Bitcoin Forum
November 24, 2017, 08:25:00 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: brain wallets - good or bad  (Read 1604 times)
davinci6845
Newbie
*
Offline Offline

Activity: 14


View Profile
November 07, 2017, 08:23:02 PM
 #1

ive been reading a fair amount  about brain wallets. they fascinate me

ive heard some pros and some cons. the main reason against them seems to be that

1- people use very common phrases (lyrics to songs etc)
2- people have poor memory

but if one were to use an uncommon phrase (say a foreign language idomatic expression) and they securely stored the phrase, would the brain wallet fail

additionally ive seen some brain wallets add an extra password to help the seed

given the above assumptions, at a technical level, is there reason to believe brain wallets are not to be used other than what popular opinions feel?

ME2 CEO of Bitcoin
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511511900
Hero Member
*
Offline Offline

Posts: 1511511900

View Profile Personal Message (Offline)

Ignore
1511511900
Reply with quote  #2

1511511900
Report to moderator
1511511900
Hero Member
*
Offline Offline

Posts: 1511511900

View Profile Personal Message (Offline)

Ignore
1511511900
Reply with quote  #2

1511511900
Report to moderator
cr1776
Legendary
*
Offline Offline

Activity: 1722


View Profile
November 07, 2017, 11:23:06 PM
 #2

ive been reading a fair amount  about brain wallets. they fascinate me

ive heard some pros and some cons. the main reason against them seems to be that

1- people use very common phrases (lyrics to songs etc)
2- people have poor memory

but if one were to use an uncommon phrase (say a foreign language idomatic expression) and they securely stored the phrase, would the brain wallet fail

additionally ive seen some brain wallets add an extra password to help the seed

given the above assumptions, at a technical level, is there reason to believe brain wallets are not to be used other than what popular opinions feel?

There is a nice discussion here:
https://bitcointalk.org/index.php?topic=1719563.0

But any idiomatic expression is almost definitely a bad idea no matter the language.
haltingprobability
Newbie
*
Offline Offline

Activity: 28


View Profile
November 07, 2017, 11:27:54 PM
 #3

@OP:

It's just a matter of how well you trust your memory versus the value at stake. A truly secure passphrase is going to require a non-trivial amount of neurons to remember. Any phrase/saying/poetry/quote/song/etc etc. is a bad choice for a password precisely because it's not secret and the whole point of a password is to be secret. All the world's printed information could be stored in a 64-bit address space, with room to spare. But it only takes about 5 or so random words from English to attain 64-bit level security. Only random passwords which are generated locally (secret) should be considered secure. Nothing else is secure.

Here's a diceware password book I created sometime back in order to assist people in generating strong, relatively easy-to-remember passwords. Note that you can choose any bit-equivalent of security you like simply by memorizing more words - each word you memorize gives you about 10 bits of entropy. This is not a guess, either, it is a mathematical fact based on the way the password has been selected. Here's a sample password with 72-bit equivalent security, generated by consulting random.org instead of rolling a die: cook wine pea petal pear text tuba.
Sikkan666
Jr. Member
*
Online Online

Activity: 56


View Profile
November 08, 2017, 07:05:13 AM
 #4

For me it sounds like a terrible idea.. It surely can be safe, but I would every day think "what if someone think of the same as me" Tongue

I would be super paranoid at least..
kernighan
Member
**
Offline Offline

Activity: 70


View Profile
November 08, 2017, 09:54:43 AM
 #5

ive been reading a fair amount  about brain wallets. they fascinate me

ive heard some pros and some cons. the main reason against them seems to be that

1- people use very common phrases (lyrics to songs etc)
2- people have poor memory

but if one were to use an uncommon phrase (say a foreign language idomatic expression) and they securely stored the phrase, would the brain wallet fail

additionally ive seen some brain wallets add an extra password to help the seed

given the above assumptions, at a technical level, is there reason to believe brain wallets are not to be used other than what popular opinions feel?

There is a nice discussion here:
https://bitcointalk.org/index.php?topic=1719563.0

But any idiomatic expression is almost definitely a bad idea no matter the language.

good conclusion.

period.

That's why majority don't adopt brain wallet.
BenXy
Newbie
*
Offline Offline

Activity: 13


View Profile
November 08, 2017, 10:13:08 AM
 #6

brain wallet is a good choice to transfer and keep little coin. Not safe enough caused by internet.
HCP
Sr. Member
****
Online Online

Activity: 434

<insert witty quote here>


View Profile
November 08, 2017, 10:26:10 AM
 #7

but if one were to use an uncommon phrase (say a foreign language idomatic expression) and they securely stored the phrase, would the brain wallet fail
How uncommon do you a think an obscure poem written in Afrikaans would be?? Cost some guy 4 BTC back in the day...

https://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

Brain wallets are bad, mmmKay? Don't use Brain wallets, mmmKay?

cynical
Member
**
Offline Offline

Activity: 112


View Profile
November 08, 2017, 11:03:37 AM
 #8

i would have thought they were a great idea because there is nothing to be destroyed,
i.e paper, hard drive, hardware.
once you choose a system for creating your password you are sorted.
If for example you were interested in astronomy you could combine planets in our solar system with their position from the sun,
of you could combine the birth dates of you family starting with the oldest down to the youngest.

what is a bad idea if picking something obscure in some other language, that can be forgotten.
TechPriest
Sr. Member
****
Offline Offline

Activity: 240



View Profile
November 08, 2017, 12:44:47 PM
 #9

i would have thought they were a great idea because there is nothing to be destroyed,
Only your brain.

once you choose a system for creating your password you are sorted.
If for example you were interested in astronomy you could combine planets in our solar system with their position from the sun,
of you could combine the birth dates of you family starting with the oldest down to the youngest.

That's a good example of bad passphrase. Anyone who knows about your passion can easily crack your wallets.

I would higly not recommended brainwallets for average peoples. Passphrase is very weak if hacker knows your identity (and if it used without so-called "salt". but it rightly for all types of passwords). You can't create in your brain something which other people can't repeate in theirs.

jhdscript
Jr. Member
*
Offline Offline

Activity: 42


View Profile
November 08, 2017, 12:51:43 PM
 #10

Braine Wallets looks to be unsecure
cynical
Member
**
Offline Offline

Activity: 112


View Profile
November 08, 2017, 03:47:36 PM
 #11

i would have thought they were a great idea because there is nothing to be destroyed,
Only your brain.

once you choose a system for creating your password you are sorted.
If for example you were interested in astronomy you could combine planets in our solar system with their position from the sun,
of you could combine the birth dates of you family starting with the oldest down to the youngest.

That's a good example of bad passphrase. Anyone who knows about your passion can easily crack your wallets.


ok, but "they" have to firstly know you, know your interests, try all combinations of all the interests you have, know you have Bitcoin and know they are in a brain wallet.
what about picking something you absolutely hate, or something male orientated if you are a female, it just needs to be something specific that you will remember.
cellard
Legendary
*
Offline Offline

Activity: 840


View Profile
November 08, 2017, 05:00:49 PM
 #12

i would have thought they were a great idea because there is nothing to be destroyed,
Only your brain.

once you choose a system for creating your password you are sorted.
If for example you were interested in astronomy you could combine planets in our solar system with their position from the sun,
of you could combine the birth dates of you family starting with the oldest down to the youngest.

That's a good example of bad passphrase. Anyone who knows about your passion can easily crack your wallets.


ok, but "they" have to firstly know you, know your interests, try all combinations of all the interests you have, know you have Bitcoin and know they are in a brain wallet.
what about picking something you absolutely hate, or something male orientated if you are a female, it just needs to be something specific that you will remember.

It just doesn't make sense from a cryptographical point of view to carry all of your coins in a single seed, which is why you should avoid brainwallets, and electrum wallets, or anything that could generate all of your keys from a single seed of any kind for that matter.

If your keys are spread across different separated private keys, you are lowering your chances of an attack by a lot. So don't use these for anything else than spare change or temporal re-allocation of btc.

       ▀
   ▄▄▄   ▄▀
   ███ ▄▄▄▄  ██
       ████
    ▄  ▀▀▀▀
▄▄
      ██    ▀▀
██▄█▄▄▄████████
▄▄▄▄▄▄▄▄▀▀███▀▀▀
██████████████████
████▄▀▄▀▄▀███▀▀▀▀▀
████▄▀▄▀▄▀███ ▀
████▄▀▄▀▄▀████████
▀█████████████████
]
,CoinPayments,
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
lukaexpl
Full Member
***
Offline Offline

Activity: 134


View Profile
November 08, 2017, 06:24:51 PM
 #13

DEF CON 23 - Ryan Castellucci - Cracking CryptoCurrency Brainwallets

https://www.youtube.com/watch?v=foil0hzl4Pg

is an epic reminder why you should not use single hashed brainwallets.

If you must go with a brain wallet than even small passwords salted look pretty strong if using

https://keybase.io/warp

Caveat: That comes from a cryptography layman!
TechPriest
Sr. Member
****
Offline Offline

Activity: 240



View Profile
November 08, 2017, 08:37:16 PM
 #14

ok, but "they" have to firstly know you, know your interests, try all combinations of all the interests you have, know you have Bitcoin and know they are in a brain wallet.
what about picking something you absolutely hate, or something male orientated if you are a female, it just needs to be something specific that you will remember.

