1

Someone robbed me at gunpoint and took my laptop. The laptop contained an encrypted hardrive with a wallet.dat file. Both the hardrive and wallet.dat had at best weak passphrases for the encryption. I have assumed both to be compromised.

My question has to do with the one-way permutation hash function of ripemd-160 to generate both the private and public keys used in brain wallet generators.

[I am assuming that wallet generators are using one way permutations. I could be wrong. If I am then please inform me. Most wallet generators use the brainwallet.py available on github.]

If an attacker has obtained your private key can he "reverse engineer" the key to obtain the original brain wallet passphrase used when the wallet was generated?

If so I assume he can use that to bruteforce any other wallet that would use the same passphrase as a seed as mentioned in this post here:

https://crypto.stackexchange.com/questions/10246/question-regarding-multiple-sha-256-rounds-on-a-bitcoin-brain-wallet-passphrase

Community
  • 1
user12247
  • 11
  • 2
  • Why does it matter if he can reverse-engineer the key to your passphrase? If he has the private key, he can spend your balance. You won't be able to make a new brain wallet with the same passphrase, as it will result in the same address. So unless your passphrase was the password you use for everything (stupid idea!), this doesn't really matter. – Steven Roose Jan 15 '14 at 16:42
  • Any reason for [your cross-post at crypto.se](http://crypto.stackexchange.com/q/12932/6961)? You obviously already received an answer here... – e-sushi Jan 15 '14 at 18:09
  • I did not know where to best post the question. Sorry – user12247 Jan 16 '14 at 01:06
  • Steven re-read the post. The question was relevant to the seed passphrase being obtained. The wallet was already secured (empty wallet) – user12247 Jan 16 '14 at 01:15

1 Answers1

1

Sorry to hear you were robbed.

An attacker cannot reverse engineer a private key to obtain the original mnemonic phrase.

What essentially happens is just another multitude of hashes with an algorithm (SHA256). Different approaches to this are taken by different deterministic wallet generators.

As SHA256 is considered secure. So is your mnemonic phrase

MaxSan
  • 3,855
  • 2
  • 21
  • 30
  • So you are guaranteeing me that a one way permutation is used to generate the private key for the wallet generators such as brainwallet.py? – user12247 Jan 16 '14 at 01:10
  • Is this just an opinion or do you have any facts or evidence to back your claim? Dont take offense but im not going to risk losing all of my money on an opinion – user12247 Jan 16 '14 at 01:21
  • I did some research... what I am worried about is called a preimage attack. – user12247 Jan 16 '14 at 01:45
  • Someone claims ripemd-160 is a one-way hash function: http://www.reddit.com/r/Bitcoin/comments/1lsweg/ – user12247 Jan 16 '14 at 01:52
  • As long as your mnemonic phrase has enough entropy not to be brute forced then it is safe. I think Electrum uses 12 dictionary words to get 128bits of entropy. Don't quote me on that though. – MaxSan Jan 16 '14 at 09:15