What's the safest way to use an awesome brainwallet?

[Five Points]

Just to be sure, I'm not asking how to create an awesome Brainwallet, but how to use one that is already awesome in the safest manner.

I like the allure of a Brainwallet: I can memorize something that is easier FOR ME to remember when compared with the private key.

Having said all that, what good is an amazing Brainwallet if you can't use it at will.

Would it be a good idea to recall that Brainwallet on a hot PC? Part of the beauty of a brainwallet is being able to recall it from memory in any place. I think most people will say no due to hot PCs possibly having keyloggers or other malware.

So, would it be okay to use on a cold PC, if that PC is never connected to the network? This would be a pain in the ass because then I would need to get another PC, and I'm currently broke.

And then, if the brainwallet is amazing and the PC being used to recall the keys is disconnected, then would I be safe?

Could I use that same brainwallet to receive bitcoins?

Could I safely withdraw funds from that brainwallet without compromising the original brainwallet?


I ask that last question because I've seen so many tutorials where people go through such an elaborate process with Armory, Electrum, saved Javascript websites, etc. on a cold PC that never connects, and as soon as they use that highly safe private key on a connected PC to do some business, that private key is immediately invalidated as having been compromised or exposed to the wild.

If I have to do that each time, what good is a brainwallet at all? What good is memorizing the private keys even? Is there a way to withdraw funds from a private key without exposing it to the wild??

[1714975941]

1714975941

[1714975941]

1714975941

[1714975941]

1714975941

[1714975941]

1714975941

[1714975941]

1714975941

[1714975941]

1714975941

[DannyHamilton]

Would it be a good idea to recall that Brainwallet on a hot PC?

That depends on how concerned you are about security.  Once you type in the necessary details from your "brainwallet" on a "hot PC", you are immediately vulnerable to various malware including keyloggers.

So, would it be okay to use on a cold PC, if that PC is never connected to the network?

That depends on how concerned you are about security.  Once you transmit a transaction, the public key of your "brainwallet" becomes public.  You also have to be very careful when constructing your transaction and make sure that any change from the transaction is sent back to the "brainwallet" address.

And then, if the brainwallet is amazing and the PC being used to recall the keys is disconnected, then would I be safe?

That depends on what you mean by "safe".  The private key would no longer be protected by RIPEMD-160 or SHA-256.  You would reduce the levels of protection to only ECDSA.  That isn't really a concern at the moment, but if there are new developments in the future that result in ECDSA becoming insecure, how confident are you that you'll hear about it and move your bitcoins before the exploit is used to take them from you? Furthermore, you'll be giving up some anonymity by continuously re-using the same address all the time as well.  Is anonymity important to you?

Could I use that same brainwallet to receive bitcoins?

You could.  It it up to you to decide how concerned you are with any loss of security and anonymity.

Could I safely withdraw funds from that brainwallet without compromising the original brainwallet?

Not sure what you mean by "compromising", but as long as ECDSA remains secure and you use a computer that has never been and will never be connected to the internet to create your transactions, you should be ok.

I ask that last question because I've seen so many tutorials where people go through such an elaborate process with Armory, Electrum, saved Javascript websites, etc. on a cold PC that never connects, and as soon as they use that highly safe private key on a connected PC to do some business, that private key is immediately invalidated as having been compromised or exposed to the wild.

Correct.  That would be because they want to maintain additional anonymity and want the full protection of ECDSA, SHA-256, and RIPEMD-160.  Some of them are also concerned about the possibility of accidentally failing to send the full balance of the "change" back to the original paper wallet address.

If I have to do that each time, what good is a brainwallet at all?

Brainwallets are generally a pretty bad idea, but assuming for the moment that you manage to memorize something generated randomly with at least 160 bits of entropy, it would be good for long term storage of bitcoins that you don't expect to use for many months or years.

What good is memorizing the private keys even?

Do people do that?  Memorize private keys?  If they do, I suppose it would protect them from theft of their long term storage.

Is there a way to withdraw funds from a private key without exposing it to the wild??

Yes, but it results in exposing the public key and eliminating the protection of SHA-256 and RIPEMD-160.  It also results in a loss of anonymity.

[Five Points]

Hey, thanks for your responses.

I'm not really concerned about anonymity, just security breaches.

I thought that public addresses were meant to be exposed to the wild, so what harm is there in using the public key of your offline savings wallet?

I am mostly going through all of this to protect my offline savings wallet. Therefore, it's imperative that it be immortal, so things like corruptible files, shaky hardware, and physical copies like paper wallets won't do it for me. I only trust myself and I am very happy to know that all of my savings can be backed up in my head. This is the single greatest trait I see in Bitcoin, in my humble opinion.

