What is the feasibility of private key + password?
naifamoodi opened this issue · 3 comments
Right now with all cryptocurrencies, all you need is the private key. And because it is impractical to memorize private keys, specially if you have many private keys, you need to store them somewhere. If this place of storage gets into the wrong hands, your investment is doomed.
So this raises the question, can a password be used in conjunction to a private key to authorize a transaction?
The basis of this is that you would never store your password except in your mind and it would be a difficult one.
For example, if your name was Eve Adam, you would use a password such as:
eV3AD@m31/11/1990
Cryptography is useless without a public key. You need more than a just a private key.
You sign transactions locally (securely) using your private key. The signature is shared publicly/to api/nodes which can use your public key to verify the signature.
You can password encrypt your Arionum wallets already (optionally) if you wish.
Not sure what else this is really asking. Everything brought up or suggested is already implemented.
I understand that.
Lets take Bitcoin for example.
Here is a random pair:
Address: 1Kw7imzQWZ56S3NPsxYFteMUnqBm8LXt6e
Private Key: 5KJM6ubGLVBfeKVEzJKZwHqXdLGuD4TYHhsWd5J1mHcYwLh1owz
There is no way you can remember the private key. So you'll have to store it somewhere. Lets say you keep it on a USB drive and somebody steals it. Now that they have access to your private key, they'll transfer the entire amount to another wallet.
But imagine this scenario:
To make the transaction, in addition to the private key, they will also need a "password". It could be something like eV3AD@m31/11/1990 or whatever that it very difficult for someone to guess but easy for you to remember. You attach this password (or whatever you want to call it) directly to the private key.
To be more clear, what I am trying to say is this:
The private key should be in an incomplete state. To complete it, you need the "password".
So if you have an incomplete private key which looks like:
abcdef1234567890
And to complete it, you need the password you had set, which in this example is eV3AD@m31/11/1990
Once done, the final private key would be 5KJM6ubGLVBfeKVEzJKZwHqXdLGuD4TYHhsWd5J1mHcYwLh1owz
Now you can safely store the partial key "abcdef1234567890" where ever you want. Even if it gets stolen, it is useless unless the person knows the rest of it to produce the final private key.
As I mentioned, you can already encrypt the wallet with any password you want. if somebody steals the USB key with the wallet on it they still need your password. Which is exactly what you are asking for.
I'd consider this open issue closed.