Brainwallet


Hi all,

why did the core development team decided against brainwallet concept (like the one of nxt).

Are there anyplans to implement brainwallets in default client ?  Guess it should be to hard to implement at all. Since I guess you use privatkeys. So if the private key is derived form a passphrase it should work transparent for the rest of code.

For me a wallet file is a show stopper to invest in NEM since I already have a secure wallet it calls 1password.

FireF


How can the wallet mechanism be a show stopper ?
Anyways a NXT-like brainwallet would afaik not be possible as priv-keys are not derived from passwords.

I guess 1password is a passwod manager ?

To me having a file as a wallet is way safer. Even if my password is "123" it's safe so long as noone has access to that file.
A brainwallet with a "strong" password is safe NOW. Technology evolves and there will come a time (admitedly not very near future) where any 3 letter agency will be able to brute passwords that are considered safe at the moment.



A brainwallet with a "strong" password is safe NOW. Technology evolves and there will come a time (admitedly not very near future) where any 3 letter agency will be able to brute passwords that are considered safe at the moment.



If 3 letter agency is able to break current key derivation the also can break 128 bit AES and SHA. Wallet file just more secure if using weak password at the first place.
So the key diff is that Users are enabled to use weak passwords, cause they trusting that no one could have access to the wallet file.

Anyway for me brainwallet is a must have option so I'm sure that my choice for NXT is right for me.
Hopefully NEM and NXT join forces on services that build on the core. Like Asset Exchange and all the different cool stuff of crypto 2.0.

See you on the other side :slight_smile: (last post here, so far)

FireF


PS
Forum.nemcoin.com should upgrade to https.



With a brainwallet I can access my wallet anywhere on the planet.

With a wallet.dat this is impossible right? When I leave my laptop at home for example.
To be able to use NEM I am forced to trust a centralized website/exchange if I want to do that.


With a brainwallet I can access my wallet anywhere on the planet.

With a wallet.dat this is impossible right? When I leave my laptop at home for example.
To be able to use NEM I am forced to trust a centralized website/exchange if I want to do that.


or copy the wallet.dat to usb stick

This argument that you can access a brainwallet everywhere on the planet is not a good argument,
would you trust that windows XP thing in the lobby of your hotel in Shenzhen,China? No, also you will probably never go to
Shenzhen, end even if you would you would have your notebook with you.

Only do Crypto stuff on trusted devices, trusted mostly means owned, so no problem with wallet files in 99.99% of cases.

EDIT: nothing against china, beautiful country, been there.

I'm just an end user so I don't know much.

I didn't know you could do that.

But what about mobile devices.

How can I enter my wallet with my mobile without a brainwallet?


But what about mobile devices.

How can I enter my wallet with my mobile without a brainwallet?


Do we have plans for a mobile wallet? NXT has one right? I dont know.

But you would probably be able to import a privatekey into the mobile wallet.


But what about mobile devices.

How can I enter my wallet with my mobile without a brainwallet?


Do we have plans for a mobile wallet? NXT has one right? I dont know.

But you would probably be able to import a privatekey into the mobile wallet.

Yes,

Marcus is making an android app where you can login and make payments with the same password you use everywhere (the brainwallet).

I'm curious how NEM will make this possible.

Just asking by curiousity. My intention is to learn more about other platforms.

With a brainwallet I can access my wallet anywhere on the planet.

With a wallet.dat this is impossible right? When I leave my laptop at home for example.
To be able to use NEM I am forced to trust a centralized website/exchange if I want to do that.


So, I assume you are hosting your own version of NRS over HTTPS? Otherwise, you are trusting the person running the NRS instance to not steal your NXT passphrase, which isn't really different from using a trusted NEM wallet website (ala coinbase).



A brainwallet with a "strong" password is safe NOW. Technology evolves and there will come a time (admitedly not very near future) where any 3 letter agency will be able to brute passwords that are considered safe at the moment.



If 3 letter agency is able to break current key derivation the also can break 128 bit AES and SHA. Wallet file just more secure if using weak password at the first place.
So the key diff is that Users are enabled to use weak passwords, cause they trusting that no one could have access to the wallet file.

Anyway for me brainwallet is a must have option so I'm sure that my choice for NXT is right for me.
Hopefully NEM and NXT join forces on services that build on the core. Like Asset Exchange and all the different cool stuff of crypto 2.0.

See you on the other side :-) (last post here, so far)

FireF


PS
Forum.nemcoin.com should upgrade to https.


A brainwallet can be built on top of a wallet file. Think of Coinbase, which is ~ a brainwallet for bitcoin (always available online and accessible everywhere). [I'm not saying it's exactly the same as a brainwallet, but it's a pretty close approximation]

That said, a wallet file system cannot be built on top of a brainwallet. Things like cold storage are not possible with NXT (the very definition of a brainwallet is that it's always online), but are things that we want to support in NEM.



But what about mobile devices.

