mpfrank (OP)
Sr. Member
Offline
Activity: 247
Merit: 250
Cosmic Cubist
|
|
January 31, 2013, 12:00:08 AM |
|
Well, in addition to all the critiques on that thread, it seems rather cumbersome and unwieldy. And I think it's unlikely to be widely adopted. Also, I would be nervous that maybe my subconscious wouldn't meet expectations when I need it to the most.
|
If all the sovereign non-cryptocurrencies will eventually collapse from hyperinflation, you can't afford *not* to invest in Bitcoin... See my blog at http://minetopics.blogspot.com/ . Donations accepted at: 17twYNyqTiCTM2gJmumkytvhZh4sCVSKNH
|
|
|
|
|
Bitcoin mining is now a specialized and very risky industry, just like gold mining. Amateur miners are unlikely to make much money, and may even lose money. Bitcoin is much more than just mining, though!
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1330
|
|
January 31, 2013, 12:25:27 AM |
|
To make a truly secure brainwallet passphrase take the output of dd bs=32 count=1 if=/dev/random | hexdump -e '"%x"' and convert it to PGP wordsThat hexdump format drops leading zeros, so you don't always get the same length output. Use %08x instead: $ for i in . . .; do dd bs=32 count=1 if=/dev/random 2>/dev/null | hexdump -e '"%x"'; echo; done 16a1e01aab6de7fe6e8e5e8f28420f0d8cf1d12256321054f57f6973b6e6b2 23db86401bea1e3ac5c089fa1a5333f2403448314a15e3d724995a328e31bee6 e8dbc73fcab648562843757bf32ce6a5ee685689e40a6818ed65f3c1623a00e $ for i in . . .; do dd bs=32 count=1 if=/dev/random 2>/dev/null | hexdump -e '"%08x"'; echo; done 3e2b8050eba7507b02f8e92e4d046f2e8b77b37914eb33a190bbaec26e589e0b 140b7e3f8ec3d995b8c84c79a1aad8dae792a7da13bbb457432c1543440237a3 ea6ca2eb010fbd8044ea907398308bb4643f23114f5c935162736623cdec6f94
Also note that /dev/random won't always have 32 bytes of random data available, so you might get a much shorter output.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
January 31, 2013, 02:53:20 AM |
|
Also note that /dev/random won't always have 32 bytes of random data available, so you might get a much shorter output.
It should block until it has enough data.
|
|
|
|
thezerg
Legendary
Offline
Activity: 1246
Merit: 1010
|
|
January 31, 2013, 03:57:52 AM |
|
It would be unfortunate to make brainwallets inconvenient to generate because they won't hold coins securely for decades when some people may desperately need them for just a few hours or days during periods of travel or social unrest...
|
|
|
|
ErebusBat
|
|
January 31, 2013, 04:21:19 AM |
|
OR.. OR.... use a random wallet and store the private key / recovery code in LastPass or keepass.
I understand the 'attractiveness' of brainwallets is that your computer could go away and you can still get your bitcoins back.
HOWEVER usb drives / paper wallets / safe deposit boxes / mom's houses are very effective and cheap.
This reminds me of a conversation we had at work. We currently backup on-site and ti our data center, which happens to be about two blocks away from us. We had the opportunity to add another city to that list. Whilst discussing it I brought up the good question "if our building is destroyed AND the datacenter is destroyed will we still be in business?"
if you PGP encrypt your wallet and give your mom a copy and put a copy in your safe deposit box and all those are destroyed then most likely your primary concern is going to be running from zombies and not where your magic internet money went.
Just Sayin.
|
|
|
|
ErebusBat
|
|
February 02, 2013, 11:24:42 PM |
|
For those of you, who have spare unneeded coins I have new toy in Google Go : https://bitbucket.org/mmanchaild/brainqeyz.gitThis SAVING brainwallet generator has some quite secure properties. On average PC EVERY brute-force attempt of a passphrase will take ~ 90 minutes to perform. It comes with a cost: application will run about 2..3 hours for one launch. You will need to launch it at least 2 times (or MORE) for safety reasons. And then you must compare results. They must be the same. I am interested in how you calculated that every brute force attempt would take 2.5 hours.
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
February 03, 2013, 12:17:55 AM |
|
A brainwallet generator that has an option that can be cranked up to 90+ minutes might be useful. But one that requires people to wait 90 minutes to do their first brainwallet, is one that probably hasn't been properly thought through.
A 90-minute or 900-minute brainwallet has useful properties from the perspective of robbery/duress prevention. Teaching someone that a brainwallet is something that requires at least 90 minutes to access, on the other hand, is going to sound ridiculous.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
ErebusBat
|
|
February 03, 2013, 02:19:25 PM |
|
I am not sure I see the point in this vs truly random keys?
My thought behind brainwallets were so that they could not be lost or destroyed? The idea behind just using a simple SHA256 was that it was not complicated or hard, you can even find (non bitcoin) related sites to do it for you.
If you require a special program to generate your address then does that leave the realm of brainwallet and enter the realm of super-duper wallet generator?
Don't get me wrong, I really like the idea, but it would be very hard for me to loose anything digital. But for your average user I am not so sure?
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
March 12, 2013, 06:49:28 AM |
|
How about a SHA256 hash of a picture or video from your own camera? The photo or video is of the sky, or of the ground, or something weird; something no one else is going to take a picture of; in the dark, with highest ISO speed for grainiest photo. Or a bunch of photos. Of course, add salt and iterate a few hundred times.
|
|
|
|
aliaser
Newbie
Offline
Activity: 14
Merit: 0
|
|
April 08, 2013, 01:03:36 AM |
|
404, do you have a working link of the souce code?
|
|
|
|
|