Instead you can create yourself your privkey (at least the hex one, 64 characters long, I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
just for fun i sent you 0.02 btc to that imaginary address
...you'll have to now import it quick before someone else does
I nearly lost them, just figured out my wallets seem broken
I had to pay fees for not being stolen but thanks
Really smart, I love it
Just one thing: the priv key has been written somewhere
Instead you can create yourself your privkey (at least the hex one, 64 characters long,
I don't know if all base59 ones are valid they are not because of the checksum) using your own pattern that you know by heart, thus no need to write it
E.g. 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef for 19ffB4HttNCHfY1t3YuErEytCspyHyVMwv
Or if you prefer learn sentences: md5('I love bitcoin').md5('Paypal suxxx') for 1G1b4mbjaCYNxsZJyaWV9qyE5cFVhZxBcy
Or even substr(md5('I love bitcoin'), 0, 14).md5('Paypal suxxx').substr(md5('I love bitcoin'), 14, 18)
This is
very dangerous and
very stupid, and I'm talking about sending BTC to an anonyomus Nevis LLC level stupid here.
The current bitcoin market cap is $90 million USD. Even if just 1% of bitcoiners take your advice, that's still $900,000 USD free money for anyone capable of setting up a GPU farm (a rare talent, I might add
). Human chosen passwords only have 1.0 to 1.5 bits of entropy per letter. Your examples contain less than 30 bits of entropy, and that's not taking into account the hacker will populate their dictionary with frequently appearing words from this forum. Compared to the ~256 bits of entropy in real Bitcoin keys, your method would generate private keys that are 2^226 ~= 1.07839787 × 10^68 times easier to brute-force.
That's why I added the substr trick...
If people are stupid enough to just use md5.md5 that's their problem...
Everyone know they MUST use salts and tricks like that too...
1KJvYREkZxEgDczTKoEtvrhfkALsFsWKRa: my two passphrases are 'jackjack' and 'iamzill', come at me bro
I'm sorry but that trick only adds a negligible amount of entropy, which is negligible. It doesn't matter what kind of tricks you use, whether you end up with 20 bits of entropy or 200 bits of entropy, you're still greatly weaking the system. Suppose by using lots of passwords, lots of substr, repeated hashes, and salts and you end up with 250 bits of entropy, that's still only 1.5% of the entropy of a real key. Is it worth it to go through all that custom code and memorization just to end up with a private key that's 64 times weaker? Isn't it much safer just printing out the key pair like OP suggested or burning the wallet.dat on a CD?
As for your challenge, you missed my point about mentioning the $900,000 USD reward money. I'm not saying it's possible for an attacker to target your specific password. In fact, I can almost gurantee your address 1KJvYREkZxEgDczTKoEtvrhfkALsFsWKRa won't be brute-forced. I was claiming that if enough people saw your post and adopted your method, the attacker can steal from those people collectively, since they all share the same tiny keyspace.
Sorry if I come off as too critical, but I'm just trying to make sure bitcoin stays secure. If lots of people spoke out critically against mybitcoin in the first place then it wouldn't have ended up the way it did. I believe the only to way to ensure the collective security of the bitcoin eco-system is to harshly criticize any non-secure algorithm, organizational structure, and business practice that gets suggested. Every security compromise and every fraud devalues everyone's bitcoins, and more importantly threaten the future of this cryptographic currency.
I'll stress it again, it's almost perfectly for safe for jackjack to use his method for himself. But if somehow this method ends up being implemented in the official client and thousands of people start using it, then the bruteforcing will begin and people will lose money and see it as a bitcoin security hole when it clearly isn't. I'm only criticizing it so that this worst case scenario doesn't happen. You're more than welcome to use it on your own.