Who said anything about "random alphabet-number-symbol mix"? Alphabet-number-symbol mix is terrible cargo cult security and shouldn't be used. Go reread my posts. Good schemes for memorization use a mnemonic encoding that translates large integers to and from english text.

Though generally the properties that make phrases _easy_ to memorize are what actually produce the statistical properties that make them easy to predict.  But predictability is resolved by using a lossless encoding process with known entropy rather than a human source.

(And memorization still has a rather severe forgetting problem. Like people overestimate their ability to be random, we also over estimate the integrity of our memory. The public has very little experience handling keys which cannot ever be recovered if lost.)

I actually have IRC logs about the creation of the phrase brainwallet and brainwallet.org.  It was created by someone who introduction to the subject matter was his own efforts to crack peoples insecure keys, and he was irritated that he only found a few coins. No kidding. Don't try to glorify history to people who watched it first hand.

... (1) Perhaps you should engage in less unlawful activity.

(2) you're going to be rather disappointed when you realize how complete computer forensics is, hiding a key will probably be the least of your concerns.

Nice rally! Can we now all finally agree that 2013 is much different from 2011? EletricMucus, you there? :p

Things are looking good.. $1000 may come sooner than we think! 2014 perhaps?

Except they stake-my-life-on-it will NOT be selected randomly if you allow any user to operate under that procedure. They will be selected "randomly" as in that same way that "DUCK SPATULA" is random: Not very.

If instead a cryptographically strong random number of, say, at least 128 bits is generated it can be directly converted into a secure mnemonic phrase with just 12 words (or fewer, if you want to deal with a bigger dictionary).  This is probably way smaller than your "five random phrases" but by being ruthlessly specific about HOW its generated and what "random" means, it's really just another way of representing a 128 bit key, and it's perfectly fine to memorize that.

If your construction involves the human picking the words or phrases, as it does 99 out of 100 times someone says "brainwallet" then the actual entropy is much lower. Humans are poor sources of randomness, and telling them to be "random" actually seems to make them worse at it. Powerful statistical models are quite good at predicting what humans will do, and while they won't break every single instance they can break a surprisingly large number.

People who haven't worked on password cracking have this quaint notion of running a little dictionary file through a program... and this would have been accurate in 1990 for someone cracking at your unix-crypt uni shell account.  Today the tools are significantly better and have been refined through the disclosure of hundreds of millions of unencrypted passwords and the same kind of statistical tools that power speech recognition and automatic human language transaction. This statistical intelligence gets backed up by the brute force of GPU and FPGA clusters that can try hundreds of million or even billions of attempts per second.

I'd rather not see cracking weak bitcoin brainwallets turn into a viable industry for people buying up no-longer-competative mining fpgas for pennies on the dollar.

No, the security it depends more on how much all attackers eveywhere in the world are spending on setting up ultrafast hardware for brainwallet cracking. This number is likely to become very big: "just pocket money" has a way of growing through lazyness and the sum of all pocket money is great in any case. This is especially the case because the attackers can attack everyone with the same effort it would take to attack one person.

Viable alternative to what? Done right it is just a cryptographically strong number, so it's not really an alternative in that case, it just "is" the other thing.

you got that right.

remember the 3 mo T Bill chart i showed you the other day that showed the rate increase off the bottom to be 2000%.  here's today's version:

seems the Chinese are the ones buying (and maybe the only ones left holding?)

No.

Practically everyone who knows about or cares about the BIP process loudly yells at people DO NOT USE BRAINWALLETS.  We've seen pretty concrete evidence that users are resistant to good advice in this space, and they are shocked when their favorite quotation is cracked and they lose their coins (But it was 60 characters long! I even added a special character! how is this possible?!),  the existing sites promoting this stuff won't use a KDF stronger than SHA256*1 because "users are stupid if they use weak passwords".


BIP∞: Brainwallets.

FOR GODS SAKE. DON'T DO IT.  YOU MAY THINK YOU ARE SMART ENOUGH. SO DID EVERYONE ELSE WHO GOT ROBBED. HUMANS ARE NOT A GOOD SOURCE OF ENTROPY.

YOU HAVE A SCHEME?  Pfft. THE SPACE OF ALL SCHEMES YOU'RE LIKELY TO HAVE PROBABLY ONLY HAS A FEW BITS OF ENTROPY. RANDOM PHRASE IN A BOOK? THERE ARE ONLY ABOUT 30 BITS OF SENTENCE SELECTION IN A LIBRARY.

OH NO. YOU ARE NOT LISTENING TO ME, ARE YOU?

OH CRAP. YOU THINK THAT "EIGHT CHARACTERS AND ONE FROM EACH CHARACTER CLASS" APPLIES HERE??  WEBSITE SECURITY MIGHT HAVE TO DEAL WITH 1000 ATTEMPTS PER SECOND, BUT SOME DUDE WITH A FPGA FARM IS PROBABLY PRECOMPUTING A BILLION BRAINWALLETS PER SECOND. JUST STOP.

NOOOOOOOOOOOO.

Well, now that you have no more Bitcoin I guess we don't have to worry about you using a brainwallet.

Cheers.


Of course, if by brainwallet you mean a key the user has memorized... it's not hard to memorize 128 bits mnemonic encoded. Though the risk of data loss is kinda stucky: People are really not all that used to data that cannot be recovered if lost.

i haven't been looking into too many of the other threads but the reaction to this rally seems so subdued.  

where are all the rocket pictures?  how many sold into the SR dump?  not my subs, i can tell you that.

here you go:

You still have limited range and routers/repeaters.  That's where the network is vulnerable to manipulation.

Well that's the thing. He's talking about radio waves.

Not sure how manipulable those are.

If there are no catastrophic events, the "Internet kill switch" will be a moot issue within three years. There may still be the potential for continental separation, but methods exist for communication even at transoceanic distances without relying on cables or satellites. With geographically diversified mining resources, Bitcoin will be effectively unbreakable at that point.

That is when Bitcoin will start truly eroding gold's position as a monetary asset, after fiat currencies have been proven bettered by crypto.

Just out of interest, how do you know?

It may or may not have been clear, but I don't see a command economy being a durable or desirable thing.  The communists have spend a century demonstrating why, and have done a smashing job of it.  I would be a temporary solution when the options are:

 - millions of people dead in the street and cities burnt to rubble.

 vs.

 - a temporary stop-gap measure occurring simultaneously with every effort made to jump-start a functional market economy.

Again, the key thing to me is that there is a robust and credible mechanism to ensure that said command economy lasts no longer than it is supported by a plurality of sane people.

Probably my single biggest complaints against Libertarian philosophy (and various others including most of the extremist religious groups) is the adherence and faith they have in some absolutist belief.  If one is unable or unwilling to entertain the notion of compromise and 'triage', then one lacks the flexibility to deal with real world problems effectively.  That is one of the main reasons I have close to zero confidence in anything espoused by my Libertarian brothers when it comes to problem solving.

While I agree with out in principle, people would start starving in a matter of days while a private supply system and transportation chain would take probably years to develop.

We don't have 'farmers' in the US.  We have multiple square mile farms owned by huge corporations and run by two guys and some GPS enabled tractor-like-things.  And these things consume a lot of diesel I might note.  With a failed monetary system stripping 99.5% of people any money they might have it is unlikely that said corporations would desire to feed people out of the goodness of their hearts.  And would be illegal besides under current corporate law.

I believe that the more senior of our leadership understands what would need to be done, and we see reflections of this in things like the NSA spying apparatus and other such clues.

For my part, I am adamantly against such control measures, but it is not because I don't believe that martial law and a command economy have no legitimate role in extreme circumstances.  In my case it is because I see a great danger that such 'solutions' will persist for much longer than they need to.

I wish there were a safe have from which to watch this whole mess unfold.

Considering that almost every nation with access to the internet has some sort of Bitcoin user base, it is unlikely that the whole world wide Bitcoin network will go down all at once. Bitcoin "blackouts" will be isolated (whether planned or otherwise) and so it makes for a good "long term" store of wealth.

But as that story suggests, it's not going to do you any good if you need essential supplies in the moment.

Food/Medicine>ammo?>Precious Metals>Crypto

I do not believe so.

It's a simple and mechanical 'longest chain' issue at the end of the day.  If geo regions are separated, one is going to win out when they re-join.  As long as the TPS remains low (aka, block size remains reasonable), people will be able to figure out how to join regions fairly quickly, and a sub-set of them will have the balls to do so.

Further, as long as one does not sign transactions there is no danger of one's coins being spent on any chain.  If spends are attempted, I suppose that there may be some danger of a re-play attack but I am not familiar enough with the time-stamping and such to speak to that.  In any event, a prudent and technically savvy person will defer any block chain activity at all until things settle down if they have any choice in the matter.  Which is why having some other options is not a bad idea.

I don't think that what central banks do or don't do will amount to a hill of beans.  In a bad scenario all I will be caring about is whether I can get a wiener pig from the guy down the road or some replacement buckshot for my shotgun.  I can almost guarantee that a few junk silver quarters will be more effective than some BTC if/when the shit actually hits the fan in a real way.

BTW, I had a friend once who was a child in the Philippines when the Japanese were occupying the place.  She told me about her grandmother having a bamboo tube full of American coins (which were, of course, all 90% silver at the time.)  The family hauled ass out of the city and rode out the event in the country.  That chunk of bamboo got the whole family safely through the occupation in relative comfort.  It was an interesting story which I remember fondly.

I disagree.  Any positive balance entry in the blockchain will remain there until the crypto is broken (probably never) or until someone with the private key moves it.  There will be a large amount of confidence that the system will re-start if it ever halts completely at all.  It is exceedingly unlikely that any event will bring us back to the stone age...at least world-wide and indefinitely.  So, a representation in the blockchain is not 'useless' when it comes to long-term wealth preservation.

Now I would agree that things could get so bad that free access to the global internet without significant controls could easily occur, and probably almost anywhere.  And they could last for some time.  For that reason I think it prudent to have a more stone-age answer to the question of where the next meal might come from.  PM's seem to me to fit the bill.

It's interesting because in '11-'12 there were multiple occasions in which the "last minute deal" saved the day. But in '13 there have been two expectations of last-minute deals that didn't pan out: Sequester and "Shutdown." OTOH, they do seem to be "weaning" the market to trade on fundamentals even less than they have been. There's been some back-and-forth. For instance, months after the noteworthy not-last-minute-deal sequester, there was the classic UNtaper announcement (didn't surprise me.) So these not-last-minute-deals and this un-taper were perhaps ways to shake the market just a little bit to get it used to "things to come."

So I wouldn't be surprised if there was a "last minute deal" for the default that broke the 2013 trend of "expected last minute deal not reached." Remember the only thing that's even remotely important these days is ATHs in the stock market despite poor economic data.