Author

Topic: ⚡ LIST ⚡ FOSS Brainwallets (Read 9725 times)

hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 13, 2024, 10:37:44 PM
#53
⚠️ Update: August 2024 ⚡

Changelog:

ZPyWallet project has been included.

View updated list here: https://bitcointalksearch.org/topic/list-foss-brainwallets-1164163
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
July 12, 2024, 11:33:36 PM
#52
⚠️ Update: July 2024 ⚡

Changelog:

python-mnemonic project has been added.

View full updated list here: https://bitcointalksearch.org/topic/list-foss-brainwallets-1164163
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
June 04, 2024, 11:21:55 PM
#51
Thanks for your reply!

Your project is gonna join the list soon...

Quote
In my opinion, brainwallet algorithms are too vulnerable to try to secure with any kind of KDF, since the input is often predictable.
Generating a few (e.g. 9 or +) BIP39 random words + unique salt (e.g. checksum) should be interesting as an experiment. Fewer words to remember (less than standard 12) and not so easy to crack wallet (considering using the WarpWallet implementation or improved version).

Not worthy risking all your savings but it's still an intriguing experiment.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
April 30, 2024, 01:25:38 AM
#50
Just to let you know, ZPyWallet also has brainwallet generation capability, and even for extended private keys, but I haven't written the documentation for that yet.
Good to know that!

I'm gonna take a look at it.

BTW which type of brainwallet algorithm did you choose for that project?

Traditional SHA2 over (user typed) passphrase?

Or

Warp Wallet type (Key Derivation Function: Argon2id, scrypt, bcrypt, PBKDF2)?

You might have seen the code by now, but the brainwallet algorithm used is a standard single round of SHA256.

In my opinion, brainwallet algorithms are too vulnerable to try to secure with any kind of KDF, since the input is often predictable.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
April 30, 2024, 01:21:18 AM
#49
⚠️ UPDATE: April 2024 ⚡

Changelog:

Border Wallets project has been added.

General text layout changed as well.

View full updated list here: https://bitcointalksearch.org/topic/list-foss-brainwallets-1164163
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
March 04, 2024, 05:27:43 PM
#48
Just to let you know, ZPyWallet also has brainwallet generation capability, and even for extended private keys, but I haven't written the documentation for that yet.
Good to know that!

I'm gonna take a look at it.

BTW which type of brainwallet algorithm did you choose for that project?

Traditional SHA2 over (user typed) passphrase?

Or

Warp Wallet type (Key Derivation Function: Argon2id, scrypt, bcrypt, PBKDF2)?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
February 13, 2024, 11:43:43 PM
#47
Just to let you know, ZPyWallet also has brainwallet generation capability, and even for extended private keys, but I haven't written the documentation for that yet.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
February 13, 2024, 01:03:25 AM
#46
₿ UPDATE ₿ February 2024 ₿

Changelog:

monero-wallet-generator project by moneromooo has been added.

View full updated list here: https://bitcointalksearch.org/topic/list-foss-brainwallets-1164163
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
July 16, 2023, 06:11:53 PM
#45
UPDATEJuly 2023

Changelog:

↑PortalWallet project by Logicwax has been added;

View full updated list here: https://bitcointalksearch.org/topic/list-foss-brainwallets-1164163
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
November 10, 2020, 07:48:35 PM
#44
UPDATE Nov 2020

Changelog:

↑MemWallet project by David Bengoa has been added;

View full updated list here: https://bitcointalksearch.org/topic/list-foss-brainwallets-1164163
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
December 02, 2019, 01:44:47 AM
#43
« UPDATE » « December 2019 »

Changelog:

MindWallet project by patcito has been added;

WarpWallet (CLI) project by moncho has been added;

NOWALLET project by Marc D. Wood has been added;

↑Only Brainwallet projects remain;

↓Removed all redundant paper wallet projects;

Whole list updated as well.

View full updated list here: https://bitcointalksearch.org/topic/list-foss-brainwallets-1164163
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
February 10, 2018, 07:17:33 PM
#42
Bitgen 0.17 includes support for split wallets using one-time-pads:

https://bitcointalk.org/index.php?topic=1107927.40
List has been updated with that info.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
February 10, 2018, 06:29:22 PM
#41
How does this brainwallet score compared to others?

http://www.motelmaya.com/_BrainWallet.html
Randomness* is far more important while creating your Brainwallet than just manually typing additional symbols from the ASCII symbol set.

* A random source of entropy like: www.random.org
hero member
Activity: 529
Merit: 527
January 08, 2018, 02:07:58 AM
#40
How does this brainwallet score compared to others?

http://www.motelmaya.com/_BrainWallet.html
jr. member
Activity: 90
Merit: 2
January 06, 2018, 05:52:10 PM
#39
This is pretty cool man!
Love for ETH, thanks.
jr. member
Activity: 45
Merit: 3
January 06, 2018, 04:31:00 PM
#38
Bitgen 0.17 includes support for split wallets using one-time-pads:

https://bitcointalk.org/index.php?topic=1107927.40

jr. member
Activity: 80
Merit: 1
October 18, 2017, 01:14:14 PM
#37

cashaddress.org
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
June 25, 2017, 08:43:13 AM
#36
A new interesting research paper about brainwallets has been released!

Article: https://www.deepdotweb.com/2017/06/09/bitcoin-brain-wallets-hackers-heaven/

Paper: https://link.springer.com/chapter/10.1007%2F978-3-662-54970-4_36

Brainwallet: use it with caution!

hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
June 19, 2017, 11:20:29 PM
#35
Guys we need to be able to verify liteaddress.org with PGP sigs or 256 HASH of the html.   I've been complaining about this on reddit but am not getting anything.  Anyone have any ideas on how to get this fixed?

Send pm to the author: coblee or open an issue on GitHub Repository: https://github.com/litecoin-project/liteaddress.org
member
Activity: 95
Merit: 10
Your gateway to pay a digital advertising on earth
June 19, 2017, 10:24:03 AM
#34
Im consider to choose this, keep up the good work !
newbie
Activity: 5
Merit: 0
June 19, 2017, 10:07:35 AM
#33
Guys we need to be able to verify liteaddress.org with PGP sigs or 256 HASH of the html.   I've been complaining about this on reddit but am not getting anything.  Anyone have any ideas on how to get this fixed?

hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
June 14, 2017, 10:20:29 PM
#32
There's no problem using default options (PRNG) from moneroaddress.org

It's not only safe if you use a weak "Custom entropy" from your own because it's considered that using this feature is not recommended due to security issues (no KDF + Salt implemented). Weak entropy turns your private keys easier to guess using brute force attacks.

But of course (if you know what you're doing) you can generate KDF + Salt beforehand and then use as your "custom entropy" there.

P.s. I'm gonna change this list's parameters a little in the near future...
full member
Activity: 140
Merit: 100
June 06, 2017, 05:23:13 AM
#31
text

What kind of security issues do the Monero generator have that give it only 39.6 in score? And is it still the most secure way out there right now to store monero?
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
March 11, 2017, 01:42:05 AM
#30
Don't forget PortalWallet (A fork of Warpwallet that adds BIP39 mnemonic generation)

https://github.com/Logicwax/PortalWallet
I'm gonna take a look at it.

Thanks for your contribution!
newbie
Activity: 2
Merit: 0
March 08, 2017, 05:26:14 AM
#29
Don't forget PortalWallet (A fork of Warpwallet that adds BIP39 mnemonic generation)

https://github.com/Logicwax/PortalWallet

hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
March 07, 2017, 10:21:33 PM
#28
UPDATE #1 of year 2017.

Addition of related project Stegoseed: Steganography + BIP39 seeds.

List updated and scores refreshed by now.

Read OP for detailed info.

Enjoy the little pieces of art!
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
November 27, 2016, 02:24:39 AM
#27
UPDATE #4 of year 2016.

Addition of project BIP39 Tool: an innovative tool compatible with BIP39 rules.

WARNING section has been updated, improved and simplified.

List updated and scores upgraded as well.

Read OP for detailed info.

Enjoy the tools, see you soon!
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
September 19, 2016, 12:26:44 AM
#26
UPDATE #3 of year 2016.

Removed parameter BIP: innovative extra (advanced) features and Improvement Proposals implemented or supported by generator/app;

Calculation has been simplified as consequence.

OfflineAddress.com project removed. It seems to be a dead project. GitHub last commit was over 2 years ago and website domain is no longer related to that project.

New challengers arrived here:

Dash Paper Wallet: offering paper wallet generator (based on bitaddress.org) for DASH users;

Lisk Paper Wallet: offering a simple and beautiful paper wallet generator for Lisk fans.

All scores are fresh to this date!

Read OP for details.

