I watched the following video on Youtube and it is scary how weak any passphrase is as a seed for brainwallet:
https://www.youtube.com/watch?v=foil0hzl4PgThat makes me wonder if by the creation of paperwallets and encryption of privatekeys with a "weak" passphrase (I have no idea what would constitute a strong passphrase) we run the risk of accidentally found paper wallets with encrypted private keys being brute forced by the knowledgable finder of such a paper wallet?
This thread should satisfy your curiosity:
https://bitcointalk.org/index.php?topic=1014202If you found it TL;DR, here's the bottom line:
A member put 1 BTC onto an addres whose private key was bip38 encrypted, he posted the encrypted private key + the fact that the password was only 6 letters. Later on he even gave a couple of clues about the password.
Two years later, he closed the contest and disclosed the password to be "zLwMiR", the price remained unclaimed (nobody succesfully bruteforced the password in 2 years, even with the prior knowledge the password was only 6 letters long).
So, if you pick a reasonably strong, completely random password, you should be relatively secure... Offcourse, if you're going to load your paper wallet with 1000's of BTC, you're giving a brute forcer a very big incentive to crack your passphrase...