A challenge to the idea that no-one can create a good brainwallet

[CIYAM]

So here is a brainwallet address I created two years ago: https://blockchain.info/address/1Au4v6dZacFVsWXeKUMJd99AtyBZeqti2L

Originally I had stored 10 BTC there but after reading so many posts from people such as Gavin I decided to reduce the risk to 1 BTC but kept that just to see if my brainwallet would be discovered.

So after 2 years no-one has discovered it (and it is an address that was created via a passphrase that I have remembered successfully since then - I retested my memory of the passphrase just prior to making this post).

I don't dispute that creating brainwallets is not for everyone but I *do dispute* the idea that no-one is capable of creating a decent brainwallet.

So now that you know the address - let's see if anyone can work out my passphrase and steal the 1 BTC.



Also I'd be interested to know from those who are keen on analysing the blockchain how much BTC they think I might have based upon this address.

[jonald_fyookball]

I totally agree.  Brain wallets are great IF you know what you are doing. 
I get why they are not recommended...we don't want noobs losing their
coins due to poor passphrases.

[CIYAM]

For sure I am not *recommending* them but just putting the case forward that they are actually feasible if you have the ability (this is in no way trying to encourage any noobs to use brainwallets).

As a counterpoint I was playing around with raw txs and stupidly re-used an address that had been published before (in an uncompressed version). My compressed version was relieved of its funds almost immediately after making the tx (luckily it was a trivial amount).

[MadGamer]

Does anyone here mind telling me what a Brain wallet is please ? Basically you remember your Private key from your Wallet or how does it work exactly ?

[jonald_fyookball]

For sure I am not *recommending* them but just putting the case forward that they are actually feasible if you have the ability (this is in no way trying to encourage any noobs to use brainwallets).

as long as we're challenging conventional wisdom,
I would also argue that humans are capable of creating
high entropy passphrases.

[CIYAM]

Does anyone here mind telling me what a Brain wallet is please ? Basically you remember your Private key from your Wallet or how does it work exactly ?

Trying to memorise a private key would be even challenging to people with very good memories - so no - in general you'd memorise a long passphrase that gets hashed.

[CIYAM]

as long as we're challenging conventional wisdom,
I would also argue that humans are capable of creating
high entropy passphrases.

I agree - and would like this topic to perhaps focus on *how* this can be achieved (in a general enough manner not to give away my own passphrase of course).

Let's start with what you should *not do*.

1) Do not use a published phrase from literature or pop-culture (i.e. some lyrics of a hit song are never going to be a good idea).

[CIYAM]

My suggestion is to build up your secure pass phrase over time.

Start with something small (and don't ever use it publicly - perhaps use it for encrypting some private files locally or the like).

A nonsense word can be a good start if it is something that is only known to yourself and say a couple of friends (e.g. buzfap).

[robmob]

Sweet challenge nothing like trying to win some free BTC

[CIYAM]

Once you have your nonsense word then maybe add a date (but format the date in an unusual manner such as dd$mm%yyy).

So now we have: buzfap01$02%014

[CIYAM]

Perhaps you have followed some stocks in the past and there is one that you don't tell anyone about because you didn't do very well with it (or perhaps the one you never invested in but wish you had).

Let's add its ticker (in upper case).

So now maybe we have: buzfap01$02%014STK

[jonald_fyookball]

as long as we're challenging conventional wisdom,
I would also argue that humans are capable of creating
high entropy passphrases.

I agree - and would like this topic to perhaps focus on *how* this can be achieved (in a general enough manner not to give away my own passphrase of course).

I am a fan of electrum and use the 12 word seed as a brain wallet.  
Computer generated passphrases have measurable entropy and
will be shorter and this easier to memorize.

However, I can create a strong passphrase by using
random word association, my current surroundings,
and a little bit of creativity.