New updates coming soon!
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
May 16, 2016, 06:49:03 AM
#25
UPDATE #2 of year 2016.

New player arrived here:

MyEtherWallet: offering paper wallet (and much more) for Ethereum fans.

All scores updated!

Refer to the OP for detailed info.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
March 14, 2016, 11:55:56 PM
#24
UPDATE #1 of year 2016.

Added parameter BIP: innovative extra (advanced) features and Improvement Proposals implemented or supported by generator/app;

Calculation method changed as consequence.

New Tools arrived here:

Cointoolkit: offering brainwallet (and much more) for Bitcoin, Nubits, Nushares, Blockshares, Blockcredits and Peercoin;

Moneroaddress.org: offering paper wallet and brainwallet for Monero;

WARNING section updated: included some IMPORTANT information about change addresses. Avoid losses, must read!

ATTENTION:

EthAddress.org removed its brainwallet feature so it was removed from Brainwallet Ranking list too. If you created an ETH brainwallet using that tool before, I suggest that you use previous version(s) of it to swap coins.

"Refreshed" all scores! Refer to the OP for detailed info.

I'm glad to see the development evolution!

Rock On!
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
December 04, 2015, 01:11:41 AM
#23
UPDATE #4 of year 2015.

More GitHub's "metrics" added: number of watchers and # of forks.

Dropped Gitlab out: nobody is gonna use that network anyway...

Ranking calculation and lists have been updated.

Edit:

New generator added: Wallet.Peercointalk.org

Updated website for ethaddress.org project: https://ryepdx.github.io/ethaddress.org
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
November 05, 2015, 10:36:19 PM
#22
You're welcome!

I hope new projects (for both BTC and altcoins with good daily trade volume - such as LTC, ETH etc.) will join the list soon...
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
October 31, 2015, 04:03:18 PM
#21
UPDATE #3 of year 2015.

Brainwallets options/features from multigenerators (Paper wallet + Brainwallet) are now compared against each other and are separated/independent from the Paper wallet option/feature from the same source app: i.e. two lists for two features/options despite which is the main feature of the evaluated generator.

"Inclusive Web Design" (IWD) changes to "Graphical User Interface" (GUI).

Weight (for average purpose) is now 10x for security matters.

List updated and scores upgraded as well.

Keep up the good work everybody!
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
October 19, 2015, 12:53:06 AM
#20
Good to hear that!

I guess your brainwallet function is the first to offer Argon2 algo as an encryption option.

Congratulations!

I'm gonna update bitgen's info here as soon as I review and test your new brainwallet option.

Keep up the good work!
jr. member
Activity: 45
Merit: 3
October 17, 2015, 06:01:52 PM
#19
bitgen has been updated with KDF and salt for the brainwallet option:

http://bitcoin-gen.org/

The KDF is "Argon2", which is supposed to be improved compared to scrypt:

https://password-hashing.net/candidates.html

https://www.cryptolux.org/images/0/0d/Argon2.pdf

hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
September 15, 2015, 12:21:15 AM
#18
Thanks for putting this together.  It's nice to see brainwallet.io on the list!

I'm surprised to see bitaddress.org ranked so low.  Is theirs not considered true random?
Those distortions have been corrected by using new calculation method.

i.e. Security features are 3x more important than collaborative development (Git points) AND Security features are 6x more important than everything else...

Maybe I'll raise that Security weight even more (to 8x OR even 10x).

Let's see how everything "behaves".
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
September 01, 2015, 10:39:47 PM
#17
UPDATE #2 of year 2015.

The ranking calculation has been simplified.

Brainwallets are now compared only with Brainwallets and the same goes for Paper wallets.

P.s. Although the main feature will be considered (Paper wallet OR Brainwallet) in order to fill the list, warnings may apply when there are security issues found in multigenerators (Paper wallet + Brainwallet).

Multisignature projects have been removed until I find a good way to compare them.

"Client-side" and "Offline Use" criterions were incorporated to "Security".

Added "Inclusive Web Design" (IWD).

Added "Number of cryptocurrencies supported" (CCY).

Weight (for average purpose) is now 6 for security matters.

List updated and scores upgraded as well.

* Edited:

New "Miscellaneous and related projects" added --> Bitgen; brainflayer; Coinb.in & Multi-signature P2SH

New Paper wallet generators added --> WalletGenerator.net; Liteaddress.org & ethaddress.org
member
Activity: 105
Merit: 59
September 01, 2015, 03:54:14 PM
#16
Thanks for putting this together.  It's nice to see brainwallet.io on the list!

