Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: Brain Wallets
by
aerobatic
on 13/02/2016, 22:50:53 UTC
Quote from: marbu1022 on February 13, 2016, 08:17:20 PM

I don't see how it's possible to crack such a sophisticated password as what you say you used. You are talking about a 256 bit + password. This password cannot be cracked in any practical amount of time.


marbu -

there's several attack vectors to worry about when using brain wallets, which aren't a worry when using other types of wallet.

for instance.  every time you need to type it out, to get it converted back into the private key...  it could be intercepted locally on your computer using spyware or a key logger.   it could be intercepted using man in the middle attack on your internet connection or your wifi via a network sniffer or via a mitm ssl attack.   it could be intercepted at the web site that you're using to generate the brain wallet key in the first place.  or your java installation etc.  it could be a corrupt brain wallet generator.  or one with a weakened rng seed... etc.  there's too many attack vectors to think that brain wallets are a safe way of storing your bitcoins.  you are very reliant on a lot of things not being hacked, for you to continue to use a brain wallet.   anytime, during creation or use, or even just doing nothing, can be a risk factor.   Even Entropy checkers that are on the internet, could potentially be logging your passwords, and populating similar words into their dictionary with your entropy test results, so that the hackers have a better understanding on what kind of passwords people use (!)


i counted the letters in the brain wallet i was referring that got hacked, and to make a correction, it was less than the 40 chars i said it was - just to be accurate, it was 34 characters.  sorry, i thought it was more.. but the point was, it was still a long string of letters and numbers, some of which were words, some caps, some punctuation, and it still got hacked.  whether it was hacked with brute force from a cloud password generator or some other weak point in the brain wallet system, i really don't know.   All i know is that the ONLY loss i have ever had from any bitcoin wallet... was from a brain wallet.   Ive not even (touch wood) lost anything from web wallets like Blockchain.info   (and nowadays I've migrated to a hardware wallet and cold storage, as i don't even trust paper wallets as they have some of the same attack vectors to brain wallets)