Burstcoin’s Vision for Security

Burstcoin security entails much more than passphrase and wallet security.  From its inception, Burstcoin has sought to enhance faster adoption of blockchain technology while guaranteeing optimal security in all aspects of it operation.  It was created in 2014 when attacks on cryptocurrency networks were already common.  To keep the Burstcoin network safe, certain strategies were employed by the development team.

  • Collusive nodes attacks (51%): This attack happens when a majority of nodes conspire to harm a network. To prevent this, Burstcoin uses Byzantine fault-tolerance technology to help build dependable protocols. The focus is on identifying honest nodes by setting an upper boundary for maximum tolerance.
  • Denial of service attacks (DDOS): Burstcoin employs a Dymaxion design that requires all nodes to perform PoC (proof-of capacity) validation.  It also carries out regular vetting to identify and blacklist misbehaving nodes.
  • Progressive network updates: The nature of threats to cryptocurrency networks change rapidly.  The development team has adopted a system of progressive improvement that involves constant checks to identify and fix gaps.
  • Advanced encryption: To keep details and funds free from third-party entities and attacks, the Burstcoin network employs advanced encryption. Even when sending funds on the network, details are not easily revealed.

Note:  Most cryptocurrency losses reported in the blockchain sector occur on centralized exchanges.  BTDEX is a decentralized exchange that operates on the Burstcoin blockchain.

Burstcoin’s Automatically Generated Passphrase

Centralized organizations limit login attempts to accounts that they provide and do not disclose their authentication algorithm publicly.  Otherwise, their short passphrases would quickly be compromised.  The open source nature of the Burstcoin client allows unlimited login attempts which can be executed as quickly as billions per second.  Because of this, the Burstcoin account registration process automatically generates passphrases that are very long and complex.

To a first time user, a passphrase generated using a set of predefined publicly available words may seem counter-intuitive.

The number of passphrases that can be generated from Burstcoin’s list of 1,626 words in 12-word combinations, is 341,543,870,028,173,427,817,970,975,906,355,941,376.  This number can be represented as 341undecillion, or 341 billion billion billion billion. This is euphemistically called a “large number” in mathematics, and is so large that it is difficult to imagine.  Attempting all possible combinations of a 12 word passphrase drawn from this known dictionary (a process known as brute forcing), would, on average, take billions of billions of years.  Just 5 Words would take over 2,000 years.  Each additional word increases the difficulty by 1,626.  In conclusion, attempting a brute force attack on a Burstcoin passphrase would be an exercise in futility.

Number of Words Possible Passphrase Combinations Bits of Entropy
1 1,626 10.66
2 2,643,876 21.33
3 4,298,942,376 32
4 6,990,080,303,376 42.67
5 11,365,870,573,289,400 53.34
6 18,480,905,552,168,500,000 64
7 30,049,952,427,826,000,000,000 74.67
8 48,861,222,647,645,100,000,000,000 85.34
9 79,448,348,025,071,000,000,000,000,000 96
10 129,183,013,888,765,000,000,000,000,000,000 106.67
11 210,051,580,583,132,000,000,000,000,000,000,000 117.34
12 341,543,870,028,173,000,000,000,000,000,000,000,000 128

Your wallet is safe with a 12-word auto generated passphrase.  Adding additional words, letters, or numbers, would make the passphrase exponentially harder to crack, but the auto generated passphrases are already more than sufficient.

https://burstcoin.ist/2017/10/07/is-the-automatically-generated-passphrase-secure/

Security Implications of Blockchain Based Cryptocurrency

Burstcoin is a blockchain based cryptocurrency.  Its accounts are secured by a single passphrase ( private key ).  If the passphrase cannot be produced, the account cannot be accessed and the coins associated with it will be of no value.  There is no central organization to contact in this circumstance, so extra care must be taken when creating an account to preserve a record of the passphrase.

Accounts secured by a single passphrase are colloquially known as “brain wallets” because the passphrase could conceivably be stored only in the account holders memory.  Needless to say, for most people, preserving a passphrase only in this manner is not recommended.

The best way to preserve a passphrase is to store it securely in more than one location.

  • Computer hard drives can crash
  • Password manager files can be corrupted or deleted.
  • Paper can be destroyed or misplaced
  • Memory can fail

The same care given to passphrases should also be followed when making transactions.  Burstcoin transactions are not reversible.  If Burstcoin is accidentally transferred into an account without a known passphrase, there is no way to retrieve it.

Associating the full value of an account with its passphrase is a useful way to determine the appropriate level of security for protecting the passphrase.  If an account has a value of X, the passphrase has a value of X.  For higher values, more extensive measures should be taken.

All passphrases will eventually need to be entered on a local device or computer in order to sign transactions.  Be certain that the device is safe from intrusion and is not compromised by malicious software that could record keystrokes.  For the highest level of security, It is possible to sign transactions on devices that are disconnected from the internet (air gapped) using Burstcoin’s offline transaction signing feature.  

A few best practices, in no particular order:

  • Do not enter your passphrase anywhere except an official Burstcoin wallet.
  • Do not use online wallets for accounts with a significant balance.  
  • Do not change the 12-word passphrase generated during account setup (adding to it not problematic).  This protects from Brute Force and Rainbow Table attacks.
  • Do not use special characters.  ASCII code representations can be used (completely unnecessary).  Unicode characters are not always consistent between programs. 
  • Note:  Microsoft Word uses Unicode characters.  Therefore, it is not ideal for composing or storing passphrases which contain special characters.
  • Do not share passphrases with anyone that cannot absolutely be trusted.
  • Do not store unencrypted passphrases on remote nodes or local workstations.
  • Do not leave a printed passphrase next to a computer.
  • Use special care when connecting to remote nodes.
  • Use accounts with smaller balances for daily operations.  Access higher balance accounts only when necessary and with special attention to security.
  • Use discretion when considering password management software.  KeePass is a free open source option, but no recommendation is implied.

5 + 13 =