-By Milly Bitcoin – November 3, 2013.
“Brain Wallets” are wallets created by a passphrase. It could be a sentence or phrase or just a group of words. Some users are confused about how complex this password or phrase must be in order to be secure. The advice, Don’t do it.
The misunderstandings comes from several things. A password attack that most users are similar with is where a user attempts to log into their e-mail account or a web site. In these cases the attacker is communicating with a server that is processing the requests and this is often detected or limited in some way. A “brain wallet” attack is done offline so the attacker can use many large computers to make many, many attempts without being detected.
Another misunderstanding is just how many attempts can be made. For instance, replacing “S” with “$” probably isn’t going to add much security. Many people are surprised after they lose funds with complex or obscure phrases.
Users are also shocked how fast the funds are taken, sometimes less than 5 seconds. It works using “Rainbow Tables” which are tables of Bitcoin addresses and the associated private keys pre-calculated. The Bitcoin transactions are monitored in real-time and when a match is seen, the money is withdrawn immediately via a script. Some users think that if the funds are not taken right away then they are safe. However, the script may wait until the balance is larger. Also, the attackers are growing these “Rainbow Tables” over time and these is no telling how large they will become.
While it is possible to do a “Brain Wallet” securely a certain percentage of users will not do it correctly. The easiest and most secure way to back up your funds is to use Bitcoin Armory wallet. This is a “deterministic” wallet which means you just need one key to create or “determine” all the addresses used by the wallet. It is backed up using a long string of letters. Backing up this string of letters, without identifying it as a Bitcoin wallet, is a way of discreetly backing up your wallet.
One Bitcoin address collecting these funds put into weak “brain wallets” is at
370 millyBits has been collected so far.
A recent transaction from the “brain wallet” using the password: “password” was taken in about 1 second since the Bitcoin transactions are easily monitored: