davinci6845 (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
November 07, 2017, 08:23:02 PM |
|
ive been reading a fair amount about brain wallets. they fascinate me
ive heard some pros and some cons. the main reason against them seems to be that
1- people use very common phrases (lyrics to songs etc) 2- people have poor memory
but if one were to use an uncommon phrase (say a foreign language idomatic expression) and they securely stored the phrase, would the brain wallet fail
additionally ive seen some brain wallets add an extra password to help the seed
given the above assumptions, at a technical level, is there reason to believe brain wallets are not to be used other than what popular opinions feel?
|
|
|
|
cr1776
Legendary
Offline
Activity: 4186
Merit: 1312
|
|
November 07, 2017, 11:23:06 PM |
|
ive been reading a fair amount about brain wallets. they fascinate me
ive heard some pros and some cons. the main reason against them seems to be that
1- people use very common phrases (lyrics to songs etc) 2- people have poor memory
but if one were to use an uncommon phrase (say a foreign language idomatic expression) and they securely stored the phrase, would the brain wallet fail
additionally ive seen some brain wallets add an extra password to help the seed
given the above assumptions, at a technical level, is there reason to believe brain wallets are not to be used other than what popular opinions feel?
There is a nice discussion here: https://bitcointalk.org/index.php?topic=1719563.0But any idiomatic expression is almost definitely a bad idea no matter the language.
|
|
|
|
haltingprobability
Member
Offline
Activity: 98
Merit: 26
|
|
November 07, 2017, 11:27:54 PM Last edit: November 07, 2017, 11:44:16 PM by haltingprobability |
|
@OP: It's just a matter of how well you trust your memory versus the value at stake. A truly secure passphrase is going to require a non-trivial amount of neurons to remember. Any phrase/saying/poetry/quote/song/etc etc. is a bad choice for a password precisely because it's not secret and the whole point of a password is to be secret. All the world's printed information could be stored in a 64-bit address space, with room to spare. But it only takes about 5 or so random words from English to attain 64-bit level security. Only random passwords which are generated locally (secret) should be considered secure. Nothing else is secure. Here's a diceware password book I created sometime back in order to assist people in generating strong, relatively easy-to-remember passwords. Note that you can choose any bit-equivalent of security you like simply by memorizing more words - each word you memorize gives you about 10 bits of entropy. This is not a guess, either, it is a mathematical fact based on the way the password has been selected. Here's a sample password with 72-bit equivalent security, generated by consulting random.org instead of rolling a die: cook wine pea petal pear text tuba.
|
|
|
|
Sikkan666
Member
Offline
Activity: 240
Merit: 11
|
|
November 08, 2017, 07:05:13 AM |
|
For me it sounds like a terrible idea.. It surely can be safe, but I would every day think "what if someone think of the same as me" I would be super paranoid at least..
|
|
|
|
kernighan
Member
Offline
Activity: 70
Merit: 10
|
|
November 08, 2017, 09:54:43 AM |
|
ive been reading a fair amount about brain wallets. they fascinate me
ive heard some pros and some cons. the main reason against them seems to be that
1- people use very common phrases (lyrics to songs etc) 2- people have poor memory
but if one were to use an uncommon phrase (say a foreign language idomatic expression) and they securely stored the phrase, would the brain wallet fail
additionally ive seen some brain wallets add an extra password to help the seed
given the above assumptions, at a technical level, is there reason to believe brain wallets are not to be used other than what popular opinions feel?
There is a nice discussion here: https://bitcointalk.org/index.php?topic=1719563.0But any idiomatic expression is almost definitely a bad idea no matter the language. good conclusion. period. That's why majority don't adopt brain wallet.
|
|
|
|
BenXy
Newbie
Offline
Activity: 12
Merit: 0
|
|
November 08, 2017, 10:13:08 AM |
|
brain wallet is a good choice to transfer and keep little coin. Not safe enough caused by internet.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4361
<insert witty quote here>
|
|
November 08, 2017, 10:26:10 AM |
|
but if one were to use an uncommon phrase (say a foreign language idomatic expression) and they securely stored the phrase, would the brain wallet fail
How uncommon do you a think an obscure poem written in Afrikaans would be?? Cost some guy 4 BTC back in the day... https://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/Brain wallets are bad, mmmKay? Don't use Brain wallets, mmmKay?
|
|
|
|
cynical
|
|
November 08, 2017, 11:03:37 AM |
|
i would have thought they were a great idea because there is nothing to be destroyed, i.e paper, hard drive, hardware. once you choose a system for creating your password you are sorted. If for example you were interested in astronomy you could combine planets in our solar system with their position from the sun, of you could combine the birth dates of you family starting with the oldest down to the youngest.
what is a bad idea if picking something obscure in some other language, that can be forgotten.
|
|
|
|
TechPriest
Sr. Member
Offline
Activity: 377
Merit: 282
Finis coronat opus
|
|
November 08, 2017, 12:44:47 PM |
|
i would have thought they were a great idea because there is nothing to be destroyed, Only your brain. once you choose a system for creating your password you are sorted. If for example you were interested in astronomy you could combine planets in our solar system with their position from the sun, of you could combine the birth dates of you family starting with the oldest down to the youngest.
That's a good example of bad passphrase. Anyone who knows about your passion can easily crack your wallets. I would higly not recommended brainwallets for average peoples. Passphrase is very weak if hacker knows your identity (and if it used without so-called "salt". but it rightly for all types of passwords). You can't create in your brain something which other people can't repeate in theirs.
|
In science we trust!
|
|
|
jhdscript
|
|
November 08, 2017, 12:51:43 PM |
|
Braine Wallets looks to be unsecure
|
|
|
|
cynical
|
|
November 08, 2017, 03:47:36 PM |
|
i would have thought they were a great idea because there is nothing to be destroyed, Only your brain. once you choose a system for creating your password you are sorted. If for example you were interested in astronomy you could combine planets in our solar system with their position from the sun, of you could combine the birth dates of you family starting with the oldest down to the youngest.
That's a good example of bad passphrase. Anyone who knows about your passion can easily crack your wallets. ok, but "they" have to firstly know you, know your interests, try all combinations of all the interests you have, know you have Bitcoin and know they are in a brain wallet. what about picking something you absolutely hate, or something male orientated if you are a female, it just needs to be something specific that you will remember.
|
|
|
|
cellard
Legendary
Offline
Activity: 1372
Merit: 1252
|
|
November 08, 2017, 05:00:49 PM |
|
i would have thought they were a great idea because there is nothing to be destroyed, Only your brain. once you choose a system for creating your password you are sorted. If for example you were interested in astronomy you could combine planets in our solar system with their position from the sun, of you could combine the birth dates of you family starting with the oldest down to the youngest.
That's a good example of bad passphrase. Anyone who knows about your passion can easily crack your wallets. ok, but "they" have to firstly know you, know your interests, try all combinations of all the interests you have, know you have Bitcoin and know they are in a brain wallet. what about picking something you absolutely hate, or something male orientated if you are a female, it just needs to be something specific that you will remember. It just doesn't make sense from a cryptographical point of view to carry all of your coins in a single seed, which is why you should avoid brainwallets, and electrum wallets, or anything that could generate all of your keys from a single seed of any kind for that matter. If your keys are spread across different separated private keys, you are lowering your chances of an attack by a lot. So don't use these for anything else than spare change or temporal re-allocation of btc.
|
|
|
|
lukaexpl
|
|
November 08, 2017, 06:24:51 PM |
|
DEF CON 23 - Ryan Castellucci - Cracking CryptoCurrency Brainwallets https://www.youtube.com/watch?v=foil0hzl4Pgis an epic reminder why you should not use single hashed brainwallets. If you must go with a brain wallet than even small passwords salted look pretty strong if using https://keybase.io/warpCaveat: That comes from a cryptography layman!
|
|
|
|
TechPriest
Sr. Member
Offline
Activity: 377
Merit: 282
Finis coronat opus
|
|
November 08, 2017, 08:37:16 PM Last edit: November 08, 2017, 08:59:21 PM by TechPriest |
|
ok, but "they" have to firstly know you, know your interests, try all combinations of all the interests you have, know you have Bitcoin and know they are in a brain wallet. what about picking something you absolutely hate, or something male orientated if you are a female, it just needs to be something specific that you will remember.
I would say that there a little chance someone guess your brain wallet. For example your passphrase is "IHateDogs". But, because people are similar in brain activity (most of us) someone can just try this password (with evil intent or just for fun) and will get access to your funds. So, you must use so-called "salt". For example - sha256(salt*('yourpassphrase'+'salt')) or something like that. But even with "salt" brainwallets weaker than RNG. It just doesn't make sense from a cryptographical point of view to carry all of your coins in a single seed, which is why you should avoid brainwallets, and electrum wallets, or anything that could generate all of your keys from a single seed of any kind for that matter.
If your keys are spread across different separated private keys, you are lowering your chances of an attack by a lot. So don't use these for anything else than spare change or temporal re-allocation of btc.
It depends what algorythm you're using. Read about BIP-0039 / BIP-0044 More private keys - better defense against only in some cases. Because it harder to store and secure 3 private keys than 1 seed.
|
In science we trust!
|
|
|
Spendulus
Legendary
Offline
Activity: 2912
Merit: 1386
|
|
November 08, 2017, 11:32:07 PM |
|
.... ok, but "they" have to firstly know you, know your interests, try all combinations of all the interests you have, know you have Bitcoin and know they are in a brain wallet. what about picking something you absolutely hate, or something male orientated if you are a female, it just needs to be something specific that you will remember.
The reason I have to voice an opinion on the NO side here is that I've heard a fair number of people proudly explain to me what their passwords were. Almost always these were ridiculously easy to crack phrases, yet they didn't have a clue about that. Humans are just plain no good at creating random.
|
|
|
|
davinci6845 (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
November 08, 2017, 11:49:38 PM Last edit: November 19, 2017, 04:33:17 AM by davinci6845 |
|
If you must go with a brain wallet than even small passwords salted look pretty strong if using https://keybase.io/warpbrain wallets are fun and secure
|
|
|
|
haltingprobability
Member
Offline
Activity: 98
Merit: 26
|
|
November 09, 2017, 12:08:57 AM |
|
Don't use non-secrets to build passwords. A non-secret is any kind of public information. Here are some examples of public information:
"To be or not to be" <-- this was published by William Shakespeare about 400 years ago "I like big butts and I cannot lie" <-- published by Sir Mixalot about 25 years ago 3.14159265... <-- the digits of pi, an easily calculated and well-studied mathematical constant 1.618033988... <-- the digits of phi, " " "
Your typical PC has a 64-bit virtual address space. All the information ever published (on paper) in the history of man could be archived into a 64-bit address space with room to spare. That means that anything that has ever been published is vulnerable to a dictionary attack in resource-feasible time and space - in other words, this is not a "purely theoretical" attack.
For this and other reasons, some cryptographers (e.g. Bruce Schneier) recommend 80-bit equivalent security for passwords, although it is safe in some conditions to fudge a little using password-strengthening techniques.
Humans are notoriously bad at generating randomness. You should not trust your intuitive sense of "mixed-upedness" when choosing a password. You should generate passwords utilizing objective randomness (e.g. a die, a hardware RNG or a CSPRNG). Since no one can store more than a certain amount of truly random information in their brain, utilize a reputable password management tool to track your passwords and choose a master password that is both within your capacity to remember and attains 80-bit level security.
The main factor in making sure you can retain your master password is to use it on a periodic basis. A random password is susceptible to loss if you just memorize it once and then never use it afterwards. I've done this and lost a lot of valuable data as a result (I've lost no wallets in this way, however).
A brain wallet is a secure way to store Bitcoins if you follow best-practice guidelines in choosing a password. You probably don't need a brain wallet, however, unless you are in a situation where you really have no safe place to store the password to your bitcoins. For example, if you live in a country ruled by a totalitarian government or if you travel across national borders frequently, it might make sense for you to keep a brain wallet. I would not use a brain wallet for cold storage, however, since you are liable to forget the password.
|
|
|
|
micloop
|
|
November 15, 2017, 05:53:38 PM |
|
What about if a disease occurs to you and you can't remember it? You'll lose the wallet! Not a good idea!
|
|
|
|
W4terhouse
Member
Offline
Activity: 147
Merit: 21
|
|
November 15, 2017, 08:33:54 PM |
|
What about if a disease occurs to you and you can't remember it? You'll lose the wallet! Not a good idea!
My thoughts about that. What if you are loosing your mind the past view years? You get something on your head in an accident and lose parts of your memory?
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
November 16, 2017, 04:30:30 PM |
|
Generally brain wallets are always a bad idea. Humans can't generate a random password or whatsoever. It might seem random to you, but in reality we are far far away from being random when generating passwords. The pseudo-randomness in a human-generated password is only a fraction of the randomness of a pc-created password, estimated enough entropy is gathered. And if you start using phrases which you can memorize easily, then it will be pretty "easy" for an attacker to guess your phrase, if the amount of btc's stored is high enough.
|
|
|
|
|