The scheme is so standard from pgp, gpg, bcrypt, truecrypt etc it should be obvious.


The password (or in this case, passphrase) is as secure as the user chooses. ANY is better than none, because even a weak one needs some effort and custom tools to crack.


Then, write it down.


So you put lots of money in a bitcoin wallet and then don't use it?

People tend to be careful when it comes to money. If they aren't, they only have themselves to blame. I can't see how other peoples' idiocy is an excuse to hinder my security.


The first sentence makes no sense whatsoever. And I don't care how vast his network is, he is not going to crack my password in the remaining lifetime of the universe.

That's tools, not schemes.

It isnt a bad thing that it may happen sometimes, but it would be a bad thing if it was the default.

That doesn't protect you against malware at all.

1) Only true if you have full disk encryption. Otherwise, your operating system may have placed the unencrypted private data anywhere (temporary files, swap space ...)

2) Nonsense. Malware can just read the RAM of your Bitcoin client.

3) See second.

I don't think you understand the issue. By a "complete scheme", I mean answers to questions like:

1) Is password complexity enforced? If so, what are the complexity rules?

2) Is any other way provided to get into the private keys other than the password?

3) What is the password needed for? Only to send money? Or even to see what accounts exist on the system?

And so on.

Without a complete scheme, there is no way to evaluate the advantages and disadvantages. As I've said, I can't think of a scheme whose advantages outweigh the disadvantages.

I don't think you understand what within wallet.dat needs to be protected and how passphrase based encryption works. If you did, you'd know the answers to your questions 2 and 3 are obvious.


Well, I'll leave you here demanding your scheme.

I presumed that this was what he intended, and I pointed out the problem with that scheme. A human will have to choose a password simple enough that they can remember it for many years but complex enough that an attacker cannot brute force it even if the attacker specifically knows which wallets have the largest BitCoin balances and the attacker has a botnet to use to brute force passwords on.

I wasn't kidding about my example. I really did have a password I used at least 20 times a week for more than six years that I didn't use for 8 months and forgot. It was a short/simple password too.

How bad this is depends to some extent on password complexity rules. If you force a very complex password, you ease the brute forcing issue. If you don't, you ease the password forgetting rule. Maybe someone knows how to make this work. I don't.

Users do not really understand the concept of a password that absolutely cannot be bypassed. A regular question on many forums is some variant of "I forgot the password to my X, how do I recover it?" where X is a WinRAR archive or a disk encryption scheme. They are stunned that the answer is "you're 100% screwed".

But I cannot do a fair job of criticizing a scheme without knowing what that scheme is. Nor is it fair for him to argue we should add encryption because he imagines a scheme that is not actually capable of being realized.

http://en.wikipedia.org/wiki/Two-factor_authentication

Someone give me a client that I can use two-factor authentication with. Until then, all other methods are insecure to some extent or other.