How can I enter my wallet with my mobile without a brainwallet?


Do we have plans for a mobile wallet? NXT has one right? I dont know.

But you would probably be able to import a privatekey into the mobile wallet.

Yes,

Marcus is making an android app where you can login and make payments with the same password you use everywhere (the brainwallet).

I'm curious how NEM will make this possible.

Just asking by curiousity. My intention is to learn more about other platforms.


There are a number of different ways to do it, but the most reasonable (imo) is to have a separate mobile NEM account and transfer NEM to it from my main NEM savings account. This is analogous to the fact that most people do not carry their life savings around with them, but instead carry a much smaller amount of spending money.

Even with NXT, I can't think of a compelling reason why I would want all of my NXT accessible from something I carry around with me.




But what about mobile devices.

How can I enter my wallet with my mobile without a brainwallet?


Do we have plans for a mobile wallet? NXT has one right? I dont know.

But you would probably be able to import a privatekey into the mobile wallet.

Yes,

Marcus is making an android app where you can login and make payments with the same password you use everywhere (the brainwallet).

I'm curious how NEM will make this possible.

Just asking by curiousity. My intention is to learn more about other platforms.


There are a number of different ways to do it, but the most reasonable (imo) is to have a separate mobile NEM account and transfer NEM to it from my main NEM savings account. This is analogous to the fact that most people do not carry their life savings around with them, but instead carry a much smaller amount of spending money.

Even with NXT, I can't think of a compelling reason why I would want all of my NXT accessible from something I carry around with me.

Alright. Thanks.


With a brainwallet I can access my wallet anywhere on the planet.

With a wallet.dat this is impossible right? When I leave my laptop at home for example.
To be able to use NEM I am forced to trust a centralized website/exchange if I want to do that.


or copy the wallet.dat to usb stick

This argument that you can access a brainwallet everywhere on the planet is not a good argument,
would you trust that windows XP thing in the lobby of your hotel in Shenzhen,China? No, also you will probably never go to
Shenzhen, end even if you would you would have your notebook with you.

Only do Crypto stuff on trusted devices, trusted mostly means owned, so no problem with wallet files in 99.99% of cases.

EDIT: nothing against china, beautiful country, been there.


Another thing is that you probably need another device like an usb stick anyway because with a brainwallet you need have to have a really secure password which noone can remember so everyone has to keep it somewhere.
I see not advantage between carrying my password around on a stick or whatever and carrying my wallet file around on a stick or whatever.
And don't get me started on password managers -.-


But what about mobile devices.

How can I enter my wallet with my mobile without a brainwallet?


Do we have plans for a mobile wallet? NXT has one right? I dont know.

But you would probably be able to import a privatekey into the mobile wallet.


Going mobile is not an option. It must happen sometime. ;-)

+1 Nakamoto




But what about mobile devices.

How can I enter my wallet with my mobile without a brainwallet?


Do we have plans for a mobile wallet? NXT has one right? I dont know.

But you would probably be able to import a privatekey into the mobile wallet.


Going mobile is not an option. It must happen sometime. ;-)


I have no idea what you WANTED to say but sentence above is as contradict as it can be ;)

Anyway in case of mobile it'll be easy, NCC will display QR code, which you'll be able to scan with your smartphone. (which I guess is easiest way).

But as J said, in this case responsibility will fall on users. It's similar as with banks, you shouldn't keep ALL your money on an account, that you have access to with your debit/credit card...

I have no idea what you WANTED to say but sentence above is as contradict as it can be ;)


not an option --> mandatory

With a brainwallet I can access my wallet anywhere on the planet.

With a wallet.dat this is impossible right? When I leave my laptop at home for example.
To be able to use NEM I am forced to trust a centralized website/exchange if I want to do that.


To actually answer the question, there's nothing stopping you from using brainwallet.


    [li]think of a sentence or word i.e. "Faith87SK"[/li]
    [li]do sha256 on that[/li]
    [li]menu -> Add an existing account, paste sha as a private key[/li]


    Ofc, I wouldn't recommend that method...

    When it comes to mobiles, we'll probably have easier/nicer solution.

Sorry to necro this incredibly old post, but this is exactly the information I came here seeking.

gimer, or anybody else reading this, could you please elaborate on how to go about accomplishing step 2? it would really help me out a lot.

I realize the security concerns with brainwallets and am content with the system I’ve established, and am willing to take the risk.

For some reason the idea of just being able to go on the run in a worst case scenario, and have access to my savings anywhere I can download an ubuntu startup disk and generate my keys from memory (it took a REALLY REALLY long time and a lot of effort to memorize a secure phrase) just really, really appeals to me. It’s one of the primary reasons I choose to save in crypto, and it’s my excuse for not having bought into NEM yet as well, unreasonable as it may seem.

If I can figure out how to do this with monero and decred too, then I’ll have all my crypto organized the way I like it.

brainwallet is available in lightwallet.