Don't panic. If you use correctly brainwallets are the most secure.
But they are not newbie proof.
Topic: It took 10 seconds for the brainwallet "password1" to be taken - page 2. (Read 15329 times)
November 23, 2013, 02:57:23 PM
November 23, 2013, 02:18:23 PM
I'm not a fan of brainwallets for myself (I have a lousy memory and also I could die at any moment )
I ended up using bitaddress random generation, BIT38 and print.
But returning to brainwallets: What about using 12 words from dictionary and one word that makes sense for you (like DeathAndTaxesRules ) but is not any dictionary
I ended up using bitaddress random generation, BIT38 and print.
But returning to brainwallets: What about using 12 words from dictionary and one word that makes sense for you (like DeathAndTaxesRules ) but is not any dictionary
You can make a brain wallet + a paper wallet. I have...
For me it is a danger to lose the coins more likely than to get stolen. So i made a brain wallet with a password. I think that this password can be hacked is 0.1% of my problems. To lose it maybe 0.9%, but 99%, that I made a mistake with the generation.
- Maybe my connection was still on?
- Or it is still somewhere on my HDD?
- Or it was saved by a malware and when I connect again it will send the private key to the hacker?
What is your guess: I moved a few bitcoins to an address one week ago and the private key is just in my brain, paper wallet + truecrypt container (on usb stick I never use). How likely some malware get the private key?
My password? 30 characters, serveral words, names, seperated by an ~, and the words are written backwards or one character wrong. For example not "australia" but "ausdralia"
November 23, 2013, 02:10:21 PM
Quote
Code:
1MbmMGrtkahbjYNfLmsbKuGFByuKvAyxnC == gun thyme nose cubic almost relish fed
This has 90.47 bits of entropy, which is more than strong enough to protect against passphrase bruteforcing, if you do the math. It may look like a bold statement to the untrained eye, but I, for one, feel be perfectly safe and happy to store up to 5000 BTC with such a passphrase.
What about adding a non-dictionary word like your your screen name in some forum, your email address, nospaced phrases like "tooyoungtodie", you can even remember them more easily than "thyme" and "relish"
November 23, 2013, 02:04:24 PM
I'm not a fan of brainwallets for myself (I have a lousy memory and also I could die at any moment )
I ended up using bitaddress random generation, BIT38 and print.
But returning to brainwallets: What about using 12 words from dictionary and one word that makes sense for you (like DeathAndTaxesRules ) but is not any dictionary
I ended up using bitaddress random generation, BIT38 and print.
But returning to brainwallets: What about using 12 words from dictionary and one word that makes sense for you (like DeathAndTaxesRules ) but is not any dictionary
November 23, 2013, 01:51:11 PM
November 23, 2013, 09:41:45 AM
A number of people mentioned recursive hashing. I was wondering about that. Is there really any point to it? Sure, it adds entropy, but why not just add the entropy to the key directly? Instead of hashing the key ten thousand times, why not why not add an extra random word or two? In both cases, the attacker will have to do tons of extra hashing, but in the latter case you won't.
You can also do multiple rounds. You can make a brain wallet, hash it with sha512, then hash the result with sha256 (maybe multiple rounds). If you know what you are doing and remember all that it should fine. For new users just do the Armory thing and back up the wallet keys.
It reminds me of that correct horse battery staple thing. Adding a complicated hashing algorithm will make it more difficult for you to access your coins when you want to, and it won't necessarily be more secure than simply adding more to your key would be.
Indeed. There's a nice thread about this exact topic on the Agilebits forum. I'll see if I can find the link again.
As long as you have enough entropy in your passphrase (in a provable way), you will be just fine. Speaking about this, you may want to check out NoBrainr, which is our simple command-line tool based on this principle.
It generates bruteforce-resistant addresses perfect for cold storage and brainwallets, using an easy-to-remember xkcd/diceware-style passphrase. Example:
Code:
1MbmMGrtkahbjYNfLmsbKuGFByuKvAyxnC == gun thyme nose cubic almost relish fed
This has 90.47 bits of entropy, which is more than strong enough to protect against passphrase bruteforcing, if you do the math. It may look like a bold statement to the untrained eye, but I, for one, feel be perfectly safe and happy to store up to 5000 BTC with such a passphrase.
November 23, 2013, 09:07:39 AM
A number of people mentioned recursive hashing. I was wondering about that. Is there really any point to it? Sure, it adds entropy, but why not just add the entropy to the key directly? Instead of hashing the key ten thousand times, why not why not add an extra random word or two? In both cases, the attacker will have to do tons of extra hashing, but in the latter case you won't.
You can also do multiple rounds. You can make a brain wallet, hash it with sha512, then hash the result with sha256 (maybe multiple rounds). If you know what you are doing and remember all that it should fine. For new users just do the Armory thing and back up the wallet keys.
It reminds me of that correct horse battery staple thing. Adding a complicated hashing algorithm will make it more difficult for you to access your coins when you want to, and it won't necessarily be more secure than simply adding more to your key would be.
November 23, 2013, 08:47:29 AM
A number of people mentioned recursive hashing. I was wondering about that. Is there really any point to it? Sure, it adds entropy, but why not just add the entropy to the key directly? Instead of hashing the key ten thousand times, why not why not add an extra random word or two? In both cases, the attacker will have to do tons of extra hashing, but in the latter case you won't.
November 23, 2013, 07:19:12 AM
So is it safe for me to create a wallet using the bitaddress.org brain wallet creator provided I use enough random numbers and letters?
I don't intend to remember the passphrase as I will not make a record of it. I am only interested in the public address and corresponding private key using this method of generation.
I intend to boot a brand new laptop using Ubuntu from a new storage card/pen drive and then accessing the bitaddress'org zip files from a second storage card.
The laptop will never connect to the internet or bluetooth and the pen drive/storage cards will never connect to the internet after first loading them with the operating system and zip files.
I don't intend to remember the passphrase as I will not make a record of it. I am only interested in the public address and corresponding private key using this method of generation.
I intend to boot a brand new laptop using Ubuntu from a new storage card/pen drive and then accessing the bitaddress'org zip files from a second storage card.
The laptop will never connect to the internet or bluetooth and the pen drive/storage cards will never connect to the internet after first loading them with the operating system and zip files.
I would use Armory to create a wallet on the offline computer and then back up the armory keys for the wallet. then create a watch-only wallet for your live computer. I always test out restoring the wallet from scratch before I put funds into it. then you just need the offline computer to sign outgoing transactions.
Thanks. I will start to look into Armory. I understand a new version is due very soon and what your saying sounds similar to a discussion on Letstalkbitcoin! I heard recently.
My current plan is to create ten wallets and duplicate each three times using metal stamps onto brass strips. Each strip of brass will hold a public address on one side and a private key on the other and will be cut into three pieces.
I will spread the pieces of brass across three locations to ensure that a visit to any two of the three locations will allow for retrieval of all ten wallets.
It was my intention to never use this new laptop again and possibly even destroy it and the pen drives/ storage cards after I have generated all the wallets I need. Overkill?
The wallets are for long term storage and I was going to 'watch' them using a phone app.
November 23, 2013, 06:56:04 AM
So is it safe for me to create a wallet using the bitaddress.org brain wallet creator provided I use enough random numbers and letters?
I don't intend to remember the passphrase and I will not make a record of it. I am only interested in the public address and corresponding private key using this method of generation.
I intend to boot a brand new laptop using Ubuntu from a new storage card/pen drive and then accessing the bitaddress'org zip files from a second storage card.
The laptop will never connect to the internet or bluetooth and the pen drive/storage cards will never connect to the internet after first loading them with the operating system and zip files.
I don't intend to remember the passphrase and I will not make a record of it. I am only interested in the public address and corresponding private key using this method of generation.
I intend to boot a brand new laptop using Ubuntu from a new storage card/pen drive and then accessing the bitaddress'org zip files from a second storage card.
The laptop will never connect to the internet or bluetooth and the pen drive/storage cards will never connect to the internet after first loading them with the operating system and zip files.
November 03, 2013, 07:24:03 PM
Or.. you know, don't use brain wallets. Create one locally and encrypt it with true crypt.
This ^^^
November 03, 2013, 07:08:11 PM
i'v learned a lot ! Thanks for sharing this info 
November 03, 2013, 02:16:57 PM
Or.. you know, don't use brain wallets. Create one locally and encrypt it with true crypt.
November 03, 2013, 12:10:26 PM
You're specially unlikely to open it on page 1. The book's binding will make it more probable to open it on specific pages. All that reduces entropy.
Yes, I could have made the corollary referencing this nonsense, but alas.
November 03, 2013, 11:25:44 AM
This is silliness. If you are looking to pick X random words, take a book--for example, a dictionary--open it to any page
You're specially unlikely to open it on page 1. The book's binding will make it more probable to open it on specific pages. All that reduces entropy.
November 03, 2013, 11:04:11 AM
If you try to pick 12 "random" words on your own you will fail. Humans are terrible at randomness.
This is silliness. If you are looking to pick X random words, take a book--for example, a dictionary--open it to any page and point your finger at any spot. Rinse repeat. Not everything has to be protected by a layer of high-tech gidgetry. Plus the process is simple and adds a physical connection where one might be apt to take it more seriously rather than some randomly generated gibberish on the screen. It also means it will be more memorable.
Plot twist, some bots have a minimum wait time or transaction size before stealing the funds.
Well if they didn't before, they do now.
November 03, 2013, 07:42:08 AM
Maybe any software that supports brain wallets should do a security check.
1. Generate brain wallet
2. Send a tiny amount of bitcoins to that address
3. If the bitcoins haven't been stolen in some period of time (1 hour? 12 hours?) then consider the wallet secure and you can transfer larger amounts to it
Plot twist, some bots have a minimum wait time or transaction size before stealing the funds. 1. Generate brain wallet
2. Send a tiny amount of bitcoins to that address
3. If the bitcoins haven't been stolen in some period of time (1 hour? 12 hours?) then consider the wallet secure and you can transfer larger amounts to it
November 02, 2013, 11:30:17 PM
Maybe any software that supports brain wallets should do a security check.
1. Generate brain wallet
2. Send a tiny amount of bitcoins to that address
3. If the bitcoins haven't been stolen in some period of time (1 hour? 12 hours?) then consider the wallet secure and you can transfer larger amounts to it
1. Generate brain wallet
2. Send a tiny amount of bitcoins to that address
3. If the bitcoins haven't been stolen in some period of time (1 hour? 12 hours?) then consider the wallet secure and you can transfer larger amounts to it
November 02, 2013, 11:25:23 PM
Quote
Want a good brain wallet?
-Pick your favourite book
-use the first 3 digits of your birthday to pick a page number ( or 2 digits if you read books with pictures, or graphic novels)
- use all the words down the left hand side.
-Pick your favourite book
-use the first 3 digits of your birthday to pick a page number ( or 2 digits if you read books with pictures, or graphic novels)
- use all the words down the left hand side.
But what if you get in a car accident 2 years and 2 months from now, and you're taking painkillers, and you leave the book in the car, and you use a false birthday at the hospital to get insurance, and you can no longer tell your left from your right, what then?
What organization will help you?
November 02, 2013, 11:03:03 PM
Want a good brain wallet?
-Pick your favourite book
-use the first 3 digits of your birthday to pick a page number ( or 2 digits if you read books with pictures, or graphic novels)
- use all the words down the left hand side.
-Pick your favourite book
-use the first 3 digits of your birthday to pick a page number ( or 2 digits if you read books with pictures, or graphic novels)
- use all the words down the left hand side.
Jump to: