Stay up to date on all things crypto and blockchain
Token Daily is a place to discover trending news and products in crypto and blockchain.
Bitcoin Magazine - @BitcoinMagazine
6 days ago
Shout out to @BitMEXResearch for keeping up the good work. If you're going to use a brain wallet, avoid any literary cliches:
https://t.co/lcLEzyG0Di https://t.co/C67R0hoPhH
3
9
Leon Fu - @leoncfu
6 days ago
This is a concern. Is it possible the random wallet generator in hardware wallets were not random and gets hacked? Should we roll some dice and create our own seed words for extra security? https://t.co/hnsmPceyAt
1
2
Pierre Rochard - @pierre_rochard
6 days ago
RT @BitMEXResearch: Call me Ishmael
8 Bitcoin brainwallets were created, using passphrases from popular works of fiction. All the funds were quickly swept away & in one case the funds were taken in 0.67 seconds
If you need to use a brainwallet, don’t choose anything poetic
https://t.co/wIM9M6vm1W https://t.co/7m6748rzyj
121
414
Reuben Bramanathan - @bramanathan
6 days ago
RT @danrobinson: Bitcoin’s mempool is a dark forest too https://t.co/BeIPuZ1Nk7
3
16
nic carter - @nic__carter
6 days ago
happy to see @BitMEXResearch still posting, and with such a whimsical premise too. I am curious as to how these automated wallet-sweeping bots work. huge DB of addresses constructed from every line of every book in libgen?
https://t.co/DsjmYnLTgf
4
21
Adam Back - @adam3us
6 days ago
TL;DR of demonstration from @BitMEXResearch: don't use brain wallets. https://t.co/qyeUZ7VXsw
7
47
sos755
Platinum | QC: BTC 493, BCH 185, CC 116 | MiningSu 5 days ago
What many people don't realize is that over the last several years, there are people that have been generating billions of private keys from movies, literature, music, and quotations, etc. so that if anyone ever happens to use one of them, these people can immediately take the funds.
1
thearmthearm
5 days ago
This article is really sneaky. It doesn't fully explain what a brain wallet is and so it seems as if they are talking about cracking the 12 or 24 seed words plus your passphrase which you took from your favourite book.
2
_o__0_
Platinum | QC: CC 982 | VET 5 6 days ago
What a great experiment!
Thanks for posting.
It reminds of the guy whos key was posted accidentally in some files, and a tx happened seconds after the upload.
Imo, its evidence of some bad shit on the adoption-horizon. Gonna be a bumpy road with bots this nasty patrolling.
2
Tidus17
Tin 5 days ago
It's not an issue unique to crypto: there are a lot of people using very easily hackable passwords. Not to even mention social engineering...
0
BankBailout
Tin 6 days ago
There are tons of bots continually doing this. Even if you use a brain-wallet with the hash of one recent block it WILL get swept away.
2
AutoModerator
6 days ago
Bitcoin(BTC) Basic Info: Website - r/Bitcoin - Abstract - History - Exchanges - Wallets
Biases(Updated July, 2019): Arguments For & Arguments Against | CryptoWikis: Policy - Contribute
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
1
smoothID
redditor for 3 months 6 days ago
I had a few brainwallets that held ridiculous amounts at today's price level. Nothing was taken. But I also didn't create them using dumb methods. Brainwallets still work fine. Though I wouldn't recommend it for most users.
6
zappadoing
5 days ago
I created a bunch of brainwallet honeypots for science-fun and most of them are still not taken yet. none of the keys are taken out of books or existing text, but the keys are hidden in plain sight.
one got taken after 3 years - the key was published in plain text as html-title of a webage - an other was plain text in the bitcoin-blockchain. took also 2years to be taken.
1
KalEll66
6 days ago
This article is deceiving. 12 random seed words are enough. A passphrase added is significantly more.
