Making a brain wallet "cheat sheet"

[Topazan]

To my understanding, using hashed string as a brain wallet carries with it the following risks:

1. The passphrase might be forgotten.
2. The passphrase might be randomly brute-forced by an attacker performing something like a dictionary attack on hashed strings.
--2.5  There could be an unintentional collision with someone who happens to use the same passphrase.
3. The passphrase might be stolen/phished/whatever.
4.  Some combination of 3 and 2.  Part of the passphrase is stolen, and the rest is discovered through brute force.

(1) is a big concern for me.  I intend to keep some savings in bitcoin for a long time, and it's very likely that I will forget the key if it is too difficult to remember.

My idea is to make a list of personal questions, and have the answers be my passphrase.  I understand that because of (2) doing so is magnitudes less secure than using a randomly generated passphrase, but using a random phrase would make (1) likely.  I wanted to have the key based on facts that will remain relatively significant to me throughout my life.

The list will be semi-secret.  I'm not going to show it in public, but I won't worry about keeping copies in several different places, online and offline.

My thinking is that in order to access my BTC, the attacker would either have to know me very well or invest considerable resources researching me.  With a sufficiently long list, (2) is less likely, albeit still a possibility.  I was thinking at least fifteen questions.

There's a small risk that the attacker will indeed know me well.  I need to think of some questions that I'll always remember the answer to, but have never told anyone else and never will.  This is easier said than done.

To minimize the risk of someone finding the list and brute forcing the answers they don't know, I'll need to think of multiple questions with a large number of possible answers.  Any suggestions?  I've also included some "trick" questions, where the nature of the answer is unexpected.

Comments?  Anyone with a better understanding of cryptography able to give me some idea of how many questions with how many possible answers would be needed to make this impractical to brute force?

[1715031908]

1715031908

[1715031908]

1715031908

[1715031908]

1715031908

[1715031908]

1715031908

[cbeast]

I'm eventually planning a website with many many brain wallet tools. You have a good idea. I have many ideas also. One of the things I'm working on is accessing your brain in different states of consciousness to defeat chemical and physical coercion.

[CIYAM]

I would advise that at the very least some of your "answers" (assuming each one is a part of the pass phrase) should include numerical characters and also other characters (such as - $ @ &).

The following might give you some ideas:

Q. Birth date of someone important:
A. 1779-03-14

Q. Price paid for your first bitcoin:
A. $5.55

Q. An obvious equation:
A. 1+1=10

Q. Gave you a nudge:
A.

Q. Long live:
A. Rock&Roll

Q. Full Metal Jacket:
A. *****

Pass phrase: 1779-03-14$5.551+1=10;)Rock&Roll*****

[Topazan]

cbeast - Could you expand on that?  I'm not sure I understand.  Does it involve hypnosis or dream hacking? 

CIYAM Pty. Ltd. - Yeah, that's a good idea.  I had the same thought.

[jim618]

You could use the GPS coordinates of somewhere memorable (eg where you had your first kiss)

You will almost certainly forget the coordinates but can look them up, or actually go there again with a GPS sensor. You would need to remember the level of accuracy and map coordinate system for it to be repeatable.

So the question might be:

Where were you bitten by a dog when you were seven ? (lat, long in degrees to 0.01 degrees)

[Topazan]

Hm, I don't know that much about GPS, but if you say it stays constant over time I'll take your word for it.

That sounds like a good idea, but you would have to use a very low level of precision to ensure it stays constant.  Otherwise, you risk losing tack of that area through earthquakes, landslides, and redevelopment.  I wouldn't feel comfortable getting much more precise than the city the even took place in.  It would be difficult to figure out exactly what part of the new commercial development used to be the park where you were bitten.

This would be good for a retirement account, since it would be a lot of trouble to dig up this info on a more regular basis.  It would certainly be hard to brute force though.

[Pieter Wuille]

I believe in almost all places of the world, vulcanos/earthquakes/other tectonic activity, rarely causes changes more than centimers per year.

Also, you don't need perfect accuracy; you can still have the system attempt coordinates in an area wider and wider around the chosen location. Using a coordinate with accuracy 1m, and using areas of 30m in size seems quite reasonable, and requires only trying a 1000 coordinates.

Seems like a nice idea, using this as entropy.

[Topazan]

I believe in almost all places of the world, vulcanos/earthquakes/other tectonic activity, rarely causes changes more than centimers per year.

Also, you don't need perfect accuracy; you can still have the system attempt coordinates in an area wider and wider around the chosen location. Using a coordinate with accuracy 1m, and using areas of 30m in size seems quite reasonable, and requires only trying a 1000 coordinates.

Seems like a nice idea, using this as entropy.

