A challenge to the idea that no-one can create a good brainwallet

[itod]

@itod - if my brainwallet doesn't have enough entropy then why does it still have 1 BTC?

Because it is "good enough" that rainbow-table-generating guys still haven't cached up with it. The are trying every upper/lower/initial case combination + every spacing combination + 1337-speak combinations of every passphrase their machines can get their hands on. It doesn't mean that sooner or later they will not get you. If you passphrase protect the single instance of the wallet they may try forever, you would be safe.

[jonald_fyookball]

I don't dispute that creating brainwallets is not for everyone but I *do dispute* the idea that no-one is capable of creating a decent brainwallet.

Brainwallets just don't produce enough entropy for the seed of your private key.

that's the conventional wisdom we are challenging.  there is no reason why this has to be true (even if many people would screw it up).  

[jbrnt]

I think it is fairly easy to create a brainwallet with enough entropy to protect the coins. It is more challenging to remember the formula with no mistakes a few years from now.

[CIYAM]

I think it is fairly easy to create a brainwallet with enough entropy to protect the coins. It is more challenging to remember the formula with no mistakes a few years from now.

As stated - I checked the address by remembering my passphrase before I created the topic (so I have managed to remember it now for over 2 years).

[itod]

I think it is fairly easy to create a brainwallet with enough entropy to protect the coins. It is more challenging to remember the formula with no mistakes a few years from now.

If you can't remember it, it can not be called a brainwallet. If you can remember it, it has a fraction of the entropy of any PRNG.

Edit: although PRNG have their own set of problems which is not the topic here. Nevertheless they are the best tool we have.

[confirmation120]

buzfap01$02%014STK1456cAonImA;)7

Even at this stage my guess is that we are at a level of pretty safe entropy (provided you have not followed my formula but instead created your own).

I am not sure this would be long enough. It may be a good start, but I would say you probably need to have additional words at the end of the the above.

I don't dispute that creating brainwallets is not for everyone but I *do dispute* the idea that no-one is capable of creating a decent brainwallet.

Brainwallets just don't produce enough entropy for the seed of your private key. It's known fact that there are several groups with GPU farms creating giant rainbow tables for these purposes. It's generally considered that every passphrase that can be Googled is not secure enough for the brainwallet. There's a guy who reported that passphrase created from the entire poem written in some obscure language (Afrikaans) has been bruteforced. For instance, I've took the four words from your sentence above in random order "capable dispute creating everyone" and it returns 0 hits on Google (until I post this, at least). This may be a good brainwallet by your criteria since if I haven't post it it would be probably safe against attackers for a very, very long time, but it has nowhere close enough entropy compared to any decent PRNG. The question is this: If it's inferior from the security standpoint then any address generated by the Bitcoin-QT wallet, why don't you let the Bitcoin-QT generate the address and after that passphrase protect the wallet with the same "capable dispute creating everyone" passphrase, making it infinitely harder for the attacker since he has to hack your machine first + hack the passphrase, instead of only hacking the passphrase?

I think this was somewhat already addressed. It was mentioned that you should not make your passphraise anything that has ever been published, in any language. If you make it truly random and something that has not been published anywhere then you should be okay. As I mentioned above, something the length of only 4 words is probably not long enough.

[CIYAM]

If you can't remember it, it can not be called a brainwallet. If you can remember it, it has a fraction of the entropy of any PRNG.

And we have seen broken PRNGs lead to the loss of many Bitcoins already.

I personally trust my own brain more than than a PRNG - if you wish to trust a PRNG that is of course your choice.

[CIYAM]

I am not sure this would be long enough. It may be a good start, but I would say you probably need to have additional words at the end of the the above.

The actual length I used for my brainwallet is longer but not much longer (again I will state that this address was created over 2 years ago and has not been hacked).

Am sure there are some now trying to crack my address but that's okay - this is the experiment I am doing.

[jonald_fyookball]

I think it is fairly easy to create a brainwallet with enough entropy to protect the coins. It is more challenging to remember the formula with no mistakes a few years from now.

If you can't remember it, it can not be called a brainwallet. If you can remember it, it has a fraction of the entropy of any PRNG.
 

This is absurd.  

1.  Yes, you need LONGER passphrases if they are human generated, but
you can't define the security based on human memory.  My memory
has nothing to do with whether the phrase was generated by
a computer or by a human.

2. IMO, a brain wallet is still a brain wallet if you use it as such
(electrum generated seed for example), regardless of how the
phrase was generated.

3. Some people have very good memories.  Some people
memorize entire books.

[itod]

If you can't remember it, it can not be called a brainwallet. If you can remember it, it has a fraction of the entropy of any PRNG.

And we have seen broken PRNGs lead to the loss of many Bitcoins already.

I personally trust my own brain more than than a PRNG - if you wish to trust a PRNG that is of course your choice.