I'm surprised to see bitaddress.org ranked so low.  Is theirs not considered true random?

It is random (using SJCL). It's penalized for offering classic brainwallet. I'm not sure how much the scoring methodology makes sense.
member
Activity: 105
Merit: 59
September 01, 2015, 01:00:44 AM
#15
For example are signatures of signed transactions RFC 6979 complient? Is TOR supported? Are stealth addresses supported? Is bip32 and HD supported? Is op_return working and can that be combined with multisig? are multiple networks accepted? Is the site compatable with other leading sites? Can the site be downloaded and fully run offline, whilst still being able to create and create and sign transactions. Can you create and sign a transaction with the other sites listed or is it purely for address generation? I could go on and on and on.

These are all excellent points.
hero member
Activity: 714
Merit: 601
September 01, 2015, 12:24:31 AM
#14
I think you miss understood why coinb.in was created, its primary a learning tool, a way to deal with multisig and build and sign raw transactions, because of this I'd be greatful if you can remove it from this list. I don't see any point in being involved in this discussion as coinb.in is being treated as a brain wallet, when its not! its much more than that and your scoring system doesn't take this into account.

For example are signatures of signed transactions RFC 6979 complient? Is TOR supported? Are stealth addresses supported? Is bip32/HD supported? Is op_return working and can that be combined with multisig? are multiple networks accepted? Is the site compatable with other leading sites? Can the site be downloaded and fully run offline, whilst still being able to create and sign transactions. Further more can you even create and sign a transaction with the other sites listed or is it purely for address generation? as i beleive all the sites listed except coinb.in have no way to actually build a transaction and spend the funds. I could go on and on and on.

Thanks and good luck.




*edited to fix typos and add a couple of points.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 31, 2015, 10:59:21 PM
#13
UPDATE #1 of year 2015.

The ranking calculation has been changed.

Brainwallets that don't support Salt have been penalized.

Brainwallets that support KDF get different points according to the type implemented.

Multigenerators (Brainwallets, paper wallets and multisig: all-in-one) get weighted so we can compare every generator easily and fairly.

Github numbers are now "square rooted".

List updated and scores upgraded as well.

New changes may apply soon...

Keep up the good work all developers and programmers!
member
Activity: 105
Merit: 59
August 31, 2015, 10:13:50 AM
#12
coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?

You realise that bitaddress.org also uses the same brain wallet algorithm as coinb.in, so I'm not sure why its been singled out.

bitaddress.org should also remove the brainwallet option, but it does at least require a minimum of 15 characters and warns about cracking/theft.

That being said, the next version will allow the user to select a bunch of different algorithms.

This is possibly an unpopular opinion, but offering a bunch of security choices that most people don't really understand isn't actually a good thing. What I would suggest is using WarpWallet's scheme with the salt *required* and a strong recommendation that a random passphrase be used (provide a generator). You could also provide a "classic brainwallet" option with a warning that makes it clear that it's very weak and should only be used to sweep old brainwallets.

Also what third party JavaScript? Google analytics? If that actually puts you and others off I'll remove it.

*edit*: removed analytics.

Yes, I was talking about Google Analytics. If I were a bad person and could get one SSL certificate for any site of my choosing, it would be Google Analytics - it's a super high value target because of how widely used it is.

Cloudflare is also a tremendously high value target, but I doubt arguing against it would get very far.
hero member
Activity: 714
Merit: 601
August 31, 2015, 05:59:43 AM
#11
coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?

You realise that bitaddress.org also uses the same brain wallet algorithm as coinb.in, so I'm not sure why its been singled out. That being said, the next version will allow the user to select a bunch of different algorithms.

Also what third party JavaScript? Google analytics? If that actually puts you and others off I'll remove it.

*edit*: removed analytics.
member
Activity: 105
Merit: 59
August 31, 2015, 12:22:52 AM
#10
Any further suggestions?

Prominently mention that it's a really bad idea for people to come up with passphrases themselves and link to diceware. At least eight words.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 30, 2015, 09:12:37 PM
#9
Regarding KDFs, I would score them on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt. I would be very surprised if someone made ASICs to try to crack Bitcoin keys generated via brainwallet or otherwise due to very large (well over a million dollars) one time costs. GPUs are likely, FPGAs may be difficult due to memory requirements.

Helpfulness of KDFs is also a little unusual because the public key computations themselves take a bit of work. For example, PBKDF2 with 64 rounds would only double the cracking cost vs a classic brainwallet.
I guess we'll adopt your approach in some way: "score them (KDFs) on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt".

I'll just need some time to think about a fair way in order to compare different types of KDFs (scrypt, bcrypt, PBKDF2) and their respective "spot instance cracking cost" or some estimation of those values.

Any further suggestions?
member
Activity: 105
Merit: 59
August 30, 2015, 12:44:17 PM
#8
Regarding KDFs, I would score them on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt. I would be very surprised if someone made ASICs to try to crack Bitcoin keys generated via brainwallet or otherwise due to very large (well over a million dollars) one time costs. GPUs are likely, FPGAs may be difficult due to memory requirements.

Helpfulness of KDFs is also a little unusual because the public key computations themselves take a bit of work. For example, PBKDF2 with 64 rounds would only double the cracking cost vs a classic brainwallet.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 30, 2015, 05:47:32 AM
#7
With regard to the generators purses question. Where is the guarantee of key generation, the developer does not receive access to the private key?

In fact there's no guarantee at all. They're all free of warranty as you'll notice at their websites.

As a pratical measure, the guarantee is the open-source code that is accessible to you to review it so that you can be assured that the app runs client-side only and is expected that you will be a smart guy that will run it offline in an air-gapped machine and will come up with VERY GOOD security measurements.

Doing that way (respecting all security procedures), developer won't have access to your (offline) generated private keys.
legendary
Activity: 2156
Merit: 1132
August 30, 2015, 05:12:30 AM
#6
With regard to the generators purses question. Where is the guarantee of key generation, the developer does not receive access to the private key?
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 30, 2015, 04:45:22 AM
#5
coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?
I PMed the author of coinb.in some days ago and I'm still waiting for some answers about that project.

I also think that rating based on the number of KDFs combined does not make sense. You need to take the work factors into account.

Yes, in fact I thought it was awkward adding pts by combining KDFs types by the time I first generated the Table's 1st version (I was so asleep at that time lol).

1st idea: For brainwallets I guess I'll add some pts for using different types of KDF according to their resistance to ASIC and GPU attacks. Maybe something like:

PBKDF2 = 20pts

bcrypt = 30pts

scrypt = 50pts

2nd idea: And maybe we could add some additional pts for some additonal KDF algo iteration and/or extra rounds (over those recommended by standards).

P.s. for this one, I'll need some deeper research and estimate what are the standard numbers (of rounds/iterations of scrypt, bcrypt and PBKDF2) used to protect from brute-force attacks today and I'll estimate safer (higher) numbers considering the increase in brute-force attack strenght (GPU + ASIC) in the next (at least) 5 to 10 years. (BTW Do you have any numbers - for scrypt, bcrypt and PBKDF2 - in mind?)

The list is gonna change soon to reflect those changes...

Thanks for your comments, I really appreciate it.
member
Activity: 105
Merit: 59
August 29, 2015, 04:48:31 PM
#4
I also think that rating based on the number of KDFs combined does not make sense. You need to take the work factors into account.
member
Activity: 105
Merit: 59
August 29, 2015, 04:12:19 PM
#3
coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 28, 2015, 02:22:48 AM
#2
⚠️ WARNING ⚠️ YOU MUST READ THIS BEFORE MESSING WITH BRAINWALLETS!

⚠️ About passwords: DO NOT use obsolete methods (weak passwords) for wallet protection. Spend some time educating yourself about Password/Passphrase strength, Entropy as a measure of password strength and the importance of randomness when generating passphrases. Due to brute-force attack unstopable and increasing power & Moore's law, simple password protection is getting obsolete. Remember: you're your own bank, apply some pro-security mesures to protect your coins. Info: http://blog.codinghorror.com/passwords-vs-pass-phrases/ & https://www.random.org/

⚠️ About random passphrases: DO NOT create passphrases thinking that you (a human) can be naturally very random and generate good bits of entropy by your own will. Humans tend to be predictable in their behavior and in their actions (and reactions). Idioms and languages - which words are used most of the time as passphrases - are structured in a logical and sequential way. i.e. no randomness in any way. What I'm trying to explain here is that: "it's really a bad idea for people to come up with passphrases themselves". Suggestion: use Diceware. Use (at least) a group of twelve words.

