I tried it, and my browser
instantly produced a mnemonic. That means the encryption is easy to brute force.
Now compare
WarpWallet: it takes a very long time to create a private key, which means the encryption is very difficult to brute force.
If you do anything brain wallet related, at least make use of heavy encryption.
Hello, that is why I recommend you to set enough length of nonce ( > 10000 ) to make it resistant to the brute force attack.
That's just another thing you'd have to remember. You could accomplish the same by adding several random characters. But if the encryption itself is a million times heavier, it gets more secure without requiring the user to remember more data.
With your system, the user needs to back up an email address or other ID, a password, one or more "additional phrases", and a nonce. The loss of any one of these results in loss of their seed phrase and their coins. How is this simpler than just backing up a 12 word seed phrase which was properly generated from dev/urandom?
Good point. Also known as
KISS.