1

Since the private key is basically a random large number, would I be able to pick a password and have that converted into an address?

For example: pick "mysecretpwd". Have it sha256ed, obtain a large integer that is the private key from which I can easily derive the public key and the bitcoin address.

Then for spending any funds received at that address I only need to remember "mysecretpwd", no private key storage on paper, mnemonics or anything, basically the funds are stored in my brain.

What are the security/privacy implications?

Tedy S.
  • 87
  • 3

1 Answers1

4

What you are describing has been done before, and is known as a "brain wallet".

In earlier days, some wallets and online website did use this system. However, it has proven quite insecure, as humans are terrible at picking secure random data for the "password", and computers are great at guessing them. Many BTC have been stolen from insecure brainwallets, and at this point we have much better and safer means of easily accessing wallets, namely BIP39 seeds.

Raghav Sood
  • 17,027
  • 3
  • 22
  • 43
  • So you're saying that it is feasible for a computer to brute-force a strong 20 characters alphanumerical/symbol password that I sha256 a million rounds? – Tedy S. Sep 28 '18 at 10:00
  • 1
    @TedyS. yes. see here – Abdussamad Sep 28 '18 at 10:49
  • I think what the folks at bitcointalk were advising against is using a simple dictionary word that is susceptible to rainbow table-like attacks. I would imagine an attacker's chances drop substantially if the hashing is done multiple times, like I said earlier maybe a million. – Tedy S. Sep 28 '18 at 12:55
  • https://en.bitcoin.it/wiki/Brainwallet – JBaczuk Sep 28 '18 at 14:34
  • @TedyS. to be fair to Raghav, your original question did not mention a million rounds of hashing (so implicitly one only) and your example passphrase is composed only of simple dictionary words and commonplace abbreviations in all lower-case ASCII letters. Answerers can only answer the question you actually post, they can't anticipate how you might subsequently move the goalposts. – RedGrittyBrick Sep 28 '18 at 14:59
  • @RedGrittyBrick that is indeed correct. And I assume one cannot simply standardise an algorithm for generating the private key from the "password" because then it would be well known for attackers as well, right? But that still does not mean I cannot generate an extremely secure one (against bruteforcing) with a custom algorithm involving multiple hashing, right? – Tedy S. Sep 28 '18 at 15:19
  • @TedyS. In security critical code it is virtually always considered incredibly foolhardy to go against long-established and long-proven experience such as that given in the link in JBaczuk's comment and, for example, here or here. You might be right but I am not going to endorse an approach that seems long discredited. I know my limits (or think I do) - Sorry. – RedGrittyBrick Sep 28 '18 at 15:29
  • @TedyS re "one cannot simply standardise an algorithm for generating the private key from the 'password'" - See https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki. A broadly accepted principle in the field of information-security is that using well-known or standardised algorithms is usually the safest, even if your enemies know which algorithm you use. – RedGrittyBrick Sep 28 '18 at 15:38
  • @TedyS. Adding a million rounds of hashing does not actually add much entropy, and is trivial for an attacker to compute. Please heed the warnings of others here, and use well-established cryptographic techniques for generating a private key. Brainwallets are very well known as being insecure. – chytrik Sep 28 '18 at 20:02