⚠️ About brainwallets: DO NOT use brainwallets which run fast hash functions (MD5, SHA family etc.) in order to hash your passphrase and for key pair creation. Avoid them! They are widely recognized as insecure and vulnerable to GPU brute-force attacks! You'd better choose those versions that use more secure methods such as Salt + Key Derivation Function e.g. scrypt, bcrypt, PBKDF2 and Argon2. And if you're a newbie, don't use brainwallets at all! Just remain safe with your paper wallets. Further info: http://blog.codinghorror.com/speed-hashing/ & https://rya.nc/cracking_cryptocurrency_brainwallets.pdf

⚠️ About change addresses: DO make sure you fully understand how change addresses work when dealing with brainwallets and paper wallets while spending your coins. When used correctly, change addresses help increasing privacy of cryptocurrencies. But also with this capability comes the potential for loss and theft when its use isn't completely understood. "To avoid potentially costly mistakes, familiarize yourself with change addresses and how your wallet software implements them". Beware while importing your single address' private key on different wallet softwares: "wallet developers can implement this feature in a number of ways". "Learn how to prevent and Recover from Change Address Disasters" reading this excellent article: http://bitzuma.com/posts/five-ways-to-lose-money-with-bitcoin-change-addresses

⚠️ About use of applications: DO NOT generate wallets neither addresses when conected to the Internet. Download the app, review the code, check the file's hashsum in order to verify it's the original file, only work with it in an air-gapped machine (use a Live Operating System) and never touch the net while doing it. Before sending funds to an address, it is recommended that you first check for compatibility of addresses generated by those apps by importing some of their private keys into the official (and most popular unofficial too) client. This can be done most of the time through the debug console using the "importprivkey" command. If you are able to successfully import keys, the tested generator/app is compatible.

⚠️ About security paranoia: DO NOT consider yourself an InfoSec expert. If you think your coins are safe because you have an "ultimate unbreakable encryption scheme", you'd better think twice: https://xkcd.com/538/
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 28, 2015, 02:20:20 AM
#1
Cataloging FOSS Brainwallets since 2015. Last Update: July, 2024

BRAINWALLETS: awesome tools have been created all those past years by skilled developers and by a community of dedicated volunteers. So I decided to create this list as reference of research and development. i.e. cryptocurrency users and all related community might benefit from that. Be warned: don't risk your funds recklessly using brainwallets (don't risk coins if you don't fully understand what you're doing). This list is for research and development purposes only!

WHAT IT IS: Brainwallet ← click to learn the basics about it.

If you think your project should be listed here, PM me. Requirements for participants:

1st) The project must be (primarily) a Brainwallet for cryptocurrencies or crypto-assets;

2nd) The project must be open-source;

3rd) The project's code must be available at https://github.com

4th) The project must not be just an identical clone version of a previously available original app (it must have - at least - one reasonable innovation or add-on built-in).

All parameters here are subject to change, this is a work in constant progress...

If you've got an idea, share it with us!

This is not meant to be an exhaustive list, just a compilation of similar projects and source of data for the community about development of those mentioned tools.

⚠️ IMPORTANT STATEMENT: This List is offered without any warranty whatsoever; we do not guarantee the ideal operation or funcionality of no tool nor app mentioned here. No professional code auditing were performed by us. If you lose your coins using one or any of those tools, we are not to be blamed and we're not responsible for it. We'd be very sorry, but we cannot help you about that. Cryptocurrencies are new stuff yet, so many experiments are still in early stages. We also cannot guarantee any member's reliability and that your coins will be 100% safe 100% of the time (even in the future). This is just a simple list for didactic purposes only. Due diligence, research, revision, and auditing is still necessary. Be smart and DO YOUR OWN RESEARCH - DYOR! Use those tools/apps at your own risk!

Note one: please read and pay attention to the above statement and don't ever post here something like “Someone stole my coins because my password was 'password123456'”

Note two: please support those projects donating some coins.

Brainwallets:

Bitgen: software that generates bitcoin addresses from a given or generated random number. Some features: The output is saved as a ps file that can be converted to pdf; The private key can be generated by the following inputs: Hex number; Dice random numbers (1-6); Brainwallet (uses Argon2d as KDF + custom salt input method supported); Hash input; Computer generated pseudorandom key (/dev/random); Bulk; Mnemonic. It also supports: Bitcoin mini private keys; Invoice generation; Hierarchial pseudorandom generation; Vanity address generation. Support for split wallets using one-time-pads also available. Author: bit22gen. Website: http://bitgen.org/. Forum thread: https://bitcointalksearch.org/topic/bitgen-tool-for-addresses-signatures-encryption-and-transactions-1107927. GitHub Repository: N/A.

brainwallet.io: Deterministic bitcoin address generator. Address generation takes place in your browser, and no information is ever sent to server. Some features: Brain Wallet, word list for pseudorandom passphrase generation, passphrase generation by file hashing, uses scrypt as Key Derivation Function (KDF), custom salt input method supported. Author: Daniel Routman < r o u t m a n @ p r o t o n m a i l . c h > < d a n i e l @ n c r y p t . o r g > aka unchi. Forum thread: https://bitcointalksearch.org/topic/--1160038. GitHub Repository: https://github.com/routman/brainwallet.io

MemWallet: It is a deterministic cryptocurrency address generator, like WarpWallet, but it works for Ethereum, Litecoin, Monero and Bitcoin. You never have to save or store your private key anywhere. MemWallet is a re-implementation of WarpWallet, but it works for other currencies. WarpWallet and MemWallet use the same algorithm, so WarpWallet and MemWallet will generate the same Bitcoin address for a given Passphrase and salt. Author: David Bengoa http://bengoarocandio.com Website: https://dvdbng.github.io/memwallet Forum thread: N/A. GitHub Repository: https://github.com/dvdbng/memwallet

MindWallet: A wallet generator based on memwallet for bitcoin, ethereum, monero and litecoin using argon2 instead of scrypt. MindWallet is a deterministic cryptocurrency address generator heavily based on MemWallet but using argon2 instead scrypt as hashing function, it's like WarpWallet, but it works for Ethereum, Litecoin, Monero and Bitcoin. Some features: implementation of MindWallet in JavaScript and Go. It makes use of Argon2i and PBKDF2 as KDF making it more brute-force attack resistant. Author: Patrick Aljord @patcito < p a t c i t o @ g m a i l . c o m >. Website: https://patcito.github.io/mindwallet. Forum thread: N/A. GitHub Repository: https://github.com/patcito/mindwallet

monero-wallet-generator: Deterministic Monero address generator. Address generation takes place in your browser, and no information is ever sent to server. Some features: Brain Wallet, custom entropy for deterministic wallet, mnemonic seeds available in EN, JP, EO, ES, and JP. Made by moneromooo, based on code from MyMonero. Author: moneromooo. GitHub Repository: https://github.com/moneromooo-monero/monero-wallet-generator

Nowallet: This project is a secure Bitcoin brainwallet app that will ultimately be meant for desktop and mobile platforms. NOWALLET is written in Python, it uses Electrum servers on the back end, and communicates exclusively over Tor. It uses a variant of the 'WarpWallet' technique for key derivation, rather than the typical, highly insecure method that your average brainwallet uses. Full native and P2SH SegWit address support. You will only need to remember an email address and passphrase combination, rather than an entire 24 word mnemonic seed. Main features: Easy and intuitive Material Design based UI; Full SegWit support out of the box; Smart fee estimation and custom fees; Replace by Fee support, on by default; Live exchange rates and block explorer integration Author: Marc D. Wood @metamarcdw < m a r c d w 8 7 @ g m a i l . c o m >. Website: https://www.nowallet.org. Forum thread: N/A. GitHub Repository: https://github.com/metamarcdw/nowallet

PortalWallet A fork of WarpWallet that adds support to also generate BIP39 Mnemonic sentences and BIP32 extended public/private keys for easy import into any supporting wallet software. Author: Logicwax. Website: N/A. Forum thread: N/A. GitHub Repository: https://github.com/Logicwax/PortalWallet

WarpWallet (GUI): is a deterministic bitcoin address generator that adds two improvements: WarpWallet uses scrypt KDF to make address generation both memory and time-intensive. And you can "salt" your passphrase with your email address. Some features: it makes use of scrypt and PBKDF2 as KDF making it more brute-force attack resistant. Author: Maxwell Krohn < t h e m a x @ g m a i l . c o m > and Chris Coyne < c c o y n e 7 7 @ g m a i l . c o m >. Website: http://keybase.io/warp. Forum thread: N/A. GitHub Repository: https://github.com/keybase/warpwallet

WarpWallet (CLI): a fork from WarpWallet written in Go ready to run on terminal (CLI). Author: moncho Website: N/A. Forum thread: N/A. GitHub Repository: https://github.com/moncho/warpwallet

Related projects:

BIP39 Tool (iancoleman's): JavaScript Client-Side implementation of the BIP 39 'Mnemonic code for generating deterministic keys' proposal. This tool can be downloaded and used offline in an air-gapped machine. User may supply his own source of entropy (accepts binary, base 6, 6-sided dice, base 10, hexadecimal, cards) for mnemonic phrase creation. User may also decide to protect his keys with password/passphrase. Mnemonic passphrase available in several languages. Hierarchical Deterministic Wallets generators also implemented for Bitcoin, Bitcoin Cash, Ethereum (and all ERC20 tokens), Litecoin, Dogecoin, Dash, Peercoin, Namecoin and others. Author: mav. Website: https://iancoleman.io/bip39/. Forum thread: N/A. GitHub Repository: https://github.com/iancoleman/bip39.

python-mnemonic: Python implementation of the BIP 39 'Mnemonic code for generating deterministic keys' proposal. User may supply his own source of entropy for mnemonic phrase creation. Mnemonic passphrase available in several languages. This CLI tool can be used offline in an air-gapped machine. It might also be automated using shell scripts. In many Linux distros there's no need to install anything in order to use this (i.e. It's like iancolemans's tool but for CLI use) • Author: trezor.io • Website: https://pypi.org/project/mnemonicForum thread: N/A • GitHub Repository: N/A

Border Wallets: A poweful way to quickly memorise and easily recall Bitcoin seed words. Border Wallets solve a problem faced by many Bitcoiners; how to quickly, easily, securely and reliably memorise 12 or 24 (or more) seed words. The idea draws on a concept known as the Picture Superiority Effect, and employs the use of user-generated patterns applied to a randomised map of (BIP-39 compliant) seed words - offline, in a secure, air-gapped setting. The creation of Bitcoin, and Improvement Proposals such as BIP39, have transformed our ability to store and transport value over space and time. However, in the case of people who struggle to maintain their property rights in the physical domain, or who move around a lot, paper or even steel backups can present storage and transportation challenges. By making the process of creating and memorising secure Bitcoin Wallets more simple and robust, people and families can now carry their wealth in their heads using a combination of attack-tolerant Entropy Grids or Deterministic Recovery Phrases and memorable patterns that only they know. Contrast this with the problems and risks presented with any one individual carrying a written seedphrase backup and it should become reasonably clear that the protections offered by Entropy Grids and Border Wallets give a higher degree of transportability, security and recovery assuredness. For Bitcoin, Border Wallets and Entropy Grids offer new applications and solutions for Bitcoin cold storage and transportation, legacy ownership transfers, gifting, 3rd-party custody assistance and, most obviously, border crossings. Sparrow Wallet’s Border Wallets integration available! Author(s): MTC & SuperPhatArrow. Website: https://www.borderwallets.com. Github Repository: https://github.com/microchad/borderwallets

brainflayer: is a Proof-of-Concept brainwallet cracking tool that uses libsecp256k1 for pubkey generation. It was released as part of a DEFCON 23 talk about cracking brainwallets. Some features: it does ~130k guesses/second (as per 2015). Good tool to test your brainwallet security. Author: Ryan Castellucci aka ryanc. Website: https://rya.nc/defcon-brainwallets.html. (Unofficial) Forum thread: https://bitcointalksearch.org/topic/why-im-releasing-a-brainwallet-cracker-at-defcon-23-1147035. Paper: https://rya.nc/cracking_cryptocurrency_brainwallets.pdf. Video: https://rya.nc/b6. Github Repository: https://github.com/ryancdotorg/brainflayer

PassGuardian: Store and share your secrets (Secret Sharing) safely by splitting them into cryptographically-secure pieces. To reconstruct the original, combine a specific number of these pieces. PassGuardian is built on secrets.js, an open-source implementation of Shamir's secret sharing scheme. Some features: All computations are done in your browser. No secrets or secret shares are ever transmitted back to servers. Once the PassGuardian page is loaded in your browser, it can be run offline. Author: Alexander Stetsyuk < a l e x @ p a s s g u a r d i a n . c o m > aka amper5and. Website: passguardian.com. Forum thread: https://bitcointalksearch.org/topic/ann-passguardiancom-client-side-threshold-secret-sharing-142875. GitHub Repository: https://github.com/amper5and/secrets.js/tree/gh-pages
Jump to: