I added an iteration field which will loop sha256 before generating the mnemonic to discourage bruteforce attack, in my browser 1000000 will take approx 20 seconds to compute.
that does nothing not to mention that your code has a bottleneck otherwise 1 million SHA256 of a small input (passphrase) would only take half a second to complete. even if it were 20 second it still doesn't increase the security at all because the idea of using a brainwallet is flawed on its own whether it is creating a key or a mnemonic.
Like I said, I todly understand that human brain is very weak at making entropy compaired to the randomness of computer.
But there are imo some issues of keeping the keys or random generated mnemonics, it can be stolen, loose or destroyed. How many people did already experienced that? (I did)
We know that it is pretty much impossible to find collision in SHA256, so if I use it with my passphrase there is no other way for attacker to guess it, am I wrong?
Lets assume that I use a passphrase from my memories like "At christmas 2002 my oncle Joe came drunk for the dinner. My first girlfriend did not like french fries" and use 1000000 iterations what are the chance somebody will bruteforce it ever seriously?
I can understand that in this case 1 or 1M iterations will not really mater.
Lets now assume somebody will use with something weaker like "I like pasta with chocolate" and use iteration of 5555 wont it be fair enough that no bruteforce atack will ever solve it? I think that in this case the iteration.
In conclusion, from my experience I know I have much more chance to loose a peace of paper where I wrote the mnemonic than forgetting a long personal passphrase.
How do you guys are carring your keys or mnemonics? how can you be so confident you won't loose the access to it one day?