b¡tco¡n (OP)
Member
 Offline
Activity: 84
Merit: 10
Correct Horse Battery Staple
|
 |
March 27, 2013, 12:40:56 AM
Last edit: March 27, 2013, 01:06:57 AM by b¡tco¡n |
|
I see three major security problems with brain wallets. Please comment (or shoot me down!). If you use a brain wallet do you worry about these?
The first is in particular to web-based online wallets. Can you trust them? If there is a hacked script on the site it could log the details you used to the same or another sever. Then someone has your password.
Secondly what if you they got the alogrithm wrong? Then you are sending coins to a wallet you have no hope of retrieving them from! You lose the coins. What if the algo is right 90% of the time and not the other 10%. With these wallers written in python, javascript and other languages there is a chance of issues like that. Unless you hook up your brainwallet to a real bitcoin client (in which case what is the point, just use an ecrypted wallet) then you won't know if the coins are accessible.
Third you need to remember a really secure password. The more coins you have, the more secure it needs to be. Unlike a random generated hash, a brute force on a weak password is much easier, and with technology to do many millions of hashs per second in almost everyones PC, let alone ASICs you will need a very obscure password. The example of "correct horse battery staple" given on one of the sites would be hopeless. And if your PW is very secure then there is a risk of forgetting it.
By contrast password encrypting a wallet is more secure because you'd need to get hold of the wallet THEN brute force it. The brain wallet can be brute forced by anyone who suspects you have a brain wallet and knows your address (perhaps by doing a transaction with you to sus it out).
|
