Bitcoin Forum

Hi,

I aim to create a brainwallet for long term saving.

I have got two questions :  ???

1. I read somewhere (bitcoinmagazine.com), that a "used" adress (i.e., that have both received and sended bitcoins) is far less strong than an "unused" adress (ie., that have only received bitcoins, not sended), because in the first case the public adress will be exposed. Do you know why the public adress would be exposed when sending bitcoins, wheras it would not be exposed not when receiving ?

2. When I consult my account on blockchain.info, will then my account be considered as far less strong, because my public adress would have been communicated to a third party ? If the answer is yes, is there a mean of consulting my account while keeping my public key secret ?

Thx all

"Far less" is an exaggeration. "Slightly less" is more accurate. You are confused by the terms. The "bitcoin address" is exposed in order to receive bitcoins. The "public key" is exposed in order to send bitcoins. The "private key" is never exposed.

When you consult a blockchain explorer, you are simply querying about some bitcoin addresses and not exposing anything that is not already public. When you have a blockchain.info account, you are trusting that their software does not reveal your private keys to them.

None of this is related to creating a brainwallet.

People say that an address that has sent coins is less secure because you have exposed your public key. Before then, you have not exposed your public key. If people don't have your public key, it's much harder than it already is to crack your private key. Keep in mind that cracking a private key is already a near impossibility.

When Bitcoins are sent on the blockchain, the public key is revealed. This is necessary so that the network can validate the signature and prove the sender controls the address.  No such validation is required to receive.
There is higher security for unused addresses and it is considered 'best practice' not to reuse addresses but that doesn't mean used addresses are insecure.  There are several used addresses out there with huge balances. 

The security for unspent vs spent rises from 128 bits (already beyond brute forcing) to 160 bits, but more importanty, protects against faulty wallet implementations.  Its also better for privacy.

If you are concerned about security...

DO NOT CREATE A BRAINWALLET.

Your bitcoins will be FAR more vulnerable in a brainwallet than any concern you may have about the public key being exposed.

I would like to know, What is Brain Wallet? and How you saving with that for a long term?

If you are creating a brainwallet and it has been previously "used" then you absolutely should not consider sending funds to it. If a brainwallet has been previously used that means that someone else has spent funds from that brainwallet, which means that someone else has access to the private key of the brainwallet you are thinking of using.

With that being said, you really should not use a brainwallet period because with current technology, it is nearly certain that someone will be able to steal your money using software that checks the addresses associated with the private keys of brainwallets at an alarming speed that an attacker will almost certainly be able to steal your money.

brain wallet is like a passphrase that you remember which is used to create your bitcoin address (the private key)
read more here:
https://en.bitcoin.it/wiki/Brainwallet

but it can be un-safe because what a human considers random words might not actually be random and can be hacked easily.

Use a hardware wallet or a service like Xapo.com to store your coins. otherwise i guess you will lose all  :-\

https://bitcointalk.org/index.php?topic=899253.0

@ odolvlobo
@ RGBKey
@ jonald_fyookball

Thank you for answers,

I now understand that I was mistaking adress for public key.

As a consequence I understand that it is not compromising to consult adresses on Blockchain.info (I have no Blockchain.info account, I just use it to consult adresses).

I dont think my brainwallet will be exposed.

My passphrase is composed of 24 words : 12 words randomly chosen in a 15000 words dictionary (writen on a paper in three differents locations) + a more personal phrase composed of 12 words (not written on paper because I cant forget it).

Are you sure? You should improve your security...

I aim at saving a very tiny fraction of my savings in a brain-wallet, mostly for fun.

Long term means for me 10-20 years.

Please listen to me and do not create a brainwallet. You will end up getting robbed.

What you need to do is not be so paranoid and keep things simple.

Only install stuff from trustworthy sources, stay away from pirated software, keep all of your software updated, install an anti-virus and use any Bitcoin client from bitcoin.org. I highly recommend electrum.

