Human created passphrases and using key stretching not secure? Here is my opinion:

  • Human chosen passwords have poor entropy, and are easy to attack
Only for the same length. You can make bigger passphrases.

  • Human chosen passwords are hard to memorize
My experience tells otherwise. I can't remember easily random words. It's more easy to remember a sentence and some rules how to change the words (and modified words, not found in dictionary). It's easier to remember if the words form a sentence that somewhat make sense (for example "The corrrect hor^e ^aid that the battery i^ charged and ^tapled corrrectly and thi^ protect^ again^t Dizoolexa gorodonii" - in this case you need to remember that the "correct" is written with additional "r" and the "s" is changed with "^", also you should remember two fictitious words - Dizoolexa gorodonii - added for more entropy).
  • Mnemonics are easy to memorize, and hard to forget
Compared to the method I showed mnemonics are not easy to memorize.
  • Mnemonics are have high entropy, and are impossible to attack
This is correct, for the same length (comparing computer-generated mnemonics made with good RNG and human generated passphrases with the method I described - you can use random word generator for suggestion for the next word, but make the passphrase to make sense like sentence).
Key stretching definitely have some value. It increases the costs of the hardware needed for the brute force attack.
For example, I got these random words with my seed generator:
used tool video base beauty pull paper wall prefer domain attract divorce
Here is an easier to remember pass-phrase (sentence):
I used to have a tool for video creation at my home base. It was beautiful while pulling paper from the wall. I prefer my domain name to attract divorced people, because it's good for my cat selling business.
My easier to remember sentences have higher entropy than the source. Also, I can add another rule to make the bure-forcing difficult: change "m" with "9", "n" with "x", etc.
The additional key stretching can be made more secure if I get the hash from my slow hash function and concatenate it with the original string. For example:
I used to have a tool for video creation at my home base. It was beautiful while pulling paper from the wall. I prefer my domain name to attract divorced people, because it's good for my cat selling business. 20e20c96fb1cb02259592d04ff02ade98bf83bd89adcf2439babab5370cef900
will be more secure passphrase than the original (I added the sha256 hash, for this example; in reality I would use some slower hash function).

Context: https://old.reddit.com/r/Bitcoin/comments/dehlrr/discuss_issues_with_storing_bitcoins_in_long_term/f33e5e9/

I started discussion on Reddit: https://old.reddit.com/r/crypto/comments/dfy212/i_dont_understand_how_adding_more_strings_to_the/

Archiving private keys - TLDR version

Comments

Post a Comment

Popular posts from this blog

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Image
Flash memory is not a reliable medium for archives. Especially when there is no regular power. I have personal experience with usb flash drive not powered for weeks - one file became corrupted . (Read more here: Archiving private keys - TLDR version. ) You should always back up on paper and other mediums. Flash memory is prone to failure if it is not powered for weeks or more and if there are ionizing radiation When you write your precious private keys you should use technologies like Parchive and ZFS . And make several copies of your files. It's OK if you use your USB flash drive for another backup, but don't rely on it! Always back up on DVDs (even small files!), paper and online (after encryption with CPU and RAM intensive key derivative function like scrypt). Here is example of using the scrypt utility: $ sudo apt-get install scrypt $ scrypt enc -M 1073741824 -t 200 secret.txt encrypted.scrypt Do not use default values of "-M" and "-t", they...
Read more

Archiving private keys - TLDR version

0. Make multiple encrypted copies. On DVDs (they are better than CDs and Blu-Ray discs; DVD+R are better than DVD-R), paper, cloud services like DropBox, OneDrive, Google Drive, e-mail it to yourself and to your friends, use P2P storage services like MaidSafe, Storj and Sia , etc. 1. Use proper font when printing PGP encrypted keys on paper. 2. Flash memory (SSD, USB flash drives, hardware wallets) is less reliable when not powered regularly (i.e. every week). 3. Use error correction methods like Parchive and ZFS. 4. Print on paper or store on digital media only encrypted data. 5. Your encryption software should use CPU/RAM-intensive KDF (i.e. scrypt with secure options - do not use defaults! ). First, encrypt with scrypt and then encrypt it again with PGP (using different password!) in ASCII armor mode before print it (other methods like QR codes may not be reliable as multiple copies of the PGP ASCII armor). Do not use the same password for the PGP because it's easy to brute...
Read more
[ad removed]