How Monerujo’s CrAzYpass (crazy secure password scheme) works

Mandatory disclaimer: I’m a member of the Monerujo team, albeit the less code-savvy one, but it puts me in an interesting position, if I can understand this, so do almost anyone. This article is intended to explain why CrAzYpass is implemented and the logic behind what it does, and even work a bit as a FAQ. For a proper explanation of how it actually works, please read the whitepaper.

Context

Monerujo is the first mobile wallet for Monero. It allows you to receive, store and send Monero from your android phone. Therefore it needs to check that is you (and not someone else) who’s using the app. To do so, like most apps out there, it asks you to choose a password for your wallet. Here we encounter the usability/security dilemma, that I picture as a seesaw: the more secure we make a system, the harder it becomes to use, and the less strict the security requirements, the more user friendly it gets.

Playgrounds are full of useful metaphors.

Nowadays we’re still in the garage phase of cryptocurrencies, where the products work well enough, and show promise of an awesome future, but the wiring is still exposed so the enthusiast can tinker with it. With enough time and effort, it’ll reach the iPhone point, where everything is tucked away and locked behind a polished and extremely simplified user interface.

Until we reach UX Paradise in Cryptoland we’re in a situation where we need to err on the side of caution, because we’re dealing with people’s money. But wait it’s not that easy, because err is human, and so if we make security procedures too complex for the average user, they will make mistakes that exposes them to even greater risks.

Passwords are a great example of this: a great password would be a long string of different letters and numbers and symbols as random as possible. But something almost impossible to guess by a third party as this is also very hard to rememeber for us humans, so we write them down, and stick them in the drawers on our desks. That’s bad. On the other side of the spectrum we tend to overwhelmingly choose passwords that are easy to remember, like password1234, but also very easy to guess, defeating their purpose.

Welcome CrAzYpass.

In your face, compromises!

How it works

CrAzYpass is Monerujo’s idea for a setup with as much security and as much comfort as possible. The short explanation would be:

The app uses your human-compatible password to create a crazy-secure password, then uses that to encrypt your wallet’s files on the phone. Making it hard to crack for a third party, but easy for you to get access to your wallet on a daily basis.

Here’s a longer, more detailed explanation on how it works. When you create a wallet, Monerujo creates files on your phone’s external memory, which is easy to access for you with a file browser, or plugged to a PC, and of course by any other app on your phone. There are three files:

  • A file that cointains your wallet’s seed and keys. This is the most important file (and the most important to keep secret) because it contains the information to generate this same wallet anywhere else and access your funds and spend them. This file is key (pun intended), losing this is like losing the keys to your safe. Encrypting this file is therefore very important for security reasons.
  • Another file that contains the information you generated by using your wallet, like the name you chose for it, a history of transactions, and all the notes associated with them. This file is like your accounting book with all your notes on the side. Encrypting this is then important for privacy reasons.
  • A third file that is just a plain text file with your public address, the one you give people when they want to send you monero. This is of course shareable so there’s no need to protect it with encryption. It’s like people knowing your bank account number. It could expose you in some ways, but let’s not get that creative here. There’s no need to encrypt this.
Your critical files protected by a matryoshka of increasingly complex passwords

So those files are on your phone, and until now Monerujo used the password you provided to encrypt the former two. Now with CrAzYpass it uses your human-compatible password as the base to make a calculation with an algorithm. The outcome of that calculation (the hash), is then used as a better, stronger password. For example a simple password like hello would produce a crazypass like RNXY LLCE R6AE YJCC W3QZ H8HY Y2B2 P6DD C898 32MS PLHP 47VT BM52.

Yes, that means a hacker would need to guess all that to decrypt your wallet’s critical files. Monerujo uses Android’s own secure hardware storage and RSA encryption for it. It then adds a CryptoNight calculation on top so it takes a little bit of work (and electricity) to decrypt. To you it’s nothing because you know the right password, but to someone just brute forcing it trying again and again, the sheer amount of combinations to try get very expensive, very fast. And it also would take a lot of time.

The only tradeoff for the user comes when you need to be able to decrypt those files outside of your current installed Monerujo, for example:

  • If you copy your wallet files to a computer to open them with Monero’s official wallet. They are compatible!
  • If you delete Monerujo and then install it again.
  • If you reset your phone and have to install Monerujo from scratch.

Remember that they’re encrypted with the crazypass, so you need to have that written down beforehand. Remember also our accounting book analogy. If you don’t write down the crazypass, you lose it. It’s not as important as losing the actual keys to the safe, but it can be annoying.

Some extra thoughts

Why does the CrAzYpass look like that? Because it’s designed to be as human readable and writable as possible, avoiding common human mistakes. It’s all capital letters and numbers, without the confusing Is, ls, and 1s, or 0s and Os. It’s also grouped in packs of 4 digits, so you can write them, check them, write the next one easily. This is not trivial, and the same logic behind Monero’s seed being common words. It tries to prevent somebody getting locked out of their funds by a simple writing mistake. Always remember, a tradeoff of removing the trusted third party in cryptospace is that nobody can hear you scream when you lose your password.

The different pieces of security and what they let you see or do

In the next update Monerujo will add the possibility to use your fingerprint instead of your regular password to open your wallet. This is very comfortable to just open it and check your balance, or copy your address for example. It will still require your password to send funds or take a look at y our seed, in case an evil maid finds you sleeping and uses your finger without your consent.

So that’s pretty much it. Pick the strongest password you can safely remember and type back into your phone every time you want to use your wallet. Write down your CrAzYpass in case you need to restore the wallet in the future, and please, PLEASE write down your seed.

You can read a proper, more technical explanation on the original whitepaper by m2049.

Monerujo is a work of love for the community, with the belief that free access to a secure, mobile light wallet that works on the world’s most used operating system is something we should help to exist. Please consider donating some moneroj to help further development:

4AdkPJoxn7JCvAby9szgnt93MSEwdnxdhaASxbTBm6x5dCwmsDep2UYN4FhStDn5i11nsJbpU7oj59ahg8gXb1Mg3viqCuk

Co-Founder at Sloop + Monerujo team member