3
never_safe_for_life
6 days ago
a more secure way of storing coins could be to email yourself an encrypted backup of your private key
So where do you store the key to this encryption? Encypt it and email it to yourself?
I suppose at this level you could use a "brainwallet" e.g. easily memorized seed phrase. To serve as the encryption key for your totally random wallet address.
4
zomgitsduke
6 days ago
Write a script that checks the wallet for funds every second. Sweep keys once amount > 0.
Honestly, could be a pretty low powered device just sitting there trying to check wallet balances over and over again. Could probably run that script on a desktop fr 2010 and just leave it plugged in forever haha.
1
chepas_moi
redditor for 4 weeks 5 days ago
The size of the list doesn't matter when you're using the right data structures. Lists are are your friends for set inclusion operations ;)
0
fresheneesz
6 days ago
Brain wallets are well known to be a badg idea for many many many reasons including that it encourages non random pass phrases and human memories suck. Unless you're trying to get passed Kim Jong Un's blood riders, you probably don't need to even consider using a brain wallet. Get a hardware wallet and securely store your backup seed in a safe. More info
3
operationco
redditor for 2 weeks 5 days ago
> Brain wallets are well known to be a bag idea
For all the bagholders?
1
pegg7
redditor for 3 months 6 days ago
I love it!
When is the next round of this game? Larger amounts please.
EDIT: if someone has a good list of phrases - PM me for some brainstorming. Got the bot already.
2
nyaaaa
6 days ago
Next? Its running..
> Around a year ago, I conducted a similar experiment, where funds were sent to addresses generated by a reasonably obvious pattern deep inside some of the world’s best selling novels. These funds are still sitting in the blockchain today and have not been stolen.
3
pegg7
redditor for 3 months 6 days ago
Not in my list :(
That's why I need to collaborate with someone on the list.
2
operationco
redditor for 2 weeks 5 days ago
https://bitaddress.org was (one of) the first and most trusted, I think.
Save it and run it offline, of course.
1
fijiMath
6 days ago
[https://brainwalletx.github.io/](https://brainwalletx.github.io/)
​
[https://brainwallet.io/](https://brainwallet.io/)
3
badasimo
6 days ago
I may be missing something, but it may be possible to pre-generate a list of common phrases and then just monitor the blockchain for their hashes. That's how the 0.67 seconds one probably worked. So not very expensive, just have to run a node and send each address to a script which will check the list.
7
satoshi_yoshi
5 days ago
>That's how the 0.67 seconds one probably worked.
That's how they all worked. It's not like they could look at a Bitcoin address and then try to work backwards from there. It's just that there are many people out there doing this, some move faster than others to sweep the funds, and they all have different prepared lists of public addresses that they have the ability to spend.
1
pegg7
redditor for 3 months 6 days ago
Right, coding the bot (got this done) + amassing the list (tbd).
1
ProbablyFullOfShit
6 days ago
I think the most expensive part would be that your node needs to be faster than everyone else that's doing the same thing.
5
igadjeed
6 days ago
The literature quotes are all first words from novels. The Satoshi quote is from the conclusion chapter of the white paper, near the end, which is why it took longer to snipe
22
100xer
6 days ago
That's the wrong method. Pick any phrase for a password, add a salt (another unrelated word), and hash it one trillion times.
21
MarkPapermaster
6 days ago
Just use normal trusted Bitcoin software to generate (on a offline computer) a 12 word seed. Copy paste some of the addresses to a thumb drive and then memorize the 12 words. (Now wipe the offline PC) Not using enough entropy for a bitcoin privkey (by coming up with something yourself) means the funds will eventually get lost no matter how clever you think you are.
This method is the only safe way of getting a brainwallet.
5
tituspus
redditor for 1 week 6 days ago
Better than using "trusted" bitcoin software to generate the seed is to rely solely on general random number generator, you can write your own seed generator on top of general RNG (which everything including https, ssl, ssh depends on) in an hour and don't need to trust some rando software.
