A challenge to the idea that no-one can create a good brainwallet

DooMAD

legendary

Activity: 3948

Merit: 3191

Leave no FUD unchallenged

Quote from: dextronomous on August 17, 2021, 08:44:36 AM

are these, where these all the letter numbers, special chars used by you Ciyam, thanks.

I can't quite tell what you're trying to ask them, but they haven't logged in to these forums for almost three years now. You'll need to go find them on their own forum if you want a response to your question, or to find out what happened to the funds in that brainwallet.

dextronomous

full member

Activity: 431

Merit: 105

Quote from: CIYAM on December 07, 2014, 12:58:33 PM

Then finally add a smiley you are partial to:

buzfap01$02%014STK1456cAonImA;)

and perhaps a lucky number as well.

buzfap01$02%014STK1456cAonImA;)7

Even at this stage my guess is that we are at a level of pretty safe entropy (provided you have not followed my formula but instead created your own).

Such a passphrase is not so difficult to learn (but does take time). So I think that most people are capable of creating a brainwallet but I think it will take them some time to develop it (but if you really care about your investment you'll spend the time to protect it).

buzfap01$02%014STK1456cAonImA;)7

are these, where these all the letter numbers, special chars used by you Ciyam, thanks.

vanupied

newbie

Activity: 12

Merit: 0

I'd like to know too.

almightyruler

legendary

Activity: 2268

Merit: 1092

Quote from: CIYAM on March 23, 2018, 09:34:03 AM

Quote from: TheButterZone on December 06, 2017, 03:22:07 AM

Quote from: CIYAM on December 07, 2014, 11:38:51 AM

So here is a brainwallet address I created two years ago: https://blockchain.info/address/1Au4v6dZacFVsWXeKUMJd99AtyBZeqti2L

Hmm. HMM!

Still has 1 BTC there (was that your point?).

I moved the other funds earlier in case you had missed that (decided that 10 BTC was really too much to leave there).

1+ year bump

The remaining 1 BTC disappeared from this address in January 2019. Was the wallet cracked, or is this challenge over?

https://www.blockchain.com/btc/address/1Au4v6dZacFVsWXeKUMJd99AtyBZeqti2L

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: TheButterZone on December 06, 2017, 03:22:07 AM

Quote from: CIYAM on December 07, 2014, 11:38:51 AM

So here is a brainwallet address I created two years ago: https://blockchain.info/address/1Au4v6dZacFVsWXeKUMJd99AtyBZeqti2L

Hmm. HMM!

Still has 1 BTC there (was that your point?).

I moved the other funds earlier in case you had missed that (decided that 10 BTC was really too much to leave there).

TheButterZone

legendary

Activity: 3038

Merit: 1032

RIP Mommy

Quote from: CIYAM on December 07, 2014, 11:38:51 AM

So here is a brainwallet address I created two years ago: https://blockchain.info/address/1Au4v6dZacFVsWXeKUMJd99AtyBZeqti2L

Hmm. HMM!

fonenumba

full member

Activity: 411

Merit: 100

Quote from: CIYAM on January 06, 2015, 10:39:12 PM

I wouldn't recommend using a brainwallet for website passwords but instead a password manager (as you mention re-using patterns could be a very bad idea).

In the future I would hope we could sign in to websites via QR code - one neat method I have thought about would be that when initially signing up you'd provide the equivalent of a Bitcoin "address". When you next go to sign in you would be presented with a service id and "nonce" in a QR code which you'd scan with an offline device.

It would look up the service id to find the public key (matching the address the service knows about) then sign a message containing the "nonce" and a new address which it would then display as a QR code for the service to scan to authenticate.

I think this would be a better application to authorize things like a withdrawal from an exchange or to act as "2FA" to access a website/service.

Although I don't think this would be very feasible to implement into a strong brainwallet.

Pente

hero member

Activity: 528

Merit: 527

I use brainwallets all the time. My current system is composed of three parts. A salt phrase which I never change, a few passphrases, and a digit area which i simply increment to create a group of brainwallets so I don't have to reuse addresses (I started doing that after blockchain started reusing R values for transactions). So for example, my brainwallet is the HSH256 of "Mypassphrase+Mysalt+0000", "Mypassphrase+Mysalt+0001", ect.

