Devs do not suggest people use Brainwallets because humans can Never come up with something
as cryptographically secure as a truly random number.
One of the problems Bitcoin has is the speed with which a Sha256 Hash can be calculated from a password in put.
Billions of Hashes per second are possible today with a modern PC and decent graphics card.
Here's the basics of passwords.
Let's imagine you had to create a password, but were only allowed to use 1 letter for your password.
That would mean your password is one of only 26 possibilities (assuming our English alphabet)
Mathematically that would be represented as 26 to the power 1 which equals 26.
Now imagine we were allowed two letters in our password, it could be anything from aa, ab,ac...az, ba, bb...zz
The number of possibilities would then be 26 to the power 2.
Now imagine we are allowed to use both upper and lower characters, this would give a possible number of
combinations as 52 to the power 2.
Add in the numerical digits and we have 62 to the power 2 (remember we can only use 2 alphanumeric chars at this point)
Now let us add in say, 10 Special Characters eg, - + { [ ] } * £ $ %
Now we have 72 to the power 2 (72 squared possibilities) where the 2 comes from the number of characters we are alloweed to use.
Now let us be allowed to use 8 characters in our password.
That gives us a number of possible combinations as 72 to the power 8 which is 722,204,136,308,736
722 Trillion possible combinations.
While that sounds a lot of possibilities, remember, computers can calculate Sha 256 Hashes at a rate of Billion per second,
assuming a single PC (IE not including multiple PCs working together as in a Botnet, or a Govt or Private Supercomputer)
a Trillion is only 1000 x a Billion, so this means a PC could theoretically calculate all the possible hashes of an 8 char password in
1000 seconds (roughly)
In order to keep our password out of the clutches of hackers, we need Trillions of Trillions of Possibilities at least.
That means we need at least another 3 characters, at a bare minimum, even that would barely take us out of the reach of
Hackers using Brute force methods.
So we need 8 + another 10 characters at least, let's say twenty characters.
You might want to try input on your calculator what 72 to the power 20 is...
It's a huge number ~ 1.4 X 10^37 way out of the reach of any Hacker using a PC and possibly out of the reach of a Govt agency
using a super computer.
It's tempting to think then that if I have a brainwallet password that's 20 characters long, then it's secure enough and the answer
is that it might not be.
The problem is that Hackers have several character sets they can use, they can use dictionary words like Mike, or Church or Kitten.
While the word 'Kitten' has 6 characters in it, it should really only be calculated as one character because it's a dictionary word.
It's trivial for a modern PC to go through all the words in the dictionary, therefore any words you use in your brainwallet password
should be calculated as 1 character, not 6 as in the case of kitten.
Eg, if your brainwallet password is ***Robert-14091963*** A password that might be used by someone called Robert who was born on
14/09/1963
This is 21 characters long, Mathematically it might appear to be highly secure, but remember, there are far fewer 6 letter words
than the random 52^6 possibilities that it replaces.
In other words, we've reduced the strength of our password by 52^6 Ie we're reduced our password strength by 19 Trillion.
Many passwords will also have a birthdate in them, eg, 14091963 the problem with using a birthday in your password is that noone
alive today was born after 1900 (OK, a few exceptions) this means that there are very much fewer possibilities
because no one for example was born in 1658 (although someone might use that date, but the vast majority of birthdates
used in brainwallet passwords is going to be from Jan 1st 1900 onwards.
a mere 117 years, x 365 days, a mere 42,000 possibilities, which is trivial for a PC to run through.
As a crude calculation, if you have used in your password, a name and a birthdate, the name and the birthdate
should be treated as 1 character each.
This means that cryptographically, our Password above ***Robert-14091963*** should not be regarded as a 21 character
password, but as a 9 character password.
This is well within the reach of Brainwallet hackers.
Personally, I love the concept of Brainwallets, they allow people to effectively store wealth in their head, but it's very important
that people understand their potential weaknesses, if used naively.
There are a number of solutions to this, being more cryptic with your passwords, increasing the length etc.
Another way is to generate your Bitcoin, Sha256 hashes (Public and private keys) using a much slower hashing algorithm.
This is the method chosen by Warpwallet.
https://keybase.io/warp/warp_1.0.8_SHA256_5111a723fe008dbf628237023e6f2de72c7953f8bb4265d5c16fc9fd79384b7a.htmlNote the Sha256 hash
Here's a discussion on Warp wallet on reddit
https://www.reddit.com/r/Bitcoin/comments/37s8bj/psa_warp_wallet_is_a_much_better_brain_wallet/The purpose of this post is not to suggest one method over another but to hopefully illustrate why they must be
used with a Great deal of thought, as does any method in storing cryptocurrencies.
