Are Ripple wallets "Brain Wallets"?

Technical questions about the Ripple API, the protocol, etc.

Are Ripple wallets "Brain Wallets"?

Postby d4n13 » Fri Jul 26, 2013 4:51 pm

Cross post, apologies, but I'm fishing for an "Official" reply.

I'm trying to figure out of the wallet name, is in any way cryptographicly related to the Public/Private key pair. I believe this is what is called a "Brain Wallet" in the Alt-Coin community.

To review for those new to Alt-Coin, wallets are generally a Private key / Public key pair. The Private key is randomly generated, then the private key is hashed, or used as a "seed" to derive the Public key. The reverse is not possible, so you can't turn a public key back into a private key. So in the end, all you really need to know is your Private Key, and it can always be used to generate the same unique public key.
So

[Ex 1] {PrivateKey -> PublicKey}
Note: Notice a one-way arrow. Obviously the Private key needs to be HIGHLY private, secure and never shared.

Brain wallets go one step further back. The take a pass phrase as the "seed" and use it to hash to a Private Key. The hashing is unique so the same phrase will always produce the same Private key. Now with a brain wallet, all you need to remember is your phrase, and the hashing function can always recover your private key from that phrase. So now the flow looks like:

[Ex 2] {Phrase -> PrivateKey -> PublicKey},
Note: Notice the one-way arrows. Obviously the phrase and Private Key need to be HIGHLY private, secure and never shared.

Now with the last example, there is an added risk. If you use some silly phrase like "bob" as your BrainWallet, a dictionary attack is guaranteed to work. This means that an attacker could hash every combination of letters and numbers to see if he ever hashes to a known public key. Remember that public keys are public, anyone can look in the block-chain (or for ripple the "ledger") to see them. So with a brain wallet it is imperative that your phrase is long gnarly and very very very complex. Something like

"I hope no one ever guess this phrase!! because if they did then I would loose all my money, and that would make me very very sad. I hate being sad"

So now on to Ripple. My questions is as follows: Are the wallet name and wallet password linked, in any way, to the private key? For example:

[Ex 3] { (wName, wPass) -> PrivateKey -> PublicKey }

If something like this was true, that would be VERY VERY bad! It means that your wallet is open to a brute force attack. Wallet names are almost guaranteed to be dictionary words, and passwords are likely to be as well. Whats worse, this would allow someone to do an offline attack. This would entail downloading the ledger (or at least all the public keys) then start randomly hashing wallet names and passwords till you find a "collision". A point where the attacker's guess, hashes to a public key. Then they would know for certainty, your wallet name and password.

Now the reason why [Ex1] is NOT susceptible to a dictionary attack is that is is VERY VERY VERY long and complex. I think it 2^256. That is one-trillion-cubed times one-trillion-cubed. VERY VERY big. [Ex 2] and [Ex 3] are no where even remotely close to that level of complexity, which is another way of saying, much less secure. To give you an idea of how many hashes an attacker could perform, current hashing pools are performing 50 trillion hashes per second. So if you think you did a good job because your phrase would take 100 trillion guesses to guess, that can be guessed in 2 seconds [reference]

If any of this speculation is on track, the fix is very very easy. Users just need to pick VERY VERY VERY complex wallet names and wallet passwords. Something like:

Wallet Name: 5KRSLpymjPRmRUqNS8BS6sKNQT1GEz5E3KkF3DSamAKV65DzYrc
Wallet Password: 5Jaf6UXLYNVNddeHoonnVnbWQKtmpgpfaH36WdLzUAanSp7sb4S

Could Open Coin Inc formally reply as to the methodologies of their key generation and provide assurances that they are completely cryptographicly independent from the wallet name and wallet password? If the server source for the key generation is ready to be shared, that would be a bonus as well.

Thanks in advance.
XRP: rEXJQNj9frFgG3Wk3smqGFVdMUX53c7Fw4
BTC: 18MDTTiqPM8ZEo29Cig1wfGdkLNtvyorW5
LTC: LQjSwZLigtgqHA3rE14yeRNbNNY2r3tXcA
FTC: 6mx5WVXsTEdsh9UCainpdAHDrDwH4mZQTD
d4n13
 
Posts: 24
Joined: Thu Jul 25, 2013 12:14 am

Re: Are Ripple wallets "Brain Wallets"?

Postby shekenahglory » Fri Jul 26, 2013 5:40 pm

short answer, no. The wallet name and pass phrase are independent of the keys, and only used for storage and retrieval from Payward or your local browser. You can have a wallet that can send and receive money but are not stored in your browser or on payward.

You can see how it all works in the ripple client source code, the secret is essentially a very large random number, and the public key is generated from that.

EDIT:
d4n13 wrote: If the server source for the key generation is ready to be shared, that would be a bonus as well.

the key generation is client side, so its available in the ripple client source.
shekenahglory
 
Posts: 373
Joined: Sat Apr 13, 2013 2:16 am

Re: Are Ripple wallets "Brain Wallets"?

Postby d4n13 » Fri Jul 26, 2013 6:33 pm

Thx
XRP: rEXJQNj9frFgG3Wk3smqGFVdMUX53c7Fw4
BTC: 18MDTTiqPM8ZEo29Cig1wfGdkLNtvyorW5
LTC: LQjSwZLigtgqHA3rE14yeRNbNNY2r3tXcA
FTC: 6mx5WVXsTEdsh9UCainpdAHDrDwH4mZQTD
d4n13
 
Posts: 24
Joined: Thu Jul 25, 2013 12:14 am


Return to Developers

Who is online

Users browsing this forum: No registered users and 1 guest