I only considered Brainwallets because I can create a passphrase that can ultimately bankrupt the Brainwallet concept if it is ever compromised, and because it's easier for me to remember. But I am willing to memorize the private key if that is the safest and most secure method to retaining my savings in my head.

I just don't understand why using the public address of my offline savings wallet is such a problem in terms of security. I thought that was the part that was designed to be shared, and only the private key must never see anyone's eyes.

And if that is such a problem, aren't there ways around it? I have seen some very cumbersome and user-unfriendly tutorials on using proprietary software and transaction keys so that offline wallet keys never see the light of day. Is this the best security solution in tandem with memorizing one's private key??

[forbun]

I think Trezor is the solution to this; it offers security and also a brainwallet series of words that can be used to restore all the private keys in the event that the device is lost, stolen, or damaged.

[Five Points]

I actually wanted to create just a hardware brainwallet that never connects. Maybe an old smartphone that never connects would do. But you can't beat a dedicated offline device.

[DannyHamilton]

I thought that public addresses were meant to be exposed to the wild, so what harm is there in using the public key of your offline savings wallet?

A public "bitcoin address" and a "public key" are not the same thing.  When you receive bitcoins at an address for the first time, that address is protected by ECDSA, SHA-256, and RIPEMD-160.  The address is public, but the public key is not yet public at that time.  If, in the future, a weakness is discovered any one or two of those cryptographic algorithms, your balance will still be protected by the remaining algorithm giving you time to move to a new algorithm before anyone can take your bitcoins.

The first time you send any bitcoins that have been received at that address, you broadcast the public key.  At that point, the private key is no longer protected by SHA-256 or RIPEMD-160.  It is ONLY protected by ECDSA. Right now ECDSA is secure enough in most cases, so this isn't a concern, but for long term storage you'll want to consider the possibility that a weakness is discovered in ECDSA and you don't hear about it before an attacker does.  If you've never sent any bitcoins that were received at the address it won't matter, since you are still protected by SHA-256 and RIPEMD-160.  If you have sent those bitcoins and continued to re-use the address, then you've lost that additional protection.

If this doesn't concern or worry you, then you can go ahead and re-use your brain wallets. I just assumed that you were very concerned about security.
 

I am mostly going through all of this to protect my offline savings wallet. Therefore, it's imperative that it be immortal, so things like corruptible files, shaky hardware, and physical copies like paper wallets won't do it for me. I only trust myself and I am very happy to know that all of my savings can be backed up in my head. This is the single greatest trait I see in Bitcoin, in my humble opinion.

I suspect that paper will out-live you and your memory.  Brain-wallets are typically one of the weaker traits of bitcoin.  Most people don't chose a passphrase with enough entropy, and human beings are VERY bad at doing anything in a random way.  We just aren't designed that way.

I only considered Brainwallets because I can create a passphrase that can ultimately bankrupt the Brainwallet concept if it is ever compromised

I'm not sure what that means, but the brainwallet concept is a rather weak concept for the vast maority of users.

I just don't understand why using the public address of my offline savings wallet is such a problem in terms of security.

The public address is fine.  It's when you send a transaction and broadcast the public key that you've made the address weaker.

I thought that was the part that was designed to be shared

The bitcoin address?  Yes.

The public key?  Only when you send a transaction, and after that it's best not to re-use the address if you are concerned about security.

And if that is such a problem, aren't there ways around it?

Yes, as recomended by Satoshi and other knowledgeable people.  Always use a private key that is generated from a cryptographically strong source of randomness, and never re-use a receiving address.

I have seen some very cumbersome and user-unfriendly tutorials on using proprietary software and transaction keys so that offline wallet keys never see the light of day. Is this the best security solution in tandem with memorizing one's private key??

Since I don't know which "cumbersome and user-unfriendly tutorials" you are talking about, I am unable to answer this question reliably.

[forbun]

When you use something like Electrum to generate a brain wallet, the passphrase is the seed. From this seed, the app generates an unlimited number of addresses, public keys, and private keys that can be deterministically re-generated, given the passphrase. So in this case, you can have one "brain wallet" (the passphrase) but an unlimited number of public keys generated from that seed; and revealing any of these public keys should be perfectly safe. Right?

[Five Points]

A public "bitcoin address" and a "public key" are not the same thing.  When you receive bitcoins at an address for the first time, that address is protected by ECDSA, SHA-256, and RIPEMD-160.  The address is public, but the public key is not yet public at that time.  If, in the future, a weakness is discovered any one or two of those cryptographic algorithms, your balance will still be protected by the remaining algorithm giving you time to move to a new algorithm before anyone can take your bitcoins.

The first time you send any bitcoins that have been received at that address, you broadcast the public key.  At that point, the private key is no longer protected by SHA-256 or RIPEMD-160.  It is ONLY protected by ECDSA. Right now ECDSA is secure enough in most cases, so this isn't a concern, but for long term storage you'll want to consider the possibility that a weakness is discovered in ECDSA and you don't hear about it before an attacker does.  If you've never sent any bitcoins that were received at the address it won't matter, since you are still protected by SHA-256 and RIPEMD-160.  If you have sent those bitcoins and continued to re-use the address, then you've lost that additional protection.

If this doesn't concern or worry you, then you can go ahead and re-use your brain wallets. I just assumed that you were very concerned about security.

Okay, I had no idea that the public key served as a protection mechanism. The way its presented to the laymen, it sounds like you can share your public address, and there will be no security breach if you keep the private key to yourself. Thank you for this bit of knowledge, but I doubt the majority of bitcoin users know about this nuance. Frankly speaking, how are they intending to build a secure digital network currency if the encryption method is due for a breach within its lifetime?

So my question then is, couldn't you use an offline wallet and use something like Armory to conduct offline transactions using proprietary keys? Wouldn't this prevent both your public and private keys of your offline saving wallets from ever being exposed?

Another idea: couldn't I just open up a separate offline wallet on my offline PC to send small funds to so that those bitcoins can be used freely? This also preserves the secure state of my offline savings wallet, correct?

I suspect that paper will out-live you and your memory.  Brain-wallets are typically one of the weaker traits of bitcoin.  Most people don't chose a passphrase with enough entropy, and human beings are VERY bad at doing anything in a random way.  We just aren't designed that way.

I am not a big fan of paper, they are basically like paper money to me. In my eyes, it's tantamount to keeping cash in my mattress, or a safe which will targeted by hoodlums, or keeping it at a bank deposit, which I thought was the direction we were trying to steer away from with this new paradigm shift. Or it could just get lost or destroyed by fire.

I am a big fan of memory, that is the securest method in my opinion. As I'll explain later, I think my brainwallet passphrase is going to be amazing, so I can easily memorize it, while it would be nonsense to others. From there, I can share the brainwallet with my trusted family members in case anything happens to me.

I'm not sure what that means, but the brainwallet concept is a rather weak concept for the vast maority of users.

I agree, vast majority, but my circumstances put me in the category of those who will benefit most from a brainwallet, while significantly mitigating its risks. What I meant originally was that if my passphrase does get hacked, no one will ever be able to support a brainwallet ever again once I've shared my compromised passphrase on the internets.

The public address is fine.  It's when you send a transaction and broadcast the public key that you've made the address weaker.

As mentioned earlier, I could use offline transactions, or set up another wallet as a middle man.

The bitcoin address?  Yes.

The public key?  Only when you send a transaction, and after that it's best not to re-use the address if you are concerned about security.

Duly noted, I'll make sure to let other people know about this.

Yes, as recomended by Satoshi and other knowledgeable people.  Always use a private key that is generated from a cryptographically strong source of randomness, and never re-use a receiving address.

I've heard bad things about random generators. One technique I've seen is someone type a bunch of BS letters over 1000 characters long into a brainwallet to generate keys. That seems pretty secure.

Since I don't know which "cumbersome and user-unfriendly tutorials" you are talking about, I am unable to answer this question reliably.

http://georgeoughttohelp.tumblr.com/post/46937654072/transferring-bitcoins-to-a-secure-offline-wallet-using




So I learned after all of this, is to never let my offline savings wallet's public address ever hit the network. A pain in the ass, but good to know.


I guess my only other question is: should I just memorize the friggin' private key?

[Five Points]

When you use something like Electrum to generate a brain wallet, the passphrase is the seed. From this seed, the app generates an unlimited number of addresses, public keys, and private keys that can be deterministically re-generated, given the passphrase. So in this case, you can have one "brain wallet" (the passphrase) but an unlimited number of public keys generated from that seed; and revealing any of these public keys should be perfectly safe. Right?

Could I choose my own passphrase to do that? I don't trust those randomly generated passphrases.

But I want to be able to use a passphrase to pull up my private key without using software that could become deprecated or non-standard overtime. I would like to be able to recall my passphrase 40 years from now, and the standard generator will pull up my offline savings account without worry.

[Shallow]

When you use something like Electrum to generate a brain wallet, the passphrase is the seed. From this seed, the app generates an unlimited number of addresses, public keys, and private keys that can be deterministically re-generated, given the passphrase. So in this case, you can have one "brain wallet" (the passphrase) but an unlimited number of public keys generated from that seed; and revealing any of these public keys should be perfectly safe. Right?

