Author

Topic: Bittaddress.org brainwallet passphrase is NOT sha256 (Read 302 times)

AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
i hope you realize that using brainwallet like that is the worst thing you can do for generating a new private key because brainwallets are known to be insecure because people are rarely capable of creating a truly random "passphrase". so know that if you decided to create a paper wallet with a password there is a very good chance that someone is going to steal your funds pretty easily.

I wouldn't say that brainwallets are bad per se. If you choose a phrase long enough and one, that is not used in any book or lyric or whatever, a brainwallet can be an interesting way to store your value in some situations.

Let's say I take an individual very long sentence, which nobody else knows. Now I run a sha256 over it and convert this into a Bitcoin private key. When I send Bitcoins to this address I can access it everywhere I want without even bringing a computer or USB sticks or whatever. I can cross borders with absurd amounts of money and when I want to spend it, I only need the sentence to have access to it.

The possibility of someone accessing these funds are very very small. Especially because people don't even know, that I have Bitcoins in a brainwallet.
Even if they knew, how would they start looking for these funds? The only way could be torturing me until I give them the phrase.

the problem is in that first step: choosing a long and truly random passphrase that can not be guessed at all. generally speaking people have shown that they will always choose things that can be guessed which makes brainwallets bad in general.
otherwise there have been users that created brainwallets and posted the address as a challenge online and it was never broken.

if someone insists on using brainwallets then i can only suggest using some other method other than a simple SHA256 on it. something unique that nobody knows. that way to steal the funds the hacker has to find 2 things: the random long passphrase and the hash algorithm.
for example you could use a KDF function such as scrypt with custom settings (eg. n=2048, r=5, p=2) and derive a 32 byte key from that. or using SHA3-256, SHA512/256, Blake2b-256,... the list goes on.

ps. BIP39 is also worth mentioning here as it is a mnemonic which is a set of words in any language which you could memorize instead of a brainwallet. it is harder but it much safer since they represent a good random entropy. this could also solve the "torture" problem as you could add a single "word" to the list as its extension so you have 1 mnemonic but two wallets. the wallet with the mnemonic can contain a small amount that you could reveal under torture! and the wallet with mnemonic+passphrase contains the actual funds. => good for paranoid people.

So peoples education is the problem and not the brainwallet. People have to learn, that a phrase like 'To be or not to be' might not be guessed by a human that fast, but that a good computer can crunch billions of sentences in minutes. If you instead use a phrase like 'To be or not be, I don't fucking care about this shit in 2019.' you probably have a sentence that wouldn't be in any book or wordlist and therefore pretty hard to crack.


full member
Activity: 593
Merit: 100
BBOD The Best Derivatives Exchange
in bitadress.org in brain wallet when i type passphrase "satoshi nakamoto" it generates privatekey different than what a normal sha256 online calculator generates. Why sha 256 of bitaddress gives different private key than a normal sha256..

 below is example








private keys generated by both for same phrase iBTCs different WHY??

Everyone's talking about bitadress. I don't think it's safe. Then tell me where can we get the most reliable BTC wallet?
Bitadress may be a platform that is not yet popular but there are still some users who are fans of it and choose this to be a favorite wallet. There are many popular wallets and high safety ratings, such as Coinbase, xapo, blockchain. Also, you can use exchange platforms as a place to keep your token and binance, bitfinex, houbi will be great choices.
hero member
Activity: 1582
Merit: 670
in bitadress.org in brain wallet when i type passphrase "satoshi nakamoto" it generates privatekey different than what a normal sha256 online calculator generates. Why sha 256 of bitaddress gives different private key than a normal sha256..

 below is example








private keys generated by both for same phrase iBTCs different WHY??

Everyone's talking about bitadress. I don't think it's safe. Then tell me where can we get the most reliable BTC wallet?
legendary
Activity: 3472
Merit: 10611
i hope you realize that using brainwallet like that is the worst thing you can do for generating a new private key because brainwallets are known to be insecure because people are rarely capable of creating a truly random "passphrase". so know that if you decided to create a paper wallet with a password there is a very good chance that someone is going to steal your funds pretty easily.

I wouldn't say that brainwallets are bad per se. If you choose a phrase long enough and one, that is not used in any book or lyric or whatever, a brainwallet can be an interesting way to store your value in some situations.

Let's say I take an individual very long sentence, which nobody else knows. Now I run a sha256 over it and convert this into a Bitcoin private key. When I send Bitcoins to this address I can access it everywhere I want without even bringing a computer or USB sticks or whatever. I can cross borders with absurd amounts of money and when I want to spend it, I only need the sentence to have access to it.

The possibility of someone accessing these funds are very very small. Especially because people don't even know, that I have Bitcoins in a brainwallet.
Even if they knew, how would they start looking for these funds? The only way could be torturing me until I give them the phrase.

the problem is in that first step: choosing a long and truly random passphrase that can not be guessed at all. generally speaking people have shown that they will always choose things that can be guessed which makes brainwallets bad in general.
otherwise there have been users that created brainwallets and posted the address as a challenge online and it was never broken.

if someone insists on using brainwallets then i can only suggest using some other method other than a simple SHA256 on it. something unique that nobody knows. that way to steal the funds the hacker has to find 2 things: the random long passphrase and the hash algorithm.
for example you could use a KDF function such as scrypt with custom settings (eg. n=2048, r=5, p=2) and derive a 32 byte key from that. or using SHA3-256, SHA512/256, Blake2b-256,... the list goes on.

ps. BIP39 is also worth mentioning here as it is a mnemonic which is a set of words in any language which you could memorize instead of a brainwallet. it is harder but it much safer since they represent a good random entropy. this could also solve the "torture" problem as you could add a single "word" to the list as its extension so you have 1 mnemonic but two wallets. the wallet with the mnemonic can contain a small amount that you could reveal under torture! and the wallet with mnemonic+passphrase contains the actual funds. => good for paranoid people.
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
i hope you realize that using brainwallet like that is the worst thing you can do for generating a new private key because brainwallets are known to be insecure because people are rarely capable of creating a truly random "passphrase". so know that if you decided to create a paper wallet with a password there is a very good chance that someone is going to steal your funds pretty easily.

I wouldn't say that brainwallets are bad per se. If you choose a phrase long enough and one, that is not used in any book or lyric or whatever, a brainwallet can be an interesting way to store your value in some situations.

Let's say I take an individual very long sentence, which nobody else knows. Now I run a sha256 over it and convert this into a Bitcoin private key. When I send Bitcoins to this address I can access it everywhere I want without even bringing a computer or USB sticks or whatever. I can cross borders with absurd amounts of money and when I want to spend it, I only need the sentence to have access to it.

The possibility of someone accessing these funds are very very small. Especially because people don't even know, that I have Bitcoins in a brainwallet.
Even if they knew, how would they start looking for these funds? The only way could be torturing me until I give them the phrase.

legendary
Activity: 4508
Merit: 3425
i hope you realize that using brainwallet like that is the worst thing you can do for generating a new private key because brainwallets are known to be insecure because people are rarely capable of creating a truly random "passphrase". so know that if you decided to create a paper wallet with a password there is a very good chance that someone is going to steal your funds pretty easily.
Yeah. This is one of my favorite threads on this site: Collection of 18.509 found and used Brainwallets
Woow woow woowwww... So paper wallets from this websites is not safe? I used many wallets from bitadress and never happen bad incident. Well, how can we create a really "safe" Bitcoin wallet then?

Brain wallets are not safe. Paper wallets are generally ok. The issue here is how the private key is generated, not how it is stored.
sr. member
Activity: 1568
Merit: 321
★777Coin.com★ Fun BTC Casino!
i hope you realize that using brainwallet like that is the worst thing you can do for generating a new private key because brainwallets are known to be insecure because people are rarely capable of creating a truly random "passphrase". so know that if you decided to create a paper wallet with a password there is a very good chance that someone is going to steal your funds pretty easily.

Yeah. This is one of my favorite threads on this site: Collection of 18.509 found and used Brainwallets

Woow woow woowwww... So paper wallets from this websites is not safe? I used many wallets from bitadress and never happen bad incident. Well, how can we create a really "safe" Bitcoin wallet then?
legendary
Activity: 4508
Merit: 3425
i hope you realize that using brainwallet like that is the worst thing you can do for generating a new private key because brainwallets are known to be insecure because people are rarely capable of creating a truly random "passphrase". so know that if you decided to create a paper wallet with a password there is a very good chance that someone is going to steal your funds pretty easily.

Yeah. This is one of my favorite threads on this site: Collection of 18.509 found and used Brainwallets
legendary
Activity: 3472
Merit: 10611
i hope you realize that using brainwallet like that is the worst thing you can do for generating a new private key because brainwallets are known to be insecure because people are rarely capable of creating a truly random "passphrase". so know that if you decided to create a paper wallet with a password there is a very good chance that someone is going to steal your funds pretty easily.
hero member
Activity: 1232
Merit: 738
Mixing reinvented for your privacy | chipmixer.com
private keys generated by both for same phrase iBTCs different WHY??
they are the same, you are just looking at different private key formats
the one you get from bitaddress is a standard WIF (Wallet Import Format) private key,
as the name suggested, this is commonly used for importing privkey-address pair into a wallet
the plain SHA256 gives you a HEX (HEXadecimal) private key
this can be used to import too, but I think not many wallets support importing this format

Besides private Key provided by bitaddress.org uses Base58 format, not Hexadecimal which used by SHA-256 output.
OP can enter the WIF privkey in the "Wallet Details" tab on bitaddress.org to view all details
it will show all equivalent privkeys in different "Key Formats: WIF, WIFC, HEX, B64, B6, MINI, BIP38"
we can see the AA2D3C4A4A... HEX privkey listed second from the bottom Wink Cool
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
Because a Bitcoin private key is not only a sha256 hash:
https://en.bitcoin.it/wiki/Private_key
newbie
Activity: 25
Merit: 5
in bitadress.org in brain wallet when i type passphrase "satoshi nakamoto" it generates privatekey different than what a normal sha256 online calculator generates. Why sha 256 of bitaddress gives different private key than a normal sha256..

 below is example
https://i.imgur.com/2EPUBWw.jpg



https://i.imgur.com/vrerpiP.jpg



private keys generated by both for same phrase iBTCs different WHY??
Jump to: