There are people out there who are building large sets of hashed passphrases automatically and monitor the mempool for transactions to such addresses to instantly sweep any coins that are being sent to them. No one is going to look at specific address and try to crack it, they are just covering as much ground as possible. And as technology progresses, they can successfully guess larger and larger phrases. Plus hackers can use technologies like machine learning to not simply brute force all possible pass phrases, but focus on those that are more likely to be created by a human. Stuff like adding numbers to the end or the front, l33t and so on.
It's not worth risking your savings for a very questionable benefit of being able to memorize your wallet.
Topic: Text to sha256 private key creation (Read 98 times)
Here's another way of looking at:
How many brainwallets have been guessed or cracked from scratch and had their funds stolen? Tens or even hundreds of thousands.
How many BIP39 seed phrases have been guessed or cracked from scratch and had their funds stolen? Literally none. Zero.
Why would you choose a method of storing your coins which is provably and demonstrably exponentially less secure than another method which is available to you?
Not only are humans bad at being random, but we also don't realize how bad we are at being random, and what appears to be random to us often is nothing of the sort. We are also incredibly bad at remembering things, especially random words or characters. The only way to memorize such a thing is to repeat it frequently, and if you are repeating it frequently then you are risking leaking it. And then all it takes is a random event such as a blow to the head, sudden illness, stoke, etc., which happen to millions of people every day, and your coins are lost forever.
How many brainwallets have been guessed or cracked from scratch and had their funds stolen? Tens or even hundreds of thousands.
How many BIP39 seed phrases have been guessed or cracked from scratch and had their funds stolen? Literally none. Zero.
Why would you choose a method of storing your coins which is provably and demonstrably exponentially less secure than another method which is available to you?
Not only are humans bad at being random, but we also don't realize how bad we are at being random, and what appears to be random to us often is nothing of the sort. We are also incredibly bad at remembering things, especially random words or characters. The only way to memorize such a thing is to repeat it frequently, and if you are repeating it frequently then you are risking leaking it. And then all it takes is a random event such as a blow to the head, sudden illness, stoke, etc., which happen to millions of people every day, and your coins are lost forever.
Callmecrazy 4 said idea 369 doge moon random word 511587 convert that to sha256 to get private key..
Is this safe, and essentially just as unhackable?
Is this safe, and essentially just as unhackable?
I doubt it is safe and unhackable because (1) the length of the phrase is very short, (2) the words and digits weren't picked at random, (3) some words are cryptocurrency-related, frequently, and widely used. What you did was show an example of how human brains are bad at generating randomness. Moreover, brain wallets are a special type of wallet the key to which is supposed to be easily memorable while being relatively random. As we have seen, these words aren't random at all. As for memorability, it is also terrible. The more digits and special characters and symbols you add, the harder it is for you to create mental associations which may help to recall what you have generated. It is better to use only randomly picked words which never been used or seen together.
Resources:
https://en.bitcoin.it/wiki/Brainwallet
https://bitcointalksearch.org/topic/m.3345309
Mnemonic phrases have already been introduced via bip39 for a lot of software. They're much safer than this method and currently pretty much impossible to bruteforce.
This topic has been discussed many times. In general, any brain wallet that can be easily memorized is likely to be cracked.
Take a look at this thread: Collection of 18.509 found and used Brainwallets In that thread you will see phrases that look secure, but have been cracked.
Your phrase looks safe but maybe it isn't. Even if it is safe, how sure are you that you won't forget a single letter 50 years from now.
Take a look at this thread: Collection of 18.509 found and used Brainwallets In that thread you will see phrases that look secure, but have been cracked.
Your phrase looks safe but maybe it isn't. Even if it is safe, how sure are you that you won't forget a single letter 50 years from now.
I remember seeing things awhile ago about how certain words when converted to sha256, would give a private key that contained crypto. Simple words like window, or god, whatever easily hackable stuff. And apparently this was done as kind of a Easter egg hunt.
However would this be a safe practice for wallet security if you used something memorable but much more complicated.
A long phrase mixed with memorable but unique numbers and phrases. Then in an offline way, you convert it to sha256 which would be your private key, so you never have to worry about 'losing' your private key
About a year ago I looked up proper key security, nobody had recommended it and I'm wondering if I'm missing something.
For example...
Callmecrazy 4 said idea 369 doge moon random word 511587 convert that to sha256 to get private key..
Is this safe, and essentially just as unhackable?
However would this be a safe practice for wallet security if you used something memorable but much more complicated.
A long phrase mixed with memorable but unique numbers and phrases. Then in an offline way, you convert it to sha256 which would be your private key, so you never have to worry about 'losing' your private key
About a year ago I looked up proper key security, nobody had recommended it and I'm wondering if I'm missing something.
For example...
Callmecrazy 4 said idea 369 doge moon random word 511587 convert that to sha256 to get private key..
Is this safe, and essentially just as unhackable?
Jump to: