stringwallet

[curiosity81]

Hi guys,

during christmas I was thinking about a way to produce my own brainwallets. You find the code below

https://github.com/curiosity81/stringwallet.

Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.

Edit: to prevent confusion, I renamed the project to stringwallet.

[1714674781]

1714674781

[1714674781]

1714674781

[1714674781]

1714674781

[1714674781]

1714674781

[1714674781]

1714674781

[1714674781]

1714674781

[curiosity81]

If you can reproduce your own brainwallet and the string is short or common and only hashed once, then I would recommend, that you move your founds to a new more secure address!!!

[HeRetiK]

Is anyone still using brainwallets in earnest? I always assumed that anyone that used a brainwallet effectively got robbed by now. Then again, any brainwallet that was sufficiently secure wouldn't be identifiable as such.

[...]
Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.

You'll likely have to use a combination of different hashes in varying rounds (eg., 10x Sha256 => 2x Scrypt => Bcrypt => etc) requiring an attacker to reproduce your exact hashing steps. Let's not forget that anyone who is scanning for brainwallets has a lot of time to do so and thus can account for multiple hashing rounds as well.

[colatkinson]

The problem is ultimately that the randomness of a brain wallet is only as good as the randomness of the underlying passphrase i.e. terrible. Humans are not good at making random passphrases, and so the search space for an attacker is massively reduced. Instead of searching through every possibility, using a dictionary to search for common words, etc. would likely lead to cracking the wallet relatively quickly.

Is this better than a single iteration of sha256? Probably. Is this a secure key derivation function in any way? Absolutely not.

[piotr_n]

Is anyone still using brainwallets in earnest?

yes.

i don't trust stored data to stay secret.

[hopeAo]

Hi guys,

during christmas I was thinking about a way to produce my own brainwallets. You find the code below

https://github.com/curiosity81/brainwallet.

Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.

A Brain Wallet is the one when user remembers their mnemonic phrase or the private key and never writes it down. That is, all is stored in the brain only for security reasons.

So why have a brain wallet and still write you private key or mnemonic phrase down on a piece of paper?

To me brain wallet is not good because it is difficult to manage in case the user forgets his/her mnemonic paraphrase or private key due to any mishap such as  accidents, brain diseases/ damage or even mental stress, he /she will lose his/her crypto-coins and funds.

[alphaomega.f]

How safe is it to use brainwallet? Clearly, its helpful but is it that safe? I want to try it too since I have trouble memorizing stuffs.

But its quite crucial specially when you forgot your mnemonic phrase. It cannot be recovered.

[curiosity81]

Hi guys,

during christmas I was thinking about a way to produce my own brainwallets. You find the code below

https://github.com/curiosity81/brainwallet.

Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.

A Brain Wallet is the one when user remembers their mnemonic phrase or the private key and never writes it down. That is, all is stored in the brain only for security reasons.

So why have a brain wallet and still write you private key or mnemonic phrase down on a piece of paper?

To me brain wallet is not good because it is difficult to manage in case the user forgets his/her mnemonic paraphrase or private key due to any mishap such as  accidents, brain diseases/ damage or even mental stress, he /she will lose his/her crypto-coins and funds.

The idea is actually, that you need no backup!

With a brainwallet in the worst case, you must write the passphrase down. Clearly, you should write it down several times and hide the passphrase at different places. You can even cut the paper into two or more pieces and hide the pieces at different places so that it is unlikely for an attacker to have access to the full passphrase. There are variations of this method which seem more elegant. But everyone can make his/her own thoughts.

It is a pain in the ass to get access to the master key in core. Imho it is much too complex for a simple but secure brainwallet. And if you do not use an HD-Wallet, you have to backup your wallet anyway. But hardware can be lost (on a dump) or the hardware breaks one day. Moreover, one can lose the passphrase for the hardware.

With a brainwallet, the danger of breaking or losing hardware is not existent. Provided the passphrase for the brainwallet is good enough, for a cold wallet, this method seems more secure to me.

There are more passphrases built by 20 words from a dictionary with more than 10.000 words than ECDSA private keys, and assuming that hashing those passphrases several times (> 10.000), distributes the resulting values evenly between 0 and 2^256, this should be secure enough. Especially, since there are only 2^160 adresses, that is many private keys map to the same address anyway.

[curiosity81]

How safe is it to use brainwallet? Clearly, its helpful but is it that safe? I want to try it too since I have trouble memorizing stuffs.

But its quite crucial specially when you forgot your mnemonic phrase. It cannot be recovered.

There is no script for generating a passphrase yet. But I plan to add a simple script which uses aspell to sample 20 or more random words from a dictionary. Four additional words, selected from the 20, will be used as checksum. Security I discussed in my post above.

However, I am not a cryptographer. So beware! I do this for fun and educational purposes. And because I did not find corresponding code I understand.

[HeRetiK]

Is anyone still using brainwallets in earnest?

yes.

i don't trust stored data to stay secret.

Fair enough.

If you don't mind me asking: Do you (a) harden your brainwallet using a script, similar to OP, or do you (b) rely on a technique that you can apply off the top of your head, without relying on a computer? (eg. a long passphrase that is not part of a known body of literature, changing / shifting letters around in a way that can be easily remembered...)

Both make sense when trying to avoid storing data outside your head, but (a) seems more secure while (b) gives you full flexibility regardless of whether you have access to your hardening script.

[piotr_n]

If you don't mind me asking: Do you (a) harden your brainwallet using a script, similar to OP, or do you (b) rely on a technique that you can apply off the top of your head, without relying on a computer? (eg. a long passphrase that is not part of a known body of literature, changing / shifting letters around in a way that can be easily remembered...)

Both make sense when trying to avoid storing data outside your head, but (a) seems more secure while (b) gives you full flexibility regardless of whether you have access to your hardening script.

What does it matter?

However I hardened my passphrase, I'm not going to unharden it now by telling you about this.

[Spendulus]

If you don't mind me asking: Do you (a) harden your brainwallet using a script, similar to OP, or do you (b) rely on a technique that you can apply off the top of your head, without relying on a computer? (eg. a long passphrase that is not part of a known body of literature, changing / shifting letters around in a way that can be easily remembered...)

Both make sense when trying to avoid storing data outside your head, but (a) seems more secure while (b) gives you full flexibility regardless of whether you have access to your hardening script.

What does it matter?

However I hardened my passphrase, I'm not going to unharden it now by telling you about this.

Although (brain wallet produced by human) --> seed key

is recognized and accepted as a bad idea,

    f(brain wallet produced by human) --> seed key

where f is a easily remembered math procedure such as modulo(x), may form an acceptable key

[HeRetiK]

If you don't mind me asking: Do you (a) harden your brainwallet using a script, similar to OP, or do you (b) rely on a technique that you can apply off the top of your head, without relying on a computer? (eg. a long passphrase that is not part of a known body of literature, changing / shifting letters around in a way that can be easily remembered...)

Both make sense when trying to avoid storing data outside your head, but (a) seems more secure while (b) gives you full flexibility regardless of whether you have access to your hardening script.

What does it matter?

However I hardened my passphrase, I'm not going to unharden it now by telling you about this.

Although (brain wallet produced by human) --> seed key

is recognized and accepted as a bad idea,

    f(brain wallet produced by human) --> seed key

where f is a easily remembered math procedure such as modulo(x), may form an acceptable key

Question being, whether a simple obfuscation algorithm that can be done in your head or with a piece of paper is sufficient, as opposed to a computer-supported one. Unless you can mentally sha256

Given the amount of possible simple obfuscation algorithms I guess one can achieve sufficient security without computer support, assuming you don't rely on any well known methods (rot13 anyone?). In other words, this could be a use case where rolling your own "crypto" and security by obscurity might be a good thing.

[Hexah]

I think it is good to use some brainwallet but I think it is more good to those people who can grasp easily about their passwords made or the people who have good memories in terms of it. It would be nice if that brainwallet has some hints options so that slow grasp individual can easily manage on the wallet.

[piotr_n]

Although (brain wallet produced by human) --> seed key

is recognized and accepted as a bad idea,

    f(brain wallet produced by human) --> seed key

where f is a easily remembered math procedure such as modulo(x), may form an acceptable key

that's ridiculous as f() is also produced by human.

Not to mention that in order to get a 256 private key value from the memorable passphrase,  you need some kind of f() anyway.

WTF does it even mean that something 'is recognized and accepted as a bad idea'?
Sounds to me like an argument brought by someone who has no arguments

[HeRetiK]

Although (brain wallet produced by human) --> seed key

is recognized and accepted as a bad idea,

    f(brain wallet produced by human) --> seed key

where f is a easily remembered math procedure such as modulo(x), may form an acceptable key

[...]

WTF does it even mean that something 'is recognized and accepted as a bad idea'?
Sounds to me like an argument brought by someone who has no arguments

I think what Spendulus is referring to is that brainwallets that are derived from human generated passphrases tend to get bruteforced sooner or later. At least those that are purely based on words that can be found in dictionaries and quotes that stem from books and song lyrics.

There are many examples of brainwallets that got swiped by attackers, however it is of course impossible tell what percentage of brainwallets is affected since the total number of brainwallets is unknown. Nonetheless the general recommendation on these forums and other social platforms has been to stay clear of brainwallets (whether justified or not).

[piotr_n]

I think what Spendulus is referring to is that brainwallets that are derived from human generated passphrases tend to get bruteforced sooner or later. At least those that are purely based on words that can be found in dictionaries and quotes that stem from books and song lyrics.

There are many examples of brainwallets that got swiped by attackers, however it is of course impossible tell what percentage of brainwallets is affected since the total number of brainwallets is unknown. Nonetheless the general recommendation on these forums and other social platforms has been to stay clear of brainwallets (whether justified or not).

yeah.. I've read that "general recommendation" and none of the people who stand behind them is actually able to give me an answer on how exactly would they approach a brute forcing of a complex passphrase - one that is not just a word or a phrase from a dictionary.

they don't give the answer because they don't have any - that's the kind of 'experts' they are.
for me, they are just full of shit - what they do has zero to do with science and 100% to do with their beliefs driven by a subjective perception.

seriously, I am not aware of any hacking tool, or even a serious theoretical paper, that would successfully address a problem of brute forcing original sentences made by a human brain. make an original sentence (one that you can't just google) of ~20 words and I am betting all my bitcoins that no man armed with the fastest computer is going to brute force it before we both die.

if I wanted to crack brain wallets, I'd rather put my effort in finding a way to calculate the EC-private key from the EC-public, rather than try to brute force a creativity (or insanity) of a human brain. the first one not only seems less complex and more straight forward to me, but (most of all) it would then crack all the wallets

[HeRetiK]

[...]

yeah.. I've read that "general recommendation" and none of the people who stand behind them is actually able to give me an answer on how exactly would they approach a brute forcing of a complex passphrase - one that is not just a word or a phrase from a dictionary.

[...]

seriously, I am not aware of any hacking tool, or even a solid theoretical paper, that would successfully address a problem of brute forcing original sentences made by a human brain. make an original sentence (one that you can't just google) of ~20 words and I am betting all my bitcoins that no man armed with the fastest computer is going to brute force it before we both die.

[...]

Very true.

I'd still argue that this recommendation was aimed at the general populace that is notoriously bad at creating sufficiently secure passwords and passphrases. And I think there's enough evidence for that

[Spendulus]

Although (brain wallet produced by human) --> seed key

is recognized and accepted as a bad idea,

    f(brain wallet produced by human) --> seed key

where f is a easily remembered math procedure such as modulo(x), may form an acceptable key

that's ridiculous as f() is also produced by human.

Not to mention that in order to get a 256 private key value from the memorable passphrase,  you need some kind of f() anyway.

WTF does it even mean that something 'is recognized and accepted as a bad idea'?
Sounds to me like an argument brought by someone who has no arguments

No, please try to think through these things.

Your arguments say are A B C.

A is not "ridiculous" because issue is discoverable key, and f() moves the human-phrase from determinable low entropy to high entropy difficult to determine. Yes I can pick method which is simple yet generates huge difficulty. (see EX f() )

B this f() is common knowledge, so an attacker always applies it as part of his algorithm. I refer to an f() which the attacker can only guess at.

C Human phrases are in fact recognized and accepted as bad idea. Time to break these phrases is the proof not opinion

EX f()
Require user of a brain wallet to a four digit base 58 value "c"
To increase entropy of the phases strip spaces from the phrase, than
Apply simple function based on "c" to characters of the brain wallet.

Brute force attack is now 58^4 or 10M times harder. And that's the "best case," where the attacker knew some sort of human-generated brain wallet was used. If attacker did not know that, he's out of luck.

But show me wrong. I'm certainly not expert at this.

[piotr_n]

I'd still argue that this recommendation was aimed at the general populace that is notoriously bad at creating sufficiently secure passwords and passphrases. And I think there's enough evidence for that

sure, I understand that.

but we are abstracting here from the fact that if the "general populace" is bad at creating sufficiently secure passwords, then it is quite likely also bad at securing the copies of their wallet's secret files.

so if they were consistent in heir recommendations, they should basically recommend everyone to stay away form bitcoin. but they don't - they only recommend to not use brain wallets, like it was the very thing that is going to save an idiot from loosing his coins.