Brainwallets: A cautionary tale

Security

(c) Adeel Anwer / flickr.com - Creative Common License 2.0 https://creativecommons.org/licenses/by/2.0/

There are several ways to keep your Bitcoins safe. Brainwallets are a way of holding coins without leaving clues either online or in the real world. You simply store your private key in your head by means a passphrase. But there are considerable risks to doing this, as our Author Brandon Hurst writes.

The Bitcoin protocol itself is bombproof. No vault in the world, whether hidden deep in the Alps or secured in Fort Knox, is as safe as Bitcoin’s encryption. They only known attack on a private key is to brute force it. But to do this, you would need to create a computer powered by more energy than the sun will emit in its remaining lifetime. There is literally no chance.
But like most software, Bitcoin suffers from the ‘45-centimetre’ problem. The term refers to the distance between a computer’s monitor and the most common source of errors: the human.
When Mt. Gox allegedly lost 850,000 Bitcoins, the issue was not the protocol, but human failure. It was the same when C-Cex lost 125 Bitcoins, when Flexcoin had its customers’ funds stolen by a hacker, and so on. Experts now warn that you should not leave Bitcoins (or fiat currency) on an exchange any longer than you have to, or in wallets to which you do not have the private keys.
An alternative to hot wallets and physical cold wallets are ‘brainwallets’. Even these, however, do not avoid human malice. In this article, I’ll explore why the immense convenience they offer is very often their worst security flaw.

Brainwallets

The internet is a bad and dangerous place. There is plenty of malware about designed to steal Bitcoins from your wallet, exploiting not the Bitcoin protocol itself but the interface between you and the wallet software. A chain is only as strong as its weakest link, and if your wallet is vulnerable due to poor security practices, this represents a far easier way to steal your coins than trying to guess your private key.
There is only one method that can definitely avoid malware: Cold Storage, or keeping large quantities of coins offline. This doesn’t just mean avoiding online ‘hot’ wallets. Ideally you should generate a private key on a computer that is not even connected to the internet, and send Bitcoins to its associated address. Cold storage is a smart idea. It gives Bitcoin holders the peace of mind that their coins won’t be stolen by hackers.
But it does require printing or otherwise writing down your private keys, which could pose a security threat, since anyone who finds them can steal your Bitcoins. Some people therefore prefer not to create physical cold wallets, instead memorising their private keys. The problem is that random 256-bit numbers, or 32-byte character strings, aren’t at all easy to remember. And that brings us on to brainwallets, one of the best and worst ideas in the bitcoin ecosystem.
Brainwallets attempt to answer the problem that private keys are hard to memorise. The human mind does not like randomness. So brainwallets generate a private key from a word or phrase. Done well, they are almost as secure as a randomly-generated private key.
Done badly, using a brainwallet is a little bit like leaving the keys to Fort Knox hidden under a rock by the back door.
What brainwallets allow you to do is

  • ‘Secure’ your Bitcoins with a memorable passphrase
  • Trade the unbreakable 256-bit security of the Bitcoin protocol for the strength of a lucky guess.

Guess the passphrase

Every year, tech magazines publish lists of the most popular passwords. Some of them are staggeringly unimaginative: 123456, password1, iloveyou, and so on. Thousands of people secure their email and other applications with passwords that can be (and routinely are) easily guessed. If the application is not important, like a trashmail address, it’s no big deal. If it’s a brainwallet, on the other hand, it can become an expensive problem.
In the course of researching this article, I used brainwallet.org to generate a number of private keys from a series of phrases I thought someone, somewhere might have used. Within a few minutes, I had a list of private keys that corresponded to addresses that had, indeed, once held Bitcoins. No longer though – and therein lies a cautionary tale. Once you realise why they are empty, you’ll see there’s no reason I shouldn’t pass on some of the list I came up with, which included gems such as:

  • bitcoin
  • password
  • password1
  • 1234

Why are these addresses empty? I hope because the owners have moved the funds somewhere more secure. But the reality is that it’s more likely there are bots carrying out sophisticated dictionary attacks on them. As soon as these addresses receive funds, they are swept into other accounts. If you want to test the theory, try transferring a small amount of Bitcoins into one of them and see how long it stays there. These addresses are empty because hackers are sweeping them of Bitcoins – and the balances of other addresses associated with millions of other words and phrases – every day.

What makes a good brainwallet?

Back in 2012 Gavin Andresen wrote a blog post entitled ‘DO NOT USE A BRAINWALLET! YOU ARE LIKELY TO LOSE YOUR COINS!’ You can guess the gist of it, but it’s well worth a read because it shows just how bad we are at understanding the kinds of numbers involved and the speed at which a fast computer running a well-written algorithm can guess them.
The more complicated a brainwallet password, the harder it is for even a malicious script running a complex dictionary attack to find. However, it’s also harder to remember it, which is the point of a brainwallet. Gavin Andresen writes:
‘So: is it impossible for people to create a secure brainwallet? Passwords/passphrases don’t work– because we share so much (popular culture, language, education), even when told “think of something nobody else will think of” we’re likely to think of something similar to what lots of other people pick.
Here’s a proposal for a brainwallet scheme that I think might be secure:
Create a secure brainwallet by combining:

Your Full Legal Name
Passphrase1
Passphrase2

So my secure brainwallet might be: “Gavin Anthony AndresenI have eleven hovercraft full of eels!Okey dokey: patches welcome.”’

How secure is secure?

Gavin’s example isn’t particularly easy to remember. What’s the minimum level of complexity required to keep your coins safe? I don’t know, but this thread from Reddit suggests you need to be far more careful than you might think:
‘Just lost 4 BTC out of a hacked brain wallet. The pass phrase was a line from an obscure poem in Afrikaans. Somebody out there has a really comprehensive dictionary attack program running.’
Bitcoin itself is secure. Too often the way we use it is not. Brainwallets are a great idea, but bear in mind that your passphrase might not be as safe as you hoped.

By Brandon Hurst

BitScan_article_advert

This article was first published on Bitscan, your trusted
source for bitcoin news.

Über Christoph Bergmann (1641 Beiträge)
Das Bitcoinblog wird von Bitcoin.de gesponsort, ist inhaltlich aber unabhängig und gibt die Meinung des Redakteurs Christoph Bergmann wieder. Christoph hat vor kurzem ein Buch geschrieben: Bitcoin: Die verrückte Geschichte vom Aufstieg eines neuen Geldes. Das Buch stellt Bitcoin in seiner ganzen Pracht dar. Ihr könnt es direkt auf der Webseite Bitcoin-Buch.org bestellen - natürlich auch mit Bitcoin - oder auch per Amazon. Natürlich freuen wir uns auch über Spenden in Bitcoin, Bitcoin Cash oder Bitcoin SV an die folgende Adresse: 1BergmanNpFqZwALMRe8GHJqGhtEFD3xMw. Wer will, kann uns auch Hier mit Lightning spenden. Tipps für Stories sind an christoph.bergmann@mailbox.org immer erwünscht. Wer dies privat machen möchte, sollte meinen PGP-Schlüssel verwenden.

2 Kommentare zu Brainwallets: A cautionary tale

  1. very good idea width the Brainwallets!
    Thank you for the info!
    BR

  2. Kevin Toal // 1. July 2014 um 14:14 // Reply

    generate a RANDOM unknown 12 word, easy for you to remember phrase..
    Next make a 10 char. strong password with at least 1 special char, 1 number and 1 capital letter.
    Next after each word on your 12 word passphrase, insert 1 character from your strong password.
    I ended up with a 56 character password that is easy for me to remember – but next to impossible to guess by brute force – or by dictionary attack (because it must be made up by you and you alone).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s