Re: [ANN] bitaddress.org Safe JavaScript Bitcoin address/private key [BOUNTY 0.1BTC]

Quote from: Jan on September 21, 2011, 09:30:05 AM

You should always use a salt when generating a deterministic wallet. The salt should be globally unique and easy to remember. An email address has those properties, and makes a rainbow attack impractical. This wiki discusses how it is done for the BCCAPI: http://code.google.com/p/bccapi/wiki/SecurityAndDeterministicWallets
The BCCAPI is opensource and available here: http://code.google.com/p/bccapi/

I am not sure this applies in this case. Rainbow attacks help attackers take a large number of hashes and try to recover plaintext from as many as possible with the same effort. In wallet generation, the hashes are used as private keys which the attacker has no access to (or else if he gets the private keys, his attack has already succeeded, there's no value in recovering the plaintext itself). This advice is useful for someone operating a website and storing hashed passwords in a database, but I believe it has no application for wallet generation.

Although I agree that the linked wiki article discusses it and recommends the user enter a "salt"... what practical difference would there be between the user entering a "salt" into a separate field, versus simply appending some extra characters to their passphrase? They will be concatenated anyway, so none from what I can tell. Salt in most other contexts is not something chosen by a user, rather it is something added by an application outside the user's control.