I would say that there a little chance someone guess your brain wallet. For example your passphrase is "IHateDogs". But, because people are similar in brain activity (most of us) someone can just try this password (with evil intent or just for fun) and will get access to your funds. So, you must use so-called "salt". For example - sha256(salt*('yourpassphrase'+'salt')) or something like that. But even with "salt" brainwallets weaker than RNG.

It just doesn't make sense from a cryptographical point of view to carry all of your coins in a single seed, which is why you should avoid brainwallets, and electrum wallets, or anything that could generate all of your keys from a single seed of any kind for that matter.

If your keys are spread across different separated private keys, you are lowering your chances of an attack by a lot. So don't use these for anything else than spare change or temporal re-allocation of btc.

It depends what algorythm you're using. Read about BIP-0039 / BIP-0044
More private keys - better defense against only in some cases. Because it harder to store and secure 3 private keys than 1 seed.


Spendulus
Legendary
*
Offline Offline

Activity: 1708



View Profile
November 08, 2017, 11:32:07 PM
 #15

....
ok, but "they" have to firstly know you, know your interests, try all combinations of all the interests you have, know you have Bitcoin and know they are in a brain wallet.
what about picking something you absolutely hate, or something male orientated if you are a female, it just needs to be something specific that you will remember.

The reason I have to voice an opinion on the NO side here is that I've heard a fair number of people proudly explain to me what their passwords were.

Almost always these were ridiculously easy to crack phrases, yet they didn't have a clue about that.

Humans are just plain no good at creating random.
davinci6845
Newbie
*
Offline Offline

Activity: 14


View Profile
November 08, 2017, 11:49:38 PM
 #16



If you must go with a brain wallet than even small passwords salted look pretty strong if using

https://keybase.io/warp



brain wallets are fun and secure

ME2 CEO of Bitcoin
haltingprobability
Newbie
*
Offline Offline

Activity: 28


View Profile
November 09, 2017, 12:08:57 AM
 #17

Don't use non-secrets to build passwords. A non-secret is any kind of public information. Here are some examples of public information:

"To be or not to be" <-- this was published by William Shakespeare about 400 years ago
"I like big butts and I cannot lie" <-- published by Sir Mixalot about 25 years ago
3.14159265... <-- the digits of pi, an easily calculated and well-studied mathematical constant
1.618033988... <-- the digits of phi,   "   "   "

Your typical PC has a 64-bit virtual address space. All the information ever published (on paper) in the history of man could be archived into a 64-bit address space with room to spare. That means that anything that has ever been published is vulnerable to a dictionary attack in resource-feasible time and space - in other words, this is not a "purely theoretical" attack.

For this and other reasons, some cryptographers (e.g. Bruce Schneier) recommend 80-bit equivalent security for passwords, although it is safe in some conditions to fudge a little using password-strengthening techniques.

Humans are notoriously bad at generating randomness. You should not trust your intuitive sense of "mixed-upedness" when choosing a password. You should generate passwords utilizing objective randomness (e.g. a die, a hardware RNG or a CSPRNG). Since no one can store more than a certain amount of truly random information in their brain, utilize a reputable password management tool to track your passwords and choose a master password that is both within your capacity to remember and attains 80-bit level security.

The main factor in making sure you can retain your master password is to use it on a periodic basis. A random password is susceptible to loss if you just memorize it once and then never use it afterwards. I've done this and lost a lot of valuable data as a result (I've lost no wallets in this way, however).

A brain wallet is a secure way to store Bitcoins if you follow best-practice guidelines in choosing a password. You probably don't need a brain wallet, however, unless you are in a situation where you really have no safe place to store the password to your bitcoins. For example, if you live in a country ruled by a totalitarian government or if you travel across national borders frequently, it might make sense for you to keep a brain wallet. I would not use a brain wallet for cold storage, however, since you are liable to forget the password.
munachimso1
Newbie
*
Offline Offline

Activity: 18


View Profile
November 15, 2017, 05:23:46 PM
 #18

Brain wallet usage is actually relative. It has it's advantage and disadvantage but guess the disadvantages surpasses the advantages,hence I cant use such wallet.

Vector Project is one of the best Projects around.
Mianwaqas
Newbie
*
Offline Offline

Activity: 3


View Profile
November 15, 2017, 05:50:08 PM
 #19

Brain wallet usage is actually relative. It has it's advantage and disadvantage but guess the disadvantages surpasses the advantages,hence I cant use such wallet.
brain wallet is good choice
micloop
Full Member
***
Offline Offline

Activity: 182



View Profile WWW
November 15, 2017, 05:53:38 PM
 #20

What about if a disease occurs to you and you can't remember it? You'll lose the wallet!
Not a good idea!

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!