Let's say I'm super paranoid and wanted to store a hard copy of my private key in a safe and I'd like to keep a portion (the vanity part) of my private key in memory. So even if someone breaks into my safe and sees the partial private key, they still won't be able to brute force my actual private key.
Private keys are 51 length base 58 characters, right?
How safe are each of these solutions?
1) Use the first or last x number of characters as vanity part. 186YpATQehFZwhVpnGzVTKb8VLtmeBITCOINRULES
2) Have the vanity part embedded inside and remember the location. 186YpATQeBITCOINRULEShFZwhVpnGzVTKb8VLtme
3) Have 2 vanity sections and remember both locations. 186YpATQeBITCOINhFZwhVpRULESnGzVTKb8VLtme
Obviously the last method is the most safe. How safe is it? And are either of the first 2 good enough?
If the attacker has knowledge of the associated bitcoin address, the problem is much like cracking a hashed password. Each test will require more compute power than a single round of a common hash function, but a lot less than 1024 rounds of MD5.
In the first one, your removed code letters specify the lower 32 bits of the encoded key, which are the checksum. To even create a private key like this, you would need to search for upper code letters that result in your desired checksum. The code letters in excess of those making up the checksum are the only part an attacker would need to guess.
The second requires the attacker to guess the code letters, as well as where they are located in the key.
The third requires the attacker to guess two groups of code letters and all permutations of where they might be located, which is a few more orders of magnitude harder.