Bitcoin Brain Wallet Version 2
4 stars based on
77 reviews
What people currently refer to as a "brainwallet" is simply a passphrase run through a single SHA and then the result is the private key for a bitcoin address. The problem here is that an attacker can download the blockchain and then run very fast attacks basically hashing any text they can find to see if it hashes to a key which has some bitcoins.
And when they find one, they drain that address. They can do this very fast since a single Brainwallet bitcoin value is quite cheap. This leads to sadness.
An awesome answer is key stretching. The short version is that a function is used to make it more time complex brainwallet bitcoin value test a key. That means it is a million times more expensive for an attacker to test each possible password. Then you make it even better by adding in something unique to the user. This makes the attacker have to do much more work as each different salt uses a different input on its million SHA operations.
Key stretching is usually discussed in terms of a user entering a password to gain access to something. In that situation, the user is only willing to wait a short amount of time maybe a few seconds at most. For bitcoin users protecting their wealth, this isn't nessesarily a concern. If an address is used a long-term offline storage a few brainwallet bitcoin value might be a tolerable delay. That means we can get a little silly. Why stop at a million hashes when we could do million and make each attack really expensive?
Also, people have computers with multiple cores. Why not use them all? The key derivation functions usually used are serial in nature. You get the output from one operation and use that in the input of the next. But there is no reason we can't construct a tree of them and use all our cores. This key is broken up into a segment to be used by each thread. The thread work can be paralellized or even distributed to multiple computers if you are so inclined.
Our objective here is to cost an attacker brainwallet bitcoin value much CPU time as possible while keeping the user wall time 'reasonable'. Lets say our attacker has cores brainwallet bitcoin value his disposal. If each password try takes CPU seconds, it doesn't matter to him brainwallet bitcoin value it is parallel or single-threaded. If it is parallel, brainwallet bitcoin value runs it on his cores. If it is single threaded, he runs it on one core and tries other passwords on the remaining cores.
In either case, his limiting factor is how many cores. However, for our user who just has one password to run and brainwallet bitcoin value cores, parallelism reduces his wall time how long he is looking at his watch waiting for this thing to finish without making it any easier on the attacker. So parallelism is a clear win for us in terms of costs.
I've picked numbers to make use of at most cores and takes about one minute on a fairly modern setup. I've specifically made the numbers not easily tunable because if brainwallet bitcoin value use different numbers that is one extra thing you need to remember to recover your key. So a modern 12 core machine Brainwallet bitcoin value using to test can do all of this in about 60 seconds.
Lets say this is equivelent of an Amazon EC2 c3. Lets also assume that someone can build their own computers or rent them elsewhere but the price will be about the same. So my challenge key brainwallet bitcoin value has 2.
So it could cost an attacker on average 2. I expect someone will do it brainwallet bitcoin value but probably more for fun that profit.
Two words is just too weak. Maybe they can get that down by 10x using big FGPAs big enough to run memory intensive scrypt. This still means that even with this weak password of only brainwallet bitcoin value words, most likely no one will ever bother to find it. Brainwallet bitcoin value course computers get faster and the price of Bitcoin changes so build in some buffer. My recommendation would be to use something like Correct Horse Battery Staple and using 4 or 5 words.
When used as an Electrum seed: I have stored 0. The salt is 'fireduck gmail. The password is brainwallet bitcoin value words from the Electrum word list in lower case with a single space between them just like in the test vector. Whoever finds the password first is free to take the bitcoin. My guess is that no one ever will without brainwallet bitcoin value many more CPU years than it is worth.
It is only 2. Here is the address: This sounds suspiciously like math. You had me at 'bitcoin'. How do I use this thing already?