Bitcoin Forum

I don't understand why people say BTC brain wallet is a bad idea.  Of course I have to be careful how I write the seed words.  For example, if I used words such as "roof Tokyo 1313 cucumber ....  wrestling 62 blue," there is no way someone can guess them intentionally or otherwise.  If I wrote the words down on a piece of paper somewhere safe, and if water damage smeared a bunch of the characters, the chance of me guessing the correct characters would be immensely better than guessing random characters. Am I missing something? 

If you write a seed phrase or words we can't consider it as brain wallet but a paper wallet because we can only call it brain wallet by memorizing the seed phrase. That is why Brain wallet is a bad idea. 12 to 24 words is not easy to memorize so having a hardware wallet is the best option without memorizing the seedphrase.

I think you just don't understand or confused about the concept of brain wallet.

Better read this https://en.bitcoin.it/wiki/Brainwallet

You are right.  Thanks for correcting me on that.  I realize I don't have exact term for the way I am going to protect my BTC.  I don't like BTC paper wallet because of the possibility of losing it or it gets too damaged for me to read it.  I don't like hardware wallet because I cannot customize the seed phrase to what I want (Ledger Nano, ie).  

Now, here is my solution.  I can create a private key using 20 words.  And I can make the last 5 words something only I know.  I can email my family (and myself) the first 15 words.  Then, I can email them the clues of my last 5 words.  Of course, I have to do a damn good job that only the ones I fully trust know the answers.  So, I guess my method is 3/4 paper - 1/4 brain wallet?  

I would appreciate some feedback on this idea of mine.  

Do you really think is it worth to do all this effort, instead of just buy a hardware wallet because you want to customize?

The key here is safety, and for now the hardware wallets are one of the best methods available and it's simple

I believe my 1 btc will be worth $100,000 in 10 years.  So, I don't mind having to do all that work if I have to.  Just for the sake of education, would you disagree with me that the wallet method I described is less secure than a Ledger nano S?  If you do disagree, can you explain why?  Thanks.   

What makes you think you only need to have 1 paper? You can copy that paper (with your own hands) and spread them to different secure locations. You can even create your own secret method to restore the order of the words, and yes you can custom those words all you want or even steno-graph them somewhere...

I don't like brain anything, and email is just begging for trouble.

I'd keep the cold wallet (with paper seed words) for the savings, and the hardware wallet for the small change (daily use), if you'd rather not use a computer or phone app wallet.

Maybe I should have specified that I am strictly talking about long term storage.  Sorry about that.  You said you didn't like the brain wallet in general.  Can I ask why you why?  And why you don't like my 3/4 paper 1/4 brain wallet idea? 


         

then use something else to "print" on. even laminating the paper would increase its durability but you could use a metal plate and engrave your mnemonic on it. there are also already available tools such as Cryptosteel (https://bitcointalk.org/index.php?topic=977486.0) that you could use to make it easier.

the problem with paper wallets in general is similar to the problem with choosing a password. people (most of the times) are always choosing things that are weak. take a look at this topic to get the gist of what i am saying: https://bitcointalk.org/index.php?topic=4768828.0

as for your idea, it is two parts:
- choosing the words. this is the same risk as i just mentioned, lack of "randomness". besides if you are actually writing them down, even if it is only a part of it, that defeats the  "brain wallet" thing. stick to BIP39 (https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) and choose 24 words and let the wallet generate a good entropy for you.

- splitting. based on how the words are chosen, the remaining 5 might be brute forced specially if you are also providing clues on what they are. additionally you should avoid using Emails or anything that has to do with the internet (like a computer that was or is going to be connected to the internet) when you are creating a cold storage.

and finally, like i always say: it is best that you don't try to re-invent the methods that already exist and have something to do with cryptography. all those methods (like BIP39) are well designed and have taken a lot of things into consideration. not to mention reviewed by other experts.

Memorizing a big list of seed words is a risky venture, no matter how good you are at it! I would rather suggest you to use a hardware wallet like Trezor or Ledger Nano S is the best way to safeguard your bitcoins if you are holding a significant amount.  For small amounts of bitcoin, you can simply use an online desktop client like electrum among others. Remembering seed words is a bad idea. If you're serious about the safety of your bitcoins, go get a hardware wallet!

How do you intend on creating the first 15 words? If it's by using the old brainwallet concept:


Then the source also points out that humans are not a good source of entropy, and nearly everything you can come up with is likely insecure.

If you plan on generating the first seed words by something like Electrum (12 seeds, derived from the master private key, not the other way around), and extend it with extra words, it theoretically should be fine. Since you can add just about any character or word to the pool of seeds, it would probably be nearly impossible to brute force it. I would still be very wary about keeping partial copies online though.

This is a terrible idea.

You should never store your seed, mnemonic, passphrase, password, anything online, and especially not on something as horribly insecure as an email server. You are essentially making your first 15 words public.

You have now reduced to security to 5 words. These 5 words are picked by you, and so not truly random. Since you are storing your first 15 words and your "clues" on the same insecure email server, if someone has access to one, they have access to both. You are also essentially making public "clues" to these 5 words. This is probably going to be both brute-forceable and maybe even guessable.

Even if you picked 5 truly random words (which no human can do) from the entire subset of the English language (approximately 200,000 words), then you still only have 3.2*10²⁶ bits of entropy. For comparison, a 24 word seed phrase has 1.16*10⁷⁷ bits, meaning your set up is somewhere in the region of 1000 trillion trillion trillion trillion times less secure.

There is a reason there are near universally accepted "best practices" for storing your keys - they work. Use a BIP39 compatible 24 word seed, write it down on paper (never store it electronically), and hide it somewhere secure.

Brain wallet is the safest method if your words are random and you have a good memory.  The only downfall is if you die and you don't have a back up system to share your coins.  Of course this isn't an issue if you don't have anyone besides yourself.

I have about three regulars passwords that I jumble up for stuff I don't really care about all that much. There are multiple encrypted folders I can no longer access and I'm certain they have variations on passwords I've used forever.

It's not worth the bother attempting to crack them but if I can't remember things based on 2-3 phrases burnt into my memory for decades there's no way I'd ever trust my memory for anything important, and that's long before we get to the average human's inability to be properly random.

No, they aren't. There are a thousand and one reasons, from accidents to aneurysms, that you could suddenly run in to severe and irreversible memory problems. This could happen to anybody, of any age, at any time, without warning. If you are the unlucky one, then say goodbye to your bitcoin.

And I'm assuming here you are remembering a 24 word mnemonic phrase. If your brain wallet is something like a line from a book, a movie quote, a song lyric, a few dictionary words, a handful of random characters, or something similar that humans generally use for passwords, then you can expect to lose your coins within seconds. There are hundreds of bots out there monitoring hundreds of thousands of brainwallet addresses, just waiting for a newbie to be naive enough to send coins to one of them.

Brain wallet is not better than paper wallet because there is a bigger possibility that you can't remember your password or passphrase specially it was consist of 12-24 words. I think even you have a good  memory,time will come you will forget the combinations of your password or the random of passphrase or seed. Much better to secure your wallet not only using brain wallet but also keep it on a paper wallet or have a back up files of it. Don't wait to have a memory lost or memory diffeciency before you secure your wallet or else you will say good bye to your bitcoin and other cryptocurrency if ever.

You are mixing many things up here, so let's sort the terms first.

Brainwallet is a type of wallet that derives Bitcoin keys from user-supplied password.

Mnemonic format is a format data that is meant to be memorizable by humans.

Brainwallets are also memorizable by humans, because you can choose a password that you can remember. However, mnemonic seeds, like BIP39 or Electrum seeds ARE NOT brainwallets, because they are generated randomly. Brainwallets are inherently insecure, because humans are not good at generating random data. Mnemonic seeds are okay, because it's just a representation of some long random buffer.

If you want to keep your wallet in your brain, use a wallet that supports mnemonic seeds. Remembering 12 words might sound hard, but it's actually not, just establish a habit of repeating it on a daily basis, like when you brush your teeth or drive to work. However, never rely on your memory to store your seed - there's always a risk that you will forget it. Your memory should only be used as secondary backup, and the seed should be stored on other mediums, like paper, usb sticks, cd's, etc.

Apart from the risks from your proposal: why would you give your family access to your Bitcoins? If it's meant for the "hit by a bus scenario", there might be another option. I've been thinking about this for a while now, but haven't actually used it:
1. Print a normal paper wallet.
2. Sign a transaction to send funds from your cold storage to the normal paper wallet, but add a Locktime (https://bitcoin.org/en/transactions-guide#signature-hash-types) so it's only valid from a block far far in the future. Say 1 million block count or even more (but not so far none of your family members will still be alive). Or while you're at it: create a few versions (1 million blocks, 1.5 million, 2 million) and print them on different sheets of paper.
3. Print the transaction and store it with the paper wallet.
4. If you're still alive a couple of months before the first transaction becomes valid: burn it, the next one becomes your new fail safe.
If your family ever needs it, all they have to do is wait a few years, broadcast the transaction, and the paper wallet becomes valuable.

