Topic: It's brainwallet dead? (Read 1277 times)

This website archive websites and here is this useful as it was before: http://web.archive.org/web/20150707020924/https://brainwallet.org/
Guys including the salt, is there any chances to get hacked like this "defcon'd."
I read the slides of the presentation and it's terrible how easy can get access to brain wallets.

Yes, both use KDF as an additional layer of security against brute-force attacks.

For more alternatives read my list (at my foot signature).

I saw the page down but never thing that was the cause... It was a great too, we will miss it for the brain wallet giveaways 

Not exactly. Their source code is still there, but you'll probably need git (rather than just downloading a zip) to get it.
This should work:


f7679dd0 is the last commit before the site was closed, it looks like everything is still there. Please ONLY use this to recover an old brain wallet, don't make new wallets with this since we all know it's broken.

http://brainwallet.io is good and is similar to WarpWallet.

FYI here goes the "spiritual" (and a safer) successor of that defunct: https://keybase.io/warp

I think multibit has a very easy way to verify messages in the client. check it out 

Thanks for replies I was using brainwallet just to verify messages, but now I'm using other tool

What happened is at a recent hacker convention a hacker published a brainwallet cracker that is 10-100x faster than any other brainwallet cracker ever published before. Because of this the owner of brainwallet.org finally listened to what people have been preaching for years which is that brainwallets are a dangerous thing for the average person and it's not a good idea to promote their use. You can get the code on github if you need to claim your funds from old brainwallet addresses, but do NOT make another brainwallet unless you enjoy having your Bitcoins stolen, though if you are going to do that I ask that you just give them to me instead.

"Double hashing" is bullshit, people who say "oh you need to do X to make your brainwallet secure" are all full of shit. It is true that most brainwallet generators don't use a strong hashing algorithm, but thats a side issue that doesn't really matter anyways because brainwallets are still insecure as shit even when using a strong hashing algorithm. The only way to make it safe is to use a cryptographically strong random number generator to generate a seed. This will however likely be too long to remember (electrum uses 12 words and thats pretty much as small as you can safely go - 128bits). So basically the problem is the brainwallet will either be easy as shit to crack or too hard to remember, there is no middle ground thus brainwallet = bad idea.

Their source code isn't located there anymore. When they took down the site, they deleted everything from their Github page as well. If you want to use it, you'll need to find a user who saved a copy of all the source code files before they were removed and request that they send you the files.

It's still dead, i'm not get any information about they will rise from the grave.
you can use their open source code if you want: https://github.com/brainwallet

If you need to just sign message or verify only you can use dekstop wallet, Electrum for example.

It will open again?
Although this site was useful to verify a signed message!
I hope the owner of brainwallet ,will reopen the site again.

Agree, it  should be dead long time ago :|

BW is death but there is also open source script to use your bw. But I did not suggest you to use bw because it is very easy hackable.

Archived and still usable here: http://web.archive.org/web/20150707020924/https://brainwallet.org/

I guess zombies ate brainwallet for dinner

Code was open-sourced from the beginning...

Check this:

They were hacked and code was going to be published,so yes,it is dead

Yes, even https://github.com/brainwallet/brainwallet.github.io

Some of us downloaded the source ZIP at some point before takedown though.

one of us is seriously confused here.  hashing is already part of the process.
double hashing isn't a great solution to a weak phrase.