How it works?

The password is the primary field used to generate a private key and create your account. To avoid password duplication among users, we have also introduced a shorter secondary field called the passcode, which is about 6 characters long.

By combining the password and passcode, we can achieve strong randomness, ensuring the safety of your account. Additionally, the passcode serves as a confirmation step when backing up your credentials or transferring assets.

For transparency, we share all mechanisms and the codebase of our product. While this is beneficial for our users, it also poses a threat from malicious attackers who may attempt to locate valuable password fields to gain access to user assets.

To balance convenience and security, we have implemented the scrypt hash function. This function consumes significant computational power and memory, making the calculations thousands of times more difficult for attackers.

Scrypt is a password-based key derivation function created by Colin Percival in March 2009, originally for the Tarsnap online backup service. The algorithm was specifically designed to make it costly to perform large-scale custom hardware attacks by requiring large amounts of memory.

Here are the parameters of scrypt being used in our wallet:

Keccak256 (SHA-3) is a cryptographic hash function used widely in blockchain systems like Ethereum. It's designed to be collision-resistant and irreversible, meaning it's computationally infeasible to generate the same hash from two different inputs or reverse-engineer the original input from the hash.

This combination of functions generates a pseudo-random value and guarantees no reversibility, no conflicts, and high security.