Are Brain Wallets really a good idea?

[tumak]

OP is correct, it's just matter of double sha256 + point multiplication + sha256 + ripemd160

Some ballparks assuming your password has 128 bit entropy (default for electrum, much less for armory?):

You can check ~32Mkey/s on hi-end ATI card. Assume attacker owns lots of resources at disposal, say 131,074 of such cards:

32M*128K = 2^25+2^17, in essence you strip 42 bits of input 128 bit brain wallet. 86 bits to go. Now let's assume he's going against all addresses at once, of which let's assume 16M are brain wallets, it does not matter which one he'll crack. Checking is O(1) (hash table). Thats another 24 bits (16M=2^24).

Your wallet is secured by 62 bits now for every second hypothetical attacker is attempting. ~29 bits down if he keeps trying for a year. You're left with 33 bits of security.

This number decrements by 1 every 18 months as per Moore's law. Attacker in year 2046 will find your wallet with 100% certainty in a year.

Of course he will find *some* wallet much sooner, when we'll account for the birthday paradox.

The security margin is still there, but it's pretty thin in the long run.

[1714986878]

1714986878

[1714986878]

1714986878

[btc6000]

Come on, how realistic is that that one attacker will have 131,074 high end ATI graphics cards at his disposal?

Assuming a 7970 uses 250W, that would consume 32.7685 Megawatts of power

Even if he did, it would be more profitable to mine with them.

[Dabs]

My brain wallet is some random private key in wallet import format. Just memorize all 54 characters.

[nwbitcoin]

This is a case of blaming the tools rather than the bad worker.

There is nothing wrong with brain wallets that a bit of thinking isn't going to fix.

Firstly, don't use all your words from the dictionary. Don't use all one language.

Use spaces, dashes, caps and lower letters and numbers

Don't use any phrase that already exists in print - anywhere!

"Luke, I am your father!" is out because its too short and well known

"Das freaky latino Hound, @Nellie with de supahuge bazookas - 9021oh,oh!"

Can you remember that? - Now convert it to a brain wallet address, and search the blockchain to see if it exists before you start using it!


Its not brain wallets that are faulty - its brains!

[soonerjoe]

This is a case of blaming the tools rather than the bad worker.

There is nothing wrong with brain wallets that a bit of thinking isn't going to fix.

Firstly, don't use all your words from the dictionary. Don't use all one language.

Use spaces, dashes, caps and lower letters and numbers

Don't use any phrase that already exists in print - anywhere!

"Luke, I am your father!" is out because its too short and well known

"Das freaky latino Hound, @Nellie with de supahuge bazookas - 9021oh,oh!"

Can you remember that? - Now convert it to a brain wallet address, and search the blockchain to see if it exists before you start using it!


Its not brain wallets that are faulty - its brains!

And don't use the same password for anything else.

[Kevlar]

Wow, that's a very educational and interesting post, thanks for that Kevlar.

Sorry if these are newb questions but am I understanding right that once given a public key you can search through the block chain to find the holdings of the wallet associated with that key? Also, is it possible at all to find the public key associated with a certain BTC address? Just curious to understand the limitations of the BTC network.

Yes. Download the code I linked to and look at BitKeyChecker. That's what this does. It reads the block chain off disk, putting all the transaction hashes into a set, and then searches that set. You could easily enhance it to be a map back into the blockchain for really fast lookups directly into the block chain.

As for finding the public key for a given address... I think it's gotta be included in the transaction?

Someone with a better understanding of the Block Chain format would be better qualified to answer that. I know the address is the ripemd160(sha256(pubkey)), and that the output/input pairs have to be signed with the output's private key, demonstrating that the holder of the private key/outputs was the one who is creating the transaction (aka sending the bitcoins), and I know the network is smart enough to verify all the parameters of the transaction or it will be rejected (can I just tell you how many times I've gone, "Why isn't it working?" because I've screwed up the construction of a transaction in code? Watch your change addresses and square your totals kids!) including the fact that the signatures generated can be decrypted by the public key that generated them and compared against the outputs->input/amount pairs, but I don't know what the trick is to go from address to public key for that operation unless it's in the transaction itself. Can anyone jump in here?

-Kevlar

[Kevlar]

Assume attacker owns lots of resources at disposal, say 131,074 of such cards:

Let me just stop you right there and let's do the math on that. Have you multiplied 131,074 cards by $600 dollars? I have... to the tune of 78.6 million dollars. Did you account for inflation? Or even consider the fact that this guy already spent the 78.6 million dollars back in 2013 trying to do this the first time, and now he's poor and old, and his liver is failing from him drinking too much when he was in his 30's?

Please... think of the Hugh Manatee! Guys, I'm never going to reach 78.6 million dollars by 20XD at this rate if you don't tip. Like my code? My address is in my sig...

[metraX]

"Das freaky latino Hound, @Nellie with de supahuge bazookas - 9021oh,oh!"

 

Aww, no coins in there

[ATC]

I dont' think brain wallet is so good. The brain randomness maybe doesn't have so big entropy.

[MiningUnited]

Just saw this "brain wallet" reference on the News. To the average Joe, they are even more like wtf? 

[zzz321]

If you aren't using your grandma's name or mother's maden name, or you dog's name etc. You can come up with a solid Brain Wallet. When it comes to procedures for any form of security, especially if it is of some value to you, you should put in the effort to come up with abstract parts to protect your assets.