IMPORTANT: Make sure you back up your Bitcoin wallet because that is the biggest reason people lose their BTC, much more people forget to backup and lose BTC then have their BTC stolen by hackers and scammers combined. Also make sure you regularly check your backups are still there and still work.

This isn't what most people call a "brainwallet". This is just a normal wallet. Many wallets give you the option of getting a mnemonic seed (a list of words) that you can use to recover your wallet if you lose access to it. electrum does this. These are a really good idea. Though I would recommend keeping an encrypted copy of the wallet as well as the paper words, makes it easy to check your balance and such and also never try to make up your own words.

I am pretty sure that I cannot remember 12 words randomly chosen (that is why I wrote them on paper),

but I am 100% sure that I can remember a more personal phrase (because it was designed to be easy to remember).

Unless, of course, if I get seriously sick, or die.

Yes it is,

mine is a real brain-wallet.

I generated my adress/keys with the brain-wallet.org java applet, after having ramdomly chosen words by rolling real dices (+ more personnal phrase).

I understand what you mean,

but I participate in bitcoin with a brain-wallet because this is fun,

whereas using a software and making backups is not fun.

I dont think my bitcoins will be stolen, and even if they are, I would not mind much, because it is only a tiny fraction of my savings.

I want to be sure to understand :

I have calculated that my passphrase has an real entropy far beyond 160 (12*log2(15000)=166, not to mention my 12 extra personnal words for which entropy is obviously more difficult to evaluate),

then, why concretely would my private key be less secure than a common private key held with a software like Electrum ?

Then this is not a "brainwallet".

As long as your 12 words were truly randomly chosen, and you didn't add any personal bias into the decision, it should be at least as safe as the paper.

I don't agree with this definition.  to me a brain wallet is any wallet that can be accessed using a passphrase. iow, the private keys or an input to get the private keys is stored in ones brain.  regardless of whether the passphrase was computer generated or human generated, they are both brain wallets. 

Then to you, every encrypted wallet is a brain wallet, including Bitcoin Core. It's called a "brain" wallet because the private key is stored in your brain.

it's not a brain wallet if you need access to a specific unique computer.  so normally encrypted wallets aren't brain wallets because you can't access your coins from any computer, only the computer with your wallet file.

+1 ,  it seems he (@jonald_fyookball) doesn't understand but it is easy.

You should have a brain and you should store the 'key or passphrase' in it, if you store it on a piece of sheat that  you ***  up all the purpose.

huh?  the fact that it's written on a paper has nothing to do with it.  Some people only call it a brain wallet if you chose the passphrase, but I don't agree and neither does the wiki:


is computer generated entropy safer than choosing your own phrase? Of course.  That's what I think people mean when they say "don't use a brain wallet.". They should really say "don't use a brain wallet unless it has computer generated entropy of at least 128 bits."

Oh, I thought you were one of them. it is named BrainWallet for a reason.





PS: sorry If I seem arrogant, I didn't want ;).

A brainwallet is information that you are storing in your brain that allows you to generate the necessary private key and bitcoin address.  That's why it is called a brainwallet.  Every thing that you need to be able to access your bitcoins in the future is tucked away inside your brain where it is completely inaccessible to anyone unless/until you personally give them access.  The problem with 99% of brainwallets is that people find it extremely difficult to permanently memorize anything, but especially anything that has at least 160 bits of entropy.  Therefore, most people end up choosing VERY VERY low entropy sources of information for their brainwallet which puts their funds at risk.

A paperwallet is any information that you are storing on one or more pieces of paper that allows you to generate the necessary private key and bitcoin address.  That's why it is called a paperwallet.  Everything that you need to be able to access your bitcoin in the future is tucked away on paper that you have hopefully taken reasonable precautions to secure against loss or anyone else accessing without your permission.

