Author

Topic: Brainwallets with wallet addresses as a passphrase (Read 265 times)

legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
A seed phrase (what appears in your image) is a series of words used in HD wallets for generating numerous private keys.
In HD wallets, seed phrase generates the seed. Seed phrase represents entropy with 128 to 256 bits, this is used to generate seed with a longer bits (512 bits) through key-stretching function PBKDF2 using HMAC-SHA512. From the seed, the master private key and master chain code are generated through one-way-function HMAC-SHA512 while the master public key is generated from the master private key. Then, the master private key produces the child private key also through one-way-function HMAC-SHA512. What I just want to point out is that seed phrase do not generate the private keys directly, seed phrase generate the seed, the seed generates the master private key while the master private key generates numerous private keys.
legendary
Activity: 2380
Merit: 5213
Correct me if am wrong but aren't passphrases something like this :
No, that's a seed phrase. It's also called mnemonic phrase.

A seed phrase (what appears in your image) is a series of words used in HD wallets for generating numerous private keys.
A passphrase is additional word(s) combined with your seed phrase to generate completely different private keys.

(In electrum, you can click on option and select "Extend this seed with custom words" to add extra words to your seed phrase. )

The term "passphrase" (as used by OP) also refers to a series of characters or words used for generating brainwallets.
legendary
Activity: 3024
Merit: 2148
This looks like an attempt to make some sort of deterministic wallet, except it's even more stupid than just a brain wallet, because public information is used. If private keys of the previous address was used instead, the security would be equal to the security of the passphrase, which is still bad, but not completely horrible like this.
newbie
Activity: 7
Merit: 0
Just for illustration purposes, if you take

1BBBvd9G5YThYVVMSGSxJzQvQiQm3WxJC2

as a passphrase and create a brainwallet from it, you will get

1EFBsAdysTf81k72v9Zqsj3NMuo6KoWD2r as an address, and

5Jn1okR6g8jM3fCjZbCgJQNwwHde8v8Rw2HEpumamnGwFW6ogo1

as the corresponding private key.

If you check this address on the blockchain, you will find a wallet that had 51 transactions with a total balance of once 37 BTC.

You can go to bitaddress.org to try building brainwallets. You will also see that the donation address at that site

1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN

leads to 1Ns55SngRhshA8kEnyuQ9ELZZPN7ubYfQJ which also had a balance at some point.



legendary
Activity: 1624
Merit: 1200
Gamble responsibly
You have misunderstood what is going on here. A brainwallet is generally created by taking the SHA256 of any arbitrary data or string, and using that 256 bit output as a private key. They are incredibly insecure and widely recommended against. In the cases that OP has quoted, people have taken an existing address, hashed it, used the output as a private key, and calculated a new address based on this private key.
I have just gotten this right, this is just bad enough, I have not created brain wallet before, even to create a wallet I will go for paper wallet in this case or most preferably use the HD wallet. The wallet most not suggested to be used are brain wallets.
hero member
Activity: 1890
Merit: 831
Correct me if am wrong but aren't passphrases something like this :

I do not think that this is a pass phrase for sure. I do not know how did you get that idea plus it would be not only foolish but completely unprofessional to use something like that, you think that they would risk it whole to use something like this ? Plus they cannot just go around broadcasting their pass phrase everywhere. Because a wallet address would be used , more often than you might think. Plus you have to understand that brain wallet is more like a cold storage and plus they are more likely to be random words in a sentence and that goes for the brain wallet too. Plus I do not recommend using this brain wallet since now there are cracks available.
legendary
Activity: 2268
Merit: 18748
-snip-
You have misunderstood what is going on here. A brainwallet is generally created by taking the SHA256 of any arbitrary data or string, and using that 256 bit output as a private key. They are incredibly insecure and widely recommended against. In the cases that OP has quoted, people have taken an existing address, hashed it, used the output as a private key, and calculated a new address based on this private key.

Obviously these are easy to guess. I am curious as to why these were used as passphrases. Was there a wallet app that did this, or why did people believe this was a good idea?
There is no wallet I am aware of which did this. People were simply misguided in to believing that this was somehow more secure than a brainwallet generated from a phrase or password, which it obviously isn't.
legendary
Activity: 3346
Merit: 3125
I don't think it was created by a wallet, for sure someone takes those addresses to a brain wallet software to create new addys, and I think it's a terrible idea to do this because at some point someone will get access to the address by making some king of Bruteforce with brain wallet.

Brain wallets have been a big vulnerability for bitcoin, and it's because people keep creating addresses with a low number of words or using services online that can steal your PK.
legendary
Activity: 1624
Merit: 1200
Gamble responsibly
This does not look like passphrase, it looks like a bitcoin address that start from 1 called legacy addresses, two also start from 3 which is the compatibility segwit. Sharing these to public does not have any effect on your wallet, what must not be shared are private keys because it will be used to take away all your bitcoin, the public key should not also be shared because it will let people to know all your transaction history if it is master public key.
newbie
Activity: 7
Merit: 0
This may have been asked and answered, but I couldn't find it in the forum.

Checking the list of hacked brain wallets (18k) it appears that many used existing wallet addresses as passphrase. A few examples below.

137XrofaWZhaZW2uB7eDsPjcwCNMTXVLot
1BBBvd9G5YThYVVMSGSxJzQvQiQm3WxJC2
16era4SgYEcbZD1pu6oCBXGXjK2wSrePe8
14nuZCWe76kWigUKAjFxyJLFHQyLTsKXYk
1Pjg628vjMLBvADrPHsthtzKiryM2y46DG
1KzSULbG3fRVjWrpVNLpoB6J62xYL42AdN
3BTxuixRkhMQfTSqCLmq9Wn4jJ9H3dszhX
1LdkWzq9DxopPkY1hCmQ3DezenP5PQLNC3
3BHsbqZnUGM5Gbwsxe7ukk8NJc81kfhY8Y
1Q81rAHbNebKiNH7HD9Mh2xtH6jgzbAxoF

Obviously these are easy to guess. I am curious as to why these were used as passphrases. Was there a wallet app that did this, or why did people believe this was a good idea?

Thanks.
Jump to: