Security question - how safe is our password/account?



  • @rnahlawi The risk that I see is not in the likelihood that someone could fluke a passphrase but that there might be a bug in the algorithm that generates the Passphrase in the first place, or that understanding the algorithm could reduce the search needed, or finally that someone could put up a fake piece of software that generates genuine wallets that could then easily be cracked by them?

    All of which points at the need for a truly random passphrase, however that is not what most of us will have used for our first wallet. Perhaps the code should be changed and ask for you to insert an additional word?

    Rich



  • @RichBC Agree, 1300 word list combination can be cracked by time or with right algorithm.
    When you start generating Burst, you will start being creative to protect your investment, stop using defaults for a start ;)
    Maybe exporting and importing Private key as an option would be great value


  • admin

    @rnahlawi I disagree. 12 words of 1300 in a random order are 128 bit of entropy which is enough. For example Lyrics of a song are way worse.



  • @daWallet But only if the algorithm that is choosing them is truly random, bug free, and unhackable.

    Rich



  • @daWallet I did say "by time" which is infinite :(
    @RichBC Dude, Let it be hackable. Users with high amounts usually favors cold wallets.
    Lets think of adding better security to wallets and especially online ones.



  • you just type in what you want your pass phrase to be and it will generate you a new wallet using that pass phrase .. no you cant change a wallets pass phrase



  • or use the adress-generator and get an really long password!-)



  • @Jumper Have you got a Burstcoin-Faucet still? or is down permanently.



  • Is there a way to change the passphrase I was original given, I want to use some of the tips above and change mine now.



  • @GamerKurisu no... the address is generated from your passphrase so the only thing you can do is create a new account with the passphrase you desire and send all to the new account...

    Your passphrase is the private key of your account if i am not mystaken!



  • Can someone give me a link with the wordlist used to generate passphrases?



  • So to put in perspective how many passwords can be generated by a list of 1626 words in a 12 word combination, the number would be
    341,543,870,028,173,427,817,970,975,906,355,941,376
    or
    341 undecillion
    which can be broken down into
    341 billion billion billion billion

    Now for a look at the account address:
    with a combination of 16 of 36 chars (numbers and alpha) the equation would look like this 36^16
    which looks like this in integer from
    7,958,661,109,946,400,884,391,936
    or
    7 septillion
    which can be broken down into
    7 million billion billion

    At first glance you may notice the first equation has much higher output which also may lead you to believe that their must be an over lap somewhere or not enough addresses for passphrases, but you'd be wrong.
    You see there are only 7,483,400,959 people in the world. http://www.worldometers.info/world-population/

    This means that each person on the planet today gets ~1,063,565,563,269,597 Accounts to them selves.
    or
    This means that each person on the planet today gets ~45,642,639,319,547,431,219,827,739,664 Passphrases to them selves.

    This also showcases that the chance for replication is less than the chance of a new generated key by a factor of billions. This doesn't mean that it's impossible but more likely than not a simple check to make sure the account isn't in use is made.

    As for what @jumper has said above. I have took it upon myself to make an application that will brute force the local db. It only took 2 hours and I made it in C#.

    I'm not sure of the sharing policy on the forums about releasing bruteforce apps to knock on the gates of the Burstcoins security, but the program will be posted on my github page.

    Big Thanks to http://www.wolframalpha.com/ for crunching this numbers as normal computer programs can't handle the task due to insufficient numeric memory allocation

    @Miky GoTo: https://forums.burst-team.us/topic/3838/regarding-the-recent-theft-of-burst-accounts/11


Log in to reply
 

Looks like your connection to Burst - Efficient HDD Mining was lost, please wait while we try to reconnect.