Topic: What characteristics make a solid brain wallet? - page 2. (Read 3821 times)

NO!!!

Use random data. NoBrainr is small and effective.

'merica 8anana legit! smegmacoat motherfalkner & BlamBlam

I think in simplest terms a good brain wallet is...
-easy for you to remember
-not any any password list
-not guessable by anyone you
-not guessable by anyone that can kind out anything able you (whether you think they can know it or not)

when using correctly spelled words and numbers as a separate element, your password would be easier to crack

try
america banana cast dominican equator frenchfry guacamole honduras 12345678
as
4m3r1c4 64n4n4 c45t d0m1n1c4n 3qu4t0r fr3nchfry gu4c4m0le h0ndur45 12345678

and if you want something to remember long term.. choose a book and a book page and line and the use that as your passphrase were some of the letters are made into numbers

Eg

c4ll m3 15hm43l 50m3 y34r5 490 h4v1n9 l1ttle 0r n0 m0n3y

You may want to take a look at NoBrainr, which was made just for this. It generates easy-to-memorize passphrases with a constant 13 bits of entropy per word (7,776 word list).

Example:
nine ranch quart snap jazz orb ski == 1HwzD1A29Fqj6xguvCKu1fqPjK9pfDNJCj  <- lifetime secure

As phillipsjk pointed out, the only way you can make a brainwallet truly robust is NOT to choose the passphrase yourself. Either trust your computer's cryptographic RNG (as NoBrainr, Bitcoin-Qt, Electrum, VanityGen and others do), or use the excellent Diceware method (one of the cheapest sources of true randomness available.)

It is hard to estimate the quality of that proposed passphrase: because it was not randomly generated.

"banana, dominican, equator, guacamole, honduras" seem to all have a tropical theme.

The number tacked on the end frequents top 10 password lists.

My room-mate noticed that each word starts with a subsequent letter.

If we assume a 2000 word list, divided by 25 due to the predictable pattern, that is about 6.32 bits of entropy per word. If we assume the last word is a list of common number sequences, I will be generous and assume 6.32 bits of entropy for that as well (80 entries).

9 words X 6.32bits = about 57 bits of entropy.

As a rule of thumb, you will want at least 64 bits of entropy (the actual strength needed depends on how fast an attacker can check guesses). 64 bits is 128 times (2⁷) stronger that 57 bits. If you have over 128 bits of entropy, no machine in the universe is likely to be able to ever brute-force the passphrase.



Wikipedia has a page on Password strength

My favorite online Password Generator (Note: in theory, it is better to generate passwords on your own hardware).
Generating passwords makes the amount of entropy more predictable:
All have at least 64 bits of entropy. The first is 4 bits per character, the second is  6.55 bits per character, while the last is 5.96 bits per character. You can calculate the number of bits per character thus: log(number of symbols)/log(2) -- the base of the log does not matter because dividing by the log of 2 converts to base 2.

Hey guys,

I am looking for a solution where I can store my Bitcoins with a brain wallet pass phrase.

I am looking for tips on what characteristics make a good brain wallet, and how many words it should be.

How secure is this?

Would something along the lines of:

america banana cast dominican equator frenchfry guacamole honduras 12345678

How safe is that?

Also, can you please give me some tips on how I can create a safe brain wallet. Right now the stereotype is that brain wallets are not safe, but its not that they aren't safe, its that the passwords people choose are not safe. So I would like to get some input.