What is Burstcoin’s vision for Security?

Burstcoin’s vision is to enhance faster adoption of blockchain technology while guaranteeing optimal security. The network was founded in 2014 when attacks on cryptocurrency networks had become common.  To keep the Burstcoin network safe certain strategies were employed by the development team.

  • Collusive nodes attack (51% attack): This attack happens when majority nodes conspire to harm the network. To prevent such a problem, Burst uses Byzantine fault-tolerance technology to help in building dependable protocols. The focus is on identifying honest nodes by putting an upper boundary for maximum tolerance.
  • Protection from DDOS attack: Burstcoin employs a Dymaxion design that requires all the nodes to perform PoC (proof of capacity) for tax validation. It also carries regular vetting to identify and blacklist misbehaving nodes.
  • Progressive network updates: Because of the fast-growing interest in cryptocurrencies, the nature of threats keeps changing. The development team has adopted a system of progressive improvement that involves constant checks to identify and fix gaps.
  • Advanced encryption of the network: To keep details and funds free from third-party entities and attacks, the Burstcoin network employs advanced encryption. Even when sending funds on the network, details are not be easily revealed.
  • Most big cryptocurrency losses reported in the blockchain sector take place in the exchanges. The Burst development team created the decentralized asset exchange that makes it possible to bypass the exchanges.

 

The importance of passphrases

Burstcoin accounts are secured only by a single passphrase which can be thought of as a very secure password. Cryptocurrency accounts secured in this way are sometimes referred to as “Brain Wallets”. The passphrase is the only identifier needed in order to transact using Burstcoin or to forge blocks. There are no additional required wallet files of any sort.

Unlike traditional web sites and accounts which limit the number of login attempts and do not disclose the authentication algorithm, the open source nature of the Burstcoin client allows an unlimited number of login attempts which can be executed very quickly, at rates reaching billions of login attempts per second. Considering this, and unlike traditional passwords, your passphrase has to be very long and complex. The Burstcoin client account registration process is known to generate very
secure passphrases. We recommend that you use it. Alternatively, you can choose a passphrase with at least 35 truly random characters.

If you are using special characters in your passphrase, rather than just numbers and letters, make sure to use the ASCII representation of these characters and not one of their Unicode representations. For example, the quote character ” can be represented not only as ASCII code 34 (0x22) but also as various Unicode characters. These are considered different characters when used in a passphrase. To avoid confusion, always using the ASCII version of these characters or do not use them at all. For example, MS Word uses the “ Unicode character by default which is different from the ” ASCII character. These are not interchangeable. Substituting one for the other when entering a passphrase will generate a new account rather than provide access to the intended account.

Losing your passphrase means losing your funds, there is no way to recover your passphrase.

Mitigating the risk of losing your burstcoin

Let’s analyze the various risks and how to mitigate them. The main risks are:

  • Losing your passphrase.
  • Letting someone steal your passphrase.
  • Accidentally sending your Burstcoin to an account with an unknown passphrase.

If you are someone with a propensity to always mess up things online and always need customer support, you will have to exercise extra care to not to lose your Burstcoin.

Best ways to remember your passphrase

If you lose your passphrase there is no way to recover it. The chance of forgetting your passphrase is much higher than having your password stolen.

The best way not to forget your passphrase is to store it somewhere that is safe, preferably in more than one secure location. If you will be storing your passphrase on a computer or other hardware, it is important to maintain a backup copy of your files in another location as protection against equipment failure.

You have to accept that there are risks no matter where you store your passphrase.

  • If you store it on your hard drive – the drive might crash.
  • If you store it in a password manager – the passwords file might get corrupted or deleted.
  • If you print it on paper – the paper might get burned or lost.
  • If you store it in your brain – you might forget it.

Therefore, by using more than one storage method, you lower the risk.

Keeping your passphrase safe

Eventually, you have to use your passphrase on your local computer in order to sign transactions. Before entering your passphrase on a local computer, you need to be certain that the computer is safe from intrusion. This means that you must be certain that your computer has not been compromised with any malicious software that could be logging your keystrokes.

There is no 100% security, but there are best practices:

  • Don’t share your passphrase with anyone.
  • Don’t store your passphrase unencrypted on a remote node or your local workstation.
  • Always use the official Burstcoin wallet.
  • Take special care when connecting to remote nodes.
  • Do not leave your passphrase printed on paper next to your computer.
  • Split your Burstcoin into several accounts. Use the accounts with smaller balances for daily operations and only access the higher balance accounts when necessary.
  • Using a password manager that allows you to store multiple passwords encrypted under a single database password can be secure and convenient. A free, open source option is KeePass.

How secure is your passphrase?

When creating a Burstcoin wallet it is important to use a minimum of a 12-word passphrase to avoid Brute Force Attacks and Rainbow Table Attacks.  Your passphrase is your Private Key and must be carefully secured.  To a first time user, using a set of predefined publicly available words may seem counter-intuitive.

In fact, to put in perspective how many passwords can be generated by a list of 1626 words in a 12-word combination, the number would be 341,543,870,028,173,427,817,970,975,906,355,941,376 or 341 undecillion. That can be broken down into 341 billion billion billion billion. This is euphemistically called a “large number” in mathematics. It is difficult to imagine because of how astronomically large it is. Attempting all of the possible combinations of a 12 word passphrase drawn from a known dictionary (a process known as brute forcing), would, on average, take longer than the universe has existed – billions of billions of years. Just 5 Words would take over 2,000 years. Each additional word increases the difficulty by 1,626 times.

Number of WordsPossible Passphrase CombinationsBits of Entropy
11,62610.66
22,643,87621.33
34,298,942,37632
46,990,080,303,37642.67
511,365,870,573,289,40053.34
618,480,905,552,168,500,00064
730,049,952,427,826,000,000,00074.67
848,861,222,647,645,100,000,000,00085.34
979,448,348,025,071,000,000,000,000,00096
10129,183,013,888,765,000,000,000,000,000,000106.67
11210,051,580,583,132,000,000,000,000,000,000,000117.34
12341,543,870,028,173,000,000,000,000,000,000,000,000128

In conclusion, your wallet is safe with a 12 word auto generated passphrase. You should be much more worried about viruses and keyloggers. Adding capital letters, numbers, or symbols makes the passphrase exponentially harder to crack (virtually impossible). In its mobile wallet, the PoC Consortium added additional words to the list.

https://www.burstcoin.ist/2017/10/07/is-the-automatically-generated-passphrase-secure/

6 + 12 =