Shared publicly  - 
4
1
Bob Andries's profile photoDanny Hamilton's profile photoDerric Atzrott's profile photo
6 comments
 
Why does it display a way too short passphrase by default? People might think it is ok to generate a private key with such a short and simple passphrase, which is obviously not the case. This website needs a warning or explanation. See also: https://en.bitcoin.it/wiki/Brainwallet
 
Fantastic link.  I knew that this existed, but didn't realize it had a site.
 
:) Still, they should warn people about short passphrases. Not everyone will get it. Randall's explanation does not hold anymore btw. In his example, we are cracking a single persons password. Not interesting to spend 550 years on it. In the bitcoin scenario, we are waiting to get a collision, which is much more likely as it could be anyone's private key. 
 
At some point people have to take responsibility for themselves.  I agree however that Randall's comic is a bad example for a brainwallet passphrase.  A truly random private key should come from a source of randomness that has at least 256 bits of entropy.  Anything less, and you are not getting the full security of the 256 bit private keys used by bitcoin.  Randall's comic states that the given password has only 44 bits of entropy, leaving it 212 bits short of a "good" password.  Still it is still better (and easier to remember) than the 28 bits of entropy from the comparison passphrase.

Humans are notoriously bad at thinking up something "random". We seem to be hardwired for patterns.  Any brainwallet passphrase chosen will likely result in a less secure private key than one that is generated using a good source of randomness.
 
Sure, but isn't it better to inform them first with a short warning, such that they can take responsibility? The majority of the people still does not have a clue about security. If I remember well a lot of credit cards are secured with exactly 0 bits ;) A lot of things about bitcoin aren't ready yet for mass adoption, but the mass is not ready either. People will have to be educated if they want to put non trivial amounts of money in their wallets, there won't be a bank to refund you when things go wrong.
Add a comment...