What is WarpWallet?
WarpWallet is a deterministic bitcoin address generator. You never have to save or store your private key anywhere. Just pick a really good password - many random words, for example - and never use it for anything else.
This page is self-contained for portability. Save it on your computer - all the JS, CSS, and images are embedded. It's also hosted on github.
This is not an original idea. bitaddress.org's brainwallet is our inspiration.
WarpWallet adds two improvements: (1) WarpWallet uses scrypt to make address generation both memory and time-intensive. And (2) you can "salt" your passphrase with your email address. Though salting is optional, we recommend it. Any attacker of WarpWallet addresses would have to target you individually, rather than netting you in a wider, generic sweep. And your email is trivial to remember, so why not?
For safety, we've implemented WarpWallet outside of JavaScript and confirmed it generates the same output. (It's a step in our test suite, and we publish our test vectors along with the source.) If you're a programmer and want to implement WarpWallet yourself...
| s1 | = | scrypt(key=(passphrase||0x1), salt=(salt||0x1), N=218, r=8, p=1, dkLen=32) |
| s2 | = | pbkdf2(key=(passphrase||0x2), salt=(salt||0x2), c=216, dkLen=32, prf=HMAC_SHA256) |
| keypair | = | generate_bitcoin_keypair(s1 ⊕ s2) |
WarpWallet Challenge
The following challenges are designed to test the safety of WarpWallet, and scrypt in general. We expect the first 4 to fall quickly and hope to lose our bitcoins to nice people. If challenge 5 falls, we'll make an announcement here and on twitter (@maxtaco, @malgorithms).
All these challenges are with unsalted passphrases. Salt yours! They're harder to lick.
Challenge 1
- reward: 0.1 BTC
- hint: this passphrase is 2 random alphanumeric characters, such as 'X9'.
- wallet: 1JKb1617p68H5MPkoNaMtaJCqKDU3h8qSn
- status: solved
- expires: never
Challenge 2
- reward: 0.25 BTC
- hint: this passphrase is 3 random alphanumeric characters, such as 'Xa2'.
- wallet: 1NMjXhB2DW8pbGvd64o9DiqwCF8BTAkJKu
- status: solved
- expires: never
Challenge 3
- reward: 0.5 BTC
- hint: this passphrase is the usernames of two who've posted on the Bitcoin subreddit, separated by a space.
- wallet: 1FpxSs3tsvV8knTgRv2885bE1GyPq1QrvH
- status: solved [link]
- expires: January 1, 2015
Challenge 4
- reward: 1.0 BTC
- hint: This passphrase is the username of someone in the Hacker News top 100 karma list as of November 19, 2013. However, we dropped 2 characters from his or her username.
- wallet: 1GXXH7FbY7nCJDRc72SMyYykgtEUi5GxfR
- status: solved [link]
- expires: January 1, 2015
And finally, the real challenge...
The WarpWallet Challenge 1
- reward: 20.0 BTC*
- the answer was: 'PuACRv0R'
- wallet: 1AdU3EcimMFN7JLJtceSyrmFYE3gF5ZnGj
- status: Expired/unsolved
- expired on: Feb 1, 2016. Come on, guys!
The WarpWallet Challenge 2
- reward: 20.0 BTC*
- hint: this passphrase is 8 characters long, only alphanumerics. For example, 'b234FEzz'. the salt is a@b.c
- wallet: 1MkupVKiCik9iyfnLrJoZLx9RH4rkF3hnA
- status: Unsolved
- expires on: Jan 1, 2018
- note: * we put half the prize in the private wallet, and expect to hear from the winner privately, so we can talk about his/her technique. The other half we will send privately.
Authors
We are Max Krohn and Chris Coyne, co-founders of OkCupid, SparkNotes, and a bunch of other toys. Good day to you! We recently left OkCupid after 9 years, so we have a lot of time on our hands. Please follow us on twitter if you care to hear about this kind of thing.
But enough with the pleasantries: you can always see our signed version history at https://keybase.io/warp/release.txt (signed with our PGP key).
WarpWallet is of course offered without any warranty of any kind; if you lose your bitcoins due to a bug in our software, your keystrokes being recorded on a malware-infested XP rig from 2003, a weak passphrase, or even a typo, we are sorry in the most respectful way, but we cannot help you. Of course if you're messing around with bitcoins, you know how dangerous it is.
Consider using an air-gapped computer when generating bitcoin addresses. The nice thing about WarpWallet is you don't have to worry about concealing your private key afterwards. Just don't forget your password.
