Bitcoin Forum

Hey guys,

I am looking for a solution where I can store my Bitcoins with a brain wallet pass phrase.

I am looking for tips on what characteristics make a good brain wallet, and how many words it should be.

How secure is this?

Would something along the lines of:

america banana cast dominican equator frenchfry guacamole honduras 12345678

How safe is that?

Also, can you please give me some tips on how I can create a safe brain wallet. Right now the stereotype is that brain wallets are not safe, but its not that they aren't safe, its that the passwords people choose are not safe. So I would like to get some input.

It is hard to estimate the quality of that proposed passphrase: because it was not randomly generated.

"banana, dominican, equator, guacamole, honduras" seem to all have a tropical theme.

The number tacked on the end frequents top 10 password lists.

My room-mate noticed that each word starts with a subsequent letter.

If we assume a 2000 word list, divided by 25 due to the predictable pattern, that is about 6.32 bits of entropy per word. If we assume the last word is a list of common number sequences, I will be generous and assume 6.32 bits of entropy for that as well (80 entries).

9 words X 6.32bits = about 57 bits of entropy.

As a rule of thumb, you will want at least 64 bits of entropy (the actual strength needed depends on how fast an attacker can check guesses). 64 bits is 128 times (2⁷) stronger that 57 bits. If you have over 128 bits of entropy, no machine in the universe is likely to be able to ever brute-force the passphrase.



Wikipedia has a page on Password strength (https://en.wikipedia.org/wiki/Password_strength)

My favorite online Password Generator (https://www.grc.com/passwords.htm) (Note: in theory, it is better to generate passwords on your own hardware).
Generating passwords makes the amount of entropy more predictable:
All have at least 64 bits of entropy. The first is 4 bits per character, the second is  6.55 bits per character, while the last is 5.96 bits per character. You can calculate the number of bits per character thus: log(number of symbols)/log(2) -- the base of the log does not matter because dividing by the log of 2 converts to base 2.

You may want to take a look at NoBrainr, which was made just for this. It generates easy-to-memorize passphrases with a constant 13 bits of entropy per word (7,776 word list).

Example:
nine ranch quart snap jazz orb ski == 1HwzD1A29Fqj6xguvCKu1fqPjK9pfDNJCj  <- lifetime secure

As phillipsjk pointed out, the only way you can make a brainwallet truly robust is NOT to choose the passphrase yourself. Either trust your computer's cryptographic RNG (as NoBrainr, Bitcoin-Qt, Electrum, VanityGen and others do), or use the excellent Diceware method (one of the cheapest sources of true randomness available.)

when using correctly spelled words and numbers as a separate element, your password would be easier to crack

try
america banana cast dominican equator frenchfry guacamole honduras 12345678
as
4m3r1c4 64n4n4 c45t d0m1n1c4n 3qu4t0r fr3nchfry gu4c4m0le h0ndur45 12345678

and if you want something to remember long term.. choose a book and a book page and line and the use that as your passphrase were some of the letters are made into numbers

Eg

c4ll m3 15hm43l 50m3 y34r5 490 h4v1n9 l1ttle 0r n0 m0n3y

'merica 8anana legit! smegmacoat motherfalkner & BlamBlam

I think in simplest terms a good brain wallet is...
-easy for you to remember
-not any any password list
-not guessable by anyone you
-not guessable by anyone that can kind out anything able you (whether you think they can know it or not)

NO!!!

Use random data. NoBrainr is small and effective.

1. Brainwallet used just as deterministic wallet if the entropy source is low or compromised in the working environment. Here it is not necessary that you memorize the passphrase just the unpredictable and high-randomness aspect of the passphrase.
- Generate a random passphrase.
- Take half of the passphrase and intersect the same amount of characters in an unpredictable way.
- Eventually make a hash of it as 3. step and take that hash value as passphrase.
This way will be awoided that you choose some week passphrase and the passphrase generators eventually weekness also.
2. Brainwallet used with human mind memorable passphrase.
- write down your main email address (eventually add your name also) - this part to make hard to bruteforce all passphrases on a global level
- add a random passphrase easy memorable for you - not to short and not in a predictable schema
- stretch it with bcrypt 12 rounds - to limit the brute force attacking speed
Use the obtained hash as input value to generate a keypair or a keypair list or chain.
Newer reuse(at least by a higher BTC amount than 1 BTC on an address) the same address.
It is also recommended to generate the keypairs from your passphrase with an amnesic live OS without internet connection and save only the addresses ona USB stick if you want to use the brainwallet as longterm saving. (If you want to use your coins more actively then you need to import the keys in an encrypted wallet.)
Transfer the amounts on your generated addresses and the wallet(if you imported the keys) from the USB to your active computer .

Don't create your own passphrase. Use electrum and it will make one for you. Memorize that.

If you want to know why creating your own passphrase is a bad idea please see below:

Are you sure you will be able to correctly recall the 12 random words from Electrum in, say, 10 years time?

Why not use something you've been already remembering for years?
Say, surnames(or nicknames) of your (girl/boy/best)friends, in chronological order.

There are a lot of surnames, so they have bigger entropy than words from Electrum (unless your friends are all Koreans :)), so you don't even need 12 names. Since password attacks are directed not personally at you, but at the whole population, it seems to be quite safe way. And if you keep your private life private, even attack directed personally at you won't be successful.

I agree with this. It's easy to look at the OP's suggestion and say "it's all tropically-themed and the number at the end is easy to guess!", but how would anyone know what to look for without seeing it first?

Could a computer be programmed to brute-force using themed sets? What if the OP threw in a single word that didn't fit the theme--would the computer not guess that combination because it's only looking for themes? What if the number came before the last word?

I believe "try all possible combinations of themed words, of all possible lengths, and then try each possible theme set with a random non-themed word put in, in each position... and try a list of common numbers, of all common lengths, added to each position..." would be just as time consuming as brute-forcing one character at a time.

Sure, it might not have much entropy. But unless two people are relying on RNG's that aren't random and both come up with the same numbers, using low entropy isn't going to make it much easier for someone to brute force your password (if it's long enough). 

SHA256  a certain page of a book

No... Good way to get your btc stolen.

Eight random words in two different languages should suffice, yeah?

one difficult-to-measure parameter of a brain wallet is how well you are able to remember
the pass phrase. May be you are "pretty sure" to have it right now, but you memory
may not be as good in a year, in 10 years ... Do you remember your passwords from 10 years ago right now?
Of course it's not as much of a problem if it's for a short time.

Not anymore, since you've just given the world a hint to your passphrase.

Yeah for example one of them was o8ZKldMvp9, 14 years ago. I used to use it on a daily basis :).



The trick to this is remembering it every single day, as part of some daily routine like washing your teeth for example. At first you'll need to write it down somewhere and read it to remember it but day after day you'll realize that you don't need the paper anymore. Mind you, you need to be religious about it. That's the actually difficult part, not the passphrase in and of itself. Feel free to go for 20 words if you follow this route, you'll memorize them with little effort.

Really?

Which 2 languages?

The Oxford Dictionary has more than 170,000 words. There are at least 85,000 in the Chinese dictionary.

Assuming we don't know how many words from each language are in use that equals 255,000 ^ 8 or 17,878,000,000,000,000,000,000,000,000,000,000,000,000,000 combinations.

And that's assuming we correctly guessed which two languages are in use.

Ready to get started brute-forcing?  ;D

I'll take that as a yes then, and I'll make it nine or ten words just to be sure. Or will I?

Cheers.

Here is what I did:

Materials Needed:

1. Bitaddress.org saved html file (to access while disconnected from internet)
2. Linux or non windows operating system
3. Webcam/camera
4. TrueCrypt

Steps:

1. Print all of your paper wallets, using non-windows operating system or clean Ubuntu live cd
2. Take pictures of your paper wallets
3. Download TrueCrypt, make a encrypted file.
4. When choosing a password for your TrueCrypt file, think of a easy to remember 8-9 word phrase, add that phrase to Bitaddress brain wallet creator, take the private key, and use that private key as the password to your encrypted file.
5. Add the pictures into the encrypted file
6. Burn truecrypt traveler exe, bitaddress.org html file, encrypted file, onto a CD/DVD.

Technically this way your Bitcoins are still secured via private key and not a brainwallet password, but if you have access to the encrypted file, you can use a brainwallet password to unlock your encrypted file.

Optional: Take the CD/DVD, create it into .iso image, upload to your Google account for easy access in the future. (Still deciding the risks involved with this)

I think optical media is only expected to last for 10 years or so before the plastic starts breaking down. Some USB sticks are also only guaranteed to retain their data for 10 years (or less!). It's something to keep in mind if you are going for very long term storage, physically written down/engraved seems to be the safest bet.

who would of known knowing 1337 would pay off  :D

good trick for an easy to remember strong password

Someone watches Person Of Interest :).

I just finished migrating data from over 50 CD-Rs that we're all going on 20 years old. They were all OK. FWIW.

One easy trick I use is to take a common phrase you might not forget.
Then replace, in all subsequent words, any occurrence of character appearing in the first word with 'a', 'b', 'c', 'd', etc.

For example:
One must be poor to know the luxury of giving

becomes:
One must ba pbcr td kefw thg luxury hf giviig

Which has >200 entropy and is basically impossible to crack, yet pretty easy to remember (one common phrase+one transformation method).
Of course, the transformation method is up to you, this is just an example, but it needs to remain easy enough.

Well, personally, I don't want to have to trust any computer-based RNGs, and I also don't trust any naive notions regarding which methods for generating/obfuscating a short-ish passphrase are "sufficiently obscure" yet "easy to remember," so instead, I use Diceware to compute a truly random, 10- or 20-word brainwallet passphrase, calculate its Bitcoin address on an offline computer, print everything out in multiple paper copies which are safely hidden away (since I also don't trust any digital media to stay readable), and, for the coldest cold-storage wallets, never, EVER enter the sensitive data (passphrase or private key) into ANY online computer.  If the passphrase is 20 words long (100 die rolls), this method gives you a full 256 bits of entropy, which is as secure as any Bitcoin address can be, but a 20-word phrase is much easier (in a pinch) to memorize, or to read over the phone to someone, than a random string of letters and numbers would be.  My full method is described at:

http://minetopics.blogspot.com/2013/03/ultimate-bitcoin-security.html

Really long memorable phrase

Log₂(200) is ~ 8.