Author

Topic: Brainwallets - a no brainer NOT to use? (Read 692 times)

member
Activity: 84
Merit: 10
Correct Horse Battery Staple
March 27, 2013, 06:43:26 PM
#5
To the mods...

Any chance of getting this moved to "Bitcoin Discussion" I think it is an important topic and would like to get more exposure there  Smiley
legendary
Activity: 1246
Merit: 1077
March 26, 2013, 10:03:53 PM
#4
Wait, are you using some weird characters there or has nobody actually registered the username "bitcoin" yet?

They're not "weird characters", they're standard punctuation marks.
member
Activity: 84
Merit: 10
Correct Horse Battery Staple
March 26, 2013, 10:01:58 PM
#3
I'll let you figure that one out  Cheesy
newbie
Activity: 8
Merit: 0
March 26, 2013, 08:39:59 PM
#2
Wait, are you using some weird characters there or has nobody actually registered the username "bitcoin" yet?
member
Activity: 84
Merit: 10
Correct Horse Battery Staple
March 26, 2013, 07:40:56 PM
#1
I see three major security problems with brain wallets. Please comment (or shoot me down!). If you use a brain wallet do you worry about these?

The first is in particular to web-based online wallets. Can you trust them? If there is a hacked script on the site it could log the details you used to the same or another sever. Then someone has your password.

Secondly what if you they got the alogrithm wrong? Then you are sending coins to a wallet you have no hope of retrieving them from! You lose the coins. What if the algo is right 90% of the time and not the other 10%. With these wallers written in python, javascript and other languages there is a chance of issues like that. Unless you hook up your brainwallet to a real bitcoin client (in which case what is the point, just use an ecrypted wallet) then you won't know if the coins are accessible.

Third you need to remember a really secure password. The more coins you have, the more secure it needs to be. Unlike a random generated hash, a brute force on a weak password is much easier, and with technology to do many millions of hashs per second in almost everyones PC, let alone ASICs you will need a very obscure password. The example of "correct horse battery staple" given on one of the sites would be hopeless. And if your PW is very secure then there is a risk of forgetting it.

By contrast password encrypting a wallet is more secure because you'd need to get hold of the wallet THEN brute force it. The brain wallet can be brute forced by anyone who suspects you have a brain wallet and knows your address (perhaps by doing a transaction with you to sus it out).








Jump to: