A new hashing algorithm?
Okay, this might lean more towards cryptography than Bitcoin, but just hear me out. I've been doing some thinking.
After a bunch of major public releases, we see the use of salts and multiple hashing rounds with some classic algorithms like PBKDF2-SHA512. Even NIST is backing up a few of these techniques.
Got some time to spare? Check this out from the original scientific papers.
Nested Elliptic Curve Cryptography (NECC) My proposed solution
First, pick a random number. That’s your private key. Better yet, let a computer do the heavy lifting since we humans struggle with big numbers.
According to Secp256k1, this big integer can range from 1 to a massive number: 115792089237316195423570985008687907852837564279074904382605163141518161494337. Yeah, that's huge.
I’m a fan of using Python for this task, and I’m cool with hexadecimal notation:
You could even get the same result with just a one-liner in bash:
No need to go online to generate your keypair or wallet!
Now, the use case I’m thinking about isn’t really about cryptocurrencies, but I’d love your thoughts on it.
Let’s say "The Regular Website" needs a database to store usernames and hashed passwords. The issue with SHA1, SHA-256, or even fancier things like bcrypt, scrypt, or PBKDF2-SHA512 is that while they’re secure, they rely on hoping user credentials don’t get leaked. That’s not good for "The big website" or the user, especially given all the hacks we’ve seen over the years. Apparently, over 97% of cases in "haveibeenpwnd" have been cracked. Pretty concerning.
So, what’s a good hashing method for 2024? Using SHA256 for password storage is kinda outdated...
Nested ECC A fresh hashing algorithm with great advantages?
2 replies 177 views
Congratulations, you just invented brainwallet. And it is easy to break, see: https://privatekeys.pw/brainwallet/bitcoin/1
And if you have x-only-pubkey, then you can basically use P2TR as your address type.
I wonder, what this topic is really about. Because after reading that sentence, I thought about something like "mining vanity public keys".
Well, you can store public keys in the database, and users can sign in by signing a specific message (or better: post signed messages directly, without dealing with the "sign in" concept at all). However, those keys should be randomly generated, and not just some brainwallets. Or: you can have a random key with a passphrase, stored on your local computer, if you really need any "password" field.
Why don't you just use existing implementation from Bitcoin Core or Electrum? There is a way to set the password, and from a single seed, you can create all keys. So, the only thing you need, is to export your public key, and use it to handle "The Regular Website" by using even classical "Bitcoin Signed Message" (or better: handle BIP-322 properly; but it is the song of the future, since even Bitcoin Core is missing the full GUI-based implementation there). In the past, I even saw some pages in Tor, which used GPG keys with RSA to do that, so some implementation for existing forum engines like phpBB is probably somewhere, and it may be a matter of just switching the algorithm from RSA into ECDSA.
Do you mean Cebulka forum?
Yes, it uses GPG for signing in, but I don't know if the code for that extension is available anywhere. I guess it may be their custom code, even if it uses common tools, like GPG, which are Open Source, the whole integration with phpBB may be proprietary.
Related topics
- Bitcoin Core displaying coins (UTXOs) in a new tab 13
- Are you in favor of BIP-110? Let's get a Bitcoin poll going. 0
- Erlay seems to have some issues here’s a better proposal for a bitcoin protocol without invites 3
- New Optional Hourglass Implementation is Live 3
- Ways to earn some sats by contributing to bitcoin core development 5
- Exploring the Potential and Challenges of a Kardashev-Scale Bitcoin Network 3