Ethereum: Wallet Password Uniqueness – Answer to a Beginner’s Question
As you probably know, creating and managing your own cryptocurrency wallet is an essential step in securing your assets. I recently created a new Ethereum wallet for myself using the Mycelium platform. To ensure the security of my private keys, I decided to use a unique passphrase as a backup password.
However, when I tried to create a Bitcoin wallet on Mycelium that matched the same setup, I was surprised to find that the generated wallet address and Bitcoin wallet seemed to point to an 11-word passphrase instead of the single word I had chosen for my Mycelium wallet. This got me wondering: what exactly is going on behind the scenes?
Understanding Password Generation
In Ethereum wallets, a passphrase (also called a recovery phrase or mnemonic) serves as a unique identifier that allows you to recover your wallet and access your funds if necessary. When creating a new Bitcoin wallet on Mycelium, the system appears to generate a password using a complex algorithm based on the chosen password.
Here is a simplified breakdown of the password generation process:
- Base32 Encoding
: The password is first converted to a Base64 encoded string.
- Hashing and Encryption
: The encoded string is then hashed using a cryptographic hash function (e.g. SHA-256) to produce a fixed-size output.
- Final Salting and Hash: A random salt value is added to the hash output, followed by another hash operation.
Twist
Now things get interesting. When Mycelium generates a Bitcoin wallet based on the same password, it appears to use the entire Base64 encoded string as a single address, without referring to a specific word or phrase. This means that if I try to create a new Bitcoin wallet using the original password, it will generate a different wallet address than the one I chose.
Verdict
While this may seem like a minor inconvenience, it is important to understand the implications of this behavior. If you choose a unique, unguessable password for your Ethereum wallet, Mycelium’s wallet backup process should produce the expected 12-word recovery phrase (or mnemonic). However, if you reuse the same password or use a password that is easy to guess, your Bitcoin wallet will be vulnerable to unauthorized access.
Recommendations
To avoid this problem in the future:
- Choose unique, unguessable passwords for your Ethereum and Bitcoin wallets.
- Use a secure password manager to generate and store your recovery phrases (or mnemonics).
- Consider using two-factor authentication or other additional security measures to protect your digital assets.
By taking these precautions, you can ensure the long-term security of your cryptocurrency holdings.