A challenge to the idea that no-one can create a good brainwallet

[DannyHamilton]

Again there is still 1 BTC there.

Steal it (oh yes - I forgot - you can't).

There is a vehicle in Alaska right now that is unlocked with the keys in the ignition.

Go ahead, steal it.

Oh yes, I forgot, you can't.

Therefore, it must be comeplete secure from anyone ever stealing it.

[CIYAM]

My point is that you can't assume, just because nobody has written the correct software to crack your brainwallet, that nobody ever will.  You also can't assume that nobody in the entire world will every attempt to store their bitcoins using the exact same method as you (completely by coincidence) and stumble upon your bitcoins.

No one is assuming anything other than that.

This is about entropy - if my passphrase entropy is not good enough then the funds will be stolen.

[CIYAM]

Therefore, it must be comeplete secure from anyone ever stealing it.

Sure - let's just get back to the address I mentioned and the funds - not some imaginary situation.

[DannyHamilton]

This is about entropy - if my passphrase entropy is not good enough then the funds will be stolen.

Correct.

And the human mind is incapable of useful amounts of entropy.  Anything that any person in the world is capable of thinking, someone else in the world can also think.  We are deterministic creatures that are limited by our minds.

Clearly nobody has emptied the address yet, but that is a very bad way of determining if something is secure or not.

[DannyHamilton]

Therefore, it must be comeplete secure from anyone ever stealing it.

Sure - let's just get back to the address I mentioned and the funds - not some imaginary situation.

Just making a very obvious point about the flaw in your reasoning.

[CIYAM]

Clearly nobody has emptied the address yet, but that is a very bad way of determining if something is secure or not.

Well - if no-one can empty my address then how would you explain that?

(luck?)

[DannyHamilton]

Clearly nobody has emptied the address yet, but that is a very bad way of determining if something is secure or not.

Well - if no-one can empty my address then how would you explain that?

(luck?)

There is a difference between "nobody can empty my address" and "nobody has emptied my address".

Just like there is a difference between "nobody can steal my car" and "nobody has stolen my car".

You can't equate the fact that the funds haven't been taken with the concept that the funds can't be taken.

[CIYAM]

You can't equate the fact that the funds haven't been taken with the concept that the funds can't be taken.

You are really *reaching with this* - so you think that someone has worked out my private key and not taken the funds.

Then I'd ask that person to sign a message showing that they have the private key otherwise your post is rather ridiculous.

[jonald_fyookball]

This is about entropy - if my passphrase entropy is not good enough then the funds will be stolen.

Correct.

And the human mind is incapable of useful amounts of entropy.
 

This is definitely debatable, and I would personally disagree with this statement.
I've already given a method that demonstrates how you can generate high entropy.

Anything that any person in the world is capable of thinking, someone else in the world can also think.  We are deterministic creatures that are limited by our minds.

While both of these statements are somewhat true, neither preclude generation of entropy, and you're ignoring
several important facts.  Namely, that there is a large number of distinct words/thoughts/things
that exist...and while our thoughts may ultimately be deterministic, there is no meaningful way
to predict them.  Furthermore, we all have unique experiences, memories, and brains, so we will
come up with different thoughts.  Even our own selves will come up with different thought patterns
on different days and there is no way to predict them.  Combine that with enough components
to a brain wallet phrase, and high entropy is possible.


 

[exoton]

Clearly nobody has emptied the address yet, but that is a very bad way of determining if something is secure or not.

Well - if no-one can empty my address then how would you explain that?

(luck?)

There is a difference between "nobody can empty my address" and "nobody has emptied my address".

Just like there is a difference between "nobody can steal my car" and "nobody has stolen my car".

You can't equate the fact that the funds haven't been taken with the concept that the funds can't be taken.

The thing is that in order to steal a car, you need to be physically present while you do not even to be connected to the internet to crack a brain wallet (you only need a 'somewhat' up to date version of the blockchain.

The level of entropy that a brain wallet will use is not enough to keep it secure over the long term. This is especially true as ASICs are being made for scrypt based altcoins, which means that it will eventually be more profitable to re-purpose GPUs to attempt to mine brain wallets (which means more effort will be put into finding a brain wallet). I think that brain wallets may be secure for short term storage under certain circumstances (for example if you are crossing the border and/or going to be going to jail for a short time).

I also think the fact that no one has stolen your 1 BTC means that no one has found the private key. It is a known fact that some people "test" their brain wallet with small amounts of bitcoin to see if the money is quickly stolen and if so don't put what they "really" intended to put in it, and as a result people who are farming brain wallets will not always take the balance from a brain wallet just because there is a balance in it

[teukon]

Does anyone here mind telling me what a Brain wallet is please ? Basically you remember your Private key from your Wallet or how does it work exactly ?

A brain wallet is a wallet where all the information needed to spend the held bitcoins is memorised.

Memorising a private key (or extended private key: BIP-0032) is one simple way of doing this.  You might also memorise the essential contents of some service's paper-wallet backup (related reading: BIP-0039).

Some people will generate a passphrase themselves and take some 256-bit hash of that passphrase to be used as a private key.  However, it is common for people to create insufficient entropy in this process and thereby run the risk of having their bitcoins stolen.

silver fish kracker utoob the noob with phat boobs.

you can see were getting into serious entropy already.

I don't see.  How much entropy do you have here?

[jonald_fyookball]

Does anyone here mind telling me what a Brain wallet is please ? Basically you remember your Private key from your Wallet or how does it work exactly ?

A brain wallet is a wallet where all the information needed to spend the held bitcoins is memorised.

Memorising a private key (or extended private key: BIP-0032) is one simple way of doing this.  You might also memorise the essential contents of some service's paper-wallet backup (related reading: BIP-0039).

Some people will generate a passphrase themselves and take some 256-bit hash of that passphrase to be used as a private key.  However, it is common for people to create insufficient entropy in this process and thereby run the risk of having their bitcoins stolen.

silver fish kracker utoob the noob with phat boobs.

you can see were getting into serious entropy already.

I don't see.  How much entropy do you have here?

Very conservatively, that would be about 27 bits of
entropy minimum, since you have 4 words. (sliver fish kracker utoob).

The assumption is there would be minimum of 100
words people would choose.  100^4 = 100,000,000
combinations.

As I mentioned, you would need a 24 word passphrase
to generate 160 bits of entropy.

[jabo38]

I bet nobody gets your Bitcoin.

[exoton]

Does anyone here mind telling me what a Brain wallet is please ? Basically you remember your Private key from your Wallet or how does it work exactly ?

A brain wallet is a wallet where all the information needed to spend the held bitcoins is memorised.

Memorising a private key (or extended private key: BIP-0032) is one simple way of doing this.  You might also memorise the essential contents of some service's paper-wallet backup (related reading: BIP-0039).

Some people will generate a passphrase themselves and take some 256-bit hash of that passphrase to be used as a private key.  However, it is common for people to create insufficient entropy in this process and thereby run the risk of having their bitcoins stolen.

silver fish kracker utoob the noob with phat boobs.

you can see were getting into serious entropy already.

I don't see.  How much entropy do you have here?

Very conservatively, that would be about 27 bits of
entropy minimum, since you have 4 words. (sliver fish kracker utoob).

The assumption is there would be minimum of 100
words people would choose.  100^4 = 100,000,000
combinations.

As I mentioned, you would need a 24 word passphrase
to generate 160 bits of entropy.

I disagree with your assumption. There are roughly 1 million words in the English dictionary. One a potential attacker knew that a passphraise was going to be exactly 4 English words, then the number of potential combinations would be 1,000,000^4 which is 1 * 10^24. While this may sound like a lot, you need to understand that testing one combination would generally take the same amount of computing power to make one "hash". You also need to understand that "mining" brain wallet addresses is not the same as mining Bitcoin blocks as once you check an address, you will forever know what the private key is to an associated public address

[jonald_fyookball]

Does anyone here mind telling me what a Brain wallet is please ? Basically you remember your Private key from your Wallet or how does it work exactly ?

A brain wallet is a wallet where all the information needed to spend the held bitcoins is memorised.

Memorising a private key (or extended private key: BIP-0032) is one simple way of doing this.  You might also memorise the essential contents of some service's paper-wallet backup (related reading: BIP-0039).

Some people will generate a passphrase themselves and take some 256-bit hash of that passphrase to be used as a private key.  However, it is common for people to create insufficient entropy in this process and thereby run the risk of having their bitcoins stolen.

silver fish kracker utoob the noob with phat boobs.

you can see were getting into serious entropy already.

I don't see.  How much entropy do you have here?

Very conservatively, that would be about 27 bits of
entropy minimum, since you have 4 words. (sliver fish kracker utoob).

The assumption is there would be minimum of 100
words people would choose.  100^4 = 100,000,000
combinations.

As I mentioned, you would need a 24 word passphrase
to generate 160 bits of entropy.

