Ethereum: Wallet passphrase uniqueness (noob question)
Ethereum: Wallet Password Uniqueness – A Noob Question Answered
As you probably know, creating and managing your own cryptocurrency wallet is an essential step in securing your assets. I recently set up a new Ethereum wallet for myself using the Mycelium platform. To keep my private keys safe, I decided to use a unique password as my security password.
However, when I tried to create a Bitcoin wallet on Mycelium with the same setup, I was surprised to find that the generated wallet address and Bitcoin wallet address seemed to refer to an 11-word phrase instead of the single word chosen for the Mycelium wallet. This piqued my interest – what exactly is going on behind the scenes?
Understanding Password Generation
In Ethereum wallets, a password (also known as a recovery phrase or hint) serves as a unique identifier that allows you to reset your wallet and access your funds if necessary. When you create a new Bitcoin wallet on Mycelium, it appears that the system uses a complex algorithm to generate a password based on the password you choose.
Here’s a simplified breakdown of the password generation process:
- Base32 Encoding
: The password is first converted to a Base64 encoded string.
- Extraction and Encryption
: The encoded string is then hashed using a cryptographic hash function (e.g. SHA-256) to produce a fixed-size output.
- Salting and Final Hash: A random salt value is added to the hash output, followed by another hash operation.
The Twist
Now, here’s where things get interesting. When Mycelium generates a Bitcoin wallet based on the same password, it seems to use the entire Base64-encoded string as a single address, without referencing any specific word or phrase. This means that if I try to create a new Bitcoin wallet using the original password, it generates a different wallet address than the one I chose.
The Verdict
While this may seem like a minor inconvenience, it’s essential to understand the implications of this behavior. If you choose a unique and unguessable passphrase for your Ethereum wallet, the Mycelium wallet backup process should require the expected 12-word recovery phrase (or mnemonic). However, if you reuse the same password or use an easy-to-guess password, your Bitcoin wallet will be vulnerable to unauthorized access.
Recommendations
To avoid this problem in the future:
- Choose a unique and unguessable password for both your Ethereum and Bitcoin wallets.
- Use a secure password manager to generate and store recovery phrases (or reminders).
- Consider using two-factor authentication or other additional security measures to protect your digital assets.
Taking these precautions will help ensure the long-term safety of your cryptocurrency holdings.