User talk:Ryanc: Difference between revisions
why did you revert warpwallet edit? |
→Same Ryan Castelluci from DEFCON talk?: new section |
||
Line 6: | Line 6: | ||
http://maxtaco.github.io/bitcoin/2014/01/16/how-jason-bourne-stores-his-bitcoin/ | http://maxtaco.github.io/bitcoin/2014/01/16/how-jason-bourne-stores-his-bitcoin/ | ||
== Same Ryan Castelluci from DEFCON talk? == | |||
First, if you're the same Ryan from the DEFCON talk on Brainwallets, thanks for publishing your research and increasing awareness of the issues. Your talk was one of the inspirations for adding Warpwallet to BitKey. | |||
However if you're the same Ryan that leaves me confused, because you recommended Warpwallet yourself in your talk, and you should know the Warpwallet challenge for an unsalted 8 character password lasted for 2.5 years before it expired. | |||
Do you disagree that using Warpwallet with a strong passphrase (e.g., eight diceware words) and an e-mail salt would provide very good security, unlike bitaddress-style brainwallets of old? | |||
The problem with trusting RNGs to generate your wallet keys are very real: | |||
http://www.zdnet.com/google-confirms-bitcoin-theft-vulnerability-in-android-7000019431/ |
Revision as of 19:10, 23 January 2017
Hello Ryanc:
1) Could you please explain what you found suspicious about my Brainwallet edits?
2) Could you please read up on Warpwallet, Key Derivation Functions and salts? It's true that old-style Brainwallets were very dangerous, but advances have made new-style Brainwallets such as Warpwallet many orders of magnitude more resistant to dictionary attack. Warpwallet is developed by very experienced developers who also happen to be the founders of keybase.io.
http://maxtaco.github.io/bitcoin/2014/01/16/how-jason-bourne-stores-his-bitcoin/
Same Ryan Castelluci from DEFCON talk?
First, if you're the same Ryan from the DEFCON talk on Brainwallets, thanks for publishing your research and increasing awareness of the issues. Your talk was one of the inspirations for adding Warpwallet to BitKey.
However if you're the same Ryan that leaves me confused, because you recommended Warpwallet yourself in your talk, and you should know the Warpwallet challenge for an unsalted 8 character password lasted for 2.5 years before it expired.
Do you disagree that using Warpwallet with a strong passphrase (e.g., eight diceware words) and an e-mail salt would provide very good security, unlike bitaddress-style brainwallets of old?
The problem with trusting RNGs to generate your wallet keys are very real:
http://www.zdnet.com/google-confirms-bitcoin-theft-vulnerability-in-android-7000019431/