Wow
I'll quote this for reference, I'll read it over again, because it seems to be a good solution for this 'bus scenario' :)

Something else:
Someone mentioned that storing significant amount of bitcoin on hardware wallet is safe enough...
OK, it can be safe, because if the hardware wallet fails, you have your 24 words on a piece of paper packed in a pair of socks in your wardrobe drawer (everyone has them there :D )
Now this is where we should hold on for a minute.

If we have the 24 word seed (which you need to restore the hardware wallet) written on that piece of paper laying somewhere, the security of the hardware wallet equals to the security of the method you store your paper wallet... because if someone finds that piece of paper, he/she can restore the hardware wallet and can spend the bitcoins, without the need to physically access your original hardware wallet.
So in my opinion, hardware wallet is OK for a little amount, but for a larger amount, you should think it over again...

The seed is just a few words. Who says it has to be written down on something anyone can physically find? You can store the seed as a txt file in encrypted form anywhere in the world. Stick it on a few SD cards and tape them to a few different places.

Hardware wallets often also offer a 25th word to encrypt the seed. That's going to be rather easier to remember than the other 24.

Software wallets that use BIP39 also allow the use of additional word, which basically is a password, and in terms of security is equal to your advice of encrypting the seed - both ideas fully rely on the strength and secrecy of a password.

There are some more advanced schemes, like Shamir's Secret Sharing, which allow you to split a key into chunks, where each chunk is useless on its own and doesn't provide any information that would weaken the encryption (unlike with naive splitting of plaintext key).

@pooya87: I didn't mean to send it to an address owned by a family member. The private key is stored in the paper wallet accompanying the signed message.

i guess i missed that. i thought the paper wallet was the cold storage.
removed my post because the solution makes sense now :P
i still think playing with SIGHASH types is a cool way of doing it though.

With your set up Loyce, you would also need to remember to update the transactions every time you removed from your cold storage, so the transaction remained valid. You could add to your cold storage safely enough, but obviously the new coins wouldn't be included until you updated. I suppose you could keep your cold storage inputs split up in to, say, 0.5 BTC sized UTXOs rather than consolidating in to one input to partially mitigate this.

Now, would there be a way to set up a time locked "sweep all" transaction? That would be interesting.

Remember that cryptocurrency is not the only thing that you come across every day or you have engaged yourself in, you cannot over work your brain, ordinary password to email, people do forget it over time as time goes on.

I remember that I created an access database one day which we used for a year, I actually memorized the password during that time that I and the people I developed it for used it, but we had an issue that took us away for 2 years, fighting to win the company back from government, you would not imagine that I forgot the password completely and everything that I tried to remember it till date was to no avail, so sometimes, no matter how smart you are, brain wallet can fail, but the only thing you can do is to make use of both brain and paper wallet.

I can't say that the brain wallet is not a good option. But I also have to say that the paper wallet is one of the safest options. Actually, I've been using a paper wallet for years, and I haven't had the slightest problem.

Correct. But for the "hit by a bus"-scenario I don't think every small transaction matters, it's about securing access to the majority of your coins.

I thought it was more or less common sense to know this method, since it's so "standard", but considering the positive response in this topic, I'm going to create a dedicated thread for it when I have the time (inclusing a real example).

I think that is possible with the Time lock thing, but you won't be able to access it on your own before the Time lock expires. And I feel far too uncomfortable with it to try it. I don't like storing Bitcoin in methods I don't completely understand.

Look, leaving clues about the remaining words and not having them written down anywhere makes your money safe, sure. But what if you somehow forget the words, stop understanding the clues? Then your investment is lost forever. And it might be that the probability of you forgetting the words is higher than your wallet getting hacked. I use 2FA and I feel pretty safe. There are a confirmation link on my email address and a temporary personal code sent to my phone. Oh, and also a password which is a mixture of words and symbols. The password is stored in a way I find secure. There's a chance that it can be stolen and hacked, but the chance is low, and I am okay with that.

Sure, but if your cold storage is one big input, even if you spend a single Satoshi from it then your printed transactions will now be invalid and need updated.

I've never put much thought in to inheritance, since my back up is my wife knowing how to access all our wallets and knowing where all our seed phrases are stored. :D