Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
November 25, 2013, 03:19:10 PM |
|
The owner of that site needs to shut it down. This kind of thing was inevitable and we warned about it from the start. Someone has calculated a rainbow table and the passphrase you chose is in it.
Which wallet software did you import the key into? Do we need to put a warning about this site into wallet apps? We need to find some way to kill this stupid and dangerous site asap.
over-react much? of course someone has made rainbow tables, so what? the lesson to be learned here is not that we should crucify brainwallet.org, it is that we should make strong passphrases.
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
howzar
|
|
November 25, 2013, 03:30:47 PM |
|
This site just seem too much of a risk since you are either using a weak word or a difficult one which isn't easy to remember,it would be much simpler to just make a wallet (and add a password//encrypt keys) or just make paper ones.
|
|
|
|
franky1
Legendary
Online
Activity: 4270
Merit: 4533
|
|
November 25, 2013, 04:48:42 PM |
|
it has been asked many times for the simple snip-it of code that makes a private key. the answer is always view source of brainwallet. pfft i dont need all 1383 lines of code that do all the different functions. we just need the basic convert random characters + checksum and then convert to public. which should be under 100 lines of code
this will then allow people to make their own programs that hash words into giberish in any form they like. EG a mix of md5, sha256 followed by another passthrough of sha, before then converting.
then they atleast can make their own scripts to
take the first page of moby dick and MD5 it. take the 6th page of the bible and MD5 it take the 207th page of 50 shades of gray and MD5 it
put all 3 codes into a sha256 add a MD5 of Moses 10 commandments sha256 again
and then put this through the 'brainwallet converter code'.
then next time they just put in those pages
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1136
All paid signature campaigns should be banned.
|
|
November 25, 2013, 05:48:43 PM |
|
it has been asked many times for the simple snip-it of code that makes a private key. the answer is always view source of brainwallet. pfft i dont need all 1383 lines of code that do all the different functions. we just need the basic convert random characters + checksum and then convert to public. which should be under 100 lines of code
this will then allow people to make their own programs that hash words into giberish in any form they like. EG a mix of md5, sha256 followed by another passthrough of sha, before then converting.
then they atleast can make their own scripts to
take the first page of moby dick and MD5 it. take the 6th page of the bible and MD5 it take the 207th page of 50 shades of gray and MD5 it
put all 3 codes into a sha256 add a MD5 of Moses 10 commandments sha256 again
and then put this through the 'brainwallet converter code'.
then next time they just put in those pages
Oops, now we know your brainwallet
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
bitcoinbeliever
Newbie
Offline
Activity: 54
Merit: 0
|
|
December 23, 2013, 05:42:12 AM |
|
Whoever runs this site needs to shut it down now. It's negligent to do anything less.
I like to set up and fund brainwallet accounts for people I know who are new to bitcoin. Then, all I have to do is give them the passphrase. How else can I achieve this, without either 1) waiting for action from the recipient before I get an address to fund, or 2) having to associate an online account with an email address - which is either mine (the wrong one) or theirs (and they are tipped off about the gift)?
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
December 23, 2013, 05:47:59 AM |
|
Whoever runs this site needs to shut it down now. It's negligent to do anything less.
I like to set up and fund brainwallet accounts for people I know who are new to bitcoin. Then, all I have to do is give them the passphrase. How else can I achieve this, without either 1) waiting for action from the recipient before I get an address to fund, or 2) having to associate an online account with an email address - which is either mine (the wrong one) or theirs (and they are tipped off about the gift)? Paper wallet? using a random (aka 256 bit of entropy) private key rather than some almost guaranteed to be bruted forced brainwallet scheme? What a great way to introduce someone to Bitcoin, give them a brainwallet, later when it is worth a small fortune they go to check on it and find out someone robbed it years ago.
|
|
|
|
Rampion
Legendary
Offline
Activity: 1148
Merit: 1018
|
|
December 23, 2013, 10:05:32 AM |
|
Whoever runs this site needs to shut it down now. It's negligent to do anything less.
I like to set up and fund brainwallet accounts for people I know who are new to bitcoin. Then, all I have to do is give them the passphrase. How else can I achieve this, without either 1) waiting for action from the recipient before I get an address to fund, or 2) having to associate an online account with an email address - which is either mine (the wrong one) or theirs (and they are tipped off about the gift)? Wow. If you think a brain wallet with a "memorable" password is secure you shouldn't be managing people's money at all. Why don't you just print out paper wallets?
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3640
Merit: 1571
|
|
December 23, 2013, 10:34:56 AM |
|
Does anyone know who runs that site or how to contact them? The site itself has no contact info on it, the source code is owned by a user just called "brainwallet", the only thing resembling a contact address is a twitter account also called "brainwallet", etc.
You would think the Bitcoin "brain trust" would communicate with each other better: I actually have IRC logs about the creation of the phrase brainwallet and brainwallet.org. It was created by someone who introduction to the subject matter was his own efforts to crack peoples insecure keys, and he was irritated that he only found a few coins. No kidding.
|
|
|
|
TheButterZone
Legendary
Offline
Activity: 3010
Merit: 1031
RIP Mommy
|
|
December 23, 2013, 08:53:52 PM |
|
Does anyone know who runs that site or how to contact them? The site itself has no contact info on it, the source code is owned by a user just called "brainwallet", the only thing resembling a contact address is a twitter account also called "brainwallet", etc.
You would think the Bitcoin "brain trust" would communicate with each other better: I actually have IRC logs about the creation of the phrase brainwallet and brainwallet.org. It was created by someone who introduction to the subject matter was his own efforts to crack peoples insecure keys, and he was irritated that he only found a few coins. No kidding. Joric, I found him in #bitcoin-dev once, and IIRC he ragequit because of the core team bitching about bw.org Also https://github.com/brainwallet/brainwallet.github.com
|
Saying that you don't trust someone because of their behavior is completely valid.
|
|
|
kuverty
|
|
December 24, 2013, 04:07:08 PM |
|
People are too worried about this. Everything that should be done is add a disclaimer not to use the Brainwallet site if you don't know what you're doing/can't come up with a proper passphrase. I like my brainwallet and I'll keep using it, it's a very nice idea. No surprise it's not suitable for the masses, just look at any list of leaked plaintext passwords. Or a list of leaked md5 passwords and see how many per cent you can crack.
|
|
|
|
Financisto
|
|
December 27, 2013, 02:51:28 AM |
|
Definitely, brain wallets are not for newbies! Paper wallets are easier to manage at early learning stages. Brain wallets are for pros!
|
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1105
WalletScrutiny.com
|
|
December 27, 2013, 03:09:53 PM |
|
For noobs: Brain wallets are rat poison and will get people to loose their money. For pros: I like brainwallets as it allows me to give bitcoins totally offline with only pen and paper. I told a friend to make up some 5 long completely unrelated, maybe slang words and write them down. I wrote them down, too and she paid me for one bitcoin back then when it was around $10. I sent a bitcoin there when I got home. Worst thing that can happen is that she loses a paper with meaningless words on it
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
|
|
Beliathon
|
|
June 27, 2014, 04:34:42 AM |
|
Does anyone know who runs that site or how to contact them? The site itself has no contact info on it, the source code is owned by a user just called "brainwallet", the only thing resembling a contact address is a twitter account also called "brainwallet", etc.
Whoever runs this site needs to shut it down now. It's negligent to do anything less.
For someone who lives in a direct democracy that has a lot of personal freedom, and hence, a lot of required personal responsibility, you sure as hell like to impose your moral standards on other people. Bitcoin source code was authored by some unknowable pseudonym, SHUT IT DOWN, PADRE-MIKEHEARN SAYS NO ANONYMYMOUS CODINGZ!!! I love you Carlton. Truly and with all my heart.
|
|
|
|
|