A challenge to the idea that no-one can create a good brainwallet

[jonald_fyookball]

Well in general terms, my idea is simple.
Create a wallet requiring two keys.

Give one to your family, and
hire an attorney to be the executor
of your estate in order to provide
your family with the second key as part
of your will.  

There are many ways to implement
this.  It doesn't have to be literal "2 keys".
For example, it could be two halves of
a brain wallet phrase.  Or the lawyer could
have the entire phrase but only your family
has a scrambled electrum dictionary file
to convert this phrase into a wallet.

[blossbloss]

I have read this whole thread with great interest. I am a brainwallet user.  In a thread from over a year ago, I learned a lot about the difference between obfuscation and sufficient entropy.  Have a look...

https://bitcointalk.org/index.php?topic=350789.0

In the end, I decided to stay away from obfuscation.  I now use a truly random, very high entropy passphrase.  I couple that with a second random and high entropy BIP38 passphrase. My coin are extremely safe.

I read some of the comments. I never understood why people claim that obfuscation cannot add entroppy to the entire system. For example, if there are only 2 methods of obfuscation known to man then using one of them to further obscure your passphrase would add 1 additional bit of entropy.

I agree that obfuscation adds some entropy.  However, the mistake people make is in looking at the final resultant passphrase and think it has way more entropy than it really does.  The other mistake is in assuming that someone else won't think of your obfuscation.

[hhanh00]

Once you reveal your method for producing the pass phrase we can see that many fall short of the recommended entropy level. It's not saying your coins are unsafe because
1. The entropy is high enough for the moment
2. We don't know which addresses are yours
However a good method should not rely on hiding anything but the secret.
If you truly choose random 7 words from a good English dictionary you get 128 bit of entropy. It's all in the 'random' part

[548845]

Well in general terms, my idea is simple.
Create a wallet requiring two keys.

Give one to your family, and
hire an attorney to be the executor
of your estate in order to provide
your family with the second key as part
of your will.  

There are many ways to implement
this.  It doesn't have to be literal "2 keys".
For example, it could be two halves of
a brain wallet phrase.  Or the lawyer could
have the entire phrase but only your family
has a scrambled electrum dictionary file
to convert this phrase into a wallet.

I wouldn't trust an attorney with $1.
They know the law and they know how to break it and get away with it.

Then again, it's your money, do what you please with it.

[spartacusrex]

I keep my coins in a Brain Wallet. Love it.

What I am wondering is if publishing the address actually makes it an easier to crack ? I would think not..

But if so - why ?

Surely the big 'crack farms' just check any hash they create with the 150,000 or so valid addresses on the chain.

[CIYAM]

If revealing an address helped then we'd have a more serious issue (as that would mean that RIPEMD160 is not a secure hash algo).

I didn't reveal the address I did for any other reason except to prove that the funds (originally 10 BTC and now 1 BTC) are still there after a very long time (so none of the bots that try and crack brainwallets have been able to crack it).

It was actually a "canary" address (back when it held 10 BTC and when BTC wasn't worth so much) although because I have re-used the address (meaning the public key has been published) it now only serves the purpose of proving that it isn't so easy to crack a brain wallet.

[jonald_fyookball]

Well in general terms, my idea is simple.
Create a wallet requiring two keys.

Give one to your family, and
hire an attorney to be the executor
of your estate in order to provide
your family with the second key as part
of your will.  

There are many ways to implement
this.  It doesn't have to be literal "2 keys".
For example, it could be two halves of
a brain wallet phrase.  Or the lawyer could
have the entire phrase but only your family
has a scrambled electrum dictionary file
to convert this phrase into a wallet.

I wouldn't trust an attorney with $1.
They know the law and they know how to break it and get away with it.

Then again, it's your money, do what you please with it.

you're not trusting them with the money ,
you're only trusting they will
do their job and simply execute the will as you would
do anyway with an estate.

[johnyj]

This is always an interesting topic. How to construct a strong password without forget about it.

If you have 10+ passwords for different sites/wallets and some of them you might only use it once a year, how to remember all these passwords? And to make things worse, if all of your passwords are constructed with a similar pattern, if one of them is compromised, how can you make sure the rest are still safe? So, you might end up with many different coding patterns for different passwords, and you forget one of them much faster than you can imagine 

Password management software becomes single point of failure, but if it is on offline machine and have extra layers of protection, it might help to organize large amount of random passwords. Is there any other way to manage large amount of random passwords?

[jonald_fyookball]

This is always an interesting topic. How to construct a strong password without forget about it.

