Brainwallet

From BitcoinWiki
This is the approved revision of this page, as well as being the most recent.
Jump to: navigation, search
Brain wallet logo

Brainwallet is a project which refers to the concept of storing Bitcoins in one's own mind by memorizing a mnemonic recovery phrase. If the mnemonic is not recorded anywhere, the Bitcoins can be thought of as being held only in the mind of the owner. If a brainwallet is forgotten or the person dies or is permanently incapacitated, the Bitcoins are lost forever. Using memory techniques allow them to be memorized and recalled easily.

To create a brainwallet, use Bitcoin wallet software to generate a mnemonic seed and then memorize it. Such seeds are generated by wallets like Electrum, Armory and MyCelium.

A brain wallet is a standard wallet that generates its address by hashing a passphrase to create a private key and therefore a public key and resultant address. Seeing as a Bitcoin or a Litecoin address is usually a 256 bit string – the SHA-256 algorithm is usually used – although various levels of complexity can be added to this. So if I wanted to generate a private address using the passphrase cryptocompareisamazing for litecoin I could go to liteaddress.org and generate the private and public litecoin key pair shown below.

Worked Example[edit]

  1. On a computer with no malware, run Electrum and generate a mnemonic recovery phrase.
  2. Memorize the phrase
  3. When spending or saving, restore the wallet from memory using the phrase.
  4. Use the master public key to create an online watch-only wallet, where you can send to but not spend.
  5. Spend from the wallet in the manner of deep cold storage. Transferring the unsigned transaction to the cold storage computer, signing it and broadcasting to the network.

Example Mnemonic Peg[edit]

To memorize a mnemonic seed with this method you must invent a story which hits the words as "keynotes". Try to make it like a fairy tale story, use imagery. Make it somehow striking and emotionally resonant. When remembering you just remember the key words, not all the other words - the other can be remembered more as images and thoughts (which are hard to write down)

Let's say we have this seed:

witch collapse practice feed shame open despair creek road again ice least

You'd imagine walking through a building familiar to you, maybe your own home or workplace or school.

  • You imagine looking in the first room and seeing your mother dressed as a witch, playing the jenga boardgame until the tower collapses.
  • You walk to the next room and see your father practising with a longbow, he shoots a chicken to feeds himself.
  • In the next room you see your brother naked in shame attempting to cover himself, he's looking through a window that's open and flapping in the wind.
  • Now you reach the kitchen, girlfriend is looking at Picasso's Guernica on the wall. She is in despair from it. Next to it is a television playing the show Dawson's Creek.
  • Next you're in the garage, your childhood friend is working on his car. He plans to go on a road trip for the 5th time this month, he's going again.
  • Finally to go outside to the garden. It's early spring and the ground is covered in melting ice. Two of your other friends are there, one friend has a huge basket of apples, the other has a smaller basket but you're holding only some apples. You've got the least apples.

Repeat this story in your head several times over a short period - the first few days. It will sink in, deep, after that. You'll only have to revisit it very occasionally. After a while you can ignore it for months and it'll still come back, not that I'd recommend relying on that.

Fallible Memory Warning[edit]

Despite the memory aids, human memory can be very fallible. So if your only storage is memory you may find that it just vanished one day. Keeping a copy stored on paper somewhere could be a useful backup, depending on circumstances.

Obsolete Brainwallet Style[edit]

Fun with Brain Wallets (Making and Playing With Them)

An early old-style brainwallet was created by by memorization of a passphrase and converting it a private key with a hashing or key derivation algorithm (example: SHA256). That private key is then used to compute a Bitcoin address. This method was found to be very insecure and should not be used. Humans are not a good source of entropy. Using a single address also has problems associated with address reuse.

Low Entropy from Human-Generated Passphrases[edit]

Practically everyone who knows about or cares loudly yells at people DO NOT USE BRAINWALLETS [GENERATED BY HUMANS]. We've seen pretty concrete evidence that users are resistant to good advice in this space, and they are shocked when their favorite quotation is cracked and they lose their coins (But it was 60 characters long! I even added a special character! how is this possible?!), the existing sites promoting this stuff won't use a KDF stronger than SHA256*1 because "users are stupid if they use weak passwords". [1]

Ryan Castellucci DEFCON Talk[edit]

Ryan Castellucci gave a talk at DEFCON23 about cracking brainwallet passphrases. Although brainwallet passphrases were being exploited for years by this point, the talk helped bring the issues to more popular consciousness.

Legacy Code[edit]

If you have coins in an old-style brainwallet, the website contains a GUI for generating the private key using the sha256(passphrase) algorithm. It's highly recommended you move the out as soon as you can.

How To Create A Bitcoin Brain Wallet?[edit]

To create a brain wallet, you only require a passphrase (i.e. a mnemonic phrase of 4, 6, 8, 12, or 24 words long).

And that’s why it goes without saying that the security of your funds is directly dependent upon the strength/complexity/difficulty of the passphrase you choose. Because if someone is able to guess your passphrase, you will lose all of your funds in an instant.

Hence, users are advised by all brain wallet generators to choose a passphrase which is hard to guess, even by brute-force attack techniques.

Typically, a brain wallet is chosen in 1 of 4 ways:

You can choose and key in a random passphrase of 4,6,8,12, or 24 words long which you can remember or recall. You can use a Bitcoin wallet software like Electrum, Armory, and MyCelium to generate a passphrase and memorize it. You can use a Bitcoin wallet software to generate a passphrase and add “salt” to it to make your final passphrase even more complicated and harder to guess You can use a text file, excel file, doc file, or an image file and add “salt” to it to generate a passphrase. In this case, you need to keep the original file extremely safe. Out of this, the first method of putting in random words has proven to be vulnerable because human beings are predictable. Humans generally choose such sentences or words which are easy to guess or can be computed by highly sophisticated brute-force attack techniques. One such instance where a user had kept a passphrase that he thought was difficult lost 4 BTCs. See this Reddit thread for more details.

So to avoid such situations, some brain wallet generators suggest passphrases of sufficient entropy. And it is always advisable to use this in case you don’t have any complicated random set of words ready to be used as a passphrase.

External links[edit]

References[edit]

  1. Re: hardening brain-wallets with a useful blind proof of work

See Also on BitcoinWiki[edit]