Topic: brainwallet question (Read 461 times)
PenAndPaper is correct. Braiwallets are also cracked when people use a passphrase from published literature. Better to use something that you can easily remember but no one else would know, like: "At the Gomez's 2010 Christmas party, when Uncle Jim put the lampshade on his head, he tripped and knocked the Christmas tree over."
What you describe is an overkill actually.
Brainwallets are vulnerable only when common phrases used to produce the private key. As long as you don't use "Lady Gaga Poker Face" as your passphrase you shouldn't have a problem.
Brainwallets are vulnerable only when common phrases used to produce the private key. As long as you don't use "Lady Gaga Poker Face" as your passphrase you shouldn't have a problem.
Hello,
I will have a brainwallet for me.
I have found a password that I can remember quite well. Let's say the length of this password would be 50 with a character set of an estimated 80 characters. These would then 80 ^ 50 possibilities for the attacker to crack the password via brute force. To make it harder to bruteforce, I'd still write me a small program that hashes the password x runs long with sha256 , sha512 (or possibly Scrypt ) - which I had imagined that the number to be x is greater than 1 billion. And as a last step, I would attach a number from 1 to y and hash it all over again with sha256 to generate as much as necessary addresses.
I expect to get a secure brainwallet for the next few years as a cold storage (did not before spending my few Bitcoins). However, if I really need to spend my btc, I could by the deterministic address generation send the remaining coins to a new address without having to memorize a new initial password (as the public key is published by a transaction, I'm a bit careful).
Of course, once the computing power increases, I can (if desired) hanging a few characters on the password and / or add more hash runs or create a completely new brainwallet concept.
What do you think of this idea? Would you trust such a brainwallet or would dicewars still be the more sensible option (my password is not based on dicewars and is not actually created 'random' - I want it easy to remember for several years) .
How useful is it to hang the password several time together (eg 1000 times) before pass the algorithm?
If you have better ideas, at least I can memorize such an algorithm better than dicewars.
PS: Excuse my bad English.
I will have a brainwallet for me.
I have found a password that I can remember quite well. Let's say the length of this password would be 50 with a character set of an estimated 80 characters. These would then 80 ^ 50 possibilities for the attacker to crack the password via brute force. To make it harder to bruteforce, I'd still write me a small program that hashes the password x runs long with sha256 , sha512 (or possibly Scrypt ) - which I had imagined that the number to be x is greater than 1 billion. And as a last step, I would attach a number from 1 to y and hash it all over again with sha256 to generate as much as necessary addresses.
I expect to get a secure brainwallet for the next few years as a cold storage (did not before spending my few Bitcoins). However, if I really need to spend my btc, I could by the deterministic address generation send the remaining coins to a new address without having to memorize a new initial password (as the public key is published by a transaction, I'm a bit careful).
Of course, once the computing power increases, I can (if desired) hanging a few characters on the password and / or add more hash runs or create a completely new brainwallet concept.
What do you think of this idea? Would you trust such a brainwallet or would dicewars still be the more sensible option (my password is not based on dicewars and is not actually created 'random' - I want it easy to remember for several years) .
How useful is it to hang the password several time together (eg 1000 times) before pass the algorithm?
If you have better ideas, at least I can memorize such an algorithm better than dicewars.
PS: Excuse my bad English.
Jump to: