extending the password with a salt first and then using that for encryption is always a great idea. extending it with a strong key derivation function that is expensive to brute force such as scrypt (which uses a lot of memory) is even a better idea. setting the values for N=2¹⁸ and r=8 is also a good setting for this purpose https://tools.ietf.org/html/rfc7914#section-2

Seems to me you can stretch and obfuscate as much as you want, but you will never solve a couple of fundamental problems:

1. The original passphrase will still have lower entropy than a sequence of random bytes.

2. The more complicated you make the passphrase->rawkey generation process, the more likely you (or the beneficiaries in your will) are to lose funds.

It's interesting proposing new ways to make a brainwallet more secure, and I get that there are some extraordinary situations where use of a brainwallet may be justified, but otherwise... wouldn't you be better off sticking with something more conventional like a paper wallet?

true but as i explained, the alternative is still flawed so in my opinion storing the 12 words that is randomly generated is a lot safer than using a brainwallet even if it is susceptible to physical theft.
besides you can mitigate that by using some sort of encryption on it! for instance you could use the "brainwallet" as the password for encrypting the mnemonic phrase and then print the encrypted text instead and remember the password.

actually the main difference is in usage of a key derivation function called "scrypt" which is a memory expensive KDF and with decent settings it can become very expensive to break. N=2¹⁸ and r=8 are the "cost" that are making it expensive since you are basically deriving a 1024 byte long key and then mixing it in 8 blocks, 2¹⁸ times then deriving another key with that mixed key both times using PBKDF2.
by the way the "s2" variable it uses is quite pointless in my opinion, they could have just increase block size factor from 8 to a bigger value!

and finally i have to mention that even with this much complication, this implementation is also suffering from the same flaws as any other brain wallet: people are not capable of creating a truly random password. most of them will use simple terms which can be found/guesses easily.
setting a couple of complicated passwords as challenge doesn't mean the method is safe. you could do the same thing with other brainwallets too!

Don't use WarpWallet, the manual key management is a nightmare, and it uses uncompressed addresses. Just memorize a random 12 word seed phrase.

Do you mean "The WarpWallet Challenge 2"? Check the address, the 10 BTC was moved out in January 2018. The text also says that the challenge expires 1st Jan 2018.

https://www.blockchain.com/btc/address/1MkupVKiCik9iyfnLrJoZLx9RH4rkF3hnA

nice to see a positive late-adopter!

get your 5 posts and some lurking time, then you are unrestricted.