Actually, wouldn't it have somewhat fewer computational requirements?

If x = 4, the recursive has has to go through 4 iterations.

However, the random cracker has a 1/4 chance of getting it the first time, 1/2 in the second or first one, and so on. 

Not that this is a good thing from a cryptographic point of view, but, you know.

Doesn't recursive hashing reduce entropy?  I assume difference is probably too small to matter, though.  I don't know, I guess I just like the idea of requiring some randomness to access the coins.  If I did it that way, I could have a lot of different addresses in my wallet all using the same key.  Of course, the same thing is possible just by adding more hashes for new addresses.

Thanks for the insight.

I've still been thinking about brainwallets, and I wondered about this.

Basically, I'm thinking that I can use a relatively short memorable password of the correcthorsebatterystaple variety with a strong strengthening algorithm.  I know the tradition is to use recursive hashing, but I was thinking more like a random salt within a limited range.

Basically, I'd have an address, and my password.  In order to find the private key, I'd have to have an algorithm try, say, a million different salts until it finds a result that matches the private key.

What I want to know is whether or not a million is a good number.  I'd like to be able to access my coins from an average computer using cpu only in < 10 minutes while slowing down attackers as much as possible.

Would this work?  How many salts would I need?

I don't see why that seems unlikely.  The car-dealer will realize that buying stock he can't sell at a profit is a bad investment, and will adjust his practice accordingly.

Besides, if the merchants are more comfortable doing business in more traditional currencies, no one's going to force them to use bitcoin.  It seems to me that most of the talk about inflation/deflation becomes irrelevant as soon as we let go of the idea that currency has to be a monopoly.

Repeating payments would be a risky proposition with the bitcoin value as unstable as it is and with bitcoin being irreversible.  You tell your wallet to send a payment of 1 BTC every month, but what it there's a sudden spike or drop in value?  What if the site is hacked and their wallet is hijacked, but you don't get the notice in time?

I think the best solution is simply for bitcoin businesses to use a prepay model.  When I was in China, everything was prepaid.  Cell phone service, apartments, electricity, you name it, and it greatly simplified a lot of things, especially for a non-citizen like me.  When the customer runs out of credit, the service is stopped.  It's a little inconvenient when services were interrupted unexpectedly, but pretty soon you learn not to let your services expire.

I just want to have a backup in case my memory fails without compromising too much security.

As I said, I'm intrigued by the idea of using guess-and-check for additional security like retep touched on.

How about this.  Instead of a huge sprawling list of questions, we limit it to smaller number x.  We then run an algorithm that makes a random combination of y (repetition allowed) keys and a random iteration# within a fixed range and generates the address based on that but doesn't store the combination.  When we want to retrieve the private key, we have to run an algorithm to brute force the correct combination of keys.

Memory failure?  Check.  The keys could be answers to personal questions and the algorithm could be recorded in a semi-secret way.
Random dictionary attack?  Check.  The hash key will be too long.
Finding the list and brute forcing the answers you don't know?  Check.  The existing brute force makes this impractical.

This would be much more secure than my first idea, and much easier to remember too.

The only question would be the optimal values of x, y, and iteration range.  Hmm...

Seconding blockchain.info.  That's what I use most of the time.

(Disclaimer: Not meant to be taken seriously.)

Money has figured into the religious and funerary rites of many cultures throughout history.

The ancient Greeks would place a coin into the mouth of the deceased for Charon.

The Egyptians have been plagued tomb-robbers throughout their long history.

Even today, many Chinese people burn Joss paper as offerings to both the gods and the spirits of the departed.

How might bitcoin bring customs like these into the digital age?

I propose that each of us creates a special "funeral address" and burns the private key.  The funeral address will be placed in our will, to be later carved into our tombstone.  When one of us dies, each of his friends and relatives will send a certain amount of BTC to this address to express their grief.

We can revive the practice of burying treasure with the dead, except this time we won't have to deal with grave robbers.  

Any other ideas for how bitcoin can bring new life to ancient traditions?

Yeah, I've considered the possibility that someone targeting me could brute force the answers they don't know.  I think that choosing the questions carefully, so that at least some of them have a large number of possible answers will help.

That is a really interesting idea.  It never occurred to me to make some guess-and-check a necessary element of retrieving the coins.  I need to think about the implications of this.

What makes your method "right"?

I never said it wasn't a legit solution, it's just not for me.

As I said before, the plan is to write down the "scheme" in multiple places, and consult the record when necessary.

retep -

If that works for you, more power to you.  I won't deny that it is possible to commit a large amount of information to memory in a fairly short time.  I just don't trust myself enough to rely on that to hold a secret without a backup.  If you get confused over one character, your coins may be lost forever.  The mental anguish that would put someone through just isn't worth it to me.

Hm, I could see adding a skill element to the key being a good idea.  It would be difficult to use music if only because of the precision that would be required, but I can see some possibilities.

Of course, one risk would be that you would be unable to access your funds if your motor skills were impaired through other means such as injury.

That's a completely different conversation.  Check out this thread here.

I recently decided to imitate some other posters I've seen and add an address to my signature on these boards.  I'm just wondering if anyone actually sends bitcoin to these addresses, ever.

Have you ever received any?  How much?

Yeah, I know what you mean.

Actually, I can usually get peoples' attention pretty easily just by mentioning how much my initial investment has grown.  I haven't convinced anyone else to buy BTC as far as I know, but I'm not sure if I want to.

I'm starting to think we have too much speculation and not enough business.

Sounds interesting.  Best of luck to you.

I was mostly joking about earthquakes, but the risk I was talking about is that all familiar landmarks could be changed.  Presumably the location you choose is something, like a house, a school, a park, a wooded grove, or any number of destructible things.  If the area is redeveloped, it might not be easy to find the exact location you're looking for from memory.

I agree it would work if you didn't rely on perfect accuracy though.

Hm, I don't know that much about GPS, but if you say it stays constant over time I'll take your word for it.

That sounds like a good idea, but you would have to use a very low level of precision to ensure it stays constant.  Otherwise, you risk losing tack of that area through earthquakes, landslides, and redevelopment.  I wouldn't feel comfortable getting much more precise than the city the even took place in.  It would be difficult to figure out exactly what part of the new commercial development used to be the park where you were bitten.

This would be good for a retirement account, since it would be a lot of trouble to dig up this info on a more regular basis.  It would certainly be hard to brute force though.

cbeast - Could you expand on that?  I'm not sure I understand.  Does it involve hypnosis or dream hacking? 

CIYAM Pty. Ltd. - Yeah, that's a good idea.  I had the same thought.

To my understanding, using hashed string as a brain wallet carries with it the following risks:

1. The passphrase might be forgotten.
2. The passphrase might be randomly brute-forced by an attacker performing something like a dictionary attack on hashed strings.
--2.5  There could be an unintentional collision with someone who happens to use the same passphrase.
3. The passphrase might be stolen/phished/whatever.
4.  Some combination of 3 and 2.  Part of the passphrase is stolen, and the rest is discovered through brute force.

(1) is a big concern for me.  I intend to keep some savings in bitcoin for a long time, and it's very likely that I will forget the key if it is too difficult to remember.

My idea is to make a list of personal questions, and have the answers be my passphrase.  I understand that because of (2) doing so is magnitudes less secure than using a randomly generated passphrase, but using a random phrase would make (1) likely.  I wanted to have the key based on facts that will remain relatively significant to me throughout my life.

The list will be semi-secret.  I'm not going to show it in public, but I won't worry about keeping copies in several different places, online and offline.

My thinking is that in order to access my BTC, the attacker would either have to know me very well or invest considerable resources researching me.  With a sufficiently long list, (2) is less likely, albeit still a possibility.  I was thinking at least fifteen questions.

There's a small risk that the attacker will indeed know me well.  I need to think of some questions that I'll always remember the answer to, but have never told anyone else and never will.  This is easier said than done.

To minimize the risk of someone finding the list and brute forcing the answers they don't know, I'll need to think of multiple questions with a large number of possible answers.  Any suggestions?  I've also included some "trick" questions, where the nature of the answer is unexpected.

Comments?  Anyone with a better understanding of cryptography able to give me some idea of how many questions with how many possible answers would be needed to make this impractical to brute force?

I'm just curious to see what kind of bitcoin business has been going on.

I'm paying for two VPSs and a domain name.  I've also hired a few people to provide some technical support with various software, and I commissioned a video just for fun.