Pages:
Author

Topic: A challenge to the idea that no-one can create a good brainwallet - page 2. (Read 15614 times)

jr. member
Activity: 50
Merit: 1
I have read this whole thread with great interest. I am a brainwallet user.  In a thread from over a year ago, I learned a lot about the difference between obfuscation and sufficient entropy.  Have a look...

https://bitcointalksearch.org/topic/pondering-a-highly-secure-deterministic-brainwallet-350789

In the end, I decided to stay away from obfuscation.  I now use a truly random, very high entropy passphrase.  I couple that with a second random and high entropy BIP38 passphrase. My coin are extremely safe.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
not bad but if someone knows your method and finds your secret 15 chars it's not strong
newbie
Activity: 6
Merit: 0
Thanks @CIYAM for bringing this topic to light.

Brainwallet has its pros and cons, but vulnerability to rainbow tables is not one of its cons. In some cases brainwallet provides the best cold storage method out there in the market (except multisig addresses). I have most of my coins in brainwallet.

You don't need to have a good memory skill in order to set up a secure brainwallet. Here is one technique I use to generate private keys.

1. Get 15 random characters and write them down. I use sha256(of some words I don't even remember), then I took the middle 15 characters of the hash value and wrote them down on a paper and on walls, saved them on my cellphone and on my pc, emailed to myself. I don't consider them secret so I have them everywhere.

2. Choose specific date. (it can be the future)

3. Choose a name. (it can be in any culture)

4. Pick one Special character. (eg =.,?/+*&^%$#@)

5. your lucky number.

6. hash them 3 times.


I don't think this technique requires good memory skills.  




full member
Activity: 209
Merit: 100

The possibilities are innumerable.
 

Yes.

But, so far, I haven't seen a better implementation
than Electrum.  12 words, no other fancy
steps to remember, computer generated
entropy, and 144 bits of security.  (Plus
its compatible with the electrum wallet.)

I use Electrum as well, and evaluating my possibility of remembering a random set of 12 words in the correct order for the rest of my life, I can't guarantee that and will never attempt such things. 2 of 3 physical distribution of the password is the best I can do.

Clustering of relational memory feels a lot more natural to me and will probably last a lifetime.

Overall though, I don't believe in single point of failure, be it human memory or wallet format, which is why I use Bitcoin Core, Electrum, Armory, and a bunch of other stuff...
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political

The possibilities are innumerable.
 

Yes.

But, so far, I haven't seen a better implementation
than Electrum.  12 words, no other fancy
steps to remember, computer generated
entropy, and 144 bits of security.  (Plus
its compatible with the electrum wallet.)
hero member
Activity: 784
Merit: 1000
https://youtu.be/PZm8TTLR2NU
The brain wallet is a tool with unparalleled security, due to the leverage afforded by truly invisible money, that follows you everywhere.

You can go to any computer (or smartphone) in the world and print money, and no one will know you have satoshi. You can do this with any amount of wealth.
full member
Activity: 209
Merit: 100
Most people's brainwallets that failed involved obscure Afrikaan poetry, 1337 substitutions, or some type of wacky human references. Most people don't know how to leverage hashing algorithm to create an incredible amount of entropy from a simple seed.

With just SHA2, "Bitcoin", and a secret method, for example, a competent person can create a private key with probably as much entropy as SHA2 space allows, thus their brainwallet will be indistinguishable from random noise.

A demonstration:

1. SHA2(Bitcoin) = B4056DF6691F8DC72E56302DDAD345D65FEAD3EAD9299609A826E2344EB63AA4

2. B4056DF6691F8DC72E56302DDAD345D65FEAD3EAD9299609A826E2344EB63AA4 ->
6691F8DC72E56302DDAD345D65FEAD3EAD9299609A826E2344EB63AA4B4056DF

3. SHA2(6691F8DC72E56302DDAD345D65FEAD3EAD9299609A826E2344EB63AA4B4056DF+Bitcoin) =
D551322B778D7BA384DF2FDBE0F0A77F4469C03771780B67D664EAE06F9CB97F

4. And so on...

The possibilities are innumerable.

That said, most people shouldn't do brainwallets because most people are not good at math--and more specifically, probabilities.
full member
Activity: 209
Merit: 100
I have crappy memory so I don't use a brainwallet. Besides, there are much easier way to keep your money secure. So what's the point?
The point is that I can cross the border naked and still be worth the private key(s) I control.

I understand that the same thing can be achieved with cloud storage and conventional (bitcoin) wallet, but the personal private key generation is a much more elegant solution that bypasses several entities worth of trust compared to conventional wallets.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
id say with just 10 lines of code added to any brainwallet utility, whether its a website, java app, or executable, will strengthen the brainwallet risks without making users have to remember more then 12 words

So my guess is that you'd be surprised that my brainwallet requires no such tools and is far less than 12 words (of course there are no dictionary words involved).

It was actually created as a test to see if it would have its funds stolen (I am rather surprised the funds are still there after so much time).
legendary
Activity: 4424
Merit: 4794
well you need software / website/ code to unlock a brainwallet of basic phrases too..

True - but the simpler the software the better (in terms of being able to access your funds even when you are on holidays, etc.).

And being able to sign a tx without being online is an important feature for security IMO.


whatever software/code you se t create a signed TX already includes the reference libraries/functions of SHA.. so it only takes an extra couple lines of code to turn normal dictionary words into hashed words to increase entropy. all of which can be done offline. i only mentioned that anyone can google online sha encrypt in reference to your reply that it requires extra software.

all i am generally saying is that a straight 12 word dictionary listed words are not as good as hashing the words.. but i agree that adding salt and going through a few rounds to rehash and rehash it over and over again makes chances of people hacking your key even less of a possibility, whilst also making the user still only required to remember 12 words initially.

id say with just 10 lines of code added to any brainwallet utility, whether its a website, java app, or executable, will strengthen the brainwallet risks without making users have to remember more then 12 words
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
well you need software / website/ code to unlock a brainwallet of basic phrases too..

True - but the simpler the software the better (in terms of being able to access your funds even when you are on holidays, etc.).

And being able to sign a tx without being online is an important feature for security IMO.
legendary
Activity: 4424
Merit: 4794
Although I am not going to give out any precise clues as to how I created my own brainwallet clearly words that appear in any dictionary are not what you should use (and hashes of dictionary words are really no better).

If you were going to use hashing then you'd want to use "salt" and "rounds" also (and in any case is not really a "brainwallet" anymore as now you need software to unlock it).


well you need software / website/ code to unlock a brainwallet of basic phrases too..
but my example was not any software.. i just googled "sha encrypt online" much like people would google brainwallet. so there is nothing special required.

but i agree that just hashing a few words is not ideal and that re-hashing and doing other things inbetween (salt/rounds) before converting to a privkey should be added.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Although I am not going to give out any precise clues as to how I created my own brainwallet clearly words that appear in any dictionary are not what you should use (and hashes of dictionary words are really no better).

If you were going to use hashing then you'd want to use "salt" and "rounds" also (and in any case is not really a "brainwallet" anymore as now you need software to unlock it).
legendary
Activity: 4424
Merit: 4794
anyone thinking about using brainwallets i feel that simply typing in 12 words into brainwallet.org is risky. as many people are developing databases of attempted word combinations

for instance:
Quote from: WinstonChurchil
To improve is to change; to be perfect is to change often.

is not unique. and can be predicted within a couple weeks of trying different combinations.

BUT if we were to hash each word first. and then put the result into brainwallet converter.. then it is more secure:

to=663ea1bfffe5038f3f0cf667f14c4257eff52d77ce7f2a218f72e9286616ea39
improve=2b35ed6944dd2e8f7462b14096e8969711280dffe1457a680c885a95127e426c
is=fa51fd49abf67705d6a35d18218c115ff5633aec1f9ebfdc9d5d4956416f57f6
to=663ea1bfffe5038f3f0cf667f14c4257eff52d77ce7f2a218f72e9286616ea39
change;=dc36e8b61c6627435b26da98200d6eb38a9a6feaeaae7392864b0e53e67f4932
to=663ea1bfffe5038f3f0cf667f14c4257eff52d77ce7f2a218f72e9286616ea39
be=46599c5bb5c33101f80cea8438e2228085513dbbb19b2f5ce97bd68494d3344d
perfect=fafe97f7def328bbd4f10779b9625a8aa0bfaa143d7ae64e6f5770e47b51cd1d
is=fa51fd49abf67705d6a35d18218c115ff5633aec1f9ebfdc9d5d4956416f57f6
to=663ea1bfffe5038f3f0cf667f14c4257eff52d77ce7f2a218f72e9286616ea39
change=12ea12eace7d655f471ce55e34f89b1b77a3d9d05a445ca82877dd2235beaa51
often.=b0c347a4cd46f0a96e83fa2b63d8611511c5bb5dc986406e88674b3fb3e54ad3

the entropy alone is atleast 10 times longer. yet all you have to do is in your mind remember the 12 words and then use a sha encryptor before pasting the result into a brain wallet converter.
donator
Activity: 1617
Merit: 1012

While both of these statements are somewhat true, neither preclude generation of entropy, and you're ignoring
several important facts.  Namely, that there is a large number of distinct words/thoughts/things
that exist...and while our thoughts may ultimately be deterministic, there is no meaningful way
to predict them.  Furthermore, we all have unique experiences, memories, and brains, so we will
come up with different thoughts.  Even our own selves will come up with different thought patterns
on different days and there is no way to predict them.  Combine that with enough components
to a brain wallet phrase, and high entropy is possible.


This is true. I had a brainwallet that was based on a regular expression to capture the words of a childhood pet phrase into non-sequential capture groups, the actual sequence being based on another number that I remember. I happen to be really good at writing regular expressions so I could just bang it away for any given phrase. I would guess that there are very few rainbow tables out there based on this.

Of course, I no longer use this, having moved on to a more unique method.
newbie
Activity: 56
Merit: 0
what means brainwallet?

Not sure if trolling but, it is basically what the word means.
A wallet stored in your brain in the form of 12 words passprhase (as usual).
You basically create a private key to a wallet using a 12 word passprhase.

Remember, 12 words is what is usually used, you can use less or more.
I would advise you to use more and like others said, use words not published anywhere before.
Use slang if you wish, just make sure it's a word not published anywhere before.


EDIT: here: https://brainwallet.github.io/


newbie
Activity: 37
Merit: 0
what means brainwallet?
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
I have crappy memory so I don't use a brainwallet. Besides, there are much easier way to keep your money secure. So what's the point?

I guess the point I was trying to make is that although it is a skill (and I like your Parkour analogy) it is still "possible" to create good brainwallets (and I do agree that it is not a common skill and so I do understand not recommending the use of brainwallets for most).

Perhaps it is the sort of "nanny state" attitude that was annoying me (so many people trying to suggest you *can't create a secure brainwallet*) so I just wanted to show people here that I actually *have* a secure brainwallet (funds are still there) and I don't think I am some sort of "freak of nature" for being able create that.
sr. member
Activity: 467
Merit: 267
You can use anything for a brainwallet. It obviously includes seed words or a long hex string. In theory, a brainwallet has as much security as a random number generator. So why even argue that it's not the case?

@CIYAM, your experiment proves that you are capable of having a good brainwallet. Great - you have good memory and the skills to pick a high security sentence. Unfortunately, that is not the case for most of the other people and that's for them that the recommendation is.
I don't recommend jumping from buildings but if you are an expert at Parkour it's easy as walking.

@Danny, I have no idea why you want to prove than any brainwallet is bad. It's easy to prove that they have the same security if used properly.

I have crappy memory so I don't use a brainwallet. Besides, there are much easier way to keep your money secure. So what's the point?
hero member
Activity: 609
Merit: 506
I will say that while I do agree its possible, why not just use a RNG to help choose dictionary words?
If you don't trust computers, dice or cards work great.

The human brain is far more capable than most people seem to give it credit for  


I agree completely...

Not only on the creation of passphrases, but memory too.

Even memorizing a private key isn't THAT hard.  
Its 64 characters, or 32 pairs (E9, B2, etc).

I'm all about erring on the side of caution when
it comes to money but come on, its like people
have become mental midgets.

If I told you you have to memorize 5 private
keys by tomorrow or I'll kill your family, I bet
you would be able to do it.




Indeed:

http://en.wikipedia.org/wiki/Akira_Haraguchi
Pages:
Jump to: