Topic: Forget brainwallet - could you memorize an entire private key? - page 2. (Read 3047 times)
Fair enough. But if you designed such a hard passphrase would that not defy the purpose and it would actually be easier/same to remember the private key. Additionally, passphrase has the same risks associated with forgetting?
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
But wouldn't a passphrase of some sort be exceptionally easier to brute force than the private key? Sorry I actually have no idea but it is a guess.
Not necessarily, no. There's no reason a passphrase can't be generated with high entropy.
But wouldn't a passphrase of some sort be exceptionally easier to brute force than the private key? Sorry I actually have no idea but it is a guess. Then there is the issue what is your house burns down, paper is lost etc. But then again as others have mentioned you could simply have an accident etc and lose your memory.
I guess essentially the answer is that remembering your private key has zero advantage?
I guess essentially the answer is that remembering your private key has zero advantage?
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
If you had the choice to remember your private key or to write it down, which would you choose and why? I am new to bitcoin but I imagine brain wallets are way to easy to break and therefore not a realistic option. Disregard the fact that a private key is difficult to actually remember, I am just trying to ascertain if actually remembering the private key is in any way advantageous over writing it down? Does the capability of remembering a private key solve any current issue or would it serve any good purpose?
Thanks.
Thanks.
i don't see any advantage over using a passphrase. I think OP was just asking out of curiosity.
If you had the choice to remember your private key or to write it down, which would you choose and why? I am new to bitcoin but I imagine brain wallets are way to easy to break and therefore not a realistic option. Disregard the fact that a private key is difficult to actually remember, I am just trying to ascertain if actually remembering the private key is in any way advantageous over writing it down? Does the capability of remembering a private key solve any current issue or would it serve any good purpose?
Thanks.
Thanks.
Be careful with only using 160 bits of entropy for private keys. The strength of ECDSA keys when the public key is known is half the key size. For full length key 256 bits length = 128 bits strength. So 160 bits mean 80 bit of strength. This is not beyond brute force. It may not be economical but brute forcing the private key from the public key is feasible.
This is often repeated around here, but are there any documented, non-theoretical examples of that? Not talking about in 10 years, but today? Not trolling. Do you have any sources for that claim?
I agree, it's simple to write it down and keep it safe than to memorize it however I can also understand why many people would not want to write their private keys down so it is easy for them to remember mainly due to being cautious. I personally myself do not feel I could memorize an entire private key to be honest but me being on of those that is over cautious I think I would be a bit dubious about writing it down even if I knew it was a better solution.
What's the need to memorize if you can write on a piece of paper.
Why to go for un-necessary hard work?
Why to go for un-necessary hard work?
Its possible to memorize an entire private key but its a bit risky if one suddenly develop amnesia due to age or accident.
I don't see any reason in memorizing an entire private key when one can simply use a passphrase instead.
You can increase the level of entropy in a brainwallet by using the altkeys. Most keyboards only have 94 symbols (26 letters, 26 caps, 10 numbers, and 32 symbols), but you can increase that to almost 256 by using the altkeys. For instance ♥ is alt 3.
So you can do something like: (password:phonenumber)(Q♠)(K♥)(∞)
Which makes private key: 5KJkhonUA3EfX7Cjuc2rJMASq8jh5t7bJLW3axvtYjpP2mab4v9
and public address: 1BJg3A9AnURtRm9DZpV32Xut8cbrsZ6tPo
Other tricks include using Google translator to make words using different character sets to mix with your english words.
Brainwallet: (Hello World)(привет мир)(नमस्ते विश्व)
Private Key: 5JwMiUD1h2uL9Fxj82Ymvxe95wY6Tg6fwvJwdHXoxbqBD6mGADS
Public Address: 1NANoMSZanrBEYSCthGTPrz7VR7PRQxt6V
So you can do something like: (password:phonenumber)(Q♠)(K♥)(∞)
Which makes private key: 5KJkhonUA3EfX7Cjuc2rJMASq8jh5t7bJLW3axvtYjpP2mab4v9
and public address: 1BJg3A9AnURtRm9DZpV32Xut8cbrsZ6tPo
Other tricks include using Google translator to make words using different character sets to mix with your english words.
Brainwallet: (Hello World)(привет мир)(नमस्ते विश्व)
Private Key: 5JwMiUD1h2uL9Fxj82Ymvxe95wY6Tg6fwvJwdHXoxbqBD6mGADS
Public Address: 1NANoMSZanrBEYSCthGTPrz7VR7PRQxt6V
I tried doing this once as a test
By day 6, I could substantially remember it but was starting to have doubts about individual characters
Too bloody dangerous unless you have a back up in some form. A back up of course defeating the purpose of the whole exercise.
By day 6, I could substantially remember it but was starting to have doubts about individual characters
Too bloody dangerous unless you have a back up in some form. A back up of course defeating the purpose of the whole exercise.
I have tried, the answer is probably yes
But I would be absolutely terrified of forgetting it. Risk magnified as we age.
But I would be absolutely terrified of forgetting it. Risk magnified as we age.
Remembering the whole private keys? That's just retarded when you can use a passphrase haha
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Electrum cheats - it makes a 128-bit deterministic seed, even smaller than this (although the generated bitcoin private keys are spread around the keyspace in a way hard to reverse).
wait...now i'm totally confused... given what DeathandTaxes just said -- how is it that Electrum keeps the 128 bits of entropy and it doesn't become half that when we generate the
private keys? Why is it hard to reverse , or, put to it another way: why would it be easy to work backwards in another instance? I'm fuzzy on that now.
---
On another note, it is not hard to memorize a lot of information -- we all
have different talent for memorization, but its mostly a question of effort,
determination, and practice. The human brain remembers what it deems
important and forgets that which it considers unimportant. If a 256 bit private
key is in hexadecimal format, that's 64 characters, or 32 pairs of 2 digits
like "E9" or "43" or "5B". 32 is not that many. You can memorize that in
a less than an hour, or a day, or a week, depending on your talents and
other factors. For me, I think I have a pretty good memory, so I could
memorize it in maybe 20-30 minutes, but it would require practice to retain,
and there's no point -- I would rather memorize an electrum seed, which
would only take me 5 minutes to memorize if I really needed to.
Be careful with only using 160 bits of entropy for private keys. The strength of ECDSA keys when the public key is known is half the key size. For full length key 256 bits length = 128 bits strength. So 160 bits mean 80 bit of strength. This is not beyond brute force. It may not be economical but brute forcing the private key from the public key is feasible.
That's a very good point I've glossed over, that when you spend, you are releasing more information that can be used to deduce the private key, worse if in conjunction with a weak random generator by the spending wallet. I was comparing directly the possible key size to possible address size.
To simplify the brute force would require some information about how the simplified public key was encoded; here I just showed it was shortened by being a much smaller number, other discoverable encodings of small keys include SHA256 (brainwallet). Putting the small key through 777 rounds of Centrifuge and Lanarea, for example, makes the encoding more obscure and more costly to rainbow-table, but still is not security equivalent to using a full random key. The encoding technique also becomes one more thing to remember.
I must add that I started the topic wanting to challenge people to memorize their own 55-letter random string, and remember it a day, a week, a month later, but the thesis changed as I was typing it.
Take your favorite book.
Now pick your favorite 3 chapters from that book.
Pick a number from 1-10.
If your number is 4, go to the fourth page in each of your 3 selected chapters. Take the first letter of each word from that page, in the order in which the appear.
That's a good brain wallet.
Now pick your favorite 3 chapters from that book.
Pick a number from 1-10.
If your number is 4, go to the fourth page in each of your 3 selected chapters. Take the first letter of each word from that page, in the order in which the appear.
That's a good brain wallet.
What if the letters spell out "car" or "btc" or something ridiculously stupid?
Take your favorite book. ~10 bits entropy for number of popular books (estimated at 1024; this doesn't need to be a maximum to be the right entropy, since the most popular books will cover more than their share)
Now pick your favorite 3 chapters from that book. ~12 bits entropy for 3*log_2(number of chapters in a typical book), estimated at 3*4; this is generous, as the common favorites of a book will lower this
Pick a number from 1-10. ~3 bits entropy (10 numbers)
If your number is 4, go to the fourth page in each of your 3 selected chapters. Take the first letter of each word from that page, in the order in which the appear. ~3 bits entropy for different editions
That's a good brain wallet. Nope.
At 28 bits of entropy (as a rough estimate), no it's not a good brain wallet. Given the right resources (a list of popular books and their texts in a certain edition), an attacker would only have to try 2^28 combinations to crack most brain wallets based on this scheme.Now pick your favorite 3 chapters from that book. ~12 bits entropy for 3*log_2(number of chapters in a typical book), estimated at 3*4; this is generous, as the common favorites of a book will lower this
Pick a number from 1-10. ~3 bits entropy (10 numbers)
If your number is 4, go to the fourth page in each of your 3 selected chapters. Take the first letter of each word from that page, in the order in which the appear. ~3 bits entropy for different editions
That's a good brain wallet. Nope.
You're only short by a factor of 2^100. *cough*
Quote
Forget brainwallet - could you memorize an entire private key?
I can memorize a 128-bit key fairly easily, so there's nothing stopping me from memorizing a 256-bit key except that there's no point to it: I feel quite secure with a 128-bit seed securing my wallet. 
Take your favorite book.
Now pick your favorite 3 chapters from that book.
Pick a number from 1-10.
If your number is 4, go to the fourth page in each of your 3 selected chapters. Take the first letter of each word from that page, in the order in which the appear.
That's a good brain wallet.
Now pick your favorite 3 chapters from that book.
Pick a number from 1-10.
If your number is 4, go to the fourth page in each of your 3 selected chapters. Take the first letter of each word from that page, in the order in which the appear.
That's a good brain wallet.
Be careful with only using 160 bits of entropy for private keys. The strength of ECDSA keys when the public key is known is half the key size. For full length key 256 bits length = 128 bits strength. So 160 bits mean 80 bit of strength. This is not beyond brute force. It may not be economical but brute forcing the private key from the public key is feasible.
Jump to: