I'm pretty sure people still use them. Even better if they use something they use much heavier encryption (such as WarpWallet).
The idea of simply remembering your money is appealing to me (but I don't dare risk it for a large amount).
What I don't understand is why don't they use the hash function millions of times to make their brain wallet even more secure?
I'm pretty sure some people do that. And I'm pretty sure some others are searching for it too.
But isn't that what
WarpWallet was created for? 524,288 times scrypt, followed by 65,536 times pbkdf2. A simple manual "brute-force" tells me that "satoshi" was used to deposit
0.0003 BTC in 2015. It wasn't moved out instantly (only after 7 blocks).
<>
The scope of realistic brain wallets is very small when compared to all potential private keys. Requiring an adversary to do a million times more work might sound like a lot, but compared to all potential private keys, it really is not.
If you're the only one who uses 1,276,816 rounds of hashing, the number of potential wallets that can be found is limited to only your wallets, versus many different wallets that all use only one round.
How is someone supposed to remember the exact number of hashing rounds? I think in both the WarpWallet and your proposed ~1.2 million rounds of hashing implementations, you will need to either document the rounds of hashing, or rely on a third party to help calculate the private key, and I don't think this meets the definition of a brain wallet.