Not only enough but not to use stupid things like *famous years* or *football teams that won a grand final*, etc.

Then finally add a smiley you are partial to:

buzfap01$02%014STK1456cAonImA;)

and perhaps a lucky number as well.

buzfap01$02%014STK1456cAonImA;)7

Even at this stage my guess is that we are at a level of pretty safe entropy (provided you have not followed my formula but instead created your own).

Such a passphrase is not so difficult to learn (but does take time). So I think that most people are capable of creating a brainwallet but I think it will take them some time to develop it (but if you really care about your investment you'll spend the time to protect it).

and after this lets add a swear word translated into a different language than our native one (mixing the case)

buzfap01$02%014STK1456cAonImA

You are right on to my wavelength here.

So let's see where we can go next with my simple experiment.

After our stock ticker addition lets add a number that we can come up with without anyone else easily knowing such as the number of lines of code we had committed to github in the year before we started creating this passphrase.

Now we are at say: buzfap01$02%014STK1456

Perhaps you have followed some stocks in the past and there is one that you don't tell anyone about because you didn't do very well with it (or perhaps the one you never invested in but wish you had).

Let's add its ticker (in upper case).

So now maybe we have: buzfap01$02%014STK

Once you have your nonsense word then maybe add a date (but format the date in an unusual manner such as dd$mm%yyy).

So now we have: buzfap01$02%014

My suggestion is to build up your secure pass phrase over time.

Start with something small (and don't ever use it publicly - perhaps use it for encrypting some private files locally or the like).

A nonsense word can be a good start if it is something that is only known to yourself and say a couple of friends (e.g. buzfap).

I agree - and would like this topic to perhaps focus on *how* this can be achieved (in a general enough manner not to give away my own passphrase of course).

Let's start with what you should *not do*.

1) Do not use a published phrase from literature or pop-culture (i.e. some lyrics of a hit song are never going to be a good idea).

Trying to memorise a private key would be even challenging to people with very good memories - so no - in general you'd memorise a long passphrase that gets hashed.

For sure I am not *recommending* them but just putting the case forward that they are actually feasible if you have the ability (this is in no way trying to encourage any noobs to use brainwallets).

As a counterpoint I was playing around with raw txs and stupidly re-used an address that had been published before (in an uncompressed version). My compressed version was relieved of its funds almost immediately after making the tx (luckily it was a trivial amount).

I agree with this - Linux has had a long history of libs written in C that end up being available for other languages - why the need to go against that and create a Java thing (as I assume is being suggested)?

So here is a brainwallet address I created two years ago: https://blockchain.info/address/1Au4v6dZacFVsWXeKUMJd99AtyBZeqti2L

Originally I had stored 10 BTC there but after reading so many posts from people such as Gavin I decided to reduce the risk to 1 BTC but kept that just to see if my brainwallet would be discovered.

So after 2 years no-one has discovered it (and it is an address that was created via a passphrase that I have remembered successfully since then - I retested my memory of the passphrase just prior to making this post).

I don't dispute that creating brainwallets is not for everyone but I *do dispute* the idea that no-one is capable of creating a decent brainwallet.

So now that you know the address - let's see if anyone can work out my passphrase and steal the 1 BTC.



Also I'd be interested to know from those who are keen on analysing the blockchain how much BTC they think I might have based upon this address.

The issue that @gmaxwell has mentioned is that any alternative implementation that fails to do something that the current implementation does (which may have never been even witnessed before) would result in a fork.

So the unfortunate situation is that Bitcoin is not a protocol like HTTP but instead is the behaviour of a specific C++ program (who's every currently unknown *quirk* would have to be replicated in any other implementation).

The only way you could create a Bitcoin equivalent in another language would be to have something that behaves identically at the binary level (and that would most likely only perform slower than Bitcoin does).

I understand that the Qora AT implementation is now quite close to completion and Qora will be going open source in the next few days (AT will most likely not make the initial open source release but will be included in a follow up as some final tweaks and testing still needs to be performed).

There will be another non-Bitcoin clone that will be running live with AT very soon but we are still waiting to see if anyone is going to try and claim the 40 BTC possible before the end of the year for getting a Bitcoin clone to implement AT and do an atomic cross-chain transfer with Qora (or the other yet to be announced coin).

If I missed that you explained you were using Keepass then it seems so did a few others (although I notice something in the OP now which I don't recall seeing before).

Very strange that you would say you "forgot" your 30-40 character password anyway - if you were using a tool then you would never have "remembered" such a password in the first place.

There have been a few newbies before wanting to work out how to crack encrypted wallets that looked rather suspicious (hence my question).

In any case as has been pointed out 30-40 unknown characters is not going to be able to be cracked.

Indeed - now that you have given him an explanation I'm sure he'll use it (I was actually trying to see if he would come up with such an explanation himself).

Doh!

(maybe next time you might consider waiting before feeding people answers)

Are you seriously saying you think that your wallet is encrypted with a 30-40 character password of which you can't remember any of it?

(because if that is what you are saying then I would be seriously doubting that it actually is your wallet at all)

He has posted a PGP/GPG public key - if you use PGP/GPG then you can import this public key then publish your own public key and an encrypted message that he can only read.

OP here is my public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (MingW32)

mQENBE9uqwgBCAC0w1vtDMi2Ry4eSk7tsgc8qhv9OF2qMIEYBuSFQpRS/GSvinxA
sJfxz/MEA3F8LEQKj/yd46RkKkTPypRyQRQ2XokafDrkmEyDyISzKvzCJC0nvPMo
sM5FSXA6QkgmMI/HBAhtMUtE1CaiipDehPbRAKMLVTkQ5Jt9fdrEztzS2RjBJ4t5
J4rbw1ALyQhKbSyJUQIATPKEOm3WxkuZwXFKdEziiIr9aFGlP7hUm2/sw16SEJYW
pf2jP1o8qMbwZUqXk9nKzP1cuQv0naMvP75AwXQw3TkWFKDBekwg6czPZOGpY/Er
sUqihyuUIuTRE8wN/wUocIVml2/9ChMxEpERABEBAAG0G0lhbiBLbm93bGVzIDxp
YW5AY2l5YW0uY29tPokBOQQTAQIAIwIbLwYLCQgHAwIEFQIIAwQWAgMBAh4BAheA
BQJPb/7HAhkBAAoJEFcEJ0zSVDDtYO4H/3uiGwejly9y6rxkO4819sxwmm0I/25e
5lWGqzrXft2HOm2FY5dnoT0Jc85XhTQ3fj0/r/K6NJqi4nyR1PJ6aANP3pP8x5j6
+XE+QUImjIoP4Nk8tRlBe05zKuQ4ZgHrLfbTsx0TwqaPTcUtlsKInDRdgOFER8HP
OQeAMSAc8UMOmxechujBIztiif+9wNiV3R8VjhYIT1PGNr4YOGphOhujBUFzu5Oq
DkKi538FsgVKtNrfnn5zf0PQEj60Z/HYAsisGLCxXfAZW+RFSvEQZmRcsGbGgYdS
Iz8w+yPDzpRbG9vwxg+6BCiA8kCeFD/m8MVyVA5zTGSGa9mlrxPY1Lg=
=RNh8
-----END PGP PUBLIC KEY BLOCK-----


and here is an encrypted message for you:

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (MingW32)

hQIMA9o/ZPrSo/cJAQ//Q+/XWMXTLpxEKLdo7AI68ueDgrLE8eck2JXdTVg/B2fO
l1h2xHgnLU7SjsL+pz3NfqnJD5O86cvA+fJFRKeBEL33/3no0hvMEdy/tYt6xTDQ
dUBadEoJ+VDmfNc0vLTRinER82/hb8AXXVe27VpMdaqjGZRWB+VE2GGflbrsYPuW
lYS1NmhByJn92X5cC1d142/vd1iswYqUkgvS/VD4KKke2gd1dWMHCM0lP4ao8Nmt
fPNbaChi3biIs/SGnJBVtpwj1hEsZbYlGPuVIi8zf96QHbxvwtFzWwGOMJSpScnL
BMe0zZNu5P3yD7vzssD6Q7gryiCwGnAlyq9FcL5eiXkrAicPYVn1Q7xInw3O1T5J
+m5H43W4cY9h0hRtjpdcF5jFGic44roybIpJW/vEMssn2BRrd2ML2F2oyCAytN6d
hou5mINT/cdLRi0e/oJI/dcNycrRxCn0a5Q+gRnnbwePElCMHTb5msKEo/F6r/Se
6EH7cU/PO8Wqq+JUdAa5/MVJlkrKEJpXGvqQWKE0yNSaYKksL023qPTVvjgCDhmt
6eOf76SRPQEL0QJbeUnOfDzV9LWvnVLi8Nnve7IPesyYWMbgPO4H6Vh0nr5WNBsz
93EyRGmq/mjNM1Bl+5E/Hm1ko+5MndB7LuEIqUv///5R3om3GaApEML+yWGhZrLS
wLYBJ/FD/Jm8kh04YKIbccABO590FU8SbC+oPpXNNmXqmrUxiVoBquyvQ85mou0+
YcKsVueqqV472xWnbn+XA5wFJx8RDQSLXsmFbM6w32mzNVIpL/SHnnF/lYULhqiK
i/AyzgH3V1XpaznlKEWgBk1jpLjtvC9in2v9uFr4JVtjICR8QNSajZi1/X+qGBob
MmCwYxDE/gww6p4KZY+zV0Fd5k9C539nqxmNRkOAxohHwqvzoiqUxRgngkwRAx8t
y4NI1dNFsm9L9ZIK6bOMSBIs9Xgz0BsoUkVMipDI3YRvqUogcOUOxISNon5bKW5b
7Zc+ziw4dlS15+uPZbpgIVE4w1wm+byvF7zKr53f8f6F//fNQIxT8pNdhzoiIjUo
k26cYvpKeORe8bt9bZkgXwpldAnBTA0lpuGnArgFcS/2l0mllOa29qADncJGePSk
J1UP1iUlRJ3H8j6/IvFTQ5RW4kxmBu+U2XfJuzgu56trglNLQBSzdQ==
=mPMJ
-----END PGP MESSAGE-----

It seems to me that using multisig or Shamir's would be technically much simpler than trying to use complicated (and not very well battle tested) stuff like zero-knowledge proofs (admittedly those are beyond my current technical skills to really understand).

For any organisation that has a lot of offline BTC to protect I am pretty sure they'd always want to have those funds locked up by several offline devices rather than one anyway.

(so I am not really sure if the problem needs to be solved at all - i.e. why is this actually needed?)

Indeed one does have to worry about nasties like cams taking shots of your offline computer's screen.