Profile

Why do bad passwords work in counterwallet?

Why do bad passwords work in counterwallet?

Why is that when you type the 'wrong' password into counter wallet, you nonetheless proceed pass a login screen? Is this a bug in counterwallet, or is this the ...

Transcription

What's up, party people? My name is Chris DeRose, and I am the Community Director of the Counterparty Foundation. And in this video today I wanted to discuss, why do bad passwords work in Counterwallet? So I've been asked this a couple of times. It's certainly very confusing for people. It's even like very scary for people. It gets to a couple of issues even in Bitcoin, really like all things in Counterparty. It's a reflection of how Bitcoin works.

So in the Counterwallet software there isn't a user name. You may have noticed that. There's only a password. But even weirder still it's not actually a password in the traditional sense. There's no server that keeps track of your identity. And it isn't authenticated either.

And this is a big part of why we see what we see in hearing the question of why do bad passwords work. Passwords themselves are actually keys. There are private keys. So when you type in your password into the Counterwallet software, you are yourself creating, I believe it's a 256 bit number. That 256 bit number is a reflection of the words that you type in. The standard that controls how that is transformed is, I believe, BIP 38, the Bitcoin Improvement Proposal 38, and it defines how we take these words and turn them into keys.

So when you type in the wrong words, what ends up happening is you're merely creating a new key. That key is probably, if not certainly, a key that no one has used before. So what happens is that the software doesn't know if its good or bad. It just knows that it's logging in with a specific key and any actions that you take of receiving money or sending assets or all these things, are tied merely to that key. It's a really clever solution really to a lot of the decentralized goals of Bitcoin. In traditional systems we have this notion of identity because there's a sender.

In Bitcoin we still have this notion of an identity, but its identity because there's a password only. It doesn't tie to any other real world moniker. That's why there isn't any easy to factor authentication system for Bitcoin. That's why there isn't a mail me my password feature for Bitcoin and certainly not for Counterparty. There are some sort of hacks that we see that aren't even bad, that achieve these things through various means but that's outside the scope of this video. In terms of vanilla Bitcoin support, there isn't any such thing as a user name, and there isn't really such a thing as a password.

There's just a unique key that you know. And that's reflected. So when you log in, that's what you see. It's whatever's tied to that key. So hopefully that clarifies the issue for you, but maybe you have some more questions. If you do, ask them to me on Twitter @DeRoseTech or email me Chris@ChrisDeRose.

com. And if you like this video and you want to see some more questions answered, subscribe to the channel. I'd love to have you around.