There's very little entropy in the phrase "There is no new thing under the sun" (In this context, I'd guess much less than 20 bits). It's easily one of the billion phrases most likely to be selected for this use so it's not really surprising to see the funds instantly vanish.
Compare this with another eight-word phrase: "rebel twenty hotel solve zone arena dad east". These words were selected randomly and uniformly from a list of 2048 words using a secure RNG (you could use coins, dice, cards instead or in conjunction). Unlike "There is no new thing under the sun", I can be confident that this precise string of words did not exist anywhere until this moment. Before I revealed this precise passphrase it had, provably, 88 bits of entropy (so I'd guess it to have been about 300 billion billion times stronger).
Even then, I would recommend using something stronger still for a brainwallet. While I occasionally use brainwallets with as little as 96 bits of entropy, I recommend a minimum of 128 bits to anyone that's not confident in doing the calculations themselves. For reference:
Diceware, mentioned in tspacepilot's link, gives you about 12.92 bits of entropy per word so you'll want 10 words as a minimum and 13 words for maximum security.
Final note: Now that I've posted "rebel twenty hotel solve zone arena dad east" online, it would make a poor brainwallet passphrase. I wouldn't care to guess at its strength but it's certainly far, far less than 88 bits.
Compare this with another eight-word phrase: "rebel twenty hotel solve zone arena dad east". These words were selected randomly and uniformly from a list of 2048 words using a secure RNG (you could use coins, dice, cards instead or in conjunction). Unlike "There is no new thing under the sun", I can be confident that this precise string of words did not exist anywhere until this moment. Before I revealed this precise passphrase it had, provably, 88 bits of entropy (so I'd guess it to have been about 300 billion billion times stronger).
Even then, I would recommend using something stronger still for a brainwallet. While I occasionally use brainwallets with as little as 96 bits of entropy, I recommend a minimum of 128 bits to anyone that's not confident in doing the calculations themselves. For reference:
- Casascius coin addresses have 128 bits of entropy and they're holding out well.
- A typical address as generated by Bitcoin Core contains 160 bits of entropy (about 4 billion times stronger than 128 bits).
Diceware, mentioned in tspacepilot's link, gives you about 12.92 bits of entropy per word so you'll want 10 words as a minimum and 13 words for maximum security.
Final note: Now that I've posted "rebel twenty hotel solve zone arena dad east" online, it would make a poor brainwallet passphrase. I wouldn't care to guess at its strength but it's certainly far, far less than 88 bits.
Thanks for this! helps a lot
