Brain Wallets

[marbu1022]

   I found this interesting article about the vulnerability of brain wallets that left me asking some questions. I personally think the author of the article deserves a sharp pain below the waist line. He actually attacks and insults brain wallet users, provides very vague information, and it appears, the article is written to make you worry about your brain wallet, or any type of wallet for that matter.  Please read article below.


http://www.fastcompany.com/3056651/researchers-find-a-crack-that-drains-supposedly-secure-bitcoin-wallets


1> What I would like to know is, if when I generated my wallet, a seed was created for me to be able to restore my wallet at a later point in time, when I want to bring the wallet online again, how could my seed, and therefore my key be attacked??? There is nothing in the blockchain since there has never been any transactions. I don't understand what the author is really talking about? And even if I have conducted transactions to the wallet addresses, how could the presence of those public addresses in the blockchain be used to attack my wallet?

2> Is my above example a brain wallet, or is it something different??

[unamis76]

1> What I would like to know is, if when I generated my wallet, a seed was created for me to be able to restore my wallet at a later point in time when I want to bring the wallet online again, how could my seed, and therefore my key be attacked??? There is nothing in the blockchain since there has never been any transactions. I don't understand what the author is really talking about? And even if I have conducted transactions to the wallet addresses, how could the presence of those public addresses in the blockchain be used to attack my wallet?

2> Is my above example a brain wallet, or is it something different??

1 - Your seed can be attacked if it is created on a compromised computer, stolen or not really randomly created. Public addresses cannot be used in any attack vector (unless we're talking about deanonymisation).

2 - What example?

[virtualdn]

I also read they are very vulnerable... maybe because people tend to use same words as password over and over...

[shorena]

I also read they are very vulnerable... maybe because people tend to use same words as password over and over...

Brain wallet are vulnerable because most humans are bad at finding random passphrases.

Clever wallet owners had used phrases like "say hello to my little friend" and "dudewheresmycar."

The "clever" here is irony. Its very stupid to use a popular movie/song (or any movie/song) title/part as a brainwallet.

The seed e.g. Electrum generates for you is a representation with words, but they are not derived from pop culture or other art, but generated randomly. This is the big difference. You cant reasonably attack a proper randomly generated passphrase for 55 USD, not even for 55 trillion USD.

[aerobatic]

   I found this interesting article about the vulnerability of brain wallets that left me asking some questions. I personally think the author of the article deserves a sharp pain below the waist line. He actually attacks and insults brain wallet users, provides very vague information, and it appears, the article is written to make you worry about your brain wallet, or any type of wallet for that matter.  Please read article below.


http://www.fastcompany.com/3056651/researchers-find-a-crack-that-drains-supposedly-secure-bitcoin-wallets


1> What I would like to know is, if when I generated my wallet, a seed was created for me to be able to restore my wallet at a later point in time, when I want to bring the wallet online again, how could my seed, and therefore my key be attacked??? There is nothing in the blockchain since there has never been any transactions. I don't understand what the author is really talking about? And even if I have conducted transactions to the wallet addresses, how could the presence of those public addresses in the blockchain be used to attack my wallet?

2> Is my above example a brain wallet, or is it something different??

Marbu -

never ever use a Brainwallet.  theyre not safe.  The big flaw is that they are human generated passwords - the worst kind.   And the reward for cracking them is cold hard cash, so every hacker and thief has an incentive to crack them.

it can happen to anyone - including me - when i first started in bitcoin, i used a brain wallet along with regular wallets.  i didnt have much in there because a cryptographer friend had already warned me they were unsafe but i i wasnt so sure as i had picked a very complex and long password and i thought that my one would be safe.

So instead of emptying my brain wallet, i left it with some funds but de-risked it and removed most of my coins - i had probably left just a couple in there.   awhile later (a few months), i checked back and all my funds had of course been drained ages earlier.   this was a very long (40+ characters) password.  It had several real words inside it, but it also had numbers and punctuation marks and was longer and more complex than anything in the best dictionary.  didnt take them long to crack it and steal my (albeit, small) reward.  A month earlier and it wouldve been a lot more.

In short, there's nothing the human brain could think of that a brute force password cracking software in the cloud couldnt find, given a bit of time.

Bottom line:  Dont do it.  there's no sane reason to use a brain wallet.  And if you do, expect to lose your funds.   The hackers have infinite time to keep retrying your password.  nothing stops them.  they can do millions of tries a second and keep going for months til they crack it.  Why let them!?

[HardFlaccid]

Answer seems pretty clear to me:

"The upshot? Use a simple password, which many people have done, and it's easily cracked despite the appearance of complexity.

Castellucci and his co-authors checked a trillion passwords for $55.86 and recovered 18,000 wallets.
Ryan Castellucci of White Ops presented some of his research into this area last August, and is the common link between two new multi-author papers—one out this week and the other available and being presented in two weeks—that dive even deeper into the problems with brain-wallet protection and the techniques which bad guys have used to empty such wallets. Also last August, he released Brainflayer, a tool for automatically testing passwords against brain-wallet encryption keys."

Since you've stored the private keys inside the blockchain, you wouldn't need a transaction in order to brute force it.

[virtualdn]

this guy is sending us all an alarm signal and we should take this into consideration

[marbu1022]

   I found this interesting article about the vulnerability of brain wallets that left me asking some questions. I personally think the author of the article deserves a sharp pain below the waist line. He actually attacks and insults brain wallet users, provides very vague information, and it appears, the article is written to make you worry about your brain wallet, or any type of wallet for that matter.  Please read article below.


http://www.fastcompany.com/3056651/researchers-find-a-crack-that-drains-supposedly-secure-bitcoin-wallets


1> What I would like to know is, if when I generated my wallet, a seed was created for me to be able to restore my wallet at a later point in time, when I want to bring the wallet online again, how could my seed, and therefore my key be attacked??? There is nothing in the blockchain since there has never been any transactions. I don't understand what the author is really talking about? And even if I have conducted transactions to the wallet addresses, how could the presence of those public addresses in the blockchain be used to attack my wallet?

2> Is my above example a brain wallet, or is it something different??







Marbu -

never ever use a Brainwallet.  theyre not safe.  The big flaw is that they are human generated passwords - the worst kind.   And the reward for cracking them is cold hard cash, so every hacker and thief has an incentive to crack them.

it can happen to anyone - including me - when i first started in bitcoin, i used a brain wallet along with regular wallets.  i didnt have much in there because a cryptographer friend had already warned me they were unsafe but i i wasnt so sure as i had picked a very complex and long password and i thought that my one would be safe.

So instead of emptying my brain wallet, i left it with some funds but de-risked it and removed most of my coins - i had probably left just a couple in there.   awhile later (a few months), i checked back and all my funds had of course been drained ages earlier.   this was a very long (40+ characters) password.  It had several real words inside it, but it also had numbers and punctuation marks and was longer and more complex than anything in the best dictionary.  didnt take them long to crack it and steal my (albeit, small) reward.  A month earlier and it wouldve been a lot more.

In short, there's nothing the human brain could think of that a brute force password cracking software in the cloud couldnt find, given a bit of time.

Bottom line:  Dont do it.  there's no sane reason to use a brain wallet.  And if you do, expect to lose your funds.   The hackers have infinite time to keep retrying your password.  nothing stops them.  they can do millions of tries a second and keep going for months til they crack it.  Why let them!?

I don't see how it's possible to crack such a sophisticated password as what you say you used. You are talking about a 256 bit + password. This password cannot be cracked in any practical amount of time.

[marbu1022]

2 - What example?

If I memorize the seed generated when wallet was created, would that be considered a brain wallet?  Can you give other examples of brain wallets?


Also how can an attacker use a password to attack my wallet seed??? I thought passwords were used to protect (encrypt) private keys? If I have not exposed my private keys, how can my wallet be attacked by randomly guessing passwords?

[aerobatic]

I don't see how it's possible to crack such a sophisticated password as what you say you used. You are talking about a 256 bit + password. This password cannot be cracked in any practical amount of time.

marbu -

there's several attack vectors to worry about when using brain wallets, which aren't a worry when using other types of wallet.

for instance.  every time you need to type it out, to get it converted back into the private key...  it could be intercepted locally on your computer using spyware or a key logger.   it could be intercepted using man in the middle attack on your internet connection or your wifi via a network sniffer or via a mitm ssl attack.   it could be intercepted at the web site that you're using to generate the brain wallet key in the first place.  or your java installation etc.  it could be a corrupt brain wallet generator.  or one with a weakened rng seed... etc.  there's too many attack vectors to think that brain wallets are a safe way of storing your bitcoins.  you are very reliant on a lot of things not being hacked, for you to continue to use a brain wallet.   anytime, during creation or use, or even just doing nothing, can be a risk factor.   Even Entropy checkers that are on the internet, could potentially be logging your passwords, and populating similar words into their dictionary with your entropy test results, so that the hackers have a better understanding on what kind of passwords people use (!)


i counted the letters in the brain wallet i was referring that got hacked, and to make a correction, it was less than the 40 chars i said it was - just to be accurate, it was 34 characters.  sorry, i thought it was more.. but the point was, it was still a long string of letters and numbers, some of which were words, some caps, some punctuation, and it still got hacked.  whether it was hacked with brute force from a cloud password generator or some other weak point in the brain wallet system, i really don't know.   All i know is that the ONLY loss i have ever had from any bitcoin wallet... was from a brain wallet.   Ive not even (touch wood) lost anything from web wallets like Blockchain.info   (and nowadays I've migrated to a hardware wallet and cold storage, as i don't even trust paper wallets as they have some of the same attack vectors to brain wallets)

[tobacco123]

I have two or three brain wallet with about 0.01 BTC and they are still ok (for the time being). It has a lower entropy than randomly generated address, but I guess it is "random" enough for my purpose.

[unamis76]

If I memorize the seed generated when wallet was created, would that be considered a brain wallet?  Can you give other examples of brain wallets?


Also how can an attacker use a password to attack my wallet seed??? I thought passwords were used to protect (encrypt) private keys? If I have not exposed my private keys, how can my wallet be attacked by randomly guessing passwords?

Yes, if you memorize the seed it becomes a brainwallet, as per its definition on the Bitcoin Wiki

A password can be used to attack a wallet seed when you have that seed on an online computer, protected by that same password...

[aerobatic]

I have two or three brain wallet with about 0.01 BTC and they are still ok (for the time being). It has a lower entropy than randomly generated address, but I guess it is "random" enough for my purpose.

hi tobacco.  if the prize is only $4 (0.01 btc) then the hacker wont spend a huge amount of compute power trying to crack that address.  but when the prize justifies the crack, they might try a little harder

[franky1]

I don't see how it's possible to crack such a sophisticated password as what you say you used. You are talking about a 256 bit + password. This password cannot be cracked in any practical amount of time.

a brain wallet is where you choose the words.. and most of the time brain wallet users choose between 1-6 common words that are part of a known phrase..

a seed wallet is where 12-20 RANDOM and UNCOMMON words are used.

the article stated

checked a trillion passwords and recovered 18,000 brain wallets

that is a 0.0000018% success rate.

now although there are 171,000 words in the dictionary. its estimated that only 3500 words are used commonly.

so imagine the password is 1 common word.
thats a 1 in 3500 chance of a hit.

so imagine the password is 2 common words.
thats a 1 in 12,250,000 chance of a hit.(3500 x 3500)

so imagine the password is 3 common words.
thats a 1 in 42,875,000,000 chance of a hit.(12,250,000 x 3500)

som brute forcers know that even in the 3500 common words, some are not used, so they could get the odds down. they also know that when using more than 3 words its more likely that a sentance structure was used (phrase or quote) so they know what words naturally follow grammatical structure and what words dont naturally follow each other in a sentance.

so although the odds of having 12 common words can be upto:
1 in 3379220508056640000000000000000000000000000 chance.
brute forcers can reduce that down to:
1 in 1000000000000000000000000000000000000 chance.
just by employing some grammatical rules to cut down on the variations possible.

which is still extreme for 12 word sentence.. but. its highly important to not use sentances/quotes that follow grammatical rules. it is also important to not use the 3500 common words. that way 12 random non common words can be:
1 in 3138428376721000000000000000000000000000000000000000000000000 chance.

so in short a brain wallet of 3 common words is:
1 in 42875000000 chance

so a seed of 12 random and uncommon words is:
1 in 3138428376721000000000000000000000000000000000000000000000000 chance.

[dserrano5]

if the prize is only $4 (0.01 btc) then the hacker wont spend a huge amount of compute power trying to crack that address.  but when the prize justifies the crack, they might try a little harder

People that crack brain wallets just brute force possible phrases regardless of the prizes they may obtain. They don't attack specific addresses, they just try and sweep all the addresses that they find during their attack.

[tobacco123]

if the prize is only $4 (0.01 btc) then the hacker wont spend a huge amount of compute power trying to crack that address.  but when the prize justifies the crack, they might try a little harder

People that crack brain wallets just brute force possible phrases regardless of the prizes they may obtain. They don't attack specific addresses, they just try and sweep all the addresses that they find during their attack.

This is why I have created about 10 paper wallets (random or brain wallets) and transfer 1000 bits into each to test. If after some time the coins are still there, I will then transfer a larger amount.

[jmintuck02]

Ever since I heard of the Brainwallet issue, I have never opened any, and that was when I was looking for a good wallet. I had done some research

and didn't like Brainwallet after what I saw.

[pooya87]

Ever since I heard of the Brainwallet issue, I have never opened any, and that was when I was looking for a good wallet. I had done some research

and didn't like Brainwallet after what I saw.

what did you see?!
as far as i know, there never was any problem with brainwallet. the problem came from people who were using it. their ignorance of the clear warning about not using an empty string, a simple "123" password or a popular sentence from a song.

[Quickseller]

if the prize is only $4 (0.01 btc) then the hacker wont spend a huge amount of compute power trying to crack that address.  but when the prize justifies the crack, they might try a little harder

People that crack brain wallets just brute force possible phrases regardless of the prizes they may obtain. They don't attack specific addresses, they just try and sweep all the addresses that they find during their attack.

This is why I have created about 10 paper wallets (random or brain wallets) and transfer 1000 bits into each to test. If after some time the coins are still there, I will then transfer a larger amount.

This isn't going to work. Some brain wallet hackers/farmers will monitor addresses to brainwallets and will not spend funds contained in a brainwallet right away, but will instead wait some time and hope that the "owner" will send additional BTC to the brain wallet.

[marbu1022]

I don't see how it's possible to crack such a sophisticated password as what you say you used. You are talking about a 256 bit + password. This password cannot be cracked in any practical amount of time.

marbu -

there's several attack vectors to worry about when using brain wallets, which aren't a worry when using other types of wallet.

for instance.  every time you need to type it out, to get it converted back into the private key...  it could be intercepted locally on your computer using spyware or a key logger.   it could be intercepted using man in the middle attack on your internet connection or your wifi via a network sniffer or via a mitm ssl attack.   it could be intercepted at the web site that you're using to generate the brain wallet key in the first place.  or your java installation etc.  it could be a corrupt brain wallet generator.  or one with a weakened rng seed... etc.  there's too many attack vectors to think that brain wallets are a safe way of storing your bitcoins.  you are very reliant on a lot of things not being hacked, for you to continue to use a brain wallet.   anytime, during creation or use, or even just doing nothing, can be a risk factor.   Even Entropy checkers that are on the internet, could potentially be logging your passwords, and populating similar words into their dictionary with your entropy test results, so that the hackers have a better understanding on what kind of passwords people use (!)


i counted the letters in the brain wallet i was referring that got hacked, and to make a correction, it was less than the 40 chars i said it was - just to be accurate, it was 34 characters.  sorry, i thought it was more.. but the point was, it was still a long string of letters and numbers, some of which were words, some caps, some punctuation, and it still got hacked.  whether it was hacked with brute force from a cloud password generator or some other weak point in the brain wallet system, i really don't know.   All i know is that the ONLY loss i have ever had from any bitcoin wallet... was from a brain wallet.   Ive not even (touch wood) lost anything from web wallets like Blockchain.info   (and nowadays I've migrated to a hardware wallet and cold storage, as i don't even trust paper wallets as they have some of the same attack vectors to brain wallets)

aerobatic,

Any time that you send btc from a wallet, you are subject to the possibility of someone stealing your private keys, which are what is necessary to take over the wallet and remove all funds. The use of any wallet involves the use of encryption. Encryption is a tool that must be used properly, or just like any other tool, you can end up hurting yourself or others. I suggest you read up on managing encryption passwords and keys.

The information that you provided, as far as the different attack vectors that brain wallets are subject to, also applies to other wallets. I dispute, however, your claim, that brain wallets should never be used.

Going back to your case scenario, where you stated, that you had a 34 character password with characters and symbols, one can only conclude, that your password was stolen by some means; a key logger, or a different type of malware. Again, it is highly unlikely that your password (as you describe it) was brute forced, therefore I have to conclude that you completely mismanaged your wallet.

There are many ways of generating secure, brain, and other types of wallets. One would be by employing the use of a "live" and offline operating system using a reputable wallet, such as electrum. Once your wallet is generated, you can write down all of your public addresses, memorize your seed, (you should develop a way to get at your seed in case you forget it) and then take the wallet offline, where it can remain in cold storage for a very long time. This method would likely be very safe. The amount of security you should employ depends on the amount of funds that you are trying to protect. People will be willing to work a lot harder to get at something that is worth a lot to them. Keep in mind that the physical security of the device you are using to store your wallet (e.g. computer, tablet, phone, hardware wallet, etc...) is very important.