It took 10 seconds for the brainwallet "password1" to be taken

[niothor]

1000+ years to guess at 20,000,000 guesses per second

The problem is that it might be guessed in 2 seconds , in 10 minutes or in 989 years.

It's "1000+years" to try them all.
Usual misconception about password security.

Your password is just a needle in a haystack,which the cracker attempts to find.If your add more characters the bigger the stack is , but it doesn't mean that you're 100% safer.

To make it clear:
It will take god knows how many billions years to get all the private keys right?
Well , a few thousands private keys will be generated in one hour , if you're one of the owners... it's just luck

[1714811357]

1714811357

[1714811357]

1714811357

[1714811357]

1714811357

[NewLiberty]

1000+ years to guess at 20,000,000 guesses per second

The problem is that it might be guessed in 2 seconds , in 10 minutes or in 989 years.

It's "1000+years" to try them all.
Usual misconception about password security.

Your password is just a needle in a haystack,which the cracker attempts to find.If your add more characters the bigger the stack is , but it doesn't mean that you're 100% safer.

To make it clear:
It will take god knows how many billions years to get all the private keys right?
Well , a few thousands private keys will be generated in one hour , if you're one of the owners... it's just luck

"It will take 1000 years"
Maybe there are 10.000 hackers so .1 year?
Maybe each have 10 computers so .01 year?
Maybe every 12 words found in any sequence on any publicly available web page get stuffed into a rainbow table...

Have fun securing your brain wallet.

[DobZombie]

Want a good brain wallet?

-Pick your favourite book
-use the first 3 digits of your birthday to pick a page number ( or 2 digits if you read books with pictures, or graphic novels)
- use all the words down the left hand side.

[TooDumbForBitcoin]

Want a good brain wallet?

-Pick your favourite book
-use the first 3 digits of your birthday to pick a page number ( or 2 digits if you read books with pictures, or graphic novels)
- use all the words down the left hand side.

But what if you get in a car accident 2 years and 2 months from now, and you're taking painkillers, and you leave the book in the car, and you use a false birthday at the hospital to get insurance, and you can no longer tell your left from your right, what then?

What organization will help you?

[Stormalong]

Maybe any software that supports brain wallets should do a security check.

1. Generate brain wallet
2. Send a tiny amount of bitcoins to that address
3. If the bitcoins haven't been stolen in some period of time (1 hour? 12 hours?) then consider the wallet secure and you can transfer larger amounts to it

[BombaUcigasa]

Maybe any software that supports brain wallets should do a security check.

1. Generate brain wallet
2. Send a tiny amount of bitcoins to that address
3. If the bitcoins haven't been stolen in some period of time (1 hour? 12 hours?) then consider the wallet secure and you can transfer larger amounts to it

Plot twist, some bots have a minimum wait time or transaction size before stealing the funds.

[Etlase2]

If you try to pick 12 "random" words on your own you will fail. Humans are terrible at randomness.

This is silliness. If you are looking to pick X random words, take a book--for example, a dictionary--open it to any page and point your finger at any spot. Rinse repeat. Not everything has to be protected by a layer of high-tech gidgetry. Plus the process is simple and adds a physical connection where one might be apt to take it more seriously rather than some randomly generated gibberish on the screen. It also means it will be more memorable.

Plot twist, some bots have a minimum wait time or transaction size before stealing the funds.

Well if they didn't before, they do now.

[dserrano5]

This is silliness. If you are looking to pick X random words, take a book--for example, a dictionary--open it to any page

You're specially unlikely to open it on page 1. The book's binding will make it more probable to open it on specific pages. All that reduces entropy.

[Etlase2]

You're specially unlikely to open it on page 1. The book's binding will make it more probable to open it on specific pages. All that reduces entropy.

Yes, I could have made the corollary referencing this nonsense, but alas.

[joeyjoe]

Or.. you know, don't use brain wallets. Create one locally and encrypt it with true crypt.

[p2pbucks]

i'v learned a lot ! Thanks for sharing this info 

[Korporal]

Or.. you know, don't use brain wallets. Create one locally and encrypt it with true crypt.

This ^^^

[zumzero]

So is it safe for me to create a wallet using the bitaddress.org brain wallet creator provided I use enough random numbers and letters?

I don't intend to remember the passphrase and I will not make a record of it.  I am only interested in the public address and corresponding private key using this method of generation.

I intend to boot a brand new laptop using Ubuntu from a new storage card/pen drive and then accessing the bitaddress'org zip files from a second storage card.

The laptop will never connect to the internet or bluetooth and the pen drive/storage cards will never connect to the internet after first loading them with the operating system and zip files.

[zumzero]

So is it safe for me to create a wallet using the bitaddress.org brain wallet creator provided I use enough random numbers and letters?

I don't intend to remember the passphrase as I will not make a record of it.  I am only interested in the public address and corresponding private key using this method of generation.

I intend to boot a brand new laptop using Ubuntu from a new storage card/pen drive and then accessing the bitaddress'org zip files from a second storage card.

The laptop will never connect to the internet or bluetooth and the pen drive/storage cards will never connect to the internet after first loading them with the operating system and zip files.

I would use Armory to create a wallet on the offline computer and then back up the armory keys for the wallet.  then create a watch-only wallet for your live computer.  I always test out restoring the wallet from scratch before I put funds into it.  then you just need the offline computer to sign outgoing transactions.

Thanks.  I will start to look into Armory.  I understand a new version is due very soon and what your saying sounds similar to a discussion on Letstalkbitcoin! I heard recently.

My current plan is to create ten wallets and duplicate each three times using metal stamps onto brass strips.  Each strip of brass will hold a public address on one side and a private key on the other and will be cut into three pieces.

I will spread the pieces of brass across three locations to ensure that a visit to any two of the three locations will allow for retrieval of all ten wallets.

It was my intention to never use this new laptop again and possibly even destroy it and the pen drives/ storage cards after I have generated all the wallets I need.  Overkill?

The wallets are for long term storage and I was going to 'watch' them using a phone app.

 

[Topazan]

A number of people mentioned recursive hashing.  I was wondering about that.  Is there really any point to it?  Sure, it adds entropy, but why not just add the entropy to the key directly?  Instead of hashing the key ten thousand times, why not why not add an extra random word or two?  In both cases, the attacker will have to do tons of extra hashing, but in the latter case you won't.

[Topazan]

A number of people mentioned recursive hashing.  I was wondering about that.  Is there really any point to it?  Sure, it adds entropy, but why not just add the entropy to the key directly?  Instead of hashing the key ten thousand times, why not why not add an extra random word or two?  In both cases, the attacker will have to do tons of extra hashing, but in the latter case you won't.

You can also do multiple rounds.  You can make a brain wallet, hash it with sha512, then hash the result with sha256 (maybe multiple rounds).  If you know what you are doing and remember all that it should fine.  For new users just do the Armory thing and back up the wallet keys.

Yeah, but what's the point?  I get it that the idea is to increase the amount of information an attacker will have to guess in order to compromise the key, but adding more words to the key has the same effect, doesn't it?

It reminds me of that correct horse battery staple thing.  Adding a complicated hashing algorithm will make it more difficult for you to access your coins when you want to, and it won't necessarily be more secure than simply adding more to your key would be.

[flatfly]

A number of people mentioned recursive hashing.  I was wondering about that.  Is there really any point to it?  Sure, it adds entropy, but why not just add the entropy to the key directly?  Instead of hashing the key ten thousand times, why not why not add an extra random word or two?  In both cases, the attacker will have to do tons of extra hashing, but in the latter case you won't.

You can also do multiple rounds.  You can make a brain wallet, hash it with sha512, then hash the result with sha256 (maybe multiple rounds).  If you know what you are doing and remember all that it should fine.  For new users just do the Armory thing and back up the wallet keys.

Yeah, but what's the point?  I get it that the idea is to increase the amount of information an attacker will have to guess in order to compromise the key, but adding more words to the key has the same effect, doesn't it?

It reminds me of that correct horse battery staple thing.  Adding a complicated hashing algorithm will make it more difficult for you to access your coins when you want to, and it won't necessarily be more secure than simply adding more to your key would be.

Indeed. There's a nice thread about this exact topic on the Agilebits forum. I'll see if I can find the link again.  
As long as you have enough entropy in your passphrase (in a provable way), you will be just fine. Speaking about this, you may want to check out NoBrainr, which is our simple command-line tool based on this principle.

It generates bruteforce-resistant addresses perfect for cold storage and brainwallets, using an easy-to-remember xkcd/diceware-style passphrase. Example:

Code:

1MbmMGrtkahbjYNfLmsbKuGFByuKvAyxnC == gun thyme nose cubic almost relish fed

This has 90.47 bits of entropy, which is more than strong enough to protect against passphrase bruteforcing, if you do the math. It may look like a bold statement to the untrained eye, but I, for one, feel be perfectly safe and happy to store up to 5000 BTC with such a passphrase.

[dserrano5]

verySTRONGpasswordWOULDbeLIKEthisONEwithYOURpetNAMEappendedTOit

That password just sucks.

[vqp]

I'm not a fan of brainwallets for myself (I have a lousy memory and also I could die at any moment )
I ended up using bitaddress random generation, BIT38 and print.
But returning to brainwallets:  What about using 12 words from dictionary and one word that makes sense for you (like DeathAndTaxesRules ) but is not any dictionary

[vqp]

Code:

1MbmMGrtkahbjYNfLmsbKuGFByuKvAyxnC == gun thyme nose cubic almost relish fed

This has 90.47 bits of entropy, which is more than strong enough to protect against passphrase bruteforcing, if you do the math. It may look like a bold statement to the untrained eye, but I, for one, feel be perfectly safe and happy to store up to 5000 BTC with such a passphrase.

What about adding a non-dictionary word like your your screen name in some forum, your email address, nospaced phrases like "tooyoungtodie", you can even remember them more easily than "thyme" and "relish"