Also nobody is talking about the advantages of (strong) brain wallets, that are actually making them more secure than PRNG based wallets.
Besides of the two I mentioned already:
- They don't rely on anyone's (publicly known) implementation of the "entropy"
Unless you never intend to sign a message they do... and they also depend on a human's easily predictable production of "entropy".
There are hundreds of millions of dollars worth of Bitcoin secured by the CSPRNG setup in Bitcoin Core. It is peer reviewed by quite a few subject matter experts. That is a pretty strong bit of auditing there, ... can you say the same for your scheme?
- They don't require backups
Human memory is very fallible. We often just don't remember what we don't remember so we don't often realize how bad it is. A fever, blow to the head, or other illness can easily kill single memories even of things you used frequently-- a brain wallet is the hardest kind to remember: to be secure it must be unusually random, and you should not be using it frequently (if you use it frequently, you will end up leaking it somehow) and being almost right is not good enough!
Backups are also easy if you don't need to redo them. They are practically free: A small USB stick costs a few dollars, paper costs cents. You can make many backups and secure them with a weak password that your family also knows and really can never be forgotten-- but attackers with a FPGA farm in china cannot crack your password protected backed up wallet!
There is more:
- They cannot be seized
Equally true of a pasword protected backup wallet. And both can be seized after finding evidence of you using them in the blockchain or on your computer and then liberally applying a hammer to your non-dominant hand.
- They don't need to be carried
Yes, this is perhaps the one advantage-- if you are a refugee who can literally carry _nothing_ without severe risk of losing it. But even there you would be much better off with a few backups of that key securely hidden back at home in case you do forget it and do someday find yourself in a place where you can pick it up.
- Their existence can be denied
- Even if someone can prove that a brain wallet had existed at some point in time, he's still unable to prove that you have not forgotten the password
Both equally true for an encrypted non-brainwallet.
You see, in my opinion, the biggest enemy of the brain wallets should be the government.
Brainwallets are irrelevant to the government-- they don't add any protection from the a government except in the refugee case, but they are the friend of the coin thieves -- no surprise considering they were invented by one.
You seem to have ignored my point that a brainwallet is equivalent to storing an unsalted password hash in a public database. Do you consider that incompetent security?