What is Burstcoin’s vision for Security?

Burstcoin’s vision is to enhance faster adoption of blockchain technology while guaranteeing optimal security. The network was founded in 2014 when attacks on cryptocurrency networks had become common.  To keep the Burstcoin network safe, certain strategies were employed by the development team.

  • Collusive nodes attack (51% attack): This attack happens when a majority of nodes conspire to harm a network. To prevent such a problem, Burst uses Byzantine fault-tolerance technology to help in building dependable protocols. The focus is on identifying honest nodes by putting an upper boundary for maximum tolerance.
  • Protection from DDOS attack: Burstcoin employs a Dymaxion design that requires all nodes to perform PoC (proof of capacity) for tax validation. It also carries out regular vetting to identify and blacklist misbehaving nodes.
  • Progressive network updates: Because of the fast-growing interest in cryptocurrencies, the nature of threats keeps changing. The development team has adopted a system of progressive improvement that involves constant checks to identify and fix gaps.
  • Advanced encryption of the network: To keep details and funds free from third-party entities and attacks, the Burstcoin network employs advanced encryption. Even when sending funds on the network, details are not easily revealed.
  • Most cryptocurrency losses reported in the blockchain sector take place on the. The Burstcoin development team created a decentralized asset exchange that makes it possible to bypass the exchanges.  A decentralized exchange (DEX) operated by Burstcoin is in the planning stages.

 

The importance and security of passphrases

Burstcoin accounts are secured only by a single passphrase which can be thought of as a very secure password. Cryptocurrency accounts secured in this way are sometimes referred to as “Brain Wallets”. The passphrase is the only identifier needed in order to transact using Burstcoin or to forge blocks. There are no additional required wallet files of any type.

Unlike traditional web sites and accounts which limit the number of login attempts and do not disclose the authentication algorithm, the open source nature of the Burstcoin client allows an unlimited number of login attempts which can be executed very quickly, at rates reaching billions of login attempts per second. Considering this, unlike traditional passwords, Burstcoin passphrases must be very long and complex. The Burstcoin client account registration process is known to generate very secure passphrases. We recommend that it be used without modification.  It is acceptable to add additional characters to the automatically generated passphrase.  However, this is not necessary.   Alternatively, a passphrase with at least 35 random characters is acceptable.  

If using special characters in a passphrase, rather than just numbers and letters, the ASCII representation of these characters should be used rather than one of their Unicode representations. For example, the quote character ” can be represented not only as ASCII code 34 (0x22) but also as various Unicode characters. These are considered different characters when used in a passphrase. To avoid confusion, always using the ASCII version of these characters or do not use them at all. For example, Microsoft Word uses the “ Unicode character by default which is different from the ” ASCII character. These are not interchangeable. Substituting one for the other when entering a passphrase will generate a new account rather than provide access to the intended account.  

Losing your passphrase means losing your funds, there is no way to recover your passphrase.

Mitigating the risk of losing your Burstcoin

Let’s analyze the various risks and how to mitigate them. The main risks are:

  • Losing your passphrase.
  • Letting someone steal your passphrase.
  • Accidentally sending your Burstcoin to an account with an unknown passphrase.

If you are someone with a propensity to always mess up things online and always need customer support, you will have to exercise extra care to not lose your Burstcoin.

Best ways to remember your passphrase

If you lose your passphrase there is no way to recover it. The chance of forgetting your passphrase is much higher than having your password stolen.

The best way to not forget your passphrase is to store it somewhere that is safe, preferably in more than one secure location. If you will be storing your passphrase on a computer or other hardware, it is important to maintain a backup copy of your files in another location as protection against equipment failure.

You have to accept that there are risks no matter where you store your passphrase.

  • If you store it on your hard drive – your hard drive might crash.
  • If you store it in a password manager – the password file may become corrupt or may be deleted.
  • If you print it on paper – the paper might be destroyed in a fire or be misplaced.
  • If you attempt to remember it – you might forget all or part of it.

Therefore, by using more than one storage method, you can lower the risk.

Keeping your passphrase safe

Eventually, you have to use your passphrase on a local computer in order to sign transactions. Before entering your passphrase on a local computer, you need to be certain that the computer is safe from intrusion. This means that you must be certain that your computer has not been compromised with any malicious software that could be logging your keystrokes.

There is no 100% security, but there are best practices:

  • Don’t share your passphrase with anyone.
  • Don’t store your unencrypted passphrase on a remote node or your local workstation.
  • Always use official Burstcoin wallets.
  • Take special care when connecting to remote nodes.
  • Do not leave your passphrase printed on paper next to your computer.
  • Split your Burstcoin into several accounts. Use the accounts with smaller balances for daily operations and only access the higher balance accounts when necessary and with special attention to security.
  • Using a password manager that allows you to store multiple passwords encrypted under a single database password can be secure and convenient. A free, open source option is KeePass.

How secure is your passphrase?

When creating a Burstcoin wallet it is important to use a minimum of a 12-word passphrase to avoid Brute Force Attacks and Rainbow Table Attacks.  Your passphrase is your Private Key and must be carefully secured.  To a first time user, using a set of predefined publicly available words may seem counter-intuitive.

In fact, to put in perspective how many passwords can be generated by a list of 1626 words in a 12-word combination, the number would be 341,543,870,028,173,427,817,970,975,906,355,941,376 or 341 undecillion. That can be broken down into 341 billion billion billion billion. This is euphemistically called a “large number” in mathematics. It is difficult to imagine because of how astronomically large it is. Attempting all of the possible combinations of a 12 word passphrase drawn from a known dictionary (a process known as brute forcing), would, on average, take longer than the universe has existed – billions of billions of years. Just 5 Words would take over 2,000 years. Each additional word increases the difficulty 1,626 times.

Number of WordsPossible Passphrase CombinationsBits of Entropy
11,62610.66
22,643,87621.33
34,298,942,37632
46,990,080,303,37642.67
511,365,870,573,289,40053.34
618,480,905,552,168,500,00064
730,049,952,427,826,000,000,00074.67
848,861,222,647,645,100,000,000,00085.34
979,448,348,025,071,000,000,000,000,00096
10129,183,013,888,765,000,000,000,000,000,000106.67
11210,051,580,583,132,000,000,000,000,000,000,000117.34
12341,543,870,028,173,000,000,000,000,000,000,000,000128

In conclusion, your wallet is safe with a 12 word auto generated passphrase. You should be much more worried about viruses and keyloggers. Adding capital letters, numbers, or symbols makes the passphrase exponentially harder to crack (virtually impossible). In its mobile wallet, the PoC Consortium added additional words to the list.

https://www.burstcoin.ist/2017/10/07/is-the-automatically-generated-passphrase-secure/

6 + 15 =