brain wallet discussion

[axic]

I think it would be important and useful to discuss brain wallets and eventually settle on a method, which can be cross-application.

Current implementations

I am aware of three brain wallet implementations:

• libethereum

Run sha3 on the seed 16384 times. Then run sha3 until the first byte of the address is 0 (to be compatible with ICAP Direct).

• Ether.Camp

A simple sha3 over the passphrase.

• Quorum

Requires a passphrase and a userid, both at least 10 characters long. Use the concatenated userid and passphrase as the input to PBKDF2 with 2000 rounds, 32 bytes key size and sha256 hashing.

(Note: the brain wallet part in Quorum is not supposed to have more Ether than what is needed to execute the contracts and therefore it wasn't made to be very complex)

Passphrase generation

@alexvandesande has posted a nice little tool to generate memorable passphrases. There are many other dictionary tools.

A common interface

It would be important to define a common key derivation method with the inputs required. These inputs also should have minimum length/strength requirements.

Hopefully this can be a start to a discussion to devise such a standard.

cc @alexvandesande @ryancdotorg @romanman @Gustav-Simonsson

Update: it seems like we were writing at the same time with @alexvandesande. #75 proposes a specific method.

[alexvandesande]

We wrote at the same time! #75

[axic]

The attributes I would be interested in personally:

• don't require email addresses, but require a username (which can be an email address)
• require a passphrase, which could be offered from a dictionary or generator (such as @alexvandesande's above)
• support for ICAP direct (update: generate private keys fit for ICAP Direct)
• have key derivation, which is not too heavy on a browser, is small in terms of code size, but still provides adequate security

[alexvandesande]

We have a standard library that will convert hex addresses to ICAP addresses. I don't see the advantage of needing an address starting with 0

[axic]

To have addresses supported as ICAP Direct, the private key needs to fit into 155 bits.

[alexvandesande]

I see. What's the advantage of doing so? A bank would still need to implement ethereum, it's not as if magically we can receive direct transfers just because our address fits into theirs..

[alexvandesande]

don't require email addresses, but require a username (which can be an email address)

Of course, using email as a username is just a suggestion, it doesn't need to enforce the rule

[axic]

I haven't chosen a side yet which address format to prefer (checksummed, ICAP or something else), but as ICAP might get a bit of following, it probably makes sense to design the brain wallet in conformance.

[coder5876]

Shall we close this one in favor of #75 ?

[github-actions]

There has been no activity on this issue for two months. It will be closed in a week if no further activity occurs. If you would like to move this EIP forward, please respond to any outstanding feedback or add a comment indicating that you have addressed all required feedback and are ready for a review.

[github-actions]

This issue was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback or request a review in a comment.