Is anyone still using brainwallets in earnest? I always assumed that anyone that used a brainwallet effectively got robbed by now. Then again, any brainwallet that was sufficiently secure wouldn't be identifiable as such.
[...]
Clearly, code can also be used to produce more secure brainwallets. E.g. hashing a string more than once and a brute force approach is virtually useless.
You'll likely have to use a combination of different hashes in varying rounds (eg., 10x Sha256 => 2x Scrypt => Bcrypt => etc) requiring an attacker to reproduce your exact hashing steps. Let's not forget that anyone who is scanning for brainwallets has
a lot of time to do so and thus can account for multiple hashing rounds as well.