I am reading this and the words of @gmaxwell
(or any other software for that matter) like it was the private key,
A bunch of these sites are "brain wallet tools" (for brain wallet fools) and they hash the data being input into them. E.g. they compute sha256(input)*G rather than input*G. If it accepts anything other than a number then it's almost certainly hashing it.
are what i dont understand, does it mean that the "brain wallet fools" sites, do wrong calculation ??
brain wallet fools that foolishly decide to use the phrase "dave"
can be brute forced in (4*1*22*5) 7.2mill tries.. (62 alphanumeric character combination*number of characters)
which on say a 1000/s sequence=under 12minutes
(but thats a poor method)
most brain wallet phrases are usually only a few words. meaning the randomness is lower
so instead of going through a brute force of every keyboard character per letter
some can brute force the dictionary/names databases
meaning it only takes under 200k tries to go through all single words/names
and with 'dave' being only (d=4th letter) means it can be found in probable under 30k tries
so yea 'dave' is a foolish phrase that will take 30k tries= 30 seconds(dictionary/name database)
where as d4^3 might take (68*20*62*19)59mill tries =16 hours(95 character keyboard)
the more longer the phrase the longer the entropy.the longer to find
the more use of mix of lowercase uppercase and characters to not be a dictionary word.. the better
but its even better to not use a phrase that is simple to remember..
and instead use a high entropy random number generator and just remember where you stored the lengthy number of high entropy
2
256 randum is better than 26
4 or 95
4 short phrase