Maybe no one thinks to try the above procedure for a long time, but one day, someone learns that the above person has a lot of coin, their favorite number is 420, and they like to generate their private keys via non-standard methods. This might lead someone to try to generate private keys via psudo-random methods in various ways using '420' as the seed up to a certain level of entropy that can be easily cracked.
What I'm thinking is if I designed some super secret
but easy for me to remember branwallet algorithm, it wouldn't even help you to know my starting brainwallet passphrase simply because the main source of entropy is the algorithm itself. And you could spend an eternity going through those before you hit on the correct one.
some people might argue that it's impossible to degisn such an algorithm thats easy to remember. for me, it's the opposite way. i could remember an algorithm but i would have more trouble memorizing a 30 character phrase that had 120 bits of entropy. because a human doesn't have the capability to truly generate such a thing i dont think. unless they roll dice but then that would make it impossible to memorize...
In my example, most of the entropy is from the pseudo-randomness, and very little from the "brain wallet" portion of generating the key.
Does calling a pseudo-random function while using a particular seed really create 90 bits of entropy? It does create a set of numbers that would take 2^90 guesses in order to be guaranteed to guess that particular set of numbers. If you know that the random function of numpy is being used, the amount of entropy is reduced to ~8.75 bits.
The problem with "inventing" an algorithm with the purpose of generating a private key is that it is difficult to measure how much entropy (security) your private key
really has. If you can think of an algorithm, there is no reason why someone else couldn't think of a similar algorithm.
Although my recommendation is to create a seed that has 256 bits of entropy, if you insist on creating a brain wallet with low amounts of entropy, I would suggest using an algorithm that is computationally inefficient. If it is difficult to calculate the private key from the 'brain wallet' phrase, then each bit of entropy is "worth" more. Obviously, this assumes that new technology will not be invented that can go from 'brain wallet' phrase to private key more efficiently in the future.
But the standard SH256 brainwallets are very safe, if the password is safe. And I don't see a problem with forgetting it. Just write it down on paper and deposit it at a safe place. There are many ways to disguise it as well, like use the first sentence in a diary. If it is personal and not found somewhere else, it would be very safe. Like "This is the diary of the very knowledgeable programmer Frank, born on x, in the city y.". No way this could be discovered with a brute-force program. It would be much more safe than a random 30 character password.
My understanding is that most scripts/programs that try to find/steal brain wallets are not doing what most would describe as "brute forcing". I believe they will look at literature to find phrases, and use those phrases against bitcoin addresses that are known to have ever received any transactions. They likely also append things such as birthdays, popular vacation locations, and various punctuation to these phrases. This is somewhat similar to trying 'password1' when someone's known password is 'password!'
There are around 171k words in the English dictionary, and randomly using 7 words as a brain wallet would generate about 121 bits of entropy. The risk of using your method is that if anyone has ever said the phrase you use in a book, movie or TV show, (or something similar), or has ever appeared in a news article, blog post or forum post, there is a high probability that someone will try your phrase against bitcoin addresses that have ever received coin. If your brain wallet is not generated randomly, it will not have anywhere near the amount of entropy you think it has.