How it works?

Design principles

Mybucks.online is built for speed, convenience, and decentralization. In other words, "speed and convenience" means the platform is designed to be fast and easy to use.

For that purpose, we defined a few necessary key points:

• No app installs or browser extension downloads required.

• Use a classical credential format that is human-readable and easy to remember, avoiding the 12 or 24-word seed phrases used in other crypto wallet products.

We prefer decentralization for the following benefits:

• It provides full transparency to users and communities.

• There is no need to maintain large, secure infrastructures for handling user wallets.

These key points and our preference for decentralization are the main motivations for using a hash function to convert user credentials into a wallet private key instantly on the browser side.

However, this introduces a critical security challenge: the brute-force attack. To address this, Scrypt was deliberately chosen to delay the attack and make it practically impossible.

Technical implementation

The Passphrase is the primary credential used to generate your private key and create your account. It must be at least 12 characters long and include a mix of uppercase letters, lowercase letters, numbers, and symbols.

Generally, a user-defined passphrase has lower entropy (randomness) than a machine-generated 24-word seed phrase. To address this and mitigate the risk of rainbow table attacks (where attackers use pre-computed tables of common passwords), we introduced the PIN as a secondary input.

By requiring a unique pair of credentials—a Passphrase and a PIN—we achieve two critical security goals:

• Increased Entropy: Combining two distinct secrets significantly increases the complexity required to guess your credentials.

• Custom Salting: The PIN acts as a unique "salt," ensuring that even if two users choose the same passphrase, their resulting private keys will be completely different.

This dual-input system allows us to provide a human-readable experience that remains resilient against modern cryptographic attacks. Additionally, the PIN serves as a confirmation step when backing up your credentials or transferring assets.

Scrypt is a password-based key derivation function created by Colin Percival in March 2009, originally for the Tarsnap online backup service. The algorithm was specifically designed to make it costly to perform large-scale custom hardware attacks by requiring large amounts of memory.

Here are the parameters of Scrypt being used in our wallet:

To ensure a smooth experience for all users, we have carefully tuned our security parameters to perform reliably on both desktop and mobile browsers. This specific level of complexity is chosen to complete the cryptographic hashing process in under 10 ~ 20 seconds on most popular Android devices, ensuring that your wallet remains secure without causing long delays during login.

Keccak256 (SHA-3) is a cryptographic hash function used widely in blockchain systems like Ethereum. It's designed to be collision-resistant and irreversible, meaning it's computationally infeasible to generate the same hash from two different inputs or reverse-engineer the original input from the hash.

This combination of functions generates a pseudo-random value and guarantees no reversibility, no conflicts, and high security.

Disclaimer

While our dual-input system is designed to be highly secure, it is important to note that a credential-based wallet does not inherently provide the same level of security as a machine-generated seed phrase. We believe this seedless, credential-based approach is an innovative bridge for both Web2 and Web3 users, prioritizing accessibility and ease of use.

Accordingly, we do not recommend using this wallet for long-term storage or high-value assets. Mybucks.online is intended for micro-transactions and gifting purposes.