Security

From Waves Wiki
Jump to: navigation, search

Other languages:
العربية • ‎Deutsch • ‎Ελληνικά • ‎English • ‎español • ‎français • ‎Bahasa Indonesia • ‎italiano • ‎ភាសាខ្មែរ • ‎Nederlands • ‎русский • ‎Tiếng Việt • ‎中文(中国大陆)‎

What is a brainwallet and how does it work?

The main difference between a brain wallet and a regular wallet is that there is no .dat file which stores your private keys. Instead it uses a SEED which grants you access to them. The SEED is by default a string of 15 English words composed from a wordlist that contains 2048 words. The provided string is cryptographically extremely secure and with the current technology unbreakable (the chance someone can break a passphrase given by the client is 2048^15).

Waves uses the BIP0039 wordlist;

Bip0039.PNG


Each and every SEED is only linked to one single Waves account. Every digit, character, symbol and space counts.

If there is one space too much, a different account opens up, if there is a wrong symbol, a different account opens up, if there is a spelling mistake, a different account opens up.


Steps to obtain the Raw Address


 var seed = loginContext.seed;
 var cipher = cryptoService.encryptWalletSeed(seed, ctrl.password).toString(); // The SEED gets encrypted with the password.
 var keys = cryptoService.getKeyPair(seed);                                    // A keypair is generated from the SEED
 var checksum = cryptoService.seedChecksum(seed);                              // A checksum from the SEED is generated to check data integrity
 var address = cryptoService.buildRawAddress(keys.public);                     // The Raw adress is generated from the public key.


If you lose your SEED, you lose access to your account.

We strongly encourage you to additonally back up the SEED on a piece of paper and store it in a safe place.

You also have the possibility to create your own SEED, however, we do not recommend it.

What is the additional password for?

You will also be asked to generate a password for your address. The password has two purposes:

  1. To encrypt the SEED locally so a signed transaction is never sent unprotected.
  2. Your account will be cached so you don't have to import the SEED from new everytime you want to log in. The password secures that only you can log into your cached account.

Note: If you happen to lose your password, you can simply delete the cached account, re-import it by using your SEED and define a new password.

Biggest advantage for the user

  • You only have to remember the SEED in order to gain access to your funds.

Best practice

People ask me frequently where to save their Brain Wallet SEED. While there are plenty of choices I'll list some of them up for you.

  • Write it down / Print it and keep one in a vault, locker, ...
  • Keep it in a Password Manager (1Password, KeePass (free), LastPass (Enable 2FA though)

While I don't wish death on anyone, you should take this into account. what happens when you get hit by a bus? Do you have a set up in place that in case you die someone else could access?