Pages:
Author

Topic: What characteristics make a solid brain wallet? - page 2. (Read 3835 times)

legendary
Activity: 1974
Merit: 1030
try
america banana cast dominican equator frenchfry guacamole honduras 12345678
as
4m3r1c4 64n4n4 c45t d0m1n1c4n 3qu4t0r fr3nchfry gu4c4m0le h0ndur45 12345678

NO!!!

Use random data. NoBrainr is small and effective.
hero member
Activity: 896
Merit: 532
Former curator of The Bitcoin Museum

'merica 8anana legit! smegmacoat motherfalkner & BlamBlam

I think in simplest terms a good brain wallet is...
-easy for you to remember
-not any any password list
-not guessable by anyone you
-not guessable by anyone that can kind out anything able you (whether you think they can know it or not)
legendary
Activity: 4424
Merit: 4794
when using correctly spelled words and numbers as a separate element, your password would be easier to crack

try
america banana cast dominican equator frenchfry guacamole honduras 12345678
as
4m3r1c4 64n4n4 c45t d0m1n1c4n 3qu4t0r fr3nchfry gu4c4m0le h0ndur45 12345678

and if you want something to remember long term.. choose a book and a book page and line and the use that as your passphrase were some of the letters are made into numbers

Eg

c4ll m3 15hm43l 50m3 y34r5 490 h4v1n9 l1ttle 0r n0 m0n3y
legendary
Activity: 1120
Merit: 1016
090930
You may want to take a look at NoBrainr, which was made just for this. It generates easy-to-memorize passphrases with a constant 13 bits of entropy per word (7,776 word list).

Example:
nine ranch quart snap jazz orb ski == 1HwzD1A29Fqj6xguvCKu1fqPjK9pfDNJCj  <- lifetime secure

As phillipsjk pointed out, the only way you can make a brainwallet truly robust is NOT to choose the passphrase yourself. Either trust your computer's cryptographic RNG (as NoBrainr, Bitcoin-Qt, Electrum, VanityGen and others do), or use the excellent Diceware method (one of the cheapest sources of true randomness available.)
legendary
Activity: 1008
Merit: 1001
Let the chips fall where they may.
It is hard to estimate the quality of that proposed passphrase: because it was not randomly generated.

"banana, dominican, equator, guacamole, honduras" seem to all have a tropical theme.

The number tacked on the end frequents top 10 password lists.

My room-mate noticed that each word starts with a subsequent letter.

If we assume a 2000 word list, divided by 25 due to the predictable pattern, that is about 6.32 bits of entropy per word. If we assume the last word is a list of common number sequences, I will be generous and assume 6.32 bits of entropy for that as well (80 entries).

9 words X 6.32bits = about 57 bits of entropy.

As a rule of thumb, you will want at least 64 bits of entropy (the actual strength needed depends on how fast an attacker can check guesses). 64 bits is 128 times (27) stronger that 57 bits. If you have over 128 bits of entropy, no machine in the universe is likely to be able to ever brute-force the passphrase.


Perhaps Brainwallet.org should use their own rainbow table. You can still keep everything client-side for generating the address. However once the address is generated, it can be submitted to the site for checking. Users may be surprised to learn the the chorus from their favorite song (with common mishearings and spellings) is actually in the dictionary.

As has been mentioned earlier in this thread, if you can easily memorize it, it is probably not a secure passphrase. The rule of thumb I use is that If it has ever been published anywhere, it is probably not a secure password. Do you really think the sum total of human knowledge has over 64 bits of entropy? (that data-set is only about 46 bits of entropy).

Wikipedia has a page on Password strength

My favorite online Password Generator (Note: in theory, it is better to generate passwords on your own hardware).
Generating passwords makes the amount of entropy more predictable:
Code:
28B1849D702FB75A
/|url.:n~p
NtLDtc1rhf6
All have at least 64 bits of entropy. The first is 4 bits per character, the second is  6.55 bits per character, while the last is 5.96 bits per character. You can calculate the number of bits per character thus: log(number of symbols)/log(2) -- the base of the log does not matter because dividing by the log of 2 converts to base 2.
legendary
Activity: 1320
Merit: 1007
Hey guys,

I am looking for a solution where I can store my Bitcoins with a brain wallet pass phrase.

I am looking for tips on what characteristics make a good brain wallet, and how many words it should be.

How secure is this?

Would something along the lines of:

america banana cast dominican equator frenchfry guacamole honduras 12345678

How safe is that?

Also, can you please give me some tips on how I can create a safe brain wallet. Right now the stereotype is that brain wallets are not safe, but its not that they aren't safe, its that the passwords people choose are not safe. So I would like to get some input.
Pages:
Jump to: