Seems he killed it around last month.... Actually, it seems he deleted all his posts, like he "banned" himself or something.
A very strange fact.In fact his projects rock and they're still online.
Topic: --- (Read 10363 times)
I would not recommend memorizing 40 alphanumeric characters. Not only do I think it's overkill, but it's also dangerous because you could easily forget it.
You would be better off memorizing 12 random words, which is plenty secure and easier to remember.
You would be better off memorizing 12 random words, which is plenty secure and easier to remember.
Good idea.
Government Agent: "Please tell me your brain wallet password!!!"
Me: "I'm sorry, I forgot! It was 64 characters."
Actually, my use case for stuff like this is to have the characters printed out on paper. It's not a "brain" wallet anymore though.
Since someone bumped this thread, I just thought to mention, that if I can memorize 1 million characters, I might as well memorize the raw private key. Really, anything over a hundred characters is overkill. I'ma just randomly generate 40+ alpha numeric characters and memorize that. 60+ chars if case insensitive (or all one case).
Just don't use the first 60 digits of pi because everyone already has that memorized. I only memorize the first 17 digits because that's all any NASA scientist ever needs. (They use 15~16 for GPS calculations and everything within this solar system.)
Just don't use the first 60 digits of pi because everyone already has that memorized. I only memorize the first 17 digits because that's all any NASA scientist ever needs. (They use 15~16 for GPS calculations and everything within this solar system.)
I want a version that spits out compressed keys. The private keys that begin with the letter K or L instead of the number 5.
This would be easy to implement, and I understand why this is a desired function. However, I prefer not to add more options that add to the complexity. It may seem minimal to seasoned bitcoiners, but I worry that newcomers may be scared away by any additional options that they have to choose from. The truth is, I should have used compressed keys to begin with, and now it's too late to change.
Now, if you just want to be able to do it for yourself, you can easily make it spit out compressed keys by modifying line 1246 of the html file:
var gen_compressed = false;
Just change "false" to "true".
Forked with that 1 change: https://github.com/TheButterZone/brainwallet.io
^^ That's a good request. +1
I made the same request from the WarpWallet guys in 2014 but they said they were too busy. Maybe someone else can follow them up. Compressed keys. (They don't have a thread here on bitcointalk.) One thing I haven't mentioned yet is that the passphrase text field supports multi-line text. This provides a small amount of additional entropy to your passphrase.
So, this passphrase:
results in a different bitcoin address than this:
This could also help make it easier to memorize a 12 word mnemonic, by splitting it into 4 lines, for example:
So, this passphrase:
Code:
hello world
results in a different bitcoin address than this:
Code:
hello
world
world
This could also help make it easier to memorize a 12 word mnemonic, by splitting it into 4 lines, for example:
Code:
children park tight
especially blade odd
goal spider everything
slightly unless collapse
especially blade odd
goal spider everything
slightly unless collapse
Doesn't this introduce incompatibility problems due to the different Windows and UNIX/OSX end of line character(s) standards?
It looks like users are going to want an option to set the EOL standard used.
brainwallet.io 50,000 bit giveaway:
https://www.reddit.com/r/Bitcoin/comments/3nlfib/brainwalletio_50000_bit_giveaway/
https://www.reddit.com/r/Bitcoin/comments/3nlfib/brainwalletio_50000_bit_giveaway/
Already taken.
One thing I haven't mentioned yet is that the passphrase text field supports multi-line text. This provides a small amount of additional entropy to your passphrase.
So, this passphrase:
results in a different bitcoin address than this:
This could also help make it easier to memorize a 12 word mnemonic, by splitting it into 4 lines, for example:
So, this passphrase:
Code:
hello world
results in a different bitcoin address than this:
Code:
hello
world
This could also help make it easier to memorize a 12 word mnemonic, by splitting it into 4 lines, for example:
Code:
children park tight
especially blade odd
goal spider everything
slightly unless collapse
Let's search for a music lyrics (Eminem
) in youtube and paste it in the salt 
Isn't that a good idea , well protected. 
@unchi
How many characters are allowed at passphrase field? Is there a specific length limit?
I couldn't find that info while reading your code.
How many characters are allowed at passphrase field? Is there a specific length limit?
I couldn't find that info while reading your code.
I tried with 1,755,952 characters and it worked fine.
I think it is just enough for a passphrase ~2million characters.
It just freeze my browser copying and pasting these characters lol
BTW here goes an interesting experiment: https://1209k.com/brainv2/
Wow, the construction that uses is convoluted. Also, a challenge is mentioned - it was spent after about 10 days.
Edit: Ah, I see why it got taken so fast. This algorithm is very GPU friendly - computing the meaty part of it can be done in parallel with up to GPU 16384 cores with 8MiB of memory each, and the first and last pass can go up to 64 cores with 2MiB memory each.
Congratulations for this bounty challenge initiative!
It's an important tool for future security improvements and a good way to get more code auditing.
I'd suggest that you put half the prize in the brainwallet and expect contact from the winner. After that you can show and publish the cracker's brute-force technique and then the other half should be sent to him privately.
*edited
BTW here goes an interesting experiment: https://1209k.com/brainv2/
It's an important tool for future security improvements and a good way to get more code auditing.
I'd suggest that you put half the prize in the brainwallet and expect contact from the winner. After that you can show and publish the cracker's brute-force technique and then the other half should be sent to him privately.
*edited
BTW here goes an interesting experiment: https://1209k.com/brainv2/
I could tell you which salt I'm using, but the fact is that it still wouldn't matter. The point of the bounty is to get people to think about the sheer magnitude of attempts that would be required to brute force it.
Not really possible to estimate that until we see what the salt was.
To give you an idea, if I had used just two words out of the dictionary, there would be 29,404,018,576 different combinations to go through.
Very few people pick two random words out of the entire 171,476 word dictionary. An adult native English speaker with average vocabulary probably knows only 10% of those words. If they actually picked them at random (with dice or a computerized random number generator) as you suggest, out of 100 times (on average), in 81 instance they would not know either word, in 18 instance they would only know one word, and only in one instance would they know both. Tools for picking random words tend to have a list of only around 2,000 words, with the exception of diceware which has nearly 8,000 but is often criticized for having too many obscure words.
Crackers know this, and they will optimize by trying more likely (less complicated) things first.
Of course, it's still possible for it to be cracked, but you would have to be willing to spend an unreasonable amount of money, have a massive amount of CPU power available to you, or be incredibly lucky.
Probably true, see my previous comment.
To some people, it's obvious that this is impractical, and they think it's pointless. To some people, they think it's a malicious way to trick people into wasting their time and money attempting to brute force it. And to some people it's a learning experience, allowing them to understand the purpose and effect of having multiple salt options to chose from. The latter is what I'm after.
The thing is, if your tool became popular, it'd be unlikely for any particular person's wallet to be drained by thieves. What a thief will do is pre-build tables of salt and password/passphrase combinations and watch the network for transactions to the matching addresses. If they suspect someone in particular of having used brainwallet.io (which is different from classic brainwallets which are egregiously insecure - brainwallet.io is only kinda risky in comparsion) they'll gather as much information as they can about that person and spend some time running a targeted attack based on what they know about them.
If you choose to use this tool, and do not generate a passphrase randomly, you are gambling against unknown odds. There will be an unknown number of attackers with an unknown amount of computing power at their disposal, and they'd love to take your money.
Jump to: