Pages:
Author

Topic: A challenge to the idea that no-one can create a good brainwallet - page 3. (Read 15614 times)

legendary
Activity: 1988
Merit: 1012
Beyond Imagination
Just watched a film "In time", when people carrying lots of times (the currency of future, embedded in the body like a brain wallet but the balance is visible on arm) walking around, they need to hire some bodyguards  Grin
sr. member
Activity: 342
Merit: 250
This is about entropy - if my passphrase entropy is not good enough then the funds will be stolen.

Correct.

And the human mind is incapable of useful amounts of entropy.  Anything that any person in the world is capable of thinking, someone else in the world can also think.  We are deterministic creatures that are limited by our minds.

Clearly nobody has emptied the address yet, but that is a very bad way of determining if something is secure or not.

A brainwallet doesn't have to come entirely out of your own brain's "RNG." There is a lot of info our brain can and does store that is generated externally.

I didn't know that anyone thought a secure (both from hacks and memory loss) brainwallet was impossible. I think that's quite clearly not the case. I personally use a brainwallet that is multiple sentences that don't appear anywhere in print or on the web, including words that don't appear in any dictionary, that has no real meaning to any strangers on the internet and which I can't even fathom forgetting. So GL to anyone who wants to crack that.

Of course there are still many ways one can go wrong when attempting to use a brainwallet, but it's hardly impossibly for it to be done well.
legendary
Activity: 1246
Merit: 1011
silver fish kracker utoob the noob with phat boobs.

you can see were getting into serious entropy already.

I don't see.  How much entropy do you have here?

Very conservatively, that would be about 27 bits of
entropy minimum, since you have 4 words. (sliver fish kracker utoob).

The assumption is there would be minimum of 100
words people would choose.  100^4 = 100,000,000
combinations.

As I mentioned, you would need a 24 word passphrase
to generate 160 bits of entropy.

Ok, I thought you were suggesting that you'd built up quite a bit more entropy than this.  While I don't feel you have well-justified* that {a person looks around a room, selects an object, and makes 2 "mental hops"} generates (very conservatively) log_2(100) bits of entropy, I don't doubt that a person conscious of the subtleties of information theory would manage at least this.

(*) The assumption of there being 100 different words is insufficient to justify log_2(100) bits of entropy per word.  One also needs to assume that the person would select of these 100 words uniformly (each word as likely as the next) for this.  In reality, some words are going to be more common than others (maybe following a Pareto distribution?), hurting the entropy, but I expect this will be made up for by a larger dictionary (400 words should easily do it and even this seems a bit conservative to me).
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Does anyone here mind telling me what a Brain wallet is please ? Basically you remember your Private key from your Wallet or how does it work exactly ? Shocked

A brain wallet is a wallet where all the information needed to spend the held bitcoins is memorised.

Memorising a private key (or extended private key: BIP-0032) is one simple way of doing this.  You might also memorise the essential contents of some service's paper-wallet backup (related reading: BIP-0039).

Some people will generate a passphrase themselves and take some 256-bit hash of that passphrase to be used as a private key.  However, it is common for people to create insufficient entropy in this process and thereby run the risk of having their bitcoins stolen.

silver fish kracker utoob the noob with phat boobs.

you can see were getting into serious entropy already.

I don't see.  How much entropy do you have here?

Very conservatively, that would be about 27 bits of
entropy minimum, since you have 4 words. (sliver fish kracker utoob).

The assumption is there would be minimum of 100
words people would choose.  100^4 = 100,000,000
combinations.

As I mentioned, you would need a 24 word passphrase
to generate 160 bits of entropy.

I disagree with your assumption. There are roughly 1 million words in the English dictionary. One a potential attacker knew that a passphraise was going to be exactly 4 English words, then the number of potential combinations would be 1,000,000^4 which is 1 * 10^24. While this may sound like a lot, you need to understand that testing one combination would generally take the same amount of computing power to make one "hash". You also need to understand that "mining" brain wallet addresses is not the same as mining Bitcoin blocks as once you check an address, you will forever know what the private key is to an associated public address

Woah, you are missing the context here.

The passphrase isnt supposed to be 4 words.  It's supposed to be 24 words.  I only gave 4
in a prior post to demonstrate how to get random words.   Teukon asked how much entropy
those 4 words would have.
 
You can't go off a million words in the dictionary.  You go off 100 words
(an exaggeratedly SMALL number) to be on the safe side.  If brainwallet
skeptics say that "oh everyone has the same thoughts", well, assume
people would choose the same 100 words over and over and go with that.
So, the formula then becomes 100^24 = 160 bits of entropy.





sr. member
Activity: 350
Merit: 250
Does anyone here mind telling me what a Brain wallet is please ? Basically you remember your Private key from your Wallet or how does it work exactly ? Shocked

A brain wallet is a wallet where all the information needed to spend the held bitcoins is memorised.

Memorising a private key (or extended private key: BIP-0032) is one simple way of doing this.  You might also memorise the essential contents of some service's paper-wallet backup (related reading: BIP-0039).

Some people will generate a passphrase themselves and take some 256-bit hash of that passphrase to be used as a private key.  However, it is common for people to create insufficient entropy in this process and thereby run the risk of having their bitcoins stolen.

silver fish kracker utoob the noob with phat boobs.

you can see were getting into serious entropy already.

I don't see.  How much entropy do you have here?

Very conservatively, that would be about 27 bits of
entropy minimum, since you have 4 words. (sliver fish kracker utoob).

The assumption is there would be minimum of 100
words people would choose.  100^4 = 100,000,000
combinations.

As I mentioned, you would need a 24 word passphrase
to generate 160 bits of entropy.

I disagree with your assumption. There are roughly 1 million words in the English dictionary. One a potential attacker knew that a passphraise was going to be exactly 4 English words, then the number of potential combinations would be 1,000,000^4 which is 1 * 10^24. While this may sound like a lot, you need to understand that testing one combination would generally take the same amount of computing power to make one "hash". You also need to understand that "mining" brain wallet addresses is not the same as mining Bitcoin blocks as once you check an address, you will forever know what the private key is to an associated public address
legendary
Activity: 1232
Merit: 1001
mining is so 2012-2013
I bet nobody gets your Bitcoin.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Does anyone here mind telling me what a Brain wallet is please ? Basically you remember your Private key from your Wallet or how does it work exactly ? Shocked

A brain wallet is a wallet where all the information needed to spend the held bitcoins is memorised.

Memorising a private key (or extended private key: BIP-0032) is one simple way of doing this.  You might also memorise the essential contents of some service's paper-wallet backup (related reading: BIP-0039).

Some people will generate a passphrase themselves and take some 256-bit hash of that passphrase to be used as a private key.  However, it is common for people to create insufficient entropy in this process and thereby run the risk of having their bitcoins stolen.

silver fish kracker utoob the noob with phat boobs.

you can see were getting into serious entropy already.

I don't see.  How much entropy do you have here?

Very conservatively, that would be about 27 bits of
entropy minimum, since you have 4 words. (sliver fish kracker utoob).

The assumption is there would be minimum of 100
words people would choose.  100^4 = 100,000,000
combinations.

As I mentioned, you would need a 24 word passphrase
to generate 160 bits of entropy.
legendary
Activity: 1246
Merit: 1011
Does anyone here mind telling me what a Brain wallet is please ? Basically you remember your Private key from your Wallet or how does it work exactly ? Shocked

A brain wallet is a wallet where all the information needed to spend the held bitcoins is memorised.

Memorising a private key (or extended private key: BIP-0032) is one simple way of doing this.  You might also memorise the essential contents of some service's paper-wallet backup (related reading: BIP-0039).

Some people will generate a passphrase themselves and take some 256-bit hash of that passphrase to be used as a private key.  However, it is common for people to create insufficient entropy in this process and thereby run the risk of having their bitcoins stolen.

silver fish kracker utoob the noob with phat boobs.

you can see were getting into serious entropy already.

I don't see.  How much entropy do you have here?
sr. member
Activity: 350
Merit: 250
Clearly nobody has emptied the address yet, but that is a very bad way of determining if something is secure or not.

Well - if no-one can empty my address then how would you explain that?

(luck?)

There is a difference between "nobody can empty my address" and "nobody has emptied my address".

Just like there is a difference between "nobody can steal my car" and "nobody has stolen my car".

You can't equate the fact that the funds haven't been taken with the concept that the funds can't be taken.
The thing is that in order to steal a car, you need to be physically present while you do not even to be connected to the internet to crack a brain wallet (you only need a 'somewhat' up to date version of the blockchain.

The level of entropy that a brain wallet will use is not enough to keep it secure over the long term. This is especially true as ASICs are being made for scrypt based altcoins, which means that it will eventually be more profitable to re-purpose GPUs to attempt to mine brain wallets (which means more effort will be put into finding a brain wallet). I think that brain wallets may be secure for short term storage under certain circumstances (for example if you are crossing the border and/or going to be going to jail for a short time).

I also think the fact that no one has stolen your 1 BTC means that no one has found the private key. It is a known fact that some people "test" their brain wallet with small amounts of bitcoin to see if the money is quickly stolen and if so don't put what they "really" intended to put in it, and as a result people who are farming brain wallets will not always take the balance from a brain wallet just because there is a balance in it
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
This is about entropy - if my passphrase entropy is not good enough then the funds will be stolen.

Correct.

And the human mind is incapable of useful amounts of entropy.
 

This is definitely debatable, and I would personally disagree with this statement.
I've already given a method that demonstrates how you can generate high entropy.


Quote
Anything that any person in the world is capable of thinking, someone else in the world can also think.  We are deterministic creatures that are limited by our minds.

While both of these statements are somewhat true, neither preclude generation of entropy, and you're ignoring
several important facts.  Namely, that there is a large number of distinct words/thoughts/things
that exist...and while our thoughts may ultimately be deterministic, there is no meaningful way
to predict them.  Furthermore, we all have unique experiences, memories, and brains, so we will
come up with different thoughts.  Even our own selves will come up with different thought patterns
on different days and there is no way to predict them.  Combine that with enough components
to a brain wallet phrase, and high entropy is possible.


 
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
You can't equate the fact that the funds haven't been taken with the concept that the funds can't be taken.

You are really *reaching with this* - so you think that someone has worked out my private key and not taken the funds. Cheesy

Then I'd ask that person to sign a message showing that they have the private key otherwise your post is rather ridiculous.
legendary
Activity: 3472
Merit: 4801
Clearly nobody has emptied the address yet, but that is a very bad way of determining if something is secure or not.

Well - if no-one can empty my address then how would you explain that?

(luck?)

There is a difference between "nobody can empty my address" and "nobody has emptied my address".

Just like there is a difference between "nobody can steal my car" and "nobody has stolen my car".

You can't equate the fact that the funds haven't been taken with the concept that the funds can't be taken.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Clearly nobody has emptied the address yet, but that is a very bad way of determining if something is secure or not.

Well - if no-one can empty my address then how would you explain that?

(luck?)
legendary
Activity: 3472
Merit: 4801
Therefore, it must be comeplete secure from anyone ever stealing it.
Sure - let's just get back to the address I mentioned and the funds - not some imaginary situation.

Just making a very obvious point about the flaw in your reasoning.
legendary
Activity: 3472
Merit: 4801
This is about entropy - if my passphrase entropy is not good enough then the funds will be stolen.

Correct.

And the human mind is incapable of useful amounts of entropy.  Anything that any person in the world is capable of thinking, someone else in the world can also think.  We are deterministic creatures that are limited by our minds.

Clearly nobody has emptied the address yet, but that is a very bad way of determining if something is secure or not.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Therefore, it must be comeplete secure from anyone ever stealing it.

Sure - let's just get back to the address I mentioned and the funds - not some imaginary situation.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
My point is that you can't assume, just because nobody has written the correct software to crack your brainwallet, that nobody ever will.  You also can't assume that nobody in the entire world will every attempt to store their bitcoins using the exact same method as you (completely by coincidence) and stumble upon your bitcoins.

No one is assuming anything other than that.

This is about entropy - if my passphrase entropy is not good enough then the funds will be stolen.
legendary
Activity: 3472
Merit: 4801
Again there is still 1 BTC there.

Steal it (oh yes - I forgot - you can't).

There is a vehicle in Alaska right now that is unlocked with the keys in the ignition.

Go ahead, steal it.

Oh yes, I forgot, you can't.

Therefore, it must be comeplete secure from anyone ever stealing it.
legendary
Activity: 3472
Merit: 4801
@Danny - there are people running software 24x7 to hack weak passwords - you know this.

So why pretend that you don't?

There are also people stealing vehicles 24x7.

My point is that you can't assume, just because nobody has written the correct software to crack your brainwallet, that nobody ever will.  You also can't assume that nobody in the entire world will every attempt to store their bitcoins using the exact same method as you (completely by coincidence) and stumble upon your bitcoins.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
@Danny - there are people running software 24x7 to hack weak passwords - you know this.

So why pretend that you don't?

Again there is still 1 BTC there.

Steal it (oh yes - I forgot - you can't).
Pages:
Jump to: