Secure brainwallets

[shitpostery]

Everyone says to not use brainwallets but can't they be secure with a good enough passphrase?

Say you memorized 5-6 diceware words. You have 64.6 and 77.5 bits of entropy respectively. Realistically would these ever be cracked?

Or a good mnemonic pattern, thinking back to your childhood for example.

Maybe I'm just a noob for I don't see why this is a bad idea. I mean wouldn't someone breaking into your home and stealing your seed phrase be more likely?

[odolvlobo]

Basically, the idea is that any phrase that can be memorized reliably will be easy to crack. Of course, there are exceptions, but you would be amazed at what seemingly secure brain wallets have already been cracked.

Say you memorized 5-6 diceware words. You have 64.6 and 77.5 bits of entropy respectively. Realistically would these ever be cracked?

Well, suppose a computer could test 1 million per second. It could crack all 5-word diceware brain wallets in 8 million seconds, or about 3 months. Oops! Huge math error.

I mean wouldn't someone breaking into your home and stealing your seed phrase be more likely?

Keep in mind that only people who are physically nearby could potentially steal your seed phrase, but anybody in the world can potentially steal you brain wallet.

[pooya87]

They can be safe but almost always they will not be safe.
The problem is always the human factor, first we know that people can not come up with a truly random entropy. They will always create biased ones which will be weaker than their size. And second is the problem with memorizing, as time passes we all forget things and when there is a lot of details to remember (what words, their order, ...) it becomes harder to remember it all.

Here is a list of those who thought brain wallets are safe: https://bitcointalk.org/index.php?topic=4768828.0

[DapanasFruit]

They can be safe but almost always they will not be safe. The problem is always the human factor, first we know that people can not come up with a truly random entropy. They will always create biased ones which will be weaker than their size. And second is the problem with memorizing, as time passes we all forget things and when there is a lot of details to remember (what words, their order, ...) it becomes harder to remember it all.

I agree with this. We are all aging and though our mind or our ego may deny this fact the truth is we all do and there will always be manifestations of aging that we can never deny and on memorizing things or password there can be a big problem with that - not unless of course we are doing a memorization exercise everyday. In the past I used to memorize my Gmail accounts passwords but later on I realized it can be so hard to maintain them on my head...eventually I gave up. The same can be true with crypto wallet keys - now of course if you are "Rain Man" then maybe things can be different.

[hatshepsut93]

If your brainwallet was generated with strong random number generator and has enough entropy, then it is theoretically secure. If you just took a bunch of words and hashed them to use the hash as private key - that's not secure.

But another big problem with brainwallets is how unreliable our memory is. It's not hard to memorize a 12 word seed or even a 24 word seed, but it's hard to retain it in memory for a really long period of time, like years. You can be fine as long as you repeat it daily, but eventually you will start forgetting to repeat the seed, and before you now, weeks or months have passed since the last repeat, and now you have forgotten it. Using your memory can be viewed as a very unreliable and low priority backup, something that you do just to be a tiny bit more safe after you already have multiple backups.

[mindrust]

A brain wallet is as secure and as powerful as your brain. And guess what, your brain might not be as secure and as powerful as you think. Even if it is now, as you get older, things may change. Some virus comes from somewhere, finds your body and boom, suddenly you don't remember certain stuff anymore. What was that, you can't remember your wallet password? Rekt.

Why take a chance? Just get a paper wallet. (the one you create yourself without using a third party app)

[o_e_l_e_o]

Well, suppose a computer could test 1 million per second. It could crack all 5-word diceware brain wallets in 8 million seconds, or about 3 months.

There are 7776 possible diceware words, meaning 7776⁵ combinations. This would still take over 900,000 years at 1 million per second.


There are two things to consider when deciding if a wallet is secure. Firstly, how likely it is that someone else will gain access, and secondly, how likely it is that you will lose access. Standard brain wallet fail on both those cases.

If you are dead set on memorizing a wallet, then far safer to generate a 12 word seed phrase and memorize that. Then at least your wallet has 128 bits of entropy and not ~64 bits of entropy. Although it might seem that 64 bits is only half as strong as 128 bits, it's actually about 18 billion billion times less strong. Do you really want your wallet to be 18 billion billion times easier to crack than everyone else's? I don't think so.

Also, even if you memorize a wallet, you should absolutely also have a written back up somewhere safe. Your scenario of someone breaking in to your home to steal your seed phrase: If you are very concerned about this, then there are 100 places in your house you could hide a small piece of paper that a thief would never find even with a week of looking specifically for it. Think of places like under floorboards, inside the lining of your sofa, etc. Or go an place your seed phrase in a safe deposit box at your bank if you want. There are a thousand things that could happen to you tomorrow with no warning which could result in memory loss and complete loss of your wallet if you don't have a back up.