Could I choose my own passphrase to do that? I don't trust those randomly generated passphrases.

But I want to be able to use a passphrase to pull up my private key without using software that could become deprecated or non-standard overtime. I would like to be able to recall my passphrase 40 years from now, and the standard generator will pull up my offline savings account without worry.

just use brainwallet.org and save a copy of the site, should it go down.

[Five Points]

When you use something like Electrum to generate a brain wallet, the passphrase is the seed. From this seed, the app generates an unlimited number of addresses, public keys, and private keys that can be deterministically re-generated, given the passphrase. So in this case, you can have one "brain wallet" (the passphrase) but an unlimited number of public keys generated from that seed; and revealing any of these public keys should be perfectly safe. Right?

Could I choose my own passphrase to do that? I don't trust those randomly generated passphrases.

But I want to be able to use a passphrase to pull up my private key without using software that could become deprecated or non-standard overtime. I would like to be able to recall my passphrase 40 years from now, and the standard generator will pull up my offline savings account without worry.

just use brainwallet.org and save a copy of the site, should it go down.

Ugh, but then what if the physical medium in which you are saving the website breaks down all at once? Maybe better to just memorize the private key.

Am I being overly paranoid?

[J35st3r]

Am I being overly paranoid?

Possibly, but IMHO about the wrong things. The weakest link in your reasoning is your memory. Many things could happen yo you (short of death itself) that compromise your memory. A mere blow to the head could suffice to cause sufficient brain damage to render your memory unreliable.

Brainwallets sound like a nice easy concept, but it is very hard to do this properly. DannyHamilton has given very good advice upthread. You really need to do the research to understand why this is so.

For example you have commented several times that you can do an offline transaction to transfer bitcoin without exposing your public keys. This shows ignorance of the workings of the bitcoin transaction mechanism. You have to broadcast that offline transaction to the network for it to take effect. At that point you have also exposed your public key since its an integral part of the transaction.

If you do decide to use brainwallet.org you need not worry about the website breaking down or becoming unavailable. That particular brainwallet simply uses a single sha256 hash of the passphrase to generate the private key. Any competent programmer can replicate that for you. But unless your awesome brainwallet scheme includes at least 192 bits of truly random entropy it will be less secure than a key generated by bitcoin-qt itself.

My advice. Use an officially supported wallet. Choose a good passphrase, write it down and lock it away in a safe or perhaps give it to your lawyers for safekeeping (being sure to advise them not to copy or expose it). Backup your wallet and keep copies in several safe places. Your biggest risk is relying on your memory alone.

[DannyHamilton]

Am I being overly paranoid?

Possibly, but IMHO about the wrong things. The weakest link in your reasoning is your memory.

I'd suggest that there are actually two VERY WEAK links in his plans.

The weakest is the human ability to come up with anything out of their own mind or body with more than 160 bits of entropy.  He may think that his passphrase is going to be "amazing", and that if it ever shows up in a rainbow table then "one will ever be able to support a brainwallet ever again once he's shared his compromised passphrase on the internets", but I suspect that he's overconfident.

The next weak link, after his not so random passphrase, is his memory.

And to top it all off, he refuses to write it down to store it anywhere, but he plans to "share the brainwallet with my trusted family members in case anything happens to me".  Almost certainly one of those "trusted family members" will be concerned that they might forget it, so it will be written down somewhere and he won't have control of the storage and safekeeping of that paper wallet.  Wouldn't it be better to secure the paper wallet yourself and then share with trusted family members the information on how to access it if anything happens to you?

[DannyHamilton]

it sounds like you can share your public address, and there will be no security breach if you keep the private key to yourself.

That is correct.

Frankly speaking, how are they intending to build a secure digital network currency if the encryption method is due for a breach within its lifetime?

There is no guarantee that ECDSA will ever be "breached", but there is no guarantee that it won't either.  That is the nature of cryptography.  A cryptographic function is secure until someone finds a way to make it insecure, then people move to a newer secure function.  Fortuntately, as long as it is used properly, bitcoin layers 3 different cryptographic functions between your private key and your public address. It is extremely unlikely that a weakness will be found in all three functions simultaneously.  This means there is time to replace a function in the protocol while bitcoins are still protected by the other two functions.  Bitcoin can there fore grow and change to adapt to new cryptographic discoveries.

So my question then is, couldn't you use an offline wallet and use something like Armory to conduct offline transactions using proprietary keys? Wouldn't this prevent both your public and private keys of your offline saving wallets from ever being exposed?

Describe these "offline transactions"?  Explain exactly how ownership of the bitcoins (which reside as an output on the blockchain) will be transfered to another individual using your "offline wallet and something like Armory" without the public key being exposed?

Another idea: couldn't I just open up a separate offline wallet on my offline PC to send small funds to so that those bitcoins can be used freely?

Send small funds from where?

This also preserves the secure state of my offline savings wallet, correct?

That depends.  Will you be spending/sending any of the bitcoins that are received at that offline savings wallet? Or will it be exclusively receiving bitcoins.  As soon as you try to get any bitcoins out of that offline savings, you are back where we started.

I am not a big fan of paper, they are basically like paper money to me.

Which has worked very well for many, many years. What is it about paper money that you don't like?

In my eyes, it's tantamount to keeping cash in my mattress,

Well, I'd hope you'd secure it a bit better than that.

or a safe which will targeted by hoodlums,

So, you'd rather that the hoodlums attack you directly to get at your bitcoins than to attack a safe?  You prefer to be beaten to a bloody pulp and tortured beyond belief for the sake of some money?  Personally, I'd rather they just took my money and moved on.  My life, and health are far more valuable to me than any amount of money could ever be.

or keeping it at a bank deposit, which I thought was the direction we were trying to steer away from with this new paradigm shift.

A paper wallet is absolutely nothing like that.  Where did you get that idea?

Or it could just get lost or destroyed by fire.

And your memory can't get lost or destroyed by fire? or illness? or fall or other injury?  Just store two copies in two separate secure locations.

I am a big fan of memory, that is the securest method in my opinion.

I can tell.

As I'll explain later, I think my brainwallet passphrase is going to be amazing,

And I disagree.

I can share the brainwallet with my trusted family members in case anything happens to me.

And you can be 100% that none of them will go against your wishes behind your back and write it down so they don't forget it?

I agree, vast majority, but my circumstances put me in the category of those who will benefit most from a brainwallet, while significantly mitigating its risks.

You're just not like "other people", right?

What I meant originally was that if my passphrase does get hacked, no one will ever be able to support a brainwallet ever again once I've shared my compromised passphrase on the internets.

I suspect you are wrong about that, but I've already indicated that I'm already generally against the idea of a brain wallet in most cases anyhow.

As mentioned earlier, I could use offline transactions, or set up another wallet as a middle man.

Which most likely demonstrates that you have no idea what you are talking about and are just making stuff up in hopes that you can do what you want without someone telling you that it is a bad idea.

One technique I've seen is someone type a bunch of BS letters over 1000 characters long into a brainwallet to generate keys. That seems pretty secure.

No.  It really doesn't.  That is a bad idea.  You want a good idea?  Grab a handful of very well balanced dice (perhaps from your local casino?).  Roll the dice a bunch of times (until you've rolled at least 62 dice) and then convert from base 6 to get a private key.

So I learned after all of this, is to never let my offline savings wallet's public address ever hit the network. A pain in the ass, but good to know.

So you've learned nothing then?  You still haven't even bothered to learn the difference between an address and a public key?  Why do I even bother if you aren't going to make an effort?

I guess my only other question is: should I just memorize the friggin' private key?

Sure, you could do that if you like.  How will you generate the private key? And will you memorize a new private key every time you spend funds?

[Five Points]

it sounds like you can share your public address, and there will be no security breach if you keep the private key to yourself.

That is correct.

Now I'm lost, I thought exposing your public key weakens the integrity of the security mechanism, allowing for the eventual cracking of your private key.

There is no guarantee that ECDSA will ever be "breached", but there is no guarantee that it won't either.  That is the nature of cryptography.  A cryptographic function is secure until someone finds a way to make it insecure, then people move to a newer secure function.  Fortuntately, as long as it is used properly, bitcoin layers 3 different cryptographic functions between your private key and your public address. It is extremely unlikely that a weakness will be found in all three functions simultaneously.  This means there is time to replace a function in the protocol while bitcoins are still protected by the other two functions.  Bitcoin can there fore grow and change to adapt to new cryptographic discoveries.

If you say so, I don't know how people expect Bitcoin to thrive when somebody like me is being admonished for learning how to take the proper steps to utilize the full potential of its encryption methods. Most of this stuff would sound like nonsense to a mainstream crowd, let alone having to worry about changing encryption methods down the line when they've invested some of their time to learning how it actually works, if they even learned it at all. Hmmm, no wonder there are banks to take care of all of this for the commoners.

Describe these "offline transactions"?  Explain exactly how ownership of the bitcoins (which reside as an output on the blockchain) will be transfered to another individual using your "offline wallet and something like Armory" without the public key being exposed?

Yeah, I really don't get it myself. The idea I think is so you don't have to use your private key on the hot PC?

Another idea: couldn't I just open up a separate offline wallet on my offline PC to send small funds to so that those bitcoins can be used freely?

Send small funds from where?

I was thinking I send a small amount to another Bitcoin wallet, and use that to spend monies. But then I realized after your response that all transactions have to be recorded online.

This also preserves the secure state of my offline savings wallet, correct?

That depends.  Will you be spending/sending any of the bitcoins that are received at that offline savings wallet? Or will it be exclusively receiving bitcoins.  As soon as you try to get any bitcoins out of that offline savings, you are back where we started.

I see what you mean. Which means I'll have to come up with multiple brain wallets to maintain a true offline account. Hopefully, I wouldn't have to do that so many times.

Which has worked very well for many, many years. What is it about paper money that you don't like?

A paper wallet is basically a bundle of cash, correct? So I would basically be keeping a bundle of cash in my domicile or another residence. Yeah, it's a lot smaller and easier to maintain, but you're still keeping a ton of money in your home. Does anyone do this with conventional money except for drug dealers?

So, you'd rather that the hoodlums attack you directly to get at your bitcoins than to attack a safe?  You prefer to be beaten to a bloody pulp and tortured beyond belief for the sake of some money?  Personally, I'd rather they just took my money and moved on.  My life, and health are far more valuable to me than any amount of money could ever be.

Well, I would give it up if I had to, that example was under the idea that the safe would be targeted without my presence.

or keeping it at a bank deposit, which I thought was the direction we were trying to steer away from with this new paradigm shift.

A paper wallet is absolutely nothing like that.  Where did you get that idea?

I have seen people recommend saving paper wallets in bank vaults.

Or it could just get lost or destroyed by fire.

And your memory can't get lost or destroyed by fire? or illness? or fall or other injury?  Just store two copies in two separate secure locations.

I could always encrypt my brainwallet with an audio message if worst came to worst. Of course, better methodologies can be thought up of compared to coming up with one on the spot in a forum post.

As I'll explain later, I think my brainwallet passphrase is going to be amazing,

And I disagree.

People have advocated software seeds that contain 12 English words as being highly secure. C'mon, I can do better than that, is it that hard to believe?

And you can be 100% that none of them will go against your wishes behind your back and write it down so they don't forget it?

Not if it's easy for them to remember, yet nonsensical for others. Just so I don't give everything away, we would all speak some break-off dialect of some artificial language that only we know. But yes, I see what you're saying. I guess I'll have to come up with something clever in the meantime.

You're just not like "other people", right?

See above.

What I meant originally was that if my passphrase does get hacked, no one will ever be able to support a brainwallet ever again once I've shared my compromised passphrase on the internets.

I suspect you are wrong about that, but I've already indicated that I'm already generally against the idea of a brain wallet in most cases anyhow.

See above.

As mentioned earlier, I could use offline transactions, or set up another wallet as a middle man.

Which most likely demonstrates that you have no idea what you are talking about and are just making stuff up in hopes that you can do what you want without someone telling you that it is a bad idea.

Yes, I concede that. But now I have learned a bit more, and can understand where my original plan fails, which is what I wanted to accomplish with this thread. This has all been a great thought experiment so that I can come up with a better plan centered around a brainwallet and/or other methods.

One technique I've seen is someone type a bunch of BS letters over 1000 characters long into a brainwallet to generate keys. That seems pretty secure.

No.  It really doesn't.  That is a bad idea.  You want a good idea?  Grab a handful of very well balanced dice (perhaps from your local casino?).  Roll the dice a bunch of times (until you've rolled at least 62 dice) and then convert from base 6 to get a private key.

How is that a bad idea? Yeah, the dice sounds good, but typing something like this into a brain wallet is bad? :

onthunsoeahtueroah.crhu903409hu0244903gp02g2[93g[hu9[h239g23[9g29j0ud203gf2309g[192[3d0239[23.0,u02u3 (and so on, for as long as you want)

So you've learned nothing then?  You still haven't even bothered to learn the difference between an address and a public key?  Why do I even bother if you aren't going to make an effort?

I meant to say public key instead of public address. But yes, I am having a hard time grasping the difference between public key and an address. I'll make sure to study that thoroughly from here on out.

But if you think the mainstream public could understand all the caveats and nuances of Bitcoin's cryptograhy, then you got another thing coming.

I guess my only other question is: should I just memorize the friggin' private key?

Sure, you could do that if you like.  How will you generate the private key? And will you memorize a new private key every time you spend funds?

It would be a pain to memorize the private key, but it seems like the easiest way without interfacing with layers of garbage each time.

My only question is, if I have the public key: then it's just like entering a password, right? If I get it wrong, no harm, no foul? I could keep going on until I get it.

My worry was entering in an incorrect key and having something horrible happen. If not, then I don't mind memorizing a new key, but I can see how it can get confusing.

[Five Points]

Am I being overly paranoid?

My advice. Use an officially supported wallet. Choose a good passphrase, write it down and lock it away in a safe or perhaps give it to your lawyers for safekeeping (being sure to advise them not to copy or expose it). Backup your wallet and keep copies in several safe places. Your biggest risk is relying on your memory alone.

Aren't you also relying on memory for the passphrase to your wallet?

I don't have any lawyers, so I don't have that option for now.

[DannyHamilton]

I don't know how people expect Bitcoin to thrive when somebody like me is being admonished for learning how to take the proper steps to utilize the full potential of its encryption methods.

You aren't being amonished for learning.  You are being admonished for making false assumptions, and refusing to put any effort into learning.

Most of this stuff would sound like nonsense to a mainstream crowd,

As would most of the techinical details behind TCP/IP and ethernet, and yet they all seem to manage to use websites without a problem.

let alone having to worry about changing encryption methods down the line when they've invested some of their time to learning how it actually works, if they even learned it at all. Hmmm, no wonder there are banks to take care of all of this for the commoners.

Agreed.  The average user will use a piece of software that has been thoroughly reviewed and certified as trustworthy, or they will use a bank.

Describe these "offline transactions"?  Explain exactly how ownership of the bitcoins (which reside as an output on the blockchain) will be transfered to another individual using your "offline wallet and something like Armory" without the public key being exposed?

Yeah, I really don't get it myself.

Clearly.

The idea I think is so you don't have to use your private key on the hot PC?

Right, but the public key will still be broadcast when you broadcast the transaction, which brings us back to the recommendation to not re-use the address.

Another idea: couldn't I just open up a separate offline wallet on my offline PC to send small funds to so that those bitcoins can be used freely?

Send small funds from where?

I realized after your response that all transactions have to be recorded online.

Sounds like maybe you're starting to catch on?

This also preserves the secure state of my offline savings wallet, correct?

That depends.  Will you be spending/sending any of the bitcoins that are received at that offline savings wallet? Or will it be exclusively receiving bitcoins.  As soon as you try to get any bitcoins out of that offline savings, you are back where we started.

I see what you mean. Which means I'll have to come up with multiple brain wallets to maintain a true offline account. Hopefully, I wouldn't have to do that so many times.

Yes, it definitely sounds like you're starting to catch on.

Which has worked very well for many, many years. What is it about paper money that you don't like?

A paper wallet is basically a bundle of cash, correct? So I would basically be keeping a bundle of cash in my domicile or another residence. Yeah, it's a lot smaller and easier to maintain, but you're still keeping a ton of money in your home. Does anyone do this with conventional money except for drug dealers?

And a brainwallet is basically a bundle of cash as well.  So you would basically be keeping a bundle of cash on your person.  Yeah, its not physical, but you're still keeping a ton of money on your person.  Does anyone do this with conventional money except for drug dealers?

So, you'd rather that the hoodlums attack you directly to get at your bitcoins than to attack a safe?  You prefer to be beaten to a bloody pulp and tortured beyond belief for the sake of some money?  Personally, I'd rather they just took my money and moved on.  My life, and health are far more valuable to me than any amount of money could ever be.

Well, I would give it up if I had to, that example was under the idea that the safe would be targeted without my presence.

So you prefer that the thief targets you directly rather than your safe?

or keeping it at a bank deposit, which I thought was the direction we were trying to steer away from with this new paradigm shift.

A paper wallet is absolutely nothing like that.  Where did you get that idea?

I have seen people recommend saving paper wallets in bank vaults.

Sure, in which case the bank is exactly like a bank, but the paper wallet itself is not.  Some people feel that a bank vault provides reasonable protection against theft.  Those people keep their paper wallets in bank vaults.  Others prefer not to.  How to protect a paper wallet is a decision for each individual to make for themselves.

Or it could just get lost or destroyed by fire.

And your memory can't get lost or destroyed by fire? or illness? or fall or other injury?  Just store two copies in two separate secure locations.

I could always encrypt my brainwallet with an audio message if worst came to worst. Of course, better methodologies can be thought up of compared to coming up with one on the spot in a forum post.

Sure.  And you can encrypt your paper wallet with a password as well if you like.  This seems to be getting away from the discussions of the intrinsically insecure nature of "brainwallets", and the importance of not reusing addresses.

As I'll explain later, I think my brainwallet passphrase is going to be amazing,

And I disagree.

People have advocated software seeds that contain 12 English words as being highly secure. C'mon, I can do better than that, is it that hard to believe?

That depends on whether you are generating those words randomly, or using your brain to come up with them.

As mentioned earlier, I could use offline transactions, or set up another wallet as a middle man.

Which most likely demonstrates that you have no idea what you are talking about and are just making stuff up in hopes that you can do what you want without someone telling you that it is a bad idea.

Yes, I concede that. But now I have learned a bit more, and can understand where my original plan fails, which is what I wanted to accomplish with this thread. This has all been a great thought experiment so that I can come up with a better plan centered around a brainwallet and/or other methods.

Glad I could help you understand better the issues surrounding your plans.

One technique I've seen is someone type a bunch of BS letters over 1000 characters long into a brainwallet to generate keys. That seems pretty secure.

No.  It really doesn't.  That is a bad idea.  You want a good idea?  Grab a handful of very well balanced dice (perhaps from your local casino?).  Roll the dice a bunch of times (until you've rolled at least 62 dice) and then convert from base 6 to get a private key.

How is that a bad idea?

Human beings are VERY BAD at doing anything in a random way.  The harder they try to be random, the less random they tend to be:

I'm not an expert on computers but doesn't the brain wallet provide a unique output when somebody inputs random typing like......

3903450EFZDFZOJF3405340F9ZDFF034T038TGERPJEPRFP034FZEFZEF03450324534508ZEFZOFJZ ELFJ345


In other words it would be unlikely anybody else would type that exact code in and get the same brain wallet results?

As Dan said, humans are a bad source of randomness.

For example your string above fails on several levels
- you are using only a very small selection of characters from the available keyspace
- there are several repetitions of sequences

From the line above alone I can conclude you most likely use a keyboard with french layout. Your left hand was hovering slighty above qsdf, your right hand was hovering over the lower part of the numpad, you moved the right hand over to the alphanumeric keys twice (once in the middle of the string and once near the end), you were subconsciously typing on the right hand with a rhythm of thumb-ring finger-index finger (producing the oft repeated 034 sequence), similarily you subconsciously used a rhythm of ring finger - middle finger - index finger with the left hand (producing the ZEF sequence)

Yeah, the dice sounds good, but typing something like this into a brain wallet is bad? :

onthunsoeahtueroah.crhu903409hu0244903gp02g2[93g[hu9[h239g23[9g29j0ud203gf2309g[192[3d0239[23.0,u02u3 (and so on, for as long as you want)

I'm not going to attempt the same analysis as greyhawk did on someone else's attempt at the same thing, but I will point out:

There are approximately 95 distinct characters you could have used. and yet after typing 101 characters, you have a very significant amount of repetition, and have only used 24 different characters.
You also repeat several sequences multiple times.

I've said it multiple times now.  Human beings are not good at randomness.  We simply aren't wired that way.  We are wired for patterns.

But if you think the mainstream public could understand all the caveats and nuances of Bitcoin's cryptograhy, then you got another thing coming.

No more than I expect them to understand all the caveats and nuances of the internet's protocols (such as TCP/IP, HTTP, FTP, UDP, etc) in order to use websites.  Can you imagine what the internet would be like right now if use of it required a detailed understanding of all of the underlying protocols?

My only question is, if I have the public key: then it's just like entering a password, right? If I get it wrong, no harm, no foul? I could keep going on until I get it.

I'm not sure what you're asking.  But if I'm guessing correctly, you can guess at the private key as many times as you like.  Each guess will result in a new bitcoin address.  Eventually if you guess the correct private key, you'll end up generating the bitcoin address that you expect and you can then use that private key to sign the transaction and broadcast it along with the public key.

[Five Points]

Funny how you skirted my comment about the artificial language trick, guess that was too unconventional for you?

12 random English words is still 12 English words. I don't trust it, but it seems like you are okay with it. So what's the big deal if I invented my own language and came up with 12 words?  

And using the internet and bitcoins are apples and oranges. You don't have to know how flying works with the internet, you just have to learn how to fly.

With bitcoins, you have to learn how flying works to understand how to be as secure as you can be.

And no, people don't know much about technology, and look at the consequences: stolen passwords, phished passwords, cracked accounts, etc.

Bitcoin just seems another continuation of that, but with the opportunity to lose a lot more.

[DannyHamilton]

I've made my points.

You are welcome to do whatever you like.

It's your money.

Your OP asked some specific questions.  Those questions have been answered.  You don't like the answers, that's not my problem.

Good luck.

[Five Points]

I've made my points.

You are welcome to do whatever you like.

It's your money.

Your OP asked some specific questions.  Those questions have been answered.  You don't like the answers, that's not my problem.

Good luck.

Sorry, didn't mean to get you flustered or upset. Your responses generally had a snarky tone, so I just went with the flow.

Thanks for all your help though, your answers were very helpful.