Topic: Are Brain Wallets really a good idea? (Read 2812 times)
If you aren't using your grandma's name or mother's maden name, or you dog's name etc. You can come up with a solid Brain Wallet. When it comes to procedures for any form of security, especially if it is of some value to you, you should put in the effort to come up with abstract parts to protect your assets.
Just saw this "brain wallet" reference on the News. To the average Joe, they are even more like wtf? 
I dont' think brain wallet is so good. The brain randomness maybe doesn't have so big entropy.
Quote
"Das freaky latino Hound, @Nellie with de supahuge bazookas - 9021oh,oh!"
Aww, no coins in there
Assume attacker owns lots of resources at disposal, say 131,074 of such cards:
Let me just stop you right there and let's do the math on that. Have you multiplied 131,074 cards by $600 dollars? I have... to the tune of 78.6 million dollars. Did you account for inflation? Or even consider the fact that this guy already spent the 78.6 million dollars back in 2013 trying to do this the first time, and now he's poor and old, and his liver is failing from him drinking too much when he was in his 30's?
Please... think of the Hugh Manatee! Guys, I'm never going to reach 78.6 million dollars by 20XD at this rate if you don't tip. Like my code? My address is in my sig...
Wow, that's a very educational and interesting post, thanks for that Kevlar.
Sorry if these are newb questions but am I understanding right that once given a public key you can search through the block chain to find the holdings of the wallet associated with that key? Also, is it possible at all to find the public key associated with a certain BTC address? Just curious to understand the limitations of the BTC network.
Sorry if these are newb questions but am I understanding right that once given a public key you can search through the block chain to find the holdings of the wallet associated with that key? Also, is it possible at all to find the public key associated with a certain BTC address? Just curious to understand the limitations of the BTC network.
Yes. Download the code I linked to and look at BitKeyChecker. That's what this does. It reads the block chain off disk, putting all the transaction hashes into a set, and then searches that set. You could easily enhance it to be a map back into the blockchain for really fast lookups directly into the block chain.
As for finding the public key for a given address... I think it's gotta be included in the transaction?
Someone with a better understanding of the Block Chain format would be better qualified to answer that. I know the address is the ripemd160(sha256(pubkey)), and that the output/input pairs have to be signed with the output's private key, demonstrating that the holder of the private key/outputs was the one who is creating the transaction (aka sending the bitcoins), and I know the network is smart enough to verify all the parameters of the transaction or it will be rejected (can I just tell you how many times I've gone, "Why isn't it working?" because I've screwed up the construction of a transaction in code? Watch your change addresses and square your totals kids!) including the fact that the signatures generated can be decrypted by the public key that generated them and compared against the outputs->input/amount pairs, but I don't know what the trick is to go from address to public key for that operation unless it's in the transaction itself. Can anyone jump in here?
-Kevlar
This is a case of blaming the tools rather than the bad worker.
There is nothing wrong with brain wallets that a bit of thinking isn't going to fix.
Firstly, don't use all your words from the dictionary. Don't use all one language.
Use spaces, dashes, caps and lower letters and numbers
Don't use any phrase that already exists in print - anywhere!
"Luke, I am your father!" is out because its too short and well known
"Das freaky latino Hound, @Nellie with de supahuge bazookas - 9021oh,oh!"
Can you remember that? - Now convert it to a brain wallet address, and search the blockchain to see if it exists before you start using it!
Its not brain wallets that are faulty - its brains!
And don't use the same password for anything else. There is nothing wrong with brain wallets that a bit of thinking isn't going to fix.
Firstly, don't use all your words from the dictionary. Don't use all one language.
Use spaces, dashes, caps and lower letters and numbers
Don't use any phrase that already exists in print - anywhere!
"Luke, I am your father!" is out because its too short and well known
"Das freaky latino Hound, @Nellie with de supahuge bazookas - 9021oh,oh!"
Can you remember that? - Now convert it to a brain wallet address, and search the blockchain to see if it exists before you start using it!
Its not brain wallets that are faulty - its brains!
This is a case of blaming the tools rather than the bad worker.
There is nothing wrong with brain wallets that a bit of thinking isn't going to fix.
Firstly, don't use all your words from the dictionary. Don't use all one language.
Use spaces, dashes, caps and lower letters and numbers
Don't use any phrase that already exists in print - anywhere!
"Luke, I am your father!" is out because its too short and well known
"Das freaky latino Hound, @Nellie with de supahuge bazookas - 9021oh,oh!"
Can you remember that? - Now convert it to a brain wallet address, and search the blockchain to see if it exists before you start using it!
Its not brain wallets that are faulty - its brains!
There is nothing wrong with brain wallets that a bit of thinking isn't going to fix.
Firstly, don't use all your words from the dictionary. Don't use all one language.
Use spaces, dashes, caps and lower letters and numbers
Don't use any phrase that already exists in print - anywhere!
"Luke, I am your father!" is out because its too short and well known
"Das freaky latino Hound, @Nellie with de supahuge bazookas - 9021oh,oh!"
Can you remember that? - Now convert it to a brain wallet address, and search the blockchain to see if it exists before you start using it!
Its not brain wallets that are faulty - its brains!
My brain wallet is some random private key in wallet import format. Just memorize all 54 characters.
Come on, how realistic is that that one attacker will have 131,074 high end ATI graphics cards at his disposal?
Assuming a 7970 uses 250W, that would consume 32.7685 Megawatts of power
Even if he did, it would be more profitable to mine with them.
Assuming a 7970 uses 250W, that would consume 32.7685 Megawatts of power
Even if he did, it would be more profitable to mine with them.
OP is correct, it's just matter of double sha256 + point multiplication + sha256 + ripemd160
Some ballparks assuming your password has 128 bit entropy (default for electrum, much less for armory?):
You can check ~32Mkey/s on hi-end ATI card. Assume attacker owns lots of resources at disposal, say 131,074 of such cards:
32M*128K = 2^25+2^17, in essence you strip 42 bits of input 128 bit brain wallet. 86 bits to go. Now let's assume he's going against all addresses at once, of which let's assume 16M are brain wallets, it does not matter which one he'll crack. Checking is O(1) (hash table). Thats another 24 bits (16M=2^24).
Your wallet is secured by 62 bits now for every second hypothetical attacker is attempting. ~29 bits down if he keeps trying for a year. You're left with 33 bits of security.
This number decrements by 1 every 18 months as per Moore's law. Attacker in year 2046 will find your wallet with 100% certainty in a year.
Of course he will find *some* wallet much sooner, when we'll account for the birthday paradox.
The security margin is still there, but it's pretty thin in the long run.
Some ballparks assuming your password has 128 bit entropy (default for electrum, much less for armory?):
You can check ~32Mkey/s on hi-end ATI card. Assume attacker owns lots of resources at disposal, say 131,074 of such cards:
32M*128K = 2^25+2^17, in essence you strip 42 bits of input 128 bit brain wallet. 86 bits to go. Now let's assume he's going against all addresses at once, of which let's assume 16M are brain wallets, it does not matter which one he'll crack. Checking is O(1) (hash table). Thats another 24 bits (16M=2^24).
Your wallet is secured by 62 bits now for every second hypothetical attacker is attempting. ~29 bits down if he keeps trying for a year. You're left with 33 bits of security.
This number decrements by 1 every 18 months as per Moore's law. Attacker in year 2046 will find your wallet with 100% certainty in a year.
Of course he will find *some* wallet much sooner, when we'll account for the birthday paradox.
The security margin is still there, but it's pretty thin in the long run.
Not the best idea
Wow, that's a very educational and interesting post, thanks for that Kevlar.
Sorry if these are newb questions but am I understanding right that once given a public key you can search through the block chain to find the holdings of the wallet associated with that key? Also, is it possible at all to find the public key associated with a certain BTC address? Just curious to understand the limitations of the BTC network.
Sorry if these are newb questions but am I understanding right that once given a public key you can search through the block chain to find the holdings of the wallet associated with that key? Also, is it possible at all to find the public key associated with a certain BTC address? Just curious to understand the limitations of the BTC network.
I like this! Interesting reading. Also amazing that you found some bitcoins using it since I was sceptical.
I don't think they're a good idea because I know how unreliable my brain is!
I don't think they're a good idea because I know how unreliable my brain is!
Yeah already did this. But I just made a bitcoin address generator like vanitygen but used a password dictionaries as the seed rather than randomness. Created a long list of addresses. Using a block explorer you can extract every address with a balance in it. Compare the list.
Lesson - don't use brain wallets.
Lesson - don't use brain wallets.
no, that's not the lesson. "Use passphrase with high enough entropy for brainwallets" is the lesson.
Isn't converting passphrase -> address just public key crypto? That's at around 10k/s isn't it?
Quote
To check the set of all transactions for a given hash? I was able to do so against 400,000 random hashes a second. So how long does it take to check ALL transactions to see if a hash is interesting? Less than 1/400,000 of a second, after having loaded them all into memory.
are you saying, if I had a text file with 400,000 lines of text (guesses), you could turn them all into public addresses and know in 1 second if any of these 400k are interesting?
Well the whole point of the map/reduce thing was to first transform those 400,000 lines of text (guesses) into public addresses. This is what takes the time and computational power, and is by no means fast.
Once that work is done, and all the guesses have been transformed into public addresses, I can tell you in 1 second if any of those 400k guesses are interesting by scanning the block chain for all 400,000 of them in about 1 second.
That's what the code that I liked to does. BitKeyGrinder Map/Reduces the guesses into public keys, and BitKeyChecker checks them.
-Kevlar
Quote
To check the set of all transactions for a given hash? I was able to do so against 400,000 random hashes a second. So how long does it take to check ALL transactions to see if a hash is interesting? Less than 1/400,000 of a second, after having loaded them all into memory.
are you saying, if I had a text file with 400,000 lines of text (guesses), you could turn them all into public addresses and know in 1 second if any of these 400k are interesting?
Quote
What the second program, BitKeyChecker, does is scan the Block Chain and build a set of all Transaction hashes, ever. It then checks the hashed password against that set to see if the set contains it. If it does, it's considered 'interesting'. I was getting upward of 400,000 checks per second on my i5,
so how many seconds to check the set of all transactions?
(400k/sec, how many total are there?)
To check the set of all transactions for a given hash? I was able to do so against 400,000 random hashes a second. So how long does it take to check ALL transactions to see if a hash is interesting? Less than 1/400,000 of a second, after having loaded them all into memory.
I take a phrase out of a book of poetry then add a series of numbers + capitalization on every other digit. Makes it very easy to remember and gives me a very hard to crack password.
The majority of the people losing their wallets however are due to being infested with malware. A fresh install of Windows, second partition for all your programs, then Deep Freeze the whole thing and you getting hacked is very unlikely.
The majority of the people losing their wallets however are due to being infested with malware. A fresh install of Windows, second partition for all your programs, then Deep Freeze the whole thing and you getting hacked is very unlikely.
Jump to: