Re: Forget brainwallet - could you memorize an entire private key?
Be careful with only using 160 bits of entropy for private keys. The strength of ECDSA keys when the public key is known is half the key size. For full length key 256 bits length = 128 bits strength. So 160 bits mean 80 bit of strength. This is not beyond brute force. It may not be economical but brute forcing the private key from the public key is feasible.
sorry to double post my question...but why exactly is electrum safe with only 128 bits of entropy? (besides the extra 16 bits of key stretching which I'm aware of)...
Is it because it is hashed in the first place? Once you hash a passphrase, it retains all the entropy? You can't reverse the hashing... Is that it?