You must be careful with brainwallets, is curious and useful if done well, though nothing as safe as randomness.
I did the test once and in under 10 minutes I had found a key with balance, with a good dictionary and a good collection of common/ famous/literary phrases , is relatively easy to find someone who did not have much imagination.
Good advice. From the bitcoin wiki:I did the test once and in under 10 minutes I had found a key with balance, with a good dictionary and a good collection of common/ famous/literary phrases , is relatively easy to find someone who did not have much imagination.
Quote
It is very important when creating a brainwallet to use a passphrase that has a very high level of entropy. If this is not done, theft of the brainwallet is an eventual certainty.
This is not a simple suggestion. This is a requirement. Most people when asked to create a secure password, with everything they've heard about creating a password, will still create a password that if used for a brainwallet, will result in the eventual theft of their funds. The simple fact of the matter is that hacking a brainwallet password is a mathematical exercise that requires no internet access, no communication, and leaves no trace, so hackers can collectively try multiple trillions of passwords every second in the privacy of their own homes with the very same equipment they use for mining bitcoins (in the usual sense). Your bank might tell you that a 10 character password with uppercase, lowercase, numbers and symbols is a strong password, but it is not strong enough to secure a brainwallet. A password that might be strong enough for traditional banking or a social website is typically unacceptable for a brainwallet.
A brainwallet passphrase, at a minimum, needs to be an entire original sentence that does not appear in any song or literature. Security is enhanced simply by including some sort of memorable personal information, which doesn't necessarily even have to be secret (e.g. an e-mail address, or phone number). A good brainwallet passphrase will have dozens of characters.
This is not a simple suggestion. This is a requirement. Most people when asked to create a secure password, with everything they've heard about creating a password, will still create a password that if used for a brainwallet, will result in the eventual theft of their funds. The simple fact of the matter is that hacking a brainwallet password is a mathematical exercise that requires no internet access, no communication, and leaves no trace, so hackers can collectively try multiple trillions of passwords every second in the privacy of their own homes with the very same equipment they use for mining bitcoins (in the usual sense). Your bank might tell you that a 10 character password with uppercase, lowercase, numbers and symbols is a strong password, but it is not strong enough to secure a brainwallet. A password that might be strong enough for traditional banking or a social website is typically unacceptable for a brainwallet.
A brainwallet passphrase, at a minimum, needs to be an entire original sentence that does not appear in any song or literature. Security is enhanced simply by including some sort of memorable personal information, which doesn't necessarily even have to be secret (e.g. an e-mail address, or phone number). A good brainwallet passphrase will have dozens of characters.
