extending the password with a salt first and then using that for encryption is always a great idea. extending it with a strong key derivation function that is expensive to brute force such as scrypt (which uses a lot of memory) is even a better idea. setting the values for N=2
18 and r=8 is also a good setting for this purpose
https://tools.ietf.org/html/rfc7914#section-2Am I understanding this correctly? You are saying that using scrypt with N=2
18 and r=8 is just as good as WarpWallet, thus WarpWallet isn't achieving much by doing ton of iterations?
Seems to me you can stretch and obfuscate as much as you want, but you will never solve a couple of fundamental problems:
1. The original passphrase will still have lower entropy than a sequence of random bytes.
2. The more complicated you make the passphrase->rawkey generation process, the more likely you (or the beneficiaries in your will) are to lose funds.
It's interesting proposing new ways to make a brainwallet more secure, and I get that there are some extraordinary situations where use of a brainwallet may be justified, but otherwise... wouldn't you be better off sticking with something more conventional like a paper wallet?
Good points! I'm not suggesting using ONLY brain wallets. I just don't think they should be entirely dismissed because they were badly implemented at first.
I know this is more of a movie script than real life scenario, but interesting nonetheless:
Suppose somehow you are in a third world country robbed and left with nothing and you have a stash you can access via brain wallet just by passphrase and a salt.
(And I DON'T like that WarpWallet uses email for the salt, but could be anything that you are likely to remember forever)