Author Topic: Private Key Protection (Read 82 times)

BTCtera · « **on:** December 09, 2013, 09:21:11 AM »

Regarding the private key I use:

Does the private key I enter to login ever leave my computer?

How is does process of checking whether I entered the correct key work?

Thanks

Come-from-Beyond · « **Reply #1 on:** December 09, 2013, 10:16:54 AM »

Quote from: BTCtera on December 09, 2013, 09:21:11 AM

Regarding the private key I use:

Does the private key I enter to login ever leave my computer?

How is does process of checking whether I entered the correct key work?

Thanks

If u connect to a remote computer then ur passphrase does leave ur local computer.

Soft doesn't check if a key is correct, it opens an account that tied to entered key. An incorrect key will open an account with 0 balance.

opticalc · « **Reply #2 on:** December 09, 2013, 11:15:03 PM »

Quote from: Come-from-Beyond on December 09, 2013, 10:16:54 AM

Quote from: BTCtera on December 09, 2013, 09:21:11 AM

Regarding the private key I use:

Does the private key I enter to login ever leave my computer?

How is does process of checking whether I entered the correct key work?

Thanks

If u connect to a remote computer then ur passphrase does leave ur local computer.

Soft doesn't check if a key is correct, it opens an account that tied to entered key. An incorrect key will open an account with 0 balance.

good to know about the private key not staying local. I thought that since some clients were open for remote forging that it was a local java applet that was loaded that kept the passphrase local. now that I see thats not the case Im surprised any were ever open for remote forging.

Come-from-Beyond · « **Reply #3 on:** December 09, 2013, 11:16:49 PM »

Some day someone will implement forging in a browser I believe.

BTCtera · « **Reply #4 on:** December 10, 2013, 04:41:11 AM »

I believe the blockchain wallet chrome app never transmits the private key. It's not in-browser, but pretty close.

Question: is it possible to change my private key? Or if I change the key I change my address?

Note: if I just end up bruteforcing keys on my client I will end up opening up some wallet, and one of them could have some coins in it. This seems way to obvious to be true. Am I missing something?

LiQio · « **Reply #5 on:** December 10, 2013, 08:43:07 AM »

Quote from: BTCtera on December 10, 2013, 04:41:11 AM

I believe the blockchain wallet chrome app never transmits the private key. It's not in-browser, but pretty close.

Question: is it possible to change my private key? Or if I change the key I change my address?

Note: if I just end up bruteforcing keys on my client I will end up opening up some wallet, and one of them could have some coins in it. This seems way to obvious to be true. Am I missing something?

A change of pass phrase is not possible. Open a new account (other pass phrase) and transfer your NXT there

Bruteforcing is possible (an analog thing for dictionary attacks was done here: https://nextcoin.org/index.php/topic,418.0.html)

Therefore a really strong pass phrase should be used -> 30+ characters including special chars -> if this is respected a bruteforce attack will take a long time (even with a supercomputer)

Author Topic: Private Key Protection (Read 82 times)

BTCtera

Private Key Protection

Come-from-Beyond

Re: Private Key Protection

opticalc

Re: Private Key Protection

Come-from-Beyond

Re: Private Key Protection

BTCtera

Re: Private Key Protection

LiQio

Re: Private Key Protection