Welcome, Guest. Please login or register.

Author Topic: What happens if someone tries guessing passphrases?  (Read 264 times)

0 Members and 1 Guest are viewing this topic.

Offline evoked

  • Fresh Nxter
  • *
  • Posts: 9
    • View Profile
What happens if someone tries guessing passphrases?
« on: December 04, 2013, 11:40:25 AM »
Hi..

quick question..what happens if someone guesses passphrases randomly  :o

Offline Drexme

  • Global Moderator
  • Established Nxter
  • *****
  • Posts: 228
  • My current job is to keep these forums in order
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #1 on: December 04, 2013, 11:43:11 AM »
If they guess yours, then it must be 1, 2, 3...  :D
Helpful Links: NXT Intro | What is NXT? | NXT Install Guide | NXT Giveaway NXT:8333778433828768082

Offline evoked

  • Fresh Nxter
  • *
  • Posts: 9
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #2 on: December 04, 2013, 12:48:53 PM »
If they guess yours, then it must be 1, 2, 3...  :D

haha i had a feeling that was the answer  :)

Offline Evan

  • Fresh Nxter
  • *
  • Posts: 6
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #3 on: December 05, 2013, 03:28:33 AM »
I have the same question. Since anyone can run the client and try the phrase locally, the attacker does not need to target at a specific account, he can just try the phrase. If he happens to enter an account that has nxt coins in it, he just send them to his own account. So, isn't it very insecure to enter accounts just by using phrase?  Please correct me if I am wrong.

Offline bizz

  • Fresh Nxter
  • *
  • Posts: 11
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #4 on: December 05, 2013, 03:34:35 AM »
I have the same question. Since anyone can run the client and try the phrase locally, the attacker does not need to target at a specific account, he can just try the phrase. If he happens to enter an account that has nxt coins in it, he just send them to his own account. So, isn't it very insecure to enter accounts just by using phrase?  Please correct me if I am wrong.

If it has enough entropy it's safe. Here is one example how to get safe pass phrase:

http://world.std.com/~reinhold/diceware.html
18005888158929470972

^ You know you want to tip me :)

Offline Drexme

  • Global Moderator
  • Established Nxter
  • *****
  • Posts: 228
  • My current job is to keep these forums in order
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #5 on: December 05, 2013, 03:41:03 AM »
Use this to check how secure your password is
https://howsecureismypassword.net/ it would take

Mine would take "31 sesvigintillion years" to crack.
Helpful Links: NXT Intro | What is NXT? | NXT Install Guide | NXT Giveaway NXT:8333778433828768082

Offline NextHead

  • Fresh Nxter
  • *
  • Posts: 39
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #6 on: December 05, 2013, 03:41:28 AM »
My phrase is 18+ characters w/ complexity... in other words, good luck. ;)

It would be nice if there was some type of validation check. If the passphrase doesn't meet certain complexity requirements or at the very least, put a big fat warning somewhere.
« Last Edit: December 05, 2013, 03:47:38 AM by NextHead »

Offline Drexme

  • Global Moderator
  • Established Nxter
  • *****
  • Posts: 228
  • My current job is to keep these forums in order
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #7 on: December 05, 2013, 03:53:29 AM »
My phrase is 18+ characters w/ complexity... in other words, good luck. ;)

It would be nice if there was some type of validation check. If the passphrase doesn't meet certain complexity requirements or at the very least, put a big fat warning somewhere.
This is a great idea.
Helpful Links: NXT Intro | What is NXT? | NXT Install Guide | NXT Giveaway NXT:8333778433828768082

Offline Evan

  • Fresh Nxter
  • *
  • Posts: 6
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #8 on: December 05, 2013, 04:06:06 AM »
So, what's the advantage of using a phrase over just using private keys?

Offline Come-from-Beyond

  • Nxter
  • **
  • Posts: 81
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #9 on: December 05, 2013, 09:54:56 AM »
So, what's the advantage of using a phrase over just using private keys?

Keys can be stolen and u have to move them around if u want to use ur wallet on other computer.

Offline LiQio

  • Fresh Nxter
  • *
  • Posts: 11
  • |_|
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #10 on: December 05, 2013, 11:05:42 AM »
So, what's the advantage of using a phrase over just using private keys?

Keys can be stolen and u have to move them around if u want to use ur wallet on other computer.

plus a pass-phrase (long as it might and has to be, can be memorized), whereas memorizing a typical private key is not feasible for the normal brain  ;D

Offline Skorm

  • Fresh Nxter
  • *
  • Posts: 11
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #11 on: December 05, 2013, 11:26:28 AM »
My pass phrase is +30 and I think ... it should suffice and even if I have to store it somewhere, there are lots of possibilities to ensure safety (Trucrypt for example).

There's a discussion on reddit about safety concerns ongoing http://www.reddit.com/r/Bitcoin/comments/1ptuf3/

Offline Evan

  • Fresh Nxter
  • *
  • Posts: 6
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #12 on: December 05, 2013, 02:12:36 PM »
So, what's the advantage of using a phrase over just using private keys?

Keys can be stolen and u have to move them around if u want to use ur wallet on other computer.

I use a randomly generated phrase so that it is safe enough, but I cannot remember it, then I use a password manager softerware to store it. To me, it turns out to work like a key in the end  :-[

Offline mcjavar

  • Fresh Nxter
  • *
  • Posts: 39
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #13 on: December 05, 2013, 05:04:26 PM »
What speaks against a username+password log in combination?
Show your love by sending me some Nxt coins ;)

17081684614434671224

Offline luhao007

  • Nxter
  • **
  • Posts: 52
  • Seeing is believing
    • View Profile
Re: What happens if someone tries guessing passphrases?
« Reply #14 on: December 05, 2013, 05:51:04 PM »
What speaks against a username+password log in combination?
username+password means there need to be an authorize server to do the check and if there is a server there is risk to be hacked in,or stolen by the bad ass web admin.

Right now it more looks like a generic public key/private key generation. So if you have your private key (your pass code) you can use any client to unlock your wallet and no one can steal your pass code as it is not store anywhere.
If you think I'm helpful, I appreciate your donation: 4024640957198975847