Here is how to make a brain wallet 100 times more secure.

[TERA]

I keep hearing that brain wallets are not viable solutions and that we have to use hardware/software wallets with a bitcoin client to have a secure wallet, because of the lack of entropy in wallets generated by brainwallet passwords. Rubbish! There is a really simple way to fix this problem and make your brain wallet 100 times more secure.

Code:

Private key = SHA256(salt+passphrase)

Just generate a giant random alphanumber (at least 256 bits to provide maximum entropy) and store it somewhere. You can call this your 'entropy key', your 'salt', your 'seed', or whatever. Then use it in addition to a memorized password when generating a brainwallet.  For example could store a salt somewhere "a3fE3f92kOe2p4d0" (it would actualy be much longer than this), memorize a password "correcthorsebatterystaple",  and then your password would be "a3fE3f92kOe2p4d0correcthorsebatterystaple".  So now instead of your private key being SHA256(passphrase), it is SHA256(salt+passphrase), or you could make it something more complicated than that - it's up to you.

This completely solves the entropy problem of a brainwallet by adding the maximum amount of entropy possible to your password right off the bat. It's kind of like two-factor authentication.  It is also solves the physical security issue of a paper wallet where if the wallet is stolen, it is compromised. If an attacker steals your seed, no big deal - they still don't have the password component. An attacker would have to first know that what they were looking at was a brainwallet seed and then they'd have a to run a bruteforce cracking operation just on your brainwallet seed specifically. Of course this is not impossible but it is kind of far fetched and much less easy/likely than the attacks involved in a plain brainwallet, a plain paperwallet, or even hardware/software wallets.

Now some people might complain that this isn't a true brainwallet solution, because there is some information you need to store somewhere outside of your brain. That is true. However, it is the closest you can get and is a much easier solution than running a dedicated hardware or software bitcoin client. Also, to mitigate this issue, you could take measures to make it very easy for yourself to access your seed and make sure that it is always available to you. You can store it in one, many, or all of many places. For example, you could
-Store it on a pc
-Store it on a thumbrive
-Write it down or print it on paper
-Keep it in a bank vault
-Store it hidden away somewhere on some websites you can log into
-Embed it inside the code of an image you post on facebook
-Store it in a file on your web server, possibly behind password protection/htaccess
-Store it in a database
-Email it yourself
-If you are really brave, store it on the blockchain - then you know even in a worst case apocalytic scenario, as long as bitcoin still exists you will have access to your seed.

You can be really lax with security on your seed because as I said earlier, you also need the memorized password to add to it. If you are concerned with security, you can also encrypt your seed using some encryption algorithm and another password that you use to decrypt the seed before using it. You can also use multiple seeds and store them in different places, and then use them all together with your password to generate your wallet.

Secure solution

Code:

Private key = SHA256(seed1+password1+seed2+password2+seed3)

I hope this helps.  Once I got serious about moving into cold storage and was ready to send, it only took me a few hours to think of and perfect this solution. I'm surprised more people aren't doing it.

[1714950439]

1714950439

[1714950439]

1714950439

[1714950439]

1714950439

[jabo38]

I have a way that is better, but if I told you then everybody would know!

[zetaray]

Your solution is recommendable, but if I have to store the salt somewhere, I would prefer to store the actual private key for bitcoin core or the seed of electrum. The whole point of a brain wallet is store nothing on any device.

[TERA]

Your solution is recommendable, but if I have to store the salt somewhere, I would prefer to store the actual private key for bitcoin core or the seed of electrum. The whole point of a brain wallet is store nothing on any device.

For you there is the solution of encrypting the seed and storing it on the blockchain. I don't think technically using the blockchain counts as storing it on a device since the blockchain is part of bitcoin and if you are using bitcoin then you have access to the blockchain.

[davidgdg]

Or you could just pick six words at random from a decent dictionary.  (For a 50,000 word dictionary, that gives ~ 1. x 10^29 combinations which should keep the world's top 500 supercomputers happy for a few decades)

 

[S4VV4S]

Or you could just pick six words at random from a decent dictionary.  (For a 50,000 word dictionary, that gives ~ 1. x 10^29 combinations which should keep the world's top 500 supercomputers happy for a few decades)

 

Or even better: Use slang words which are not in any dictionary

[haploid23]

The reason I completely avoid using brainwallets is because we as humans are not as random as we think. If a word or phrase can be read, then it's not completely random. Even if you have the salt + passphrase format, the "correcthorsebatterystaple" element is still not random. Yes it's more secure, but still not totally random.

[Light]

The reason I completely avoid using brainwallets is because we as humans are not as random as we think. If a word or phrase can be read, then it's not completely random. Even if you have the salt + passphrase format, the "correcthorsebatterystaple" element is still not random. Yes it's more secure, but still not totally random.

Nothing done by humans is technically random. That is simply a perception we like to have. Security really is all that matters when it comes to storing Bitcoins in the long term and that idea isn't too bad - it should be random enough to avoid bruteforce attacks for a whole to come and that's the main fear for brain wallets.

[davidgdg]

The reason I completely avoid using brainwallets is because we as humans are not as random as we think. If a word or phrase can be read, then it's not completely random. Even if you have the salt + passphrase format, the "correcthorsebatterystaple" element is still not random. Yes it's more secure, but still not totally random.

Picking words from a dictionary by closing your eyes, flicking through 500 pages and sticking your finger on a "random" page , is random enough for all necessary purposes. 

[Beliathon]

The reason I completely avoid using brainwallets is because we as humans are not as random as we think. If a word or phrase can be read, then it's not completely random. Even if you have the salt + passphrase format, the "correcthorsebatterystaple" element is still not random. Yes it's more secure, but still not totally random.

Picking words from a dictionary by closing your eyes, flicking through 500 pages and sticking your finger on a "random" page , is random enough for all necessary purposes.  

That is correct. Just make damn sure you've committed those words to memory!!

OP, your idea is sound, but it is NOT a brain wallet by definition - as you admitted. It's a hybrid wallet, I suppose. The idea is that ALL you need is in your head, and no one even knows you have one. Storing a salt/seed on the blockchain is clever, though I must admit.

[Triffin]

Wouldn't a 'key logger' defeat this approach ??

Triff ..

[S4VV4S]

Wouldn't a 'key logger' defeat this approach ??

Triff ..

This and many more.

[tenthirtyone]

This is already detailed in the Bitcoin documentation under "HIerarchical Deterministic Wallets"

Well, it is detailed similarly.

Generated a private/public keypair like normal. Come up with your passphrase.

SHA256(privKey + passphrase + pubkey + index)


You keep the priv/public private as well as your passphrase.

[Triffin]

OK ..

I think I see the problem here with the brain wallet ( or any local wallet )

All the security measures are focused on frustrating access to one's wallet
( strong passphrases, encryption, 2FA, private keys or a combination of such features )

Once someone has gained access by keyloggers or other means to your wallet however ..
game over .. your coins are gone ..  

Don't wallets need an additional security feature(s) from within the wallet
that would need to be 'passed' in order to activate an outgoing transaction ??

I don't know how that could be accomplished ..
I'm just throwing it out there for consideration ..

Look at the growth of online securities trading
It took awhile but people have no problem with their online brokerage accounts
holding substantial assets ie Fidelity/Vanguard/TDAmeritrade etc etc
If someone broke into my IRA account I suppose they could sell my stock positions
or try to request a withdrawal of funds ( which would just be sent to me anyway )

My point is most users are comfortable with the level of 'security' with regards
to their online personal trading accounts and pension/IRA assets ..

Coin wallets need to provide the user with that same level of real or perceived
security before wide spread public acceptance/usage of crypto currencies occurs ..

Triff ..

[davidgdg]

OK ..

I think I see the problem here with the brain wallet ( or any local wallet )

All the security measures are focused on frustrating access to one's wallet
( strong passphrases, encryption, 2FA, private keys or a combination of such features )

Once someone has gained access by keyloggers or other means to your wallet however ..
game over .. your coins are gone ..  

Don't wallets need an additional security feature(s) from within the wallet
that would need to be 'passed' in order to activate an outgoing transaction ??

I don't know how that could be accomplished ..
I'm just throwing it out there for consideration ..

Look at the growth of online securities trading
It took awhile but people have no problem with their online brokerage accounts
holding substantial assets ie Fidelity/Vanguard/TDAmeritrade etc etc
If someone broke into my IRA account I suppose they could sell my stock positions
or try to request a withdrawal of funds ( which would just be sent to me anyway )

My point is most users are comfortable with the level of 'security' with regards
to their online personal trading accounts and pension/IRA assets ..

Coin wallets need to provide the user with that same level of real or perceived
security before wide spread public acceptance/usage of crypto currencies occurs ..

Triff ..

This is where, it pains me to admit it, Apple scores highly.  Their walled garden approach means that key-logging etc is a pretty remote risk. And on an iphone (not jail-broken) it is basically zero. Of course you still need to have a BTC app, but the recent announcement means that should not be a problem going forward. I still have my old blockchain.info app and I am a lot more comfortable logging on via my iphone than on my PC.  Ditto to sites such as bitstamp.

[TimS]

"A cryptosystem should be secure even if everything about the system, except the key, is public knowledge."

The "brain" element of your cryptosystem does not add substantial complexity: if I know your system, and I don't know your 256-bit key, it's unbreakable. If I know your system, and I know your 256-bit key, but not your passphrase, it's easy to crack. Your example password has about 44-bit entropy; given that each try is just a SHA256 hash, that means I need at most 17.6 terahashes to break it. A cheap 30 GH/s USB miner could break it in about 5 minutes (assuming it could be used for that).

Being lax with your 256-bit key should be understood as lowering your security to the security of the brainwallet then: 44 bits. You should not store any amount of money with just 44 bits of security.

If the 256-bit key were kept secret, the system would be secure. It's just that the only significant security comes from the 256-bit key, not the passphrase.

[OrphanedGland]

You musta missed the fact everyone uses https://keybase.io/warp/ now?

I keep hearing that brain wallets are not viable solutions and that we have to use hardware/software wallets with a bitcoin client to have a secure wallet, because of the lack of entropy in wallets generated by brainwallet passwords. Rubbish! There is a really simple way to fix this problem and make your brain wallet 100 times more secure.

Code:

Private key = SHA256(salt+passphrase)

[Phinnaeus Gage]

I have a way that is better, but if I told you then everybody would know!

IhaveawaythatisbetterbutifItoldyoutheneverybodywouldknow

Well, that didn't take too long to crack. Thank you, sir, may I have another? 

[Phinnaeus Gage]

The reason I completely avoid using brainwallets is because we as humans are not as random as we think. If a word or phrase can be read, then it's not completely random. Even if you have the salt + passphrase format, the "correcthorsebatterystaple" element is still not random. Yes it's more secure, but still not totally random.

Picking words from a dictionary by closing your eyes, flicking through 500 pages and sticking your finger on a "random" page , is random enough for all necessary purposes. 

I'd go one step further. Turn the dictionary upside down prior to flipping the pages and poking for words.

Pick 5 words.
Alphabetize them, and remember that order.
Chain them together.
Spell the first, third and fifth (or second and forth) word backwards.
Convert all the o;s and i;s to zeros and ones.
Voilà.

[TrailingComet]

Not buying that, brain wallets are just too damn risky!