surprise for me (does not use my password to generate private keys). – Oleg Gritsak – 2017-12-07T03:21:51.107
Actually, you are not 100% right. Yesterday, came across information that it is rather common to generate private key hashing some text with sha256. Of course, it is not safe, but transaction history shows many thousands of such addresses. – Oleg Gritsak – 2017-12-11T02:08:20.123
@Oleg Gritsak, I'd be happy to edit my answer to make it 100% right, but I don't see what's wrong. I didn't exclude any private key generation technique by answering with respect to Bitcoin Core's wallet.dat and to "Some other kinds of wallets..." – brec – 2017-12-11T13:55:26.487