Brainwallets: The Bitcoin Wallet You Probably Shouldn’t Use (Unless You Have To)

brainwallet
14 October 2020

A relic from Bitcoin’s early days, a “brainwallet” refers to a private key that is stored in the user’s memory either in the form of a seed phrase or a password, essentially giving you a portable “bank account” locked inside your head.

  • Once you have the private key memorized, the rationale goes, you can access your bitcoin wallet from anywhere in the world, as long as you have internet access. It’s especially useful if you need to get out of Dodge quickly; your bitcoin will always be with you.
  • To create a brainwallet, you can generate a new address using Bitcoin wallet software, memorize the seed phrase associated with the address using a mnemonic trick, and then delete the wallet from your computer or smartphone.
  • You can also generate the private key yourself using bitcoin software specifically designed for creating brainwallets. This will create a wallet using whatever passphrase you choose to represent your private key. However, this method of generating a brainwallet is highly insecure for a number of reasons (poor entropy, for example) and is generally discouraged.
  • Since brainwallets rely on the user remembering a passphrase, there is always the risk that you’ll forget it or, in the case of a user-generated phrase, that it will be easily guessed.
  • To demonstrate how vulnerable user-generated passphrase wallets can be, depending on the quality of the password, an anonymous BitMex researcher generated eight wallets using quotes from popular literature, lyrics from a Bob Dylan song and an excerpt from Bitcoin’s white paper. Impressively, the “Call me Ishmael” wallet, derived from the notable opening line in Herman Melville’s "Moby-Dick", was harpooned by a hacker literally the second it was created.
  • For the others, all were swept within the day. The quote from the Bitcoin white paper took the longest to crack at roughly 13 hours.
  • BitMex Research believes a single entity swept the wallets.
  • “The speed and nature of the redemption of the funds clearly indicates that people have servers up online 24/7 scanning the blockchain and their respective memory pools for weak brainwallets to hack. These servers are likely to have pre-generated many hundreds of thousands of Bitcoin addresses, using text from thousands of published works, music, books, academic papers, magazines, blogs, tweets and other media and then stored these in a database,” the post reads.
  • When generating a brainwallet, BitMex Research suggests composing a medley of words and phrases to create a more complex passphrase rather than relying on something “simple and poetic.”
Disclosure
The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.