I disagree with your assumption. There are roughly 1 million words in the English dictionary. One a potential attacker knew that a passphraise was going to be exactly 4 English words, then the number of potential combinations would be 1,000,000^4 which is 1 * 10^24. While this may sound like a lot, you need to understand that testing one combination would generally take the same amount of computing power to make one "hash". You also need to understand that "mining" brain wallet addresses is not the same as mining Bitcoin blocks as once you check an address, you will forever know what the private key is to an associated public address

Woah, you are missing the context here.

The passphrase isnt supposed to be 4 words.  It's supposed to be 24 words.  I only gave 4
in a prior post to demonstrate how to get random words.   Teukon asked how much entropy
those 4 words would have.
 
You can't go off a million words in the dictionary.  You go off 100 words
(an exaggeratedly SMALL number) to be on the safe side.  If brainwallet
skeptics say that "oh everyone has the same thoughts", well, assume
people would choose the same 100 words over and over and go with that.
So, the formula then becomes 100^24 = 160 bits of entropy.

[teukon]

silver fish kracker utoob the noob with phat boobs.

you can see were getting into serious entropy already.

I don't see.  How much entropy do you have here?

Very conservatively, that would be about 27 bits of
entropy minimum, since you have 4 words. (sliver fish kracker utoob).

The assumption is there would be minimum of 100
words people would choose.  100^4 = 100,000,000
combinations.

As I mentioned, you would need a 24 word passphrase
to generate 160 bits of entropy.

Ok, I thought you were suggesting that you'd built up quite a bit more entropy than this.  While I don't feel you have well-justified* that {a person looks around a room, selects an object, and makes 2 "mental hops"} generates (very conservatively) log_2(100) bits of entropy, I don't doubt that a person conscious of the subtleties of information theory would manage at least this.

(*) The assumption of there being 100 different words is insufficient to justify log_2(100) bits of entropy per word.  One also needs to assume that the person would select of these 100 words uniformly (each word as likely as the next) for this.  In reality, some words are going to be more common than others (maybe following a Pareto distribution?), hurting the entropy, but I expect this will be made up for by a larger dictionary (400 words should easily do it and even this seems a bit conservative to me).

[sangaman]

This is about entropy - if my passphrase entropy is not good enough then the funds will be stolen.

Correct.

And the human mind is incapable of useful amounts of entropy.  Anything that any person in the world is capable of thinking, someone else in the world can also think.  We are deterministic creatures that are limited by our minds.

Clearly nobody has emptied the address yet, but that is a very bad way of determining if something is secure or not.

A brainwallet doesn't have to come entirely out of your own brain's "RNG." There is a lot of info our brain can and does store that is generated externally.

I didn't know that anyone thought a secure (both from hacks and memory loss) brainwallet was impossible. I think that's quite clearly not the case. I personally use a brainwallet that is multiple sentences that don't appear anywhere in print or on the web, including words that don't appear in any dictionary, that has no real meaning to any strangers on the internet and which I can't even fathom forgetting. So GL to anyone who wants to crack that.

Of course there are still many ways one can go wrong when attempting to use a brainwallet, but it's hardly impossibly for it to be done well.

[johnyj]

Just watched a film "In time", when people carrying lots of times (the currency of future, embedded in the body like a brain wallet but the balance is visible on arm) walking around, they need to hire some bodyguards 

[qxzn]

I will say that while I do agree its possible, why not just use a RNG to help choose dictionary words?
If you don't trust computers, dice or cards work great.

The human brain is far more capable than most people seem to give it credit for  

I agree completely...

Not only on the creation of passphrases, but memory too.

Even memorizing a private key isn't THAT hard.  
Its 64 characters, or 32 pairs (E9, B2, etc).

I'm all about erring on the side of caution when
it comes to money but come on, its like people
have become mental midgets.

If I told you you have to memorize 5 private
keys by tomorrow or I'll kill your family, I bet
you would be able to do it.

Indeed:

http://en.wikipedia.org/wiki/Akira_Haraguchi

[hhanh00]

You can use anything for a brainwallet. It obviously includes seed words or a long hex string. In theory, a brainwallet has as much security as a random number generator. So why even argue that it's not the case?

@CIYAM, your experiment proves that you are capable of having a good brainwallet. Great - you have good memory and the skills to pick a high security sentence. Unfortunately, that is not the case for most of the other people and that's for them that the recommendation is.
I don't recommend jumping from buildings but if you are an expert at Parkour it's easy as walking.

@Danny, I have no idea why you want to prove than any brainwallet is bad. It's easy to prove that they have the same security if used properly.

I have crappy memory so I don't use a brainwallet. Besides, there are much easier way to keep your money secure. So what's the point?