I was mostly joking about earthquakes, but the risk I was talking about is that all familiar landmarks could be changed.  Presumably the location you choose is something, like a house, a school, a park, a wooded grove, or any number of destructible things.  If the area is redeveloped, it might not be easy to find the exact location you're looking for from memory.

I agree it would work if you didn't rely on perfect accuracy though.

[cbeast]

cbeast - Could you expand on that?  I'm not sure I understand.  Does it involve hypnosis or dream hacking? 

Drugging travelers with Devil's Breath or similar substances is becoming a threat and is even possible at home. Banks often have a limit of what you can withdraw, but Bitcoin doesn't. There are behaviors that are only possible in certain mental states. These can be used to protect against drugging. Physical coercion can be defended against through training to reveal decoy, nested, or event locked accounts.

[Topazan]

Sounds interesting.  Best of luck to you.

[bg002h]

To my understanding, using hashed string as a brain wallet carries with it the following risks:

1. The passphrase might be forgotten.
2. The passphrase might be randomly brute-forced by an attacker performing something like a dictionary attack on hashed strings.
--2.5  There could be an unintentional collision with someone who happens to use the same passphrase.
3. The passphrase might be stolen/phished/whatever.
4.  Some combination of 3 and 2.  Part of the passphrase is stolen, and the rest is discovered through brute force.

(1) is a big concern for me.  I intend to keep some savings in bitcoin for a long time, and it's very likely that I will forget the key if it is too difficult to remember.

My idea is to make a list of personal questions, and have the answers be my passphrase.  I understand that because of (2) doing so is magnitudes less secure than using a randomly generated passphrase, but using a random phrase would make (1) likely.  I wanted to have the key based on facts that will remain relatively significant to me throughout my life.

The list will be semi-secret.  I'm not going to show it in public, but I won't worry about keeping copies in several different places, online and offline.

My thinking is that in order to access my BTC, the attacker would either have to know me very well or invest considerable resources researching me.  With a sufficiently long list, (2) is less likely, albeit still a possibility.  I was thinking at least fifteen questions.

There's a small risk that the attacker will indeed know me well.  I need to think of some questions that I'll always remember the answer to, but have never told anyone else and never will.  This is easier said than done.

To minimize the risk of someone finding the list and brute forcing the answers they don't know, I'll need to think of multiple questions with a large number of possible answers.  Any suggestions?  I've also included some "trick" questions, where the nature of the answer is unexpected.

Comments?  Anyone with a better understanding of cryptography able to give me some idea of how many questions with how many possible answers would be needed to make this impractical to brute force?

Brute force...With or without a rubber hose?

[byronbb]

Brute force...With or without a rubber hose?

Too good. A+

[bg002h]

Seriously though...the more coin you put in your head, the larger the number of people who will have access to it...

I'd have a better chance, given a rubber hose, of getting your pass phrase from you than from your safety deposit box at the bank.

[Topazan]

That's a completely different conversation.  Check out this thread here.

[bb113]

cbeast - Could you expand on that?  I'm not sure I understand.  Does it involve hypnosis or dream hacking?  

Drugging travelers with Devil's Breath or similar substances is becoming a threat and is even possible at home. Banks often have a limit of what you can withdraw, but Bitcoin doesn't. There are behaviors that are only possible in certain mental states. These can be used to protect against drugging. Physical coercion can be defended against through training to reveal decoy, nested, or event locked accounts.

I would look at storing the key in motor memory. For example a difficult song to play on guitar/piano/[your skill here]. Choose a task you would be unable to perform while drugged. I'm not sure if the tools needed to accomplish this currently exist. Something like guitar hero is a first step though.

edit: Perhaps a customizable rubic's cube like device.

[Topazan]

cbeast - Could you expand on that?  I'm not sure I understand.  Does it involve hypnosis or dream hacking?  

Drugging travelers with Devil's Breath or similar substances is becoming a threat and is even possible at home. Banks often have a limit of what you can withdraw, but Bitcoin doesn't. There are behaviors that are only possible in certain mental states. These can be used to protect against drugging. Physical coercion can be defended against through training to reveal decoy, nested, or event locked accounts.

I would look at storing the key in motor memory. For example a difficult song to play on guitar/piano/[your skill here]. Choose a task you would be unable to perform while drugged. I'm not sure if the tools needed to accomplish this currently exist. Something like guitar hero is a first step though.

edit: Perhaps a customizable rubic's cube like device.

Hm, I could see adding a skill element to the key being a good idea.  It would be difficult to use music if only because of the precision that would be required, but I can see some possibilities.

Of course, one risk would be that you would be unable to access your funds if your motor skills were impaired through other means such as injury.

[cbeast]

cbeast - Could you expand on that?  I'm not sure I understand.  Does it involve hypnosis or dream hacking?  

Drugging travelers with Devil's Breath or similar substances is becoming a threat and is even possible at home. Banks often have a limit of what you can withdraw, but Bitcoin doesn't. There are behaviors that are only possible in certain mental states. These can be used to protect against drugging. Physical coercion can be defended against through training to reveal decoy, nested, or event locked accounts.

I would look at storing the key in motor memory. For example a difficult song to play on guitar/piano/[your skill here]. Choose a task you would be unable to perform while drugged. I'm not sure if the tools needed to accomplish this currently exist. Something like guitar hero is a first step though.

edit: Perhaps a customizable rubic's cube like device.

Hm, I could see adding a skill element to the key being a good idea.  It would be difficult to use music if only because of the precision that would be required, but I can see some possibilities.

Of course, one risk would be that you would be unable to access your funds if your motor skills were impaired through other means such as injury.

These are the kinds of things I am researching. Of course you don't use them for all your wallets. There will be many types that can secure your accounts. The possibilities are endless and customizable for every unique person's talents.

[Peter Todd]

This is the system I use:

1) Generate a password that you can remember individually. Personally I use the program pwgen which produces "pronounceable passwords". I use it in 8-character upper/numerals/symbols mode.

2) Write that password down. Yes this is heresy; you'll securely destroy it later.

3) Memorize that password. This is a lot easier than you think. I find if I spend 5 minutes a day memorizing a password I can recall it easily in a week or so, and have probably memorized it pretty much permanently after a month or two. Remember studying in university? Use those techniques. Flashcards are very effective; an important part of memorization is being forced to recall what you are trying to memorize.

4) Repeat until you have 5 different passwords memorized. During this process it helps to do something like encrypting different files with the sub-passwords, and practice decrypting them to ensure you don't forget the individual parts. This also allows you to avoid having copies of the parts of the password if you're paranoid.

5) Take all five passwords and concatenate them into one big super password: eiS9ui@R + vi4Ug~ee + Aet\ito0 + ohB$oh9w + Roh"k2ie = eiS9ui@Rvi4Ug~eeAet\ito0ohB$oh9wRoh"k2ie

6) Use this password! Eventually you will forget it, although the time it takes to forget it will go down exponentially the longer you use it. For me I make a point of using my passwords every month or so. Even just recalling it mentally is enough.


This final password is now 40 characters long. How secure is it? We want at least 128 bits of entropy to make it infeasible to brute-force the password.

Well to make the password pronounceable pwgen filters out non-pronounceable letter combinations, which roughly speaking means that vowels are separated by constants. For the sake of analysis lets say we have a strict vCvCvCvC format; the actual algorithm allows for more possibilities. So each 8 character password divides into 4 pairs, each with 105 possible combinations. log((105^4)^5)/log(2)=134, IE we have 134 bits of entropy. Good enough!

One upper case character per password adds about 8 more possibilities. The one numeral adds roughly another 8*10 and the one symbol adds 8*32. log((105^4*8*8*10*8*32)^5)/log(2)=221 bits of entropy - almost the gold-standard 256bits level that modern encryption provides.


The key is that you don't try to memorize the whole thing at once. Split the task up into a few subtasks, IE, sub-passwords, and memorize them one after another. People used to have dozens of phone numbers in their head, memorized one at a time.


xkcd's famous password strength comic (http://xkcd.com/936/) is good advice too of course, although for a cryptographic password you need more like 12 randomly picked words. My point is that even doing things "the hard way" it's easier to come up with a really, really good password than people realize. You just gotta trust that you really can learn.

People used to commonly memorize entire books, word for word. Actors still memorize hundreds of lines for long plays, all the time. It's not that hard.

Of course, lets be realistic, the average Joe isn't going to do any of the above...

[Topazan]

retep -

If that works for you, more power to you.  I won't deny that it is possible to commit a large amount of information to memory in a fairly short time.  I just don't trust myself enough to rely on that to hold a secret without a backup.  If you get confused over one character, your coins may be lost forever.  The mental anguish that would put someone through just isn't worth it to me.

[cbeast]

I start with a simple passphrase per xkcd and then use my own personal recipe salting algorithm. It is something like this:
1. Reverse the passphrase and append it to the end. Then triple it.
2. Capitalize every third letter.
3. Put a space in after every prime position.
4. Put digits in the spaces from my old phone numbers and/or SSN with n=n+2
5. Switch the positions of every 5th and 6th character.

There are an infinite number of salting algorithms you can make up. Mine are at least if not more complex than this one. Then there is the book cipher. I prefer the Holy Bible KJV 1611.