The OP essentially has chosen to create a paperwallet, and to secure that paper wallet with a passphrase.  The strength of his passphrase doesn't matter at all as long as nobody but himself ever accesses his paper wallet.

Perhaps some people do.  I don't.

There are three things that help with memorization.  First, you need to make mental pictures and stories in your mind.  Each word in a passphrase needs to be connected to the next.  The mind works by association.
Secondly, you need to review your phrase, every couple weeks or months at the most.  Don't expect to go years without practicing recalling it.  Third, we remember what we deem important.  If you have serious coinage, you will likely make the required effort to remember.  If you have a few satoshi only, you might not.

In addition,  there's nothing wrong with having a brain wallet with a backup.  Just because you have a backup, paper or otherwise, doesn't compromise your brain wallet, unless of course, someone steals the backup.  So call it a brain wallet with a backup, or call it a paper wallet that you also memorized, it doesn't matter.

I use a passphrase to access my Bitcoin Core wallet because it's encrypted, thats a brainwallet right?

My definition of "brainwallet" is a wallet that is kept entirely in your brain, with there being no electronic or physical trace of its existence left behind. The purpose is to prevent an adversary from finding out that you have Bitcoins. I do not recommend their use at all, there are a lot of "gotchas" that you need to be careful about and most (every one I've tried) of the "tools" that make these are complete rubbish.

It seems jonald_fyookball posting only because he is paid by the sig campaign. I agree with your & DannyHamilton definition of brainwallet, because the unique possibility to spend/use those btc should be stored firstly in your 'Brain'.

No you're mistaken, I do not get paid per post and post far more than the minimum requires.  It seems you do not read my posts carefully or understand them.  your loss.

As I already explained, an encrypted wallet is not necessarily a brain wallet because it requires a specific machine (It is not portable)

I think the wiki explains it best but if you want your own definition (such as no backups allowed), it's just semantics.  Electrum can be used as a brain wallet but if you have it also on your machine, then it's also just a wallet. 

Dumb people who cannot remember 160 bits of entropy...

Do you imagine how much entropy a stage actor have to remember ? a doctor ?

It seems to me that 160 bits of entropy is ridiculously small compared with brain capacity.

In my opinion, any cultured/creative/ingenious people can elaborate a personnal passphrase easy to remember and with a large entropy (althought difficult to evaluate), because you have already so much information stored in your brain that you can take advantage of..

I up,

can anybody confirm :

is a unused brainwallet with a passphrase of 160 bits of entropy,

as secure as a common private key held with a software like Electrum for example ?

A bitcoin address has 160 bits of entropy. If your key has more than 160 bits of entropy and it is stored only in your head, then you are maximally protected against everything but coercion and memory loss.

Thx @odolvlobo

is it possible to be attacked when moving out of cold storage if the wallet implementation is weak?  this doesn't have to do with brain wallets per se, but assuming you'll eventually move the coins, you have to choose a method.

In case I would have to move the coins from a brainwallet, I would use Electrum private key sweeping option.

Electrum is a nice software for moving coins and short term storage, isn't it ?

Yes, I would personally suggest you electrum. It is very good and light wallet.

How to make a brain wallet out of any private key.

Think of a common name for each letter in the private key.  If the letter is upper case use a male name if the letter is lower case use a female name.  If the character is a number use the number because numbers are easy to remember.  Thus the private key:

5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf

Is:

5 Henry Patty Henry Agatha Gail Tom 65 Tom Zak Zoey Gale 1 Peter Henry 3 Charles Sam Ursula 63 Kathy 8 Dennis Betty Patty Victoria Dennis 8 Sally 5 Irene Patty 4 Nancy Ernie Bob 3 Kathy Ernie Sally Renie Ester Archie Nancy Catherine Helen Ursula Dennis Fanny

This simple rule makes any private key easy to remember.  Tell everyone you trust your private key name.  This is a backup against you forgetting.

This method is very sexist.

And racist! ::)