Wow, seems today is the day that people respond to threads without paying attention to what the OP is looking for:
- snip -
Stamping the chars in the metal takes time so I want to keep it to a minimum.
None of these suggestions seem like a good idea for keeping the number of characters to a minimum:
Presumably 12 random words would also work?
- snip -
This seems appropriate for this conversation:
https://xkcd.com/936/Oh, and assuming roughly 50,000 common words, 12 of them should be sufficient even against a dictionary attack.
- snip -
The best defence is probably to make brain wallets slow to generate. If the cracker can crack brain wallets at 350billion per second then you need a long passphrase. If the first step of the brain wallet is to sha hash the passphrase 80 billion times
- snip -
And he should stamp the entire algorithm into the metal so he doesn't forget it?
For making physical bitcoin tokens, you may want to use the same "minikey" format used by Casascius for his physical coins. See
Mini private key format on the wiki. It's probably the closest thing there is to a standard.
This! Don't use a password
The Mini private key
is a password, isn't it? I thought that the private key was simply a SHA-256 hash of the mini key (just like the private key of a brainwallet is just the SHA-256 hash of a password). Note, that means that the Minikey is just a 29 character password. As a checksum, a mini key with a ? added to the end will always create a hash that that has a first byte of 0x00. Since the minikey only uses 58 characters the gives you about 5.4X10
48 possible combinations. This would be equivalent to a 25 character password using all 94 characters. You'll have to decide for yourself it the benefits of a mini-key are worth the additional characters.
- snip -
Note that if many brain wallets use the same generation code then a hacker can test all of them at the same time, so the important value is that stored in brain wallets using the same generation code as you, not that stored in your wallet.
- snip -
I'm not sure what you are trying to say there. Perhaps I'm just not paying close enough attention. When you say "generation code" do you mean password? Or do you mean algorithm for converting a password into an address?