If I want to be on the safe side, let's say I want 160
bits of entropy (the highest applicable), then I should
choose 24 words given the very conservative estimate
that there's only 100 random words people would use.
100^24 ~= 2^160.

let's use a technique I call "2 mental hops".

right now I see some silver tinsel, so maybe I'll start
with the word silver.  silver sounds like sliver which
reminds of a sliver of fish, so that's 2 mental hops
from silver to fish.  so far I have "silver fish".

now I can either do another 2 mental hops from
fish, or choose a new word.  let's say fish reminds me
of barrel, and barrel reminds me of cracker.  but I'll
twist this further and spell it kracker.

so far I have fish silver kracker.

now I look at some ice in my glass, let's do 2 mental hops,
with a twist...ice reminds me of vanilla ice, which I saw
on YouTube.  so, I'll spell it utoob.  now I have silver fish kracker utoob.

etc etc

you can also do silly rhymes and include them too.

silver fish kracker utoob the noob with phat boobs.

you can see were getting into serious entropy already.

[CIYAM]

You are right on to my wavelength here.

So let's see where we can go next with my simple experiment.

After our stock ticker addition lets add a number that we can come up with without anyone else easily knowing such as the number of lines of code we had committed to github in the year before we started creating this passphrase.

Now we are at say: buzfap01$02%014STK1456

[CIYAM]

and after this lets add a swear word translated into a different language than our native one (mixing the case)

buzfap01$02%014STK1456cAonImA

[CIYAM]

Then finally add a smiley you are partial to:

buzfap01$02%014STK1456cAonImA;)

and perhaps a lucky number as well.

buzfap01$02%014STK1456cAonImA;)7

Even at this stage my guess is that we are at a level of pretty safe entropy (provided you have not followed my formula but instead created your own).

Such a passphrase is not so difficult to learn (but does take time). So I think that most people are capable of creating a brainwallet but I think it will take them some time to develop it (but if you really care about your investment you'll spend the time to protect it).

[jonald_fyookball]

yes there are many techniques that would be possible.  most important thing is have enough components to ensure high entropy.

[CIYAM]

yes there are many techniques that would be possible.  most important thing is have enough components to ensure high entropy.

Not only enough but not to use stupid things like *famous years* or *football teams that won a grand final*, etc.

[itod]

I don't dispute that creating brainwallets is not for everyone but I *do dispute* the idea that no-one is capable of creating a decent brainwallet.

Brainwallets just don't produce enough entropy for the seed of your private key. It's known fact that there are several groups with GPU farms creating giant rainbow tables for these purposes. It's generally considered that every passphrase that can be Googled is not secure enough for the brainwallet. There's a guy who reported that passphrase created from the entire poem written in some obscure language (Afrikaans) has been bruteforced. For instance, I've took the four words from your sentence above in random order "capable dispute creating everyone" and it returns 0 hits on Google (until I post this, at least). This may be a good brainwallet by your criteria since if I haven't post it it would be probably safe against attackers for a very, very long time, but it has nowhere close enough entropy compared to any decent PRNG. The question is this: If it's inferior from the security standpoint then any address generated by the Bitcoin-QT wallet, why don't you let the Bitcoin-QT generate the address and after that passphrase protect the wallet with the same "capable dispute creating everyone" passphrase, making it infinitely harder for the attacker since he has to hack your machine first + hack the passphrase, instead of only hacking the passphrase?

[jonald_fyookball]

yes there are many techniques that would be possible.  most important thing is have enough components to ensure high entropy.

Not only enough but not to use stupid things like *famous years* or *football teams that won a grand final*, etc.

well even that would not matter if you had 24 different things in there and the order was jumbled but yes it would be better to use 1842 rather than 1776

[CIYAM]

@itod - if my brainwallet doesn't have enough entropy then why does it still have 1 BTC?

I am not against hardening one's brainwallet but my point is rather a simple one - if no-one can possibly come up with a secure brainwallet then why do I still have 1 BTC (I should have zero) and this brainwallet has existed for over 2 years (presumably since I've now made this address public the funds should be gone very soon).

So let's see how quickly I lose the 1 BTC (I have published this address as an experiment).