That is, using an existing general RNG, but it's better to write the glue code to make a valid seed is yourself - it's less time consuming than auditing existing implementations.
And yeah do all this on an offline computer, you want probably an older one without wife and run linux/*bsd to be safe.
1
satoshi_yoshi
5 days ago
Why would anybody do all this versus just rolling some dice a bunch of times to generate a 12 word seed phrase? There are so many hassles and so many different things that can go wrong.
3
tituspus
redditor for 1 week 5 days ago
It's not as much hassle as it sounds, take an old laptop boot live linux and run one script (to generate valid seed phrase on top of RNG is few lines of code).
1
MarkPapermaster
5 days ago
Diceware wordlist and HD wallet wordlist are not the same. If you create 12 diceward words your HD wallet won't accept it when you import it.
1
operationco
redditor for 2 weeks 5 days ago
> you want probably an older one without wife
Without wife I'd probably want a younger one.
3
spe59436-bcaoo
6 days ago
> Pick any phrase for a password, add a salt
Use the seed phrase, remember it using memory palace, and let the wallet deal with salt
2
fresheneesz
6 days ago
Security by obscurity dude. Just don't use a brain wallet. Non random seeds are incredibly insecure.
9
exab
5 days ago
That's not security by obscurity. Hashing a password a lot of times is effectively a Password Based Key Derivation Function (PBKDF) and should be secure if the hash function is secure. Admittedly, a well vetted dedicated PBKDF would be more secure, but that solution should work, too.
1
fresheneesz
5 days ago
> Hashing a password a lot of times is effectively a Password Based Key Derivation Function (PBKDF)
Yes indeed. But a KDF doesn't make a non-random password secure. What is security by obscurity about it is that the KDF would be non-standard. If it is standard, then it can only make a secure password more secure. If the funds were stolen in 0.67 seconds, they might last a few minutes instead.
1
fresheneesz
6 days ago
I agree. It can be useful if you need to access bitcoin after going through draconian searches by authoritarian governments. Trying to keep it in memory for any length of time tho is so risky its probably not worth it for anyone.
2
IKnowWhoYouAreGuy
6 days ago
Anagram a phrase and swap out letters for numbers or special characters, then reverse it and add capitalization to indicate your favorite prime in binary
* IknowWhoYouAreGuy
* IKWYAG
* 1kwY46
* 64Ykw1
...
* ^4ykW1!
but, you know, with more words in the phrase
0
Youwinredditand
redditor for 2 weeks 5 days ago
The thing to remember about these approaches is the method becomes a part of your password. And while using tricks like this may seem clever, they're less secure and more difficult to remember than other methods.
Generally speaking a hardware wallet is going to be the most secure approach. But if you insist on using a brain wallet keep the following in mind:
1. Hashes are your friend and you don't necessarily need to keep the hashing count a secret. With a high enough rehash count you'll slow down attempts to brute force your password.
2. Some aspect of your password should be information you've never shared and not inspired by anything you've seen in the world. It doesn't have to be substantial but you can't ever share this information or enter it into a compromised system.
3. Combined with the concepts above you can add in phrases or information that someone might guess. This information should be substantial but also easy to remember.
Again, using a seed you come up with is generally a bad idea but you're less likely to forget it or get it stolen if you keep the above rules in mind.
1
dealbuddy
6 days ago
I was going to use “this is a test of the emergency broadcast system” until I read this a few years ago
43
Trending this week..
Join Our Newsletter
Post a Job
Teams Hiring Now
-
TokenSoft is the volume leader in compliant token sales.
-
The open protocol for tokenized debt.
-
A secure online platform for buying, selling, and storing digital currencies.
-
A second layer, off-chain scaling proposal for bitcoin.
-
Ensuring the blockchain is inexpensive and accessible to everyone.
-
An open protocol for decentralized exchange on the ethereum blockchain.
- See all