Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: BIP 32 questions
by
zemario
on 08/03/2015, 12:59:19 UTC
Quote from: Abdussamad on March 08, 2015, 12:20:09 PM
Quote from: zemario on March 08, 2015, 12:17:55 PM
Quote from: gmaxwell on March 08, 2015, 09:51:09 AM
Quote from: Abdussamad on March 07, 2015, 05:44:13 PM
Another way to convert your custom string into an electrum wallet is to do a sha256sum md5sum of it. If you are on a nix system:
It's really really inadvisable to do this, short human generated strings have very low entropy even (or especially) when you think you're being clever about it. Many people have lost substantial amounts of Bitcoin this way.
Why do people assume they are short? I don't need to save the string, it can be a few hundred chars text. I fail to understand how/why this would be a bad idea. Could you guys be more specific?

Say, for example, the body of this forum post I am writting at the momment. Why is it a bad source of randomness? Of course, if post it in here it becomes public, but before I submit it.

Read this:

https://bitcointalk.org/index.php?topic=311000.msg3345309#msg3345309


It doesn't apply. It refers to memorable brainwallets extracted from existing texts using schemes. No single condition of those three applies in here.

No sarcasm intended, why does everybody reads "manually entering randomness with a keyabord" as "making a brainwallet from a short memorizable string"? I ask because every single time this subject is touch, all the energy is spent pointing out the weaknesses of brain wallets, which is only remotely related. How de we discuss this without getting tremendously off-topic?

Quote from bitcoinj javadocs

Quote
Generates a new deterministic key from the given seed, which can be any arbitrary byte array. However resist the temptation to use a string as the seed - any key derived from a password is likely to be weak and easily broken by attackers (this is not theoretical, people have had money stolen that way). This method checks that the given seed is at least 64 bits long.
https://bitcoinj.github.io/javadoc/0.12/org/bitcoinj/crypto/HDKeyDerivation.html#createMasterPrivateKey-byte:A-

I don't understand this reasoning, what is wrong with using a string? This is even harmful, I guess some people will feed a byte array with low randomness into that function and think "I'm good, because I didn't use a string".