I also use alt-keys to increase the level of entropy, even made a web site to make it easier on myself (also didn't trust brainwallet.org):

http://www.paganmind.com/_BrainWallet.html

I have a FB page for brainwallets now:

https://www.facebook.com/Brainwallet

If brainwallets catch on much, I was thinking of programming a wallet that is kind of like the Electrum wallet, but instead of a password, you would enter your brainwallet phrase. It would generate a set of addresses based on that phrase by incrementing a counter that is added to the phrase for each address.

BTW, I have a small amount of funds sitting in an old brainwallet with much less entropy than my current batch of brainwallets. Those funds are still sitting there.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

I wouldn't recommend using a brainwallet for website passwords but instead a password manager (as you mention re-using patterns could be a very bad idea).

In the future I would hope we could sign in to websites via QR code - one neat method I have thought about would be that when initially signing up you'd provide the equivalent of a Bitcoin "address". When you next go to sign in you would be presented with a service id and "nonce" in a QR code which you'd scan with an offline device.

It would look up the service id to find the public key (matching the address the service knows about) then sign a message containing the "nonce" and a new address which it would then display as a QR code for the service to scan to authenticate.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: johnyj on January 06, 2015, 10:20:19 PM

This is always an interesting topic. How to construct a strong password without forget about it.

If you have 10+ passwords for different sites/wallets and some of them you might only use it once a year, how to remember all these passwords? And to make things worse, if all of your passwords are constructed with a similar pattern, if one of them is compromised, how can you make sure the rest are still safe? So, you might end up with many different coding patterns for different passwords, and you forget one of them much faster than you can imagine Grin

Password management software becomes single point of failure, but if it is on offline machine and have extra layers of protection, it might help to organize large amount of random passwords. Is there any other way to manage large amount of random passwords?

Easy:

Commit your brainwallets to memory and practice them.
Use pwd management software for everything else.

johnyj

legendary

Activity: 1988

Merit: 1012

Beyond Imagination

This is always an interesting topic. How to construct a strong password without forget about it.

If you have 10+ passwords for different sites/wallets and some of them you might only use it once a year, how to remember all these passwords? And to make things worse, if all of your passwords are constructed with a similar pattern, if one of them is compromised, how can you make sure the rest are still safe? So, you might end up with many different coding patterns for different passwords, and you forget one of them much faster than you can imagine Grin

Password management software becomes single point of failure, but if it is on offline machine and have extra layers of protection, it might help to organize large amount of random passwords. Is there any other way to manage large amount of random passwords?

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: 548845 on December 22, 2014, 03:04:56 AM

Quote from: jonald_fyookball on December 21, 2014, 11:25:46 PM

Well in general terms, my idea is simple.
Create a wallet requiring two keys.

Give one to your family, and
hire an attorney to be the executor
of your estate in order to provide
your family with the second key as part
of your will.

There are many ways to implement
this. It doesn't have to be literal "2 keys".
For example, it could be two halves of
a brain wallet phrase. Or the lawyer could
have the entire phrase but only your family
has a scrambled electrum dictionary file
to convert this phrase into a wallet.

I wouldn't trust an attorney with $1.
They know the law and they know how to break it and get away with it.

Then again, it's your money, do what you please with it.

you're not trusting them with the money ,
you're only trusting they will
do their job and simply execute the will as you would
do anyway with an estate.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

If revealing an address helped then we'd have a more serious issue (as that would mean that RIPEMD160 is not a secure hash algo).

I didn't reveal the address I did for any other reason except to prove that the funds (originally 10 BTC and now 1 BTC) are still there after a very long time (so none of the bots that try and crack brainwallets have been able to crack it).

It was actually a "canary" address (back when it held 10 BTC and when BTC wasn't worth so much) although because I have re-used the address (meaning the public key has been published) it now only serves the purpose of proving that it isn't so easy to crack a brain wallet.

spartacusrex

hero member

Activity: 718

Merit: 545

I keep my coins in a Brain Wallet. Love it.

What I am wondering is if publishing the address actually makes it an easier to crack ? I would think not..

But if so - why ?

Surely the big 'crack farms' just check any hash they create with the 150,000 or so valid addresses on the chain.

548845

newbie

Activity: 56

Merit: 0

Quote from: jonald_fyookball on December 21, 2014, 11:25:46 PM

Well in general terms, my idea is simple.
Create a wallet requiring two keys.

Give one to your family, and
hire an attorney to be the executor
of your estate in order to provide
your family with the second key as part
of your will.

There are many ways to implement
this. It doesn't have to be literal "2 keys".
For example, it could be two halves of
a brain wallet phrase. Or the lawyer could
have the entire phrase but only your family
has a scrambled electrum dictionary file
to convert this phrase into a wallet.

I wouldn't trust an attorney with $1.
They know the law and they know how to break it and get away with it.

Then again, it's your money, do what you please with it.

hhanh00

sr. member

Activity: 467

Merit: 267

Once you reveal your method for producing the pass phrase we can see that many fall short of the recommended entropy level. It's not saying your coins are unsafe because
1. The entropy is high enough for the moment
2. We don't know which addresses are yours
However a good method should not rely on hiding anything but the secret.
If you truly choose random 7 words from a good English dictionary you get 128 bit of entropy. It's all in the 'random' part

blossbloss

jr. member

Activity: 50

Merit: 1

Quote from: ?? on ??

Quote from: blossbloss on December 21, 2014, 10:47:20 PM

I have read this whole thread with great interest. I am a brainwallet user. In a thread from over a year ago, I learned a lot about the difference between obfuscation and sufficient entropy. Have a look...

https://bitcointalksearch.org/topic/pondering-a-highly-secure-deterministic-brainwallet-350789

In the end, I decided to stay away from obfuscation. I now use a truly random, very high entropy passphrase. I couple that with a second random and high entropy BIP38 passphrase. My coin are extremely safe.

I read some of the comments. I never understood why people claim that obfuscation cannot add entroppy to the entire system. For example, if there are only 2 methods of obfuscation known to man then using one of them to further obscure your passphrase would add 1 additional bit of entropy.

I agree that obfuscation adds some entropy. However, the mistake people make is in looking at the final resultant passphrase and think it has way more entropy than it really does. The other mistake is in assuming that someone else won't think of your obfuscation.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Well in general terms, my idea is simple.
Create a wallet requiring two keys.

Give one to your family, and
hire an attorney to be the executor
of your estate in order to provide
your family with the second key as part
of your will.

There are many ways to implement
this. It doesn't have to be literal "2 keys".
For example, it could be two halves of
a brain wallet phrase. Or the lawyer could
have the entire phrase but only your family
has a scrambled electrum dictionary file
to convert this phrase into a wallet.

blossbloss

jr. member

Activity: 50

Merit: 1

Quote from: jonald_fyookball on December 21, 2014, 11:05:59 PM

Quote from: blossbloss on December 21, 2014, 10:47:20 PM

I have read this whole thread with great interest. I am a brainwallet user. In a thread from over a year ago, I learned a lot about the difference between obfuscation and sufficient entropy. Have a look...

https://bitcointalksearch.org/topic/pondering-a-highly-secure-deterministic-brainwallet-350789

In the end, I decided to stay away from obfuscation. I now use a truly random, very high entropy passphrase. I couple that with a second random and high entropy BIP38 passphrase. My coin are extremely safe.

Nice. Did you ever figure out the dead man drop?
I have my own idea on that one.

I never did figure out a good dead man drop. I'd love to hear any ideas you are willing to share.

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: blossbloss on December 21, 2014, 10:47:20 PM

I have read this whole thread with great interest. I am a brainwallet user. In a thread from over a year ago, I learned a lot about the difference between obfuscation and sufficient entropy. Have a look...

https://bitcointalksearch.org/topic/pondering-a-highly-secure-deterministic-brainwallet-350789

In the end, I decided to stay away from obfuscation. I now use a truly random, very high entropy passphrase. I couple that with a second random and high entropy BIP38 passphrase. My coin are extremely safe.

Nice. Did you ever figure out the dead man drop?
I have my own idea on that one.

Topic: A challenge to the idea that no-one can create a good brainwallet (Read 15596 times)