Re: "Why I'm releasing a brainwallet cracker at DEFCON 23"

Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.

The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.

As shown by this thread, people aren't very good with random-ness.
You should let the computer do this for you.

People are terrible in choosing passwords for themselves, I know that. But I kind of got from this thread that all brainwallets are doomed since they can be cracked with this software which is just not true if you have a strong and random password.

Concept of brainwallets works for NXT pretty well, OK they did have some hacks in the beginning, just because the users used famous phrases which you can look for with these kind of softwares very quickly and successfully. Now, when the users know what the strong password is and when they have option for client to choose it for them, brainwallets work well.

I almost forgot that NXT is a brainwallet per se.

I did some research some time ago but couldn't find how NXT hashes the passphrase which locks/unlocks the account.

Does anyone here know about it?

Is it just sha256(passphrase)? It can't be that easy...

I am sure it's not that easy, otherwise all people's NXT would just be gone. I have forwarded this thread to my good friend who's deeper with NXT, I am sure somebody will reply and let us know.

Cheers!

From the Nxt Whitepaper: https://www.dropbox.com/s/cbuwrorf672c0yy/NxtWhitepaper_v122_rev4.pdf

Quote

2.4.2 Accounts
Nxt implements a brain wallet as part of its design: all accounts are stored on
the network, with private keys for each possible account address directly derived
from each accounts passphrase using a combination of SHA256 and Curve25519
operations.
Each account is represented by a 64-bit number, and this number is expressed
as an account address using a Reed-Solomon14 error-correcting notation that
allows for detection of up to four errors in an account address, or correction of
up to two errors. This format was implemented in response to concerns that
a mistyped account address could result in tokens, aliases, or assets being irreversibly
transferred to erroneous destination accounts. Account addresses are
always prefaced by NXT-, making Nxt account addresses easily recognizable
and distinguishable from address formats used by other cryptocurrencies.
The Reed-Solomon-encoded account address associated with a secret passphrase
is generated as follows:

1. The secret passphrase is hashed with SHA256 to derive the accounts
private key.
2. The private key is encrypted with Curve25519 to derive the accounts
public key.
3. The public key is hashed with SHA256 to derive the account ID.
4. The first 64 bits of the account ID are the visible account number.
5. Reed-Solomon encoding of the visible account number, prefixed with NXT-
, generates the account address.

When an account is accessed by a secret passphrase for the very first time, it
is not secured by a public key. When the first outgoing transaction from an
account is made, the 256-bit public key derived from the passphrase is stored
on the blockchain, and this secures the account. The address space for public
keys (2256) is larger than the address space for account numbers (264), so there
is no one-to-one mapping of passphrases to account numbers and collisions are
possible. These collisions are detected and prevented in the following way: once
a specific passphrase is used to access an account, and that account is secured
by a 256-bit public key, no other public-private key pair is permitted to access
that account number.