Wow, seems today is the day that people respond to threads without paying attention to what the OP is looking for:
- snip -
- snip -
The best defence is probably to make brain wallets slow to generate. If the cracker can crack brain wallets at 350billion per second then you need a long passphrase. If the first step of the brain wallet is to sha hash the passphrase 80 billion times
- snip -
And he should stamp the entire algorithm into the metal so he doesn't forget it?
OK, maybe not the best suggestion for the original poster, but it did answer the question in his first post - the number of characters required to make a brain wallet difficult to crack directly relates to the speed of the brain wallet algorithm. If there is only one existing brain wallet algorithm available online then that's not that helpful for him I agree. If there is more than one, then choose the slowest.
- snip -
Note that if many brain wallets use the same generation code then a hacker can test all of them at the same time, so the important value is that stored in brain wallets using the same generation code as you, not that stored in your wallet.
- snip -
I'm not sure what you are trying to say there. Perhaps I'm just not paying close enough attention. When you say "generation code" do you mean password? Or do you mean algorithm for converting a password into an address?
I meant the algorithm for converting a password into an address. The expensive bit of any brainwallet is going to be generating the keys from the wallet. If everyone using a brainwallet uses the same algorithm then a cracker who brute-forces possible passwords can check the generated public keys for each trial password against all existing public keys with significant funds in them very cheaply (eg. using a bloom filter). If the trial password matches anyone's brain wallet then he has a hit.