Topic: Brain Wallets - page 2. (Read 1378 times)
this guy is sending us all an alarm signal and we should take this into consideration
Answer seems pretty clear to me:
"The upshot? Use a simple password, which many people have done, and it's easily cracked despite the appearance of complexity.
Castellucci and his co-authors checked a trillion passwords for $55.86 and recovered 18,000 wallets.
Ryan Castellucci of White Ops presented some of his research into this area last August, and is the common link between two new multi-author papers—one out this week and the other available and being presented in two weeks—that dive even deeper into the problems with brain-wallet protection and the techniques which bad guys have used to empty such wallets. Also last August, he released Brainflayer, a tool for automatically testing passwords against brain-wallet encryption keys."
Since you've stored the private keys inside the blockchain, you wouldn't need a transaction in order to brute force it.
"The upshot? Use a simple password, which many people have done, and it's easily cracked despite the appearance of complexity.
Castellucci and his co-authors checked a trillion passwords for $55.86 and recovered 18,000 wallets.
Ryan Castellucci of White Ops presented some of his research into this area last August, and is the common link between two new multi-author papers—one out this week and the other available and being presented in two weeks—that dive even deeper into the problems with brain-wallet protection and the techniques which bad guys have used to empty such wallets. Also last August, he released Brainflayer, a tool for automatically testing passwords against brain-wallet encryption keys."
Since you've stored the private keys inside the blockchain, you wouldn't need a transaction in order to brute force it.
I found this interesting article about the vulnerability of brain wallets that left me asking some questions. I personally think the author of the article deserves a sharp pain below the waist line. He actually attacks and insults brain wallet users, provides very vague information, and it appears, the article is written to make you worry about your brain wallet, or any type of wallet for that matter. Please read article below.
http://www.fastcompany.com/3056651/researchers-find-a-crack-that-drains-supposedly-secure-bitcoin-wallets
1> What I would like to know is, if when I generated my wallet, a seed was created for me to be able to restore my wallet at a later point in time, when I want to bring the wallet online again, how could my seed, and therefore my key be attacked??? There is nothing in the blockchain since there has never been any transactions. I don't understand what the author is really talking about? And even if I have conducted transactions to the wallet addresses, how could the presence of those public addresses in the blockchain be used to attack my wallet?
2> Is my above example a brain wallet, or is it something different??
Marbu -
never ever use a Brainwallet. theyre not safe. The big flaw is that they are human generated passwords - the worst kind. And the reward for cracking them is cold hard cash, so every hacker and thief has an incentive to crack them.
it can happen to anyone - including me - when i first started in bitcoin, i used a brain wallet along with regular wallets. i didnt have much in there because a cryptographer friend had already warned me they were unsafe but i i wasnt so sure as i had picked a very complex and long password and i thought that my one would be safe.
So instead of emptying my brain wallet, i left it with some funds but de-risked it and removed most of my coins - i had probably left just a couple in there. awhile later (a few months), i checked back and all my funds had of course been drained ages earlier. this was a very long (40+ characters) password. It had several real words inside it, but it also had numbers and punctuation marks and was longer and more complex than anything in the best dictionary. didnt take them long to crack it and steal my (albeit, small) reward. A month earlier and it wouldve been a lot more.
In short, there's nothing the human brain could think of that a brute force password cracking software in the cloud couldnt find, given a bit of time.
Bottom line: Dont do it. there's no sane reason to use a brain wallet. And if you do, expect to lose your funds. The hackers have infinite time to keep retrying your password. nothing stops them. they can do millions of tries a second and keep going for months til they crack it. Why let them!?
I also read they are very vulnerable... maybe because people tend to use same words as password over and over...
Brain wallet are vulnerable because most humans are bad at finding random passphrases.
Quote
Clever wallet owners had used phrases like "say hello to my little friend" and "dudewheresmycar."
The "clever" here is irony. Its very stupid to use a popular movie/song (or any movie/song) title/part as a brainwallet.
The seed e.g. Electrum generates for you is a representation with words, but they are not derived from pop culture or other art, but generated randomly. This is the big difference. You cant reasonably attack a proper randomly generated passphrase for 55 USD, not even for 55 trillion USD.
I also read they are very vulnerable... maybe because people tend to use same words as password over and over...
1> What I would like to know is, if when I generated my wallet, a seed was created for me to be able to restore my wallet at a later point in time when I want to bring the wallet online again, how could my seed, and therefore my key be attacked??? There is nothing in the blockchain since there has never been any transactions. I don't understand what the author is really talking about? And even if I have conducted transactions to the wallet addresses, how could the presence of those public addresses in the blockchain be used to attack my wallet?
2> Is my above example a brain wallet, or is it something different??
2> Is my above example a brain wallet, or is it something different??
1 - Your seed can be attacked if it is created on a compromised computer, stolen or not really randomly created. Public addresses cannot be used in any attack vector (unless we're talking about deanonymisation).
2 - What example?
I found this interesting article about the vulnerability of brain wallets that left me asking some questions. I personally think the author of the article deserves a sharp pain below the waist line. He actually attacks and insults brain wallet users, provides very vague information, and it appears, the article is written to make you worry about your brain wallet, or any type of wallet for that matter. Please read article below.
http://www.fastcompany.com/3056651/researchers-find-a-crack-that-drains-supposedly-secure-bitcoin-wallets
1> What I would like to know is, if when I generated my wallet, a seed was created for me to be able to restore my wallet at a later point in time, when I want to bring the wallet online again, how could my seed, and therefore my key be attacked??? There is nothing in the blockchain since there has never been any transactions. I don't understand what the author is really talking about? And even if I have conducted transactions to the wallet addresses, how could the presence of those public addresses in the blockchain be used to attack my wallet?
2> Is my above example a brain wallet, or is it something different??
Jump to: