storing your private keys on the web is a big no no (at least for me)
Agreed. I think etotheipi should see this too, as mention of Armory is involved security wise.
Just noticing this thread, now. This discussion is exactly the reason I never implement "brainwallets," and why I added entropy/salt into the deterministic wallet algorithm. I was concerned that users might start using simple, memorizable root keys, and end up sharing wallets.
Unfortunately, there is just no way to avoid this. All keys are 32-bytes exactly, so I can't filter based on length. All keys will have all letters of the hex alphabet in them, so I can't filter based on any kind of special-character like used on passwords. I could implement some kind of entropy-measurement algorithm, but it doesn't stop users from simply hashing their password as the private key (or root key, for that matter). By design, the hash is supposed to look like pure entropy, so it's a lost cause at that point.
Sure, I can do a sanity check and catch a few of the most obvious violators. But, I think the title of this thread says it all: there's only so far you can go to protect stupid users. If they're protecting a lot of money behind a simple private key... well they're likely to do other grossly-insecure things and compromise themselves, anyway (such as copying their unencrypted wallet to Dropbox because they believe no one else has access to it).
