Human created passphrases and using key stretching not secure? Here is my opinion:

  • Human chosen passwords have poor entropy, and are easy to attack
Only for the same length. You can make bigger passphrases.

  • Human chosen passwords are hard to memorize
My experience tells otherwise. I can't remember easily random words. It's more easy to remember a sentence and some rules how to change the words (and modified words, not found in dictionary). It's easier to remember if the words form a sentence that somewhat make sense (for example "The corrrect hor^e ^aid that the battery i^ charged and ^tapled corrrectly and thi^ protect^ again^t Dizoolexa gorodonii" - in this case you need to remember that the "correct" is written with additional "r" and the "s" is changed with "^", also you should remember two fictitious words - Dizoolexa gorodonii - added for more entropy).
  • Mnemonics are easy to memorize, and hard to forget
Compared to the method I showed mnemonics are not easy to memorize.
  • Mnemonics are have high entropy, and are impossible to attack
This is correct, for the same length (comparing computer-generated mnemonics made with good RNG and human generated passphrases with the method I described - you can use random word generator for suggestion for the next word, but make the passphrase to make sense like sentence).
Key stretching definitely have some value. It increases the costs of the hardware needed for the brute force attack.
For example, I got these random words with my seed generator:
used tool video base beauty pull paper wall prefer domain attract divorce
Here is an easier to remember pass-phrase (sentence):
I used to have a tool for video creation at my home base. It was beautiful while pulling paper from the wall. I prefer my domain name to attract divorced people, because it's good for my cat selling business.
My easier to remember sentences have higher entropy than the source. Also, I can add another rule to make the bure-forcing difficult: change "m" with "9", "n" with "x", etc.
The additional key stretching can be made more secure if I get the hash from my slow hash function and concatenate it with the original string. For example:
I used to have a tool for video creation at my home base. It was beautiful while pulling paper from the wall. I prefer my domain name to attract divorced people, because it's good for my cat selling business. 20e20c96fb1cb02259592d04ff02ade98bf83bd89adcf2439babab5370cef900
will be more secure passphrase than the original (I added the sha256 hash, for this example; in reality I would use some slower hash function).

Context: https://old.reddit.com/r/Bitcoin/comments/dehlrr/discuss_issues_with_storing_bitcoins_in_long_term/f33e5e9/

I started discussion on Reddit: https://old.reddit.com/r/crypto/comments/dfy212/i_dont_understand_how_adding_more_strings_to_the/

Archiving private keys - TLDR version

Comments

Popular posts from this blog

[fixed] "Evolution is currently offline due to a network outage."

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Archiving private keys - TLDR version

[ad removed]