Author

Topic: Why doesn't a Brain Wallet have a Password? (Read 221 times)

legendary
Activity: 3024
Merit: 2148
I appreciate your concern for the safety of my bitcoin.  And I agree it is a valid concern.  So anyone reading this should certainly take notice!

But my seed is not something that is being directly memorized.  It is being created more along the lines of the Brain Wallet Craig Wright put up as a contest daring anyone to steal his 50 bitcoins.  He actually states it wouldn't be stealing since he is offering the 50 bitcoins as a prize for anyone that can crack it. 

I probably should have asked this question in the same thread as my "Question regarding SALT in a Brain Wallet".  I explain in there that the seed IS SECURE.

Anyway.  Thanks again for the concern and the articles.  Always looking to learn more.

Don't take any technical advice from Craig Wright, he is an amateur who has a long track record of not being able to write even simple software without introducing serious bugs.

If your seed isn't being memorized, than it's not a brain wallet as per definition.

The problem I see with all these brain wallet type of schemes is that they all don't use salt and leave themselves vulnerable to precomputed hashes. Some attacker can just build a huge table of single words, phrases, alphanumeric strings and so on, together with their SHA-256 hashes, and then just use this table for all sorts of hacking (not limited to Bitcoin). They can then setup a script that listens to new blocks, takes all all newly used addresses and very quickly checks them against their table to see if there's a corresponding private key.
newbie
Activity: 30
Merit: 0
With a brain wallet, the key is memorized. There is no need to encrypt it, because nobody has access to it. Anyway, encrypting it would make it impossible to memorize.
Not necessarily. Some people use parts of books, personal stuff or just picked words to generate their own brain wallet "custom seed". This may not be the safest thing, but some people do it anyways. Adding a password would be like a second part of the seed. If you use a part of your favorite book, you can then add a quite-easier-to-remember password (like mike123) to "protect" against someone finding the seed. Does that make any sense?

I agree, it doesn't make any sense. This is why smart wallets are called smart wallets. It doesn't need to come up with a password like the date of birth or the name of the movie or your name+777.
jr. member
Activity: 45
Merit: 35
I appreciate your concern for the safety of my bitcoin.  And I agree it is a valid concern.  So anyone reading this should certainly take notice!

But my seed is not something that is being directly memorized.  It is being created more along the lines of the Brain Wallet Craig Wright put up as a contest daring anyone to steal his 50 bitcoins.  He actually states it wouldn't be stealing since he is offering the 50 bitcoins as a prize for anyone that can crack it. 

I probably should have asked this question in the same thread as my "Question regarding SALT in a Brain Wallet".  I explain in there that the seed IS SECURE.

Anyway.  Thanks again for the concern and the articles.  Always looking to learn more.
legendary
Activity: 4466
Merit: 3391
O.K. so I appreciate and agree with both replies.  It is true that I won't be writing down the Brain Wallet's Private Key anywhere so there really is no need for a password.

Trust me.  There won't ever be any brain wallets created by me from parts of literature.  I already understand how that is a very very bad idea.  But I do like TryNinja's idea of using a part of literature with a Password added.  Although a part of my brain still says that is a bad bad idea.

If you treated the SALT like a password would the address really be fairly secure even if you did use a printed piece of literature?  Somehow I don't think so.

I'm cool with no password for the Brain Wallet.  Just wanted to be sure I wasn't missing anything.

Now to make and stuff it with a bit of coin.


Wait a second. Nobody is saying that the standard brain wallet is a good idea. Anything that a person can easily remember is vulnerable to brute-force attack, though I think that using a PBKDF might make a difference.

Check these out first:

Collection of 18.509 found and used Brainwallets
Would a brain wallet based on a password hashing algorithm be secure?
jr. member
Activity: 45
Merit: 35
O.K. so I appreciate and agree with both replies.  It is true that I won't be writing down the Brain Wallet's Private Key anywhere so there really is no need for a password.

Trust me.  There won't ever be any brain wallets created by me from parts of literature.  I already understand how that is a very very bad idea.  But I do like TryNinja's idea of using a part of literature with a Password added.  Although a part of my brain still says that is a bad bad idea.

If you treated the SALT like a password would the address really be fairly secure even if you did use a printed piece of literature?  Somehow I don't think so.

I'm cool with no password for the Brain Wallet.  Just wanted to be sure I wasn't missing anything.

Now to make and stuff it with a bit of coin.
legendary
Activity: 4466
Merit: 3391
With a brain wallet, the key is memorized. There is no need to encrypt it, because nobody has access to it. Anyway, encrypting it would make it impossible to memorize.
Not necessarily. Some people use parts of books, personal stuff or just picked words to generate their own brain wallet "custom seed". This may not be the safest thing, but some people do it anyways. Adding a password would be like a second part of the seed. If you use a part of your favorite book, you can then add a quite-easier-to-remember password (like mike123) to "protect" against someone finding the seed. Does that make any sense?

That's a good point. In the OP's case, then there is no need for encryption because the "password" is just part of the brain wallet seed.

Also, what you described is a form of brain wallet that seems even safer than a paper wallet (as long as the details are easy to memorize).
legendary
Activity: 2758
Merit: 6830
With a brain wallet, the key is memorized. There is no need to encrypt it, because nobody has access to it. Anyway, encrypting it would make it impossible to memorize.
Not necessarily. Some people use parts of books, personal stuff or just picked words to generate their own brain wallet "custom seed". This may not be the safest thing, but some people do it anyways. Adding a password would be like a second part of the seed. If you use a part of your favorite book, you can then add a quite-easier-to-remember password (like mike123) to "protect" against someone finding the seed. Does that make any sense?
legendary
Activity: 4466
Merit: 3391
You explained the difference, so it is not clear what you don't understand.

With a paper wallet, you write down the private key, encrypting it first with a password prevents someone who sees it from knowing the actual private key (unless you write down the password too).

With a brain wallet, the key is memorized. There is no need to encrypt it, because nobody has access to it. Anyway, encrypting it would make it impossible to memorize.
jr. member
Activity: 45
Merit: 35
I'm just wondering why I can't add a "password" to my brain wallet?  If I create a normal paper wallet it lets me tick a BIP38 box to add a password.  Is there any particular reason a Brain Wallet doesn't have this tic box on it?  Or was it just left off because whoever wrote the software didn't want to bother adding it?

I guess I'm trying to understand the fundamental differences between a regular paper wallet with a BIP38 Password.  And a Brain Wallet?

I get that with a regular paper wallet you have to keep a copy somewhere (Since you're not memorizing the private key) and you can't forget the password if you use BIP38.
And I get that with a Brain Wallet you're not keeping a copy of anything anywhere.  You're remembering a SEED that you use to create the Private Key with.

So is it just because everybody figured since a brain wallet wasn't being written down anywhere that there was no need for a password?

Just wondering.  I'm trying to fully understand the world of paper wallets etc.

Thank you so much for your time and effort in replying.  It is appreciated.
Jump to: