Bitcoin script: Alice is on a kayaking trip and is worried that her phone (which contains her private key) might fall overboard. She would like to store her bitcoins in such a way that they can be spent with knowledge of a password. Accordingly, she stores them in the following ScriptPubKey address: 

OP_SHA1 <0x13818a5684a7ed4dce8433c3f57e13b589b88852> OP_EQUALVERIFY 

 

a. Explain why this is not a secure way to protect bitcoins using a password. 

b. Would implementing this using pay-to-script-hash (P2SH) fix the security issue(s) you identified? Why or why not?

Part A

This is because it leaves the private key physically vulnerable to theft, fire, or coffee in case of a spill on the phone. Whenever someone tries to obtain access to something by inputting a password (for example, a bitcoin private key or an account on an exchange), the program hashes the password and compares the result to the string that was initially stored. Because no two passwords produce the same hash, only those with access to the password may theoretically find a match. However, because a given password always generates the same hash, password crackers can simply hash all of the words in their dictionaries to generate a rainbow table. By using the rainbow table passwords can be cracked fast and easily thereby making them not a secure method to protect bitcoins.

Part B

Yes, using pay-to-script-hash (P2SH)  will fix the security issue. P2SH is just the name of a new type of Bitcoin compatible Public address that is capable of encapsulating sophisticated spending circumstances. Because passwords are wrapped in complex circumstances to prevent probable intrusion, this method is preferable and eliminates the error of being able to be penetrated via the rainbow table. The coins become spendable after the recipient presents the original script/conditions together with the other requirements for unlocking this script/conditions.

P2SH will fix this problem, however if the transaction grows too large, the restriction will kick in, preventing the recipient from spending bitcoins stored on a P2SH address because the requirements can sometimes be too many.

Step-by-step explanation

Part A

Adding password-based wallet encryption put an end to it — despite the fact that it shouldn't perform very well in theory. Malware that is well-crafted can log your keystrokes and steal your password, while passwords that are weak can be brute-forced. Passwords only serve to slow down the attack, but attackers can easily acquire access and take your bitcoins.

Part B

Yes, using pay-to-script-hash (P2SH)  will fix the security issue. P2SH is just the name of a new type of Bitcoin compatible Public address that is capable of encapsulating sophisticated spending circumstances. Because passwords are wrapped in complex circumstances to prevent probable intrusion, this method is preferable and eliminates the error of being able to be penetrated via the rainbow table. The coins become spendable after the recipient presents the original script/conditions together with the other requirements for unlocking this script/conditions.

P2SH will fix this problem, however if the transaction grows too large, the restriction will kick in, preventing the recipient from spending bitcoins stored on a P2SH address because the requirements can sometimes be too many.