If you assume that cx-xxxx gives you 75bit then cy-yyyy doesn't add another 75bits since it is the same strategy and the same championships. So you only get entropy from repeating procedure: 2bits + 5 almost random numbers (14bits) + bip38 (20) = 36bits.
You may be right, but I thought that
all combinations of
both passphrases would be necessary to break the encrypted private key. So I would think that the full entropy of both are additive.
In any case, I appreciate all the good input for consideration. My intuition tells me that if an underlying structure high enough entropy, and some human convoluted obfuscation is applied, the resulting passphrase output will be safe. But as you point out, the sophistication of the development of cracking techniques will keep getting better.
My point is that while it is possible to create safe brainwallet with human generated obfuscation method, it is very difficult thing to do so. It may be slightly easier to remember, but they require a lot of time to be created. Also, while people can't calculate entropy properly they will never be sure if they created enough of it. Even if you come up with clever and provably safe instructions, most people would just not follow them properly (and the method will no longer be non standard).
Very good points here. However, our whole bitcoin set of processes and methodologies are quite complex and convoluted in themselves. My biggest fear is irrevocably losing my few BTCs. I am very intrigued by encrypted private keys and brainwallets -- so this has been an interesting exploration for me. Besides my small test, I don't know if I will leverage my approach for real.