Brainwallet Entropy - What is Safe?

[Bitcoin++]

Say you roll a dice 9 times and use the result as the brainwallet passphrase. It is easy to remember (like a phone number) and truly random.

Unfortunately there are only 6^9 ~ 10 million combinations, which is not safe at all.

Now make it 18 digits instead, like remembering two phone numbers. Your passphrase could be any of 1E14 equally likely combinations. Would you consider this safe?

To be even safer, make is 27 digits. With 1E21 combinations it must be unbreakable, right? But it's also likely to be forgotten... To overcome this you may find a way to generate any character, not just 1 to 6, so that only twelve characters are needed for the same randomness.

How long a passphrase do you consider safe?

[Jubettarr]

It seems that brain wallets have been mostly written off as unworkable - it's good to see you're still thinking about it. They have a lot of potential if they can be made more secure.

[knightcoin]

get a poem, or a music lyric play it backwards ...

[Bitcoin++]

It seems that brain wallets have been mostly written off as unworkable - it's good to see you're still thinking about it. They have a lot of potential if they can be made more secure.

Agree. I think the problem is not with brainwallets themselves but in how people use them. My rules of thumb are;
* I cannot make a safe passphrase without rolling a dice or flipping a coin
* If I can remember the passphrase it is not safe

The latter seems to contradict the concept of brainwallets, but I don't think it does. My approach is to write down the phrase on paper with my own simple "encryption". It can be as simple as replace the third and fifth character (ok, should be a bit more complex - find your own way). It is safe because the attacker must first find your paper and then spend a considerable effort breaking the code.

It is still a brainwallet in the sense that the way of decrypting my notes is stored only in my brain.