Tag Archives: Understanding

Brainwallets and Why You Shouldn’t.

One of the most complicated aspects of Bitcoin and cryptocurrency security is that of maintaining your wallet security. Sadly, there is a lot of conflicting and non-intuitive information out there and it can be difficult to find information about what to do and how to remain safe.

One way of handling wallet security is through a method called brainwallets. In short, these are wallets that use a memorized word, phrase, or sentence to generate a secure key for an address.

Unfortunately, it’s not as easy as just coming up with a good phrase. To understand why, you need to understand a bit about wallets, addresses, and keys. Don’t worry, it won’t be very complex, and I’ll write a more extensive article later on deeper details.

Wallet and Key Primer

The first thing you need to know is that a wallet, in cryptocurrency terminology, is more like a collection of addresses than a store of money. It is the addresses that store the coins, not the wallet. The wallet is really little more than a list of the private keys for those addresses.

Each address is a unique string of characters that is derived from a public key. It is not the public key as such, but rather the result of some mathematical juggling.

At this point, you may be wondering what these private and public keys are, so let me give you a brief overview.

Modern cryptography often utilizes a private and public key pair. Each of these private and public keys in a pair are linked so that a certain public key always corresponds to a certain private key, but in such a way that knowing one part of the pair does not give you the other part.

For example, and very simplified, let’s say you have a public key ABC that corresponds to the private key DEF. You can validate that the key DEF corresponds to ABC and the other way around, but you cannot find DEF simply by looking at ABC.

In fact, you want people to have your public key in many situations. You can share the public key with anyone as long as you keep your private key, well, private. This is essentially what you are doing when you publish your cryptocurrency address, although it’s technically difficult to get from a Bitcoin or Dogecoin address to a public key.

By sharing your public key, or really the address derived from your public key, you accomplish two things. First, you allow people to send coins to your address, which at least in my book is a very compelling goal. Second, you create the ability to sign messages using your private key so that anyone can verify that you control the address. This allows you to send coins as well.

Note: You can even use this in reverse to create encrypted messages that only whoever has the private key can open, but that’s for another article.

Having the the private key part of a public/private key pair means that you can use the key DEF to sign a message, and anyone seeing that message can, knowing the ABC public key verify that it was indeed signed with the corresponding DEF key without knowing what the DEF key really is.

Note: Signing a message is really just creating a unique sequence of numbers or signature as it is usually called, using the private key and the message. Because the private key DEF always corresponds to the public key ABC, anyone who knows the ABC key can verify that it was indeed signed with the DEF key, again without knowing the DEF key.

Cryptocurrencies utilize this key pair method too by creating a unique address derived from the public key ABC. The private key DEF remains in your care, and this is what you need to guard to care for your wallet security. Your wallet essentially contains the private keys for any address (and thus public key) you have added to your wallet.

Anyone can verify that any message, such as a transaction, derived from a public key is indeed signed by the private key that corresponds to the public key. So, as long as you control the private key corresponding to the public key used to generate the coin address, nobody but you can sign a message that sends money elsewhere using that address.

So, with that primer out of the way, let’s look at brainwallets and why they are a bad idea.

Brainwallets: Just Say No!

Every transaction in Bitcoin, Dogecoin, Litecoin, or any cryptocurrency rely on two keys only; the public key, used to generate a coin address, and the private key, used to sign messages to control the coins held by that address.

This is what creates the semi-anonymous nature of cryptocurrencies. Nobody knows who controls the private keys, and whoever controls the private keys control the money. There is no other identifying properties such as address names, usernames, passwords, or anything like that. If you have the private key, you have everything you need.

However, remembering a private key can be very difficult. Here’s an example of a private key:


This key corresponds to the address 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T, which is a fairly well-known and quite insecure address used as an example for a brain wallet.

Instead of trying to remember the private key, or having to keep it secret and possibly losing the medium used to store it, a brainwallet instead uses a phrase or sentence that is much easier for people to remember.

The above example is the brainwallet key for the phrase “correct horse battery staple” which is from a well-known XKCD comic that explains an aspect of passphrase security called entropy.

A brainwallet uses similar cryptographic number crunching to turn that phrase into a private key for a cryptocurrency address. Seems genius, right? You don’t need to memorize any cryptic strings and you don’t even need to store your wallet or private keys anywhere. Simply remember the passphrase and you’re golden; you can always recreate the private key from the passphrase.

But there’s a problem.

A Brilliant Idea Tainted

Because the only thing you need to get access to funds is the private key, and the passphrase can be used to recreate the private key, you end up with a situation in which anyone who uses the same passphrase as you will get the same private key.

The above example, using “correct horse battery staple” is an example of this. It is a common phrase that, while easy to remember, is also known to everyone and also fairly easy to guess.

In short, you end up with a security solution that relies solely on a passphrase that must be globally unique and extremely difficult to guess to have any meaning.

The XKCD comic is still right, but not in the case of cryptocurrency and wallet security. In a website login, a passphrase may work fine because you can add a bit of difficulty by having to combine the username and the passphrase, but also because you cannot simply brute force a billion attempts every second to try to log in using every conceivable combination of words. The server would either overload or there would likely be some kind of lockout after a few failed attempts.

With cryptocurrencies, however, you can try combinations of words as many times as you want. You don’t log in anywhere; you simply create a private key from the combination of words.

To create a secure brainwallet, then, you need to have a passphrase that is guaranteed to be unique and very difficult to guess.

You may think you can outsmart the system by using something that is unique to you. For example, add your spouse’s middle name to your phrase to create something like “correct horse denise battery staple”. However, you’d fail on the ‘difficult to guess’ part, and you’d fail in the globally unique part because, well, other people have spouses named Denise too.

You may use a longer passphrase but again, with the power available to modern computers these days, trying billions of combinations take seconds at most and if the attacker knows even basic information about you, such as the languages you use, your family names, your birthdates, and so on, it wouldn’t take very long to outsmart you by simple brute force.

Even if you managed to find a unique and difficult to guess pass phrase, you’re still stuck with a couple of problems.

One such problem is that you also need to remember the passphrase. The longer the passphrase, the more difficulty you’ll have remembering it.

Note: Writing it down is… not good.

“Great, “ you think, “I’ll use the first paragraph of the national anthem” and you’d fail in the difficult to guess and globally unique aspects again. “So, what about the combined names of all my kids, my parents, and my own, in random order?” For a password, it would be great, but for a brainwallet, it is not sufficient.

But let’s give you the benefit of the doubt and hope you remember your 28 word passphrase perfectly, and that it is both difficult to guess and globally unique.

Now you need to remember such a passphrase for every unique address you control. in cryptocurrencies, new addresses are cheap and used extensively. I’ve had hundreds if not thousands of unique addresses in just the year or so I’ve been involved with cryptocurrencies and remembering a passphrase for even a fraction of these would be impossible. And I do have great memory.

So, Any Good News?

You may think that based on what you’ve read so far, brainwallets have no use at all. That’s not entirely true, but like any tool, you need to know in which situation it makes sense to use it, and not try to force the situation to fit the tool you want to use.

For example, in cold wallet strategies, having a brainwallet may work great. Rather than storing the private keys in clear text, you can store a passphrase as part of something else. For example, you can put a book in a safe, and remember that the passphrase is the second paragraph on page 238. Whoever breaks into the safe won’t know the secret to finding the passphrase, and you just need to remember a few items of data. It isn’t practical for every day use, but then again, the purpose of cold wallets is to be long-term storage, not day-to-day payments.

Note: I’ll write about cold wallets and cold wallet strategies in a later article

For most normal uses, however, brainwallets aren’t as cool as they initially sound, and you need to be very careful before you rely on them for your security. With the knowledge you’ve gained here, though, you may be better able to determine when to avoid them and how they may be used as part of an overall security strategy.

Found this article valuable? Want to show your appreciation? Here are some options:

a) Visit my sponsors to let them know you appreciate them helping me run this site.

b) Donate Bitcoins! I love Bitcoins, and you can donate if you'd like by clicking the button below.
Donate Bitcoins

c) Spread the word! To the left, you should find links to sharing this article on your favorite social media sites. I'm an attention junkie, so sharing is caring in my book!