My thoughts on the unhackable BitFi wallet
We have seen a lot of drama around the BitFi wallet and what counts as "unhackable". But strangely all these articles never discuss what the BitFi wallet actually does and where the real risks lie.
Let me start by saying that I am not a fan of BitFi, but I still think that there is a reasonable use case for the technology.
.jpeg)
Technology:
The wallet is essentially a brain wallet where you need to memorise your private key. You can do all that without having to buy any special equipment, but the BifFi wallet makes life easier for you. Instead of remembering a key for each currency you memorise some entropy.
This entropy is used in the wallet to generate addresses for all currencies you like. These are coupled to an online machine so you can view your crypto comfortably. When you want to make a transaction you enter your memorised entropy seed into the machine and it computes the signature for the transaction on the fly and broadcasts only that. The device has no memory and only temporarily accesses the key to generate signatures.
For this reason the device is called unhackable. If someone steals yours they will find a machine that is able to create signatures, but the keys are not there. But others might be able to modify your device and recode the entropy seed as you enter it. Then they get full access to your coins.
To sum it up, the BitFi wallet does all the messy cryptography required to manage brain wallets for you and allows every non-tech user to securely operate such a brain wallet and do that in a rather comfortable way.
Security Risks:
The technology while being "unhackable" comes at big risks. Memorising entropy is a hard task. BitFi recommends to use diceware to generate a random seed phrase. There is really nothing wrong with that recommendation. They tell you to take about 7 words plus a salt such as your email address.
One word in diceware is about 13 bit. Seven words are thus 91 bits. Adding the salt will be about 100 bit. And yes that is secure by present standards. But compare it to the security of bitcoin that is at 256 bit!
And remember that security is reached exponentially. 100 bit is not about half as secure as bitcoin, it is a joke compared to bitcoin. It is about 9 octillion less secure than bitcoin, if anyone even has an understanding what that means.
In practical terms remember that an encryption of your device is secure at 7 words. But an attacker against BitFi does not care who is being hacked, they only care that the hack somebody. Immediately the attacker gains a power up to his hashrate equal to the number of people using BitFi! This is one of the reasons bitcoin uses the astronomically large 256 bit security.
Also in one of my recent posts about generating private keys with a dice, a reader was worried that my method may reduce the entropy by about one bit. If you are worried by this, please do not reduce your entropy by 156 bit using a 7 word diceware password!
Therefore I would advice anyone to use at least 15 words. But now we are back to the other problem. Can you really memorise that many? On my Pc is use a passphrase of 6 words only. I had some trouble memorising is in the beginning! Okay I am not very good at memorising. But I use that phrase a few times a day and it now is in my muscle memory.
But I have forgotten some 3 word phrases I used a few years ago!
I make a transaction a few times a month. I would not feel safe to memorise a 7 word phrase for longer times and I would really not feel good memorising a 15 word phrase.
The second big problem I see with BitFi is that the same address will be used multiple times. This means that the security of the address will be threatened should a flaw in the elliptic curve be discovered. So far all cryptographic methods have eventually be compromised. But never reusing addresses your funds are only in danger if two methods are cracked at the same time (ecdsa and sha256 for bitcoin)
Absolutely Dangerous:
On their website they tell people to never write down the phrase. Yes that poses a security risk, but dont overestimate you brain. For me the risk of forgetting the key would be much bigger than my house burning down in a fire.
They also give examples of good passwords:
MyHubandIsAUn^cornAndLoves$ushi???
!Why Is Dan So Crazy About Monero and Mustard?
Both of these are absolute garbage and do not even follow the reasonable diceware idea they have given above! The first is impossible to memorise over longer times for humans. Both are derived from grammatically correct sentences and have much less entropy than the length suggests.
Comparison to hardware wallets:
Both BitFi and a hardware wallet make it possible to use crypto securely and without technical understanding. In a hardware wallet your phrase can be much weaker while not compromising security. This is a big plus for usability. To make BitFi secure we need 15 words at least, better 20. I do not want to have to enter those each time I make a transaction.
Hardware wallets also by default use the full 256 bit and never reuse an address. Against online hacks both provide good security and against physical hacks both can be compromised.
Verdict:
I would recommend everyone to use a normal hardware wallet. BitFi requires a very long password because it is directly your entropy. In a hardware wallet you can have a normal password as that can only be used together with the physical device.
BitFi is for you if you have an awesome memory! But please write down your seed somewhere in a dark and secret place! You, or your kids, may thank me later.
[0, 1, 2] fiber distance crack embark