As I've added in the edit in my post above, PRNGs have their set of issues. There was a single bigger case of lost bitcoins caused by the known bug in Android PRNG, and the number of coins that where lost was < 100 if I remember correctly + the users where reimbursed by Blockchain.info whose wallet was the app that used Android PRNG mentioned above. The number of bitcoins lost to bad brainwallet is at least an order of magnitude (if not two orders of magnitude) bigger then that. Remember also that that bug was corrected once and for all, while bad brainwallets are generated over and over again. As you've said, everyone has a choice what to use.

[CIYAM]

True - if you use a bad passphrase for your brainwallet you'll lose your funds almost instantly.

But the purpose of this topic is not to debate about that but whether or not you can actually protect BTC with a good brainwallet (as nearly every topic I have read on this forum about brainwallets suggests that my 1 BTC should have already been stolen).

So why is my 1 BTC not stolen?

[jonald_fyookball]

True - if you use a bad passphrase for your brainwallet you'll lose your funds almost instantly.

But the purpose of this topic is not to debate about that but whether or not you can actually protect BTC with a good brainwallet (as nearly every topic I have read on this forum about brainwallets suggests that my 1 BTC should have already been stolen).

So why is my 1 BTC not stolen?

I will say that while I do agree its possible, why not just use a RNG to help choose dictionary words?
If you don't trust computers, dice or cards work great.

[CIYAM]

I will say that while I do agree its possible, why not just use a RNG to help choose dictionary words?
If you don't trust computers, dice or cards work great.

The human brain is far more capable than most people seem to give it credit for - so I give this 1 BTC wallet as an example of that (if I lose that 1 BTC it is not as though it won't be noticed now).

Again I am not against using random methods to help but after seeing the failures of PRNG's before I'd rather trust myself than an OS that might have a buggy PRNG (of course the dice suggestion is a good one).

[CIYAM]

A big part of the reason I created this topic was to measure the thinking that others have about brainwallets.

It is correct that most people are not capable of creating good brainwallets but to suggest that no-one can do this is IMO just wrong. If I lose the 1 BTC I've exposed then maybe I'll have to change my thinking - but until then I am saying brainwallets are a great way to store funds for those that have the capability to do so.

And btw - anyone trying to find my key by following the suggestions that I made in this topic won't have a chance to get my 1 BTC. 

[jonald_fyookball]

I will say that while I do agree its possible, why not just use a RNG to help choose dictionary words?
If you don't trust computers, dice or cards work great.

The human brain is far more capable than most people seem to give it credit for  

I agree completely...

Not only on the creation of passphrases, but memory too.

Even memorizing a private key isn't THAT hard.  
Its 64 characters, or 32 pairs (E9, B2, etc).

I'm all about erring on the side of caution when
it comes to money but come on, its like people
have become mental midgets.

If I told you you have to memorize 5 private
keys by tomorrow or I'll kill your family, I bet
you would be able to do it.

[DannyHamilton]

@itod - if my brainwallet doesn't have enough entropy then why does it still have 1 BTC?

I am not against hardening one's brainwallet but my point is rather a simple one - if no-one can possibly come up with a secure brainwallet then why do I still have 1 BTC

The fact that something hasn't been stolen yet is not an indication that it is secure.

My vehicles have been parked in my driveway in front of my house for the past 50 years.  The vehicle doors are always unlocked.  The key is always in the glovebox.

I have never yet had a vehicle stolen.

Does this mean that I've found a secure way to store my vehicle?  Certainly my 50 years is longer than your 2 years.

[CIYAM]

Does this mean that I've found a secure way to store my vehicle?  Certainly my 50 years is longer than your 2 years.

So you are over 50 years old now?

(seriously that is not a good argument)

If my key could have been found easily it would have already been found.

[DannyHamilton]

Does this mean that I've found a secure way to store my vehicle?  Certainly my 50 years is longer than your 2 years.

So you are over 50 years old now?

Does my age matter?

The point stands on its own.

There are a significant number of people in the world that leave their vehicle unlocked with the key in the vehicle and that have not had their vehicle stolen.  Does the simple fact that a vehicle hasn't been stolen yet mean that the method of storing it is "secure"?

(seriously that is not a good argument)

Honestly, that's a perfect argument.

You are stating that your brainwallet is proven "secure" simply because it hasn't been stolen yet.  Meanwhile many people with brainwallets have had their funds stolen.

I'm pointing out that a method of securing something that results in some losing what they are securing, can't be considered "secure" just because others haven't yet lost what they are securing.

[CIYAM]

@Danny - there are people running software 24x7 to hack weak passwords - you know this.

So why pretend that you don't?

Again there is still 1 BTC there.

Steal it (oh yes - I forgot - you can't).

[DannyHamilton]

@Danny - there are people running software 24x7 to hack weak passwords - you know this.

So why pretend that you don't?

There are also people stealing vehicles 24x7.

My point is that you can't assume, just because nobody has written the correct software to crack your brainwallet, that nobody ever will.  You also can't assume that nobody in the entire world will every attempt to store their bitcoins using the exact same method as you (completely by coincidence) and stumble upon your bitcoins.