Bitcoin Brain Wallets: A flawed, dangerous idea. | BN2B

I was recently reading about Bitcoin brain wallets. The idea is that instead of having the Bitcoin client come up with a completely random private key for you when you first run it, you come up with a bunch of common words, and you get a private key generated from those. The advantage is that with the traditional method, you have to back up your private key very well, keep it encrypted, all that jazz, because if you don’t do that, and your computer crashes or something like that, your money is gone forever. With a brain wallet, every backup you have could be destroyed, and you’d be able to regenerate your wallet without any hassles.

The first time I heard about the idea behind brain wallets was in this  xkcd comic:

This comic went viral when it came out, I saw the link all over, and it always bugged me, because it’s a bad argument. It seems really profound at first, but as far as I can tell, all it tells you is that “correct horse battery staple” is harder to guess than a very weak password in a very, very specific format. It’s like yeah, if you tell someone that your password is a dictionary word, with some common number substitutions, and that the last 2 digits are exactly one numeral and one piece of punctuation, YEAH, that’s not tough to crack. Comparing “correct horse battery staple” to that is annoying, it is annoying to me.

The comic also makes it seem like it’d take 550 years to guess that password, but that’s while attacking a remote web service, and you don’t need to do that with a brain wallet, anyone trying to crack a brain wallet password has the blockchain on their hard drive and can do this crazy fast.

If you literally just use 4 or 5 dictionary words, someone is going to crack it fast. Bad people can write a program to try a kabillion combinations of words and it will run fast. And this isn’t theoretical, people are doing this, right now. Check out this guy, he created 5 brain wallets and put 1 BTC in each, so that he could have a contest for readers of his blog to see who could crack them first. One of the wallets, with the password “lorem ipsum dolor sit amet” was cracked in 7 hours, and this was before he told anyone about the addresses or the contest. So obviously at least one person has a program going, constantly checking all new addresses to see if they match some huge list of keys that can be generated.

By the way, the guy who ran that contest decided that brain wallets are safe, because “it took days to crack them”. He doesn’t give any figures on how many people were trying to crack them, presumably it’s whoever reads his Blogspot blog. There are 5 comments on his wrap-up blog post, so it’s not like a million people were hacking away at it either. A few days to crack 5 brain wallets, whose passwords were in 3 different languages is pretty terrible imo. Especially when there are potentially millions of dollars being protected this way.

Another problem: Recently someone posted on the Reddit bitcoin section that they had created a brain wallet using a site someone had created on Appspot, and whoever programmed it did so maliciously, sent all the brain wallet info to the server, watched the wallets, and then stole the coins once they went in. Oh, I just noticed, there was another post a month earlier when this happened to someone. You could argue that this isn’t a fundamental problem with brain wallets in theory, but the whole idea of brain wallets is to make things easy, and (clearly) a lot of people are not going to doublecheck that the brain wallet creation is done client-side in Javascript. Much less actually write their own or run it offline, etc.

One other problem, and honestly this is going to sound ridiculous, but anytime I ever have to enter a TrueCrypt password, I think “man, what if I went completely bananas and forgot this forever”, and I think about this book, Brain on Fire, where a lady got a rare autoimmune disorder and lost her mind for a month. If that happened to me, I’d just lose some passwords that I keep encrypted, but I’m sure there are people out there with substantial sums of money in brain wallets.

How easy is it to crack one? I don’t think I’m giving anyone any crazy trade secrets by illustrating: Let’s take that 4 word phrase “correcthorsebatterystaple” from the xckd comic. Pop over to https://www.bitaddress.org and click on the Brain Wallet tab, paste it in there and click the button to create the public address and private key for it. Oh you doublechecked to make sure that form is running client side in javascript right? Me neither

Okay, so the address for ‘correct horse battery staple’ (with spaces) is 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T so let’s paste that into a url and head over here:

http://blockexplorer.com/address/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T

Well well, I guess I’m not the only one who thought of that xkcd comic.

Anyhoo, I do hope I’m missing something on this, I’m not the world’s smartest guy, let me know if so, but if you ask me, brain wallets should be considered dangerous and discouraged.