If you have 10+ passwords for different sites/wallets and some of them you might only use it once a year, how to remember all these passwords? And to make things worse, if all of your passwords are constructed with a similar pattern, if one of them is compromised, how can you make sure the rest are still safe? So, you might end up with many different coding patterns for different passwords, and you forget one of them much faster than you can imagine 

Password management software becomes single point of failure, but if it is on offline machine and have extra layers of protection, it might help to organize large amount of random passwords. Is there any other way to manage large amount of random passwords?

Easy:

Commit your brainwallets to memory and practice them.
Use pwd management software for everything else.

[CIYAM]

I wouldn't recommend using a brainwallet for website passwords but instead a password manager (as you mention re-using patterns could be a very bad idea).

In the future I would hope we could sign in to websites via QR code - one neat method I have thought about would be that when initially signing up you'd provide the equivalent of a Bitcoin "address". When you next go to sign in you would be presented with a service id and "nonce" in a QR code which you'd scan with an offline device.

It would look up the service id to find the public key (matching the address the service knows about) then sign a message containing the "nonce" and a new address which it would then display as a QR code for the service to scan to authenticate.

[Pente]

I use brainwallets all the time. My current system is composed of three parts. A salt phrase which I never change, a few passphrases, and a digit area which i simply increment to create a group of brainwallets so I don't have to reuse addresses (I started doing that after blockchain started reusing R values for transactions). So for example, my brainwallet is the HSH256 of "Mypassphrase+Mysalt+0000", "Mypassphrase+Mysalt+0001", ect.

I also use alt-keys to increase the level of entropy, even made a web site to make it easier on myself (also didn't trust brainwallet.org):

http://www.paganmind.com/_BrainWallet.html

I have a FB page for brainwallets now:

https://www.facebook.com/Brainwallet

If brainwallets catch on much, I was thinking of programming a wallet that is kind of like the Electrum wallet, but instead of a password, you would enter your brainwallet phrase. It would generate a set of addresses based on that phrase by incrementing a counter that is added to the phrase for each address.

BTW, I have a small amount of funds sitting in an old brainwallet with much less entropy than my current batch of brainwallets. Those funds are still sitting there.

[fonenumba]

I wouldn't recommend using a brainwallet for website passwords but instead a password manager (as you mention re-using patterns could be a very bad idea).

In the future I would hope we could sign in to websites via QR code - one neat method I have thought about would be that when initially signing up you'd provide the equivalent of a Bitcoin "address". When you next go to sign in you would be presented with a service id and "nonce" in a QR code which you'd scan with an offline device.

It would look up the service id to find the public key (matching the address the service knows about) then sign a message containing the "nonce" and a new address which it would then display as a QR code for the service to scan to authenticate.

I think this would be a better application to authorize things like a withdrawal from an exchange or to act as "2FA" to access a website/service.

Although I don't think this would be very feasible to implement into a strong brainwallet.

[TheButterZone]

So here is a brainwallet address I created two years ago: https://blockchain.info/address/1Au4v6dZacFVsWXeKUMJd99AtyBZeqti2L

Hmm. HMM!

[CIYAM]

So here is a brainwallet address I created two years ago: https://blockchain.info/address/1Au4v6dZacFVsWXeKUMJd99AtyBZeqti2L

Hmm. HMM!

Still has 1 BTC there (was that your point?).

I moved the other funds earlier in case you had missed that (decided that 10 BTC was really too much to leave there).

[almightyruler]

So here is a brainwallet address I created two years ago: https://blockchain.info/address/1Au4v6dZacFVsWXeKUMJd99AtyBZeqti2L

Hmm. HMM!

Still has 1 BTC there (was that your point?).

I moved the other funds earlier in case you had missed that (decided that 10 BTC was really too much to leave there).

1+ year bump

The remaining 1 BTC disappeared from this address in January 2019. Was the wallet cracked, or is this challenge over?

https://www.blockchain.com/btc/address/1Au4v6dZacFVsWXeKUMJd99AtyBZeqti2L

[vanupied]

I'd like to know too.

[dextronomous]

Then finally add a smiley you are partial to:

buzfap01$02%014STK1456cAonImA;)

and perhaps a lucky number as well.

buzfap01$02%014STK1456cAonImA;)7

Even at this stage my guess is that we are at a level of pretty safe entropy (provided you have not followed my formula but instead created your own).

Such a passphrase is not so difficult to learn (but does take time). So I think that most people are capable of creating a brainwallet but I think it will take them some time to develop it (but if you really care about your investment you'll spend the time to protect it).

buzfap01$02%014STK1456cAonImA;)7


are these, where these all the letter numbers, special chars used by you Ciyam, thanks.

[DooMAD]

are these, where these all the letter numbers, special chars used by you Ciyam, thanks.

I can't quite tell what you're trying to ask them, but they haven't logged in to these forums for almost three years now.  You'll need to go find them on their own forum if you want a response to your question, or to find out what happened to the funds in that brainwallet.