Topic: It took 10 seconds for the brainwallet "password1" to be taken (Read 15329 times)

No.  They know your e-mail address and they guess your password and transfer the coins.  That's why you should set up the Authy authentication so they can't do that.

Also, you should only keep spending money in there, not $10,000.

Perhaps not using words would be prudent as lists exist which have fancy titles like DICTIONARY etc

Skynet's new 12nm ASIC chip is able to learn at a geometric rate and can crack passwords at 500T/flop/s whilemining / coordinating missile strikes under WIN7/Ubuntu. Also it is self-conscious.

Fancy computers can quite easily hack passwords so beware!

So if my coinbase has an easy pw, when I do a transaction someone may use the public key to track me and try to crack my pw? 

Is that the way it works?

New to this but want to be secure.

And your blockchain.info wallet is as secure as the password you set it up with?

Sorry for the noob q's

Its as secure as the owner is. But remember, if you don't control the keys, you don't control the bitcoin.

Blockchain.info is a much better wallet because you get to keep control of your keys

How about a coinbase wallet?   Is it secure?

There are safer ways to hold into btc's ,it's clear that some people generated thousands if not millions of wallets and are using bots with bruteforce to break any weak passwords. To have a somehow moderate wallet you might need to enter a semi-impossible to imagine word with letters/number/signs etc... making it hard for you to remember. Paper wallets might be more useful.

It will suffice to use a good password. Supercomputers can't beat good passwords. Just don't use anything that could be beaten with wordlists etc., do not use lyrics from your favourite song and so on. The problem is the same as choosing a good password. It's totally doable if you use some sense. Put something personal in it, something that is not found in a word list. That way if the attacker wants to really crack it he would have to focus on cracking just your password.

If we look at passwords like "correct horse battery staple"
The words
correct - 1822nd most common (Wolfram Alpha)
horse - 1315th most common (Wolfram Alpha)
battery - 3222nd most common (http://www.wordfrequency.info/free.asp?s=y)
staple - , but not in the top 5000

So, one would most probably need a word list of at least 2000 words to be able to have all those words. This means 16000000000000 different combinations of four words. Assume an attacker could hash passwords at 10 TH/s. She would need 1.6 seconds to surely find the key. So not safe for the future attacker. Add a fifth word, it will take an hour now. Add punctuation, substitute a letter for a number, do a strange error in spelling... something you can remember. The key will become impossible to guess. Remember something personal. Also in practice the word list would have to include way more than 2000 words.
Anyway, think this for yourself, but it's not difficult to come up with a safe passphrase that you can also surely remember. I have a mixed Finnish/English passphrase I know I really can't forget but it's also quite impossible for anyone to come up with.
Just remember something random or personal as well, there are around 7 billion people on this planet and  if you think no one else likes that obscure quote or poem you're using, you might as well be wrong.

It is safer to properly generate the entropy and store the result on paper.

Due to to nature of cryptographic hash functions, there is no limit to the length of the pass-phrase. It can be the King James Bible (which is well known enough, it may very well be guessed by dedicated pass-phrase crackers).

My rule of thumb: if it has ever been published, it is not a good pass-phrase.

I have been wanting to participate in this discussion, and am now happily past the newbie speedbump. 

I like the concept of deterministic wallets, and am thinking of an approach that lets me create deterministic and encrypted paper wallets.

It starts with a brainwallet created at bitaddress.org with a 230+ bit entropy passphrase.  I then encrypt the private key at bit2factor.org which implements BIP38 to create an encrypted private key.  For this encryption, I use a different 230+ bit entropy passhprase.  I then use the encrypted private keys as the successive brainwallet passphrases to create more encrypted private keys in a deterministic manner.

I have read this full post and others like it, and am aware of the need for high entropy passphrases.  I can use even higher entropy passphrases than what I am thinking of, and I can reliably re-create the passphrases when I need to.  But I am interested in knowing how much entropy bitcoin passphrases can handle.

My questions are:
1) what is the limit for the number of characters a passphrase can have to create a private key at bitaddress.org?
2) what is the limit for the number of characters a passphrase can have to encrypt a private key at bit2factor.org for the BIP38 implementation?

Thanks.

I am using cold storage the same way you were talking about. Only difference was I was livebooting from Ubuntu and then opening bitaddress in html file offline to generate a key pair using brainwallet (as stated, don't trust RNG).
But seeing you won't use the computer afterwards it should be perfectly fine - just don't go online on it again.


I'm not so sure about how you would go and import one of these on an offline client like the armory/official client, however I would just sweet it on a Blockchain.info account with Google 2-FA and then transfer the funds to whatever destination.

can I use http://passwordsgenerator.net/ to generate a 50 char password such as