issue: random account password is not secure #1
Comments
|
True, the private keys are being generated at the wallet_api.java file basically from the hash of the account_name + "active" + password at lines 1098 and 1099 as follows: Even if the wallet forces the user to use a strong password, using it to derive a private key is not a good idea. Like @o5j5vg55bv5hv5j5f8799f9 has stated brute-force, or even a dictionary-based attack could still be feasible. And if the account has enough funds that can be a nice incentive for attackers. The SecureRandom class with the proper fixes for android should be used instead. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
your account password is basically your private key, "password" doesn't quite convey how secure it needs to be.
"12 characters with 1 capital letter and 1 number" rule is not enough to resist brute force attack!!!!
https://www.grc.com/haystack.htm suggests this could be cracked in 1 year or far less if not totally random
letting user pick private key is generally not good idea anyway because people are bad at being random.
bitcoin private key should be minimum standard for private key & ideally better
bitcoin private keys are 51 characters with low caps, high caps, and numbers.
sometimes mnemonic 12 word phrase (e.g. bip39) can be used to generate private keys using this word list.
Options on how to fix it:
a) generate random 50+ character alphanumeric password & let user back it up
b) force user to make their key 50+ characters with at least 1 low cap, 1 high cap, and 1 number
c) generate mnemonic phrase so it's easier to write down using word list above with lets say 15 words (for examples of how to do it, see coinomi or mycelium apps on how they do mnemonic key generation for back up)
For randomness, can get extra entropy through other means like shaking phone or moving finger on screen if you want.
The text was updated successfully, but these errors were encountered: