What characteristics make a solid brain wallet?

[Patel]

Hey guys,

I am looking for a solution where I can store my Bitcoins with a brain wallet pass phrase.

I am looking for tips on what characteristics make a good brain wallet, and how many words it should be.

How secure is this?

Would something along the lines of:

america banana cast dominican equator frenchfry guacamole honduras 12345678

How safe is that?

Also, can you please give me some tips on how I can create a safe brain wallet. Right now the stereotype is that brain wallets are not safe, but its not that they aren't safe, its that the passwords people choose are not safe. So I would like to get some input.

[1714648970]

1714648970

[1714648970]

1714648970

[1714648970]

1714648970

[1714648970]

1714648970

[phillipsjk]

It is hard to estimate the quality of that proposed passphrase: because it was not randomly generated.

"banana, dominican, equator, guacamole, honduras" seem to all have a tropical theme.

The number tacked on the end frequents top 10 password lists.

My room-mate noticed that each word starts with a subsequent letter.

If we assume a 2000 word list, divided by 25 due to the predictable pattern, that is about 6.32 bits of entropy per word. If we assume the last word is a list of common number sequences, I will be generous and assume 6.32 bits of entropy for that as well (80 entries).

9 words X 6.32bits = about 57 bits of entropy.

As a rule of thumb, you will want at least 64 bits of entropy (the actual strength needed depends on how fast an attacker can check guesses). 64 bits is 128 times (2⁷) stronger that 57 bits. If you have over 128 bits of entropy, no machine in the universe is likely to be able to ever brute-force the passphrase.

Perhaps Brainwallet.org should use their own rainbow table. You can still keep everything client-side for generating the address. However once the address is generated, it can be submitted to the site for checking. Users may be surprised to learn the the chorus from their favorite song (with common mishearings and spellings) is actually in the dictionary.

As has been mentioned earlier in this thread, if you can easily memorize it, it is probably not a secure passphrase. The rule of thumb I use is that If it has ever been published anywhere, it is probably not a secure password. Do you really think the sum total of human knowledge has over 64 bits of entropy? (that data-set is only about 46 bits of entropy).

Wikipedia has a page on Password strength

My favorite online Password Generator (Note: in theory, it is better to generate passwords on your own hardware).
Generating passwords makes the amount of entropy more predictable:

Code:

28B1849D702FB75A
/|url.:n~p
NtLDtc1rhf6

All have at least 64 bits of entropy. The first is 4 bits per character, the second is  6.55 bits per character, while the last is 5.96 bits per character. You can calculate the number of bits per character thus: log(number of symbols)/log(2) -- the base of the log does not matter because dividing by the log of 2 converts to base 2.

[flatfly]

You may want to take a look at NoBrainr, which was made just for this. It generates easy-to-memorize passphrases with a constant 13 bits of entropy per word (7,776 word list).

Example:
nine ranch quart snap jazz orb ski == 1HwzD1A29Fqj6xguvCKu1fqPjK9pfDNJCj  <- lifetime secure

As phillipsjk pointed out, the only way you can make a brainwallet truly robust is NOT to choose the passphrase yourself. Either trust your computer's cryptographic RNG (as NoBrainr, Bitcoin-Qt, Electrum, VanityGen and others do), or use the excellent Diceware method (one of the cheapest sources of true randomness available.)

[franky1]

when using correctly spelled words and numbers as a separate element, your password would be easier to crack

try
america banana cast dominican equator frenchfry guacamole honduras 12345678
as
4m3r1c4 64n4n4 c45t d0m1n1c4n 3qu4t0r fr3nchfry gu4c4m0le h0ndur45 12345678

and if you want something to remember long term.. choose a book and a book page and line and the use that as your passphrase were some of the letters are made into numbers

Eg

c4ll m3 15hm43l 50m3 y34r5 490 h4v1n9 l1ttle 0r n0 m0n3y

[DobZombie]

'merica 8anana legit! smegmacoat motherfalkner & BlamBlam

I think in simplest terms a good brain wallet is...
-easy for you to remember
-not any any password list
-not guessable by anyone you
-not guessable by anyone that can kind out anything able you (whether you think they can know it or not)

[dserrano5]

try
america banana cast dominican equator frenchfry guacamole honduras 12345678
as
4m3r1c4 64n4n4 c45t d0m1n1c4n 3qu4t0r fr3nchfry gu4c4m0le h0ndur45 12345678

NO!!!

Use random data. NoBrainr is small and effective.

[virtualmaster]

Hey guys,

I am looking for a solution where I can store my Bitcoins with a brain wallet pass phrase.

I am looking for tips on what characteristics make a good brain wallet, and how many words it should be.

How secure is this?

Would something along the lines of:

america banana cast dominican equator frenchfry guacamole honduras 12345678

How safe is that?

Also, can you please give me some tips on how I can create a safe brain wallet. Right now the stereotype is that brain wallets are not safe, but its not that they aren't safe, its that the passwords people choose are not safe. So I would like to get some input.

1. Brainwallet used just as deterministic wallet if the entropy source is low or compromised in the working environment. Here it is not necessary that you memorize the passphrase just the unpredictable and high-randomness aspect of the passphrase.
- Generate a random passphrase.
- Take half of the passphrase and intersect the same amount of characters in an unpredictable way.
- Eventually make a hash of it as 3. step and take that hash value as passphrase.
This way will be awoided that you choose some week passphrase and the passphrase generators eventually weekness also.
2. Brainwallet used with human mind memorable passphrase.
- write down your main email address (eventually add your name also) - this part to make hard to bruteforce all passphrases on a global level
- add a random passphrase easy memorable for you - not to short and not in a predictable schema
- stretch it with bcrypt 12 rounds - to limit the brute force attacking speed
Use the obtained hash as input value to generate a keypair or a keypair list or chain.
Newer reuse(at least by a higher BTC amount than 1 BTC on an address) the same address.
It is also recommended to generate the keypairs from your passphrase with an amnesic live OS without internet connection and save only the addresses ona USB stick if you want to use the brainwallet as longterm saving. (If you want to use your coins more actively then you need to import the keys in an encrypted wallet.)
Transfer the amounts on your generated addresses and the wallet(if you imported the keys) from the USB to your active computer .

[Abdussamad]

Don't create your own passphrase. Use electrum and it will make one for you. Memorize that.

If you want to know why creating your own passphrase is a bad idea please see below:

BIP∞: Brainwallets.

FOR GODS SAKE. DON'T DO IT.  YOU MAY THINK YOU ARE SMART ENOUGH. SO DID EVERYONE ELSE WHO GOT ROBBED. HUMANS ARE NOT A GOOD SOURCE OF ENTROPY.

YOU HAVE A SCHEME?  Pfft. THE SPACE OF ALL SCHEMES YOU'RE LIKELY TO HAVE PROBABLY ONLY HAS A FEW BITS OF ENTROPY. RANDOM PHRASE IN A BOOK? THERE ARE ONLY ABOUT 30 BITS OF SENTENCE SELECTION IN A LIBRARY.

OH NO. YOU ARE NOT LISTENING TO ME, ARE YOU?

OH CRAP. YOU THINK THAT "EIGHT CHARACTERS AND ONE FROM EACH CHARACTER CLASS" APPLIES HERE??  WEBSITE SECURITY MIGHT HAVE TO DEAL WITH 1000 ATTEMPTS PER SECOND, BUT SOME DUDE WITH A FPGA FARM IS PROBABLY PRECOMPUTING A BILLION BRAINWALLETS PER SECOND. JUST STOP.

NOOOOOOOOOOOO.

Well, now that you have no more Bitcoin I guess we don't have to worry about you using a brainwallet.

Cheers.

[Wary]

Are you sure you will be able to correctly recall the 12 random words from Electrum in, say, 10 years time?

Why not use something you've been already remembering for years?
Say, surnames(or nicknames) of your (girl/boy/best)friends, in chronological order.

There are a lot of surnames, so they have bigger entropy than words from Electrum (unless your friends are all Koreans ), so you don't even need 12 names. Since password attacks are directed not personally at you, but at the whole population, it seems to be quite safe way. And if you keep your private life private, even attack directed personally at you won't be successful.

[keatonatron]

Are you sure you will be arble to correctly recall the 12 random words from Electrum in, say, 10 years time?

Why not use something you've been already remembering for years?
Say, surnames(or nicknames) of your (girl/boy/best)friends, in chronological order.

There are a lot of surnames, so they have bigger entropy than words from Electrum (unless your friends are all Koreans ), so you don't even need 12 names. Since password attacks are directed not personally at you, but at the whole population, it seems to be quite safe way. And if you keep your private life private, even attack directed personally at you won't be successful.

I agree with this. It's easy to look at the OP's suggestion and say "it's all tropically-themed and the number at the end is easy to guess!", but how would anyone know what to look for without seeing it first?

Could a computer be programmed to brute-force using themed sets? What if the OP threw in a single word that didn't fit the theme--would the computer not guess that combination because it's only looking for themes? What if the number came before the last word?

I believe "try all possible combinations of themed words, of all possible lengths, and then try each possible theme set with a random non-themed word put in, in each position... and try a list of common numbers, of all common lengths, added to each position..." would be just as time consuming as brute-forcing one character at a time.

Sure, it might not have much entropy. But unless two people are relying on RNG's that aren't random and both come up with the same numbers, using low entropy isn't going to make it much easier for someone to brute force your password (if it's long enough). 

[p2pbucks]

Hey guys,

I am looking for a solution where I can store my Bitcoins with a brain wallet pass phrase.

I am looking for tips on what characteristics make a good brain wallet, and how many words it should be.

How secure is this?

Would something along the lines of:

america banana cast dominican equator frenchfry guacamole honduras 12345678

How safe is that?

Also, can you please give me some tips on how I can create a safe brain wallet. Right now the stereotype is that brain wallets are not safe, but its not that they aren't safe, its that the passwords people choose are not safe. So I would like to get some input.

SHA256  a certain page of a book

[flatfly]

Hey guys,

I am looking for a solution where I can store my Bitcoins with a brain wallet pass phrase.

I am looking for tips on what characteristics make a good brain wallet, and how many words it should be.

How secure is this?

Would something along the lines of:

america banana cast dominican equator frenchfry guacamole honduras 12345678

How safe is that?

Also, can you please give me some tips on how I can create a safe brain wallet. Right now the stereotype is that brain wallets are not safe, but its not that they aren't safe, its that the passwords people choose are not safe. So I would like to get some input.

SHA256  a certain page of a book

No... Good way to get your btc stolen.

[Alpaca Bob]

Eight random words in two different languages should suffice, yeah?

[trout]

one difficult-to-measure parameter of a brain wallet is how well you are able to remember
the pass phrase. May be you are "pretty sure" to have it right now, but you memory
may not be as good in a year, in 10 years ... Do you remember your passwords from 10 years ago right now?
Of course it's not as much of a problem if it's for a short time.

[b!z]

Eight random words in two different languages should suffice, yeah?

Not anymore, since you've just given the world a hint to your passphrase.

[dserrano5]

Do you remember your passwords from 10 years ago right now?

Yeah for example one of them was o8ZKldMvp9, 14 years ago. I used to use it on a daily basis .

one difficult-to-measure parameter of a brain wallet is how well you are able to remember the pass phrase.

The trick to this is remembering it every single day, as part of some daily routine like washing your teeth for example. At first you'll need to write it down somewhere and read it to remember it but day after day you'll realize that you don't need the paper anymore. Mind you, you need to be religious about it. That's the actually difficult part, not the passphrase in and of itself. Feel free to go for 20 words if you follow this route, you'll memorize them with little effort.

[keatonatron]

Eight random words in two different languages should suffice, yeah?

Not anymore, since you've just given the world a hint to your passphrase.

Really?

Which 2 languages?

The Oxford Dictionary has more than 170,000 words. There are at least 85,000 in the Chinese dictionary.

Assuming we don't know how many words from each language are in use that equals 255,000 ^ 8 or 17,878,000,000,000,000,000,000,000,000,000,000,000,000,000 combinations.

And that's assuming we correctly guessed which two languages are in use.

Ready to get started brute-forcing? 

[Alpaca Bob]

Eight random words in two different languages should suffice, yeah?

Not anymore, since you've just given the world a hint to your passphrase.

Really?

Which 2 languages?

The Oxford Dictionary has more than 170,000 words. There are at least 85,000 in the Chinese dictionary.

Assuming we don't know how many words from each language are in use that equals 255,000 ^ 8 or 17,878,000,000,000,000,000,000,000,000,000,000,000,000,000 combinations.

And that's assuming we correctly guessed which two languages are in use.

Ready to get started brute-forcing?  

I'll take that as a yes then, and I'll make it nine or ten words just to be sure. Or will I?

Cheers.

[Patel]

Here is what I did:

Materials Needed:

1. Bitaddress.org saved html file (to access while disconnected from internet)
2. Linux or non windows operating system
3. Webcam/camera
4. TrueCrypt

Steps:

1. Print all of your paper wallets, using non-windows operating system or clean Ubuntu live cd
2. Take pictures of your paper wallets
3. Download TrueCrypt, make a encrypted file.
4. When choosing a password for your TrueCrypt file, think of a easy to remember 8-9 word phrase, add that phrase to Bitaddress brain wallet creator, take the private key, and use that private key as the password to your encrypted file.
5. Add the pictures into the encrypted file
6. Burn truecrypt traveler exe, bitaddress.org html file, encrypted file, onto a CD/DVD.

Technically this way your Bitcoins are still secured via private key and not a brainwallet password, but if you have access to the encrypted file, you can use a brainwallet password to unlock your encrypted file.

Optional: Take the CD/DVD, create it into .iso image, upload to your Google account for easy access in the future. (Still deciding the risks involved with this)

[keatonatron]

6. Burn truecrypt traveler exe, bitaddress.org html file, encrypted file, onto a CD/DVD.

I think optical media is only expected to last for 10 years or so before the plastic starts breaking down. Some USB sticks are also only guaranteed to retain their data for 10 years (or less!). It's something to keep in mind if you are going for very long term storage, physically written down/engraved seems to be the safest bet.