This article will introduce a solution that retains the advantages of brain wallets while avoiding their shortcomings. Its essence is to use personal passwords to create brain wallets. This method can be extended to sensitive passwords, adding unique and powerful attributes to wallets.

A brain wallet is a Bitcoin wallet whose password is derived from a secret sentence that can only be stored in memory.

Most Bitcoin experts believe that brain wallets lack security. There are indeed some examples of users suffering losses due to their own mistakes.

However, brain wallets have a unique advantage:

Since brain wallets have no physical existence, they are impossible to steal. This is a unique feature of brain wallets.

But brain wallets also have the following defects:

1. Vulnerable to brute force attacks

2. Forgetfulness

It would be much better if we could solve both problems independently, but the more we try to solve one (by using an easy-to-remember password or a long, random set of passwords), the more vulnerable we are to the other.

Detailed explanation of brain wallet shortcomings

There are three reasons why brain wallets are extremely vulnerable to brute force attacks. First, human behavior is inconsistent: if I ask you to say something random to me, you will never really say something random to me.
You might choose a logical statement or a famous quote as your password.

In order to be remembered, the password must have some meaning, but unfortunately, the range of sentence passwords is relatively small compared to the range of letter combinations.

Second, computers are very good at calculating hashes: you might think that a random sentence from an obscure book would be a safe password, but it is not. Sophisticated systems can calculate trillions of hashes in a second.

For example, France has published a total of 14 million books from ancient times to the present. Assuming that each book has 500 pages and each page has 20 sentences, there are about 140 billion sentences in total. This only takes two seconds for a computer to calculate. Therefore, any sentence that exists or you can imagine is not safe. Similarly, any text on the Internet is not safe. Using an existing sentence (such as a sentence starting with x) or another language as a password will only bring greater security threats.

The ideal order of magnitude we seek is far beyond the fundamental particles in the Universe, so while we have a reasonable margin of error, we are also protected by thermodynamics.

The third and most important issue is that anyone, anywhere can attack a brainwallet at the same time: in a common brute force attack scenario, hackers can target a specific group of users. In this case, the real danger is that any attempt to brute force a brainwallet is blindly attacking every wallet user at the same time. Since every computer can generate passwords, this also means that anyone, anywhere can not only crack our password, but also the password of anyone using a brainwallet.

Then, the attacker can build a huge彩虹表, and once a deposit is made to a certain address, he can check it in time and quickly erase the traces.

A couple of people tried to solve these problems: one used a more advanced and very slow hashing method, and the other used a strong salt method. However, the problem still existed, and they used more complex passwords to solve the problem, increasing the risk of forgetting the password.

Given these problems, is there no hope for brain wallets?

Security Wallet

I believe that the way to improve brain wallets is to store a series of personal questions, such as writing them down on paper, and then use these questions to generate a password. I have been using this method since 2012, which not only simplifies the wallet but also makes it more secure.

This can be seen as an "upgraded version of纸钱包": even if the security wallet is discovered, he still needs to find the answer to the question. This can also save you from having to trust your girlfriend, bank, notary, etc.

The answer must be easy to remember, private, and not ambiguous. Finally, salting questions can be used to protect vulnerable password wallets.

How does this compare to existing cold storage technologies?

1. Cold storage does not have the possibility of physical theft, just like brain wallets. However, paper wallets have the possibility of theft and loss.

2. Like a paper wallet, it is almost impossible to forget.

To ensure safety, you must take precautions and use the following rules:

1. Leave a space between each word

2. Each letter cannot be capitalized

3. If the answer contains several words (such as a compound name), only the first rule can be used

For safety reasons, we also recommend the following:

1. Users should ensure that their answers are unique and not ambiguous.

2. Ensure that the answers cannot be obtained from the Internet

3. Use at least 20 questions

Finally, the answers to the questions should be complex enough: each answer should be complex and relatively uniformly distributed.

A good answer would include: some time, some names, some places, some random imaginary objects.

For example, you could use these questions:

1. What was the name of the puppy I had when I was 7 years old?

2. In which city did I sprain my ankle?

3. What was the last name of the girl I slept with at the HEC "Let It Go" party at school?

4. What was the name of the friend I lived with in Barcelona for 3 months in 2012?

5. What was the first word of the video game my brother Frank and I played on holiday at Cousons?

6. Which race do I choose when playing Warcraft 3?

7. What is my friend Aurélien Dupont's nickname?
8. Which farmer did my uncle Samuel Laurent buy milk from all his life?

9. What is the name of the paper game that my friend Kris and I invented when we were kids?

10. The city where I proposed to my wife

11. What is the name of the character in The Legend of Zelda 3 that I played on NES?

12. On which day did my black ex-girlfriend throw my phone into the bathtub? Please answer in the order of day, month and year.

13. What was the phone call I received from my best friend on my 11th birthday?

14. What is the name of the girl you met in Las Vegas?

15. On which day did you get beaten up? Please write the date, month, and year.

16. What is your favorite teacher's name?

17. What was your favorite sport when you were 12 years old?

18. What career did you want to be when you were 15?

19. What is Vanessa's nickname?

20. What was the last name of the person you hated the most when you were 18?

As an additional protection against brute force attacks, these questions should be listed in order, such as the following. Obviously, the example I gave is not necessary, but it is always a good idea to do so (wallet-based questions can provide effective protection). This will also ensure that wallets without verification questions are not vulnerable to brute force attacks.

1. What is my father’s grandmother’s name?

2. What is my father’s grandmother’s last name?

3. My father’s and grandmother’s birthdays (year, month, day)

4. What is my mother’s grandfather’s name?

5. What is my mother's grandfather's surname?

6. My mother’s grandfather’s birthday (year, month, day)

7. What is my name?

8. What is my last name?

9. My birthday (year month day)

To answer these questions, you would use sentences like the following:

“woufy civrieux dumoutier guillaume castlevania cycom albator sander doomotor sydney…”

Using the standard SHA256 algorithm (or a better slow hashing algorithm) you can get the private key.

Succession Planning

A great feature of brain wallets is that the process of inheriting assets is not complicated. By choosing your questions wisely, you can pass on your brain wallet to the person of your choice on the day you die.

If you don't have a loved one or don't really care about having someone inherit your wallet, you can set up questions that only you know the answers to.

If you only want your spouse to get the Bitcoins, then you should set an answer that only you and your spouse know.

To create a wallet that can be inherited, you need to set up some questions that different family members know, and some answers that friends know.

After your death, all members need to work together to retrieve your secure wallet.

It is particularly important to use some private information that is not actively shared by others.

Deterministic secure wallet

It is also possible to create a确定性的密保钱包. By adding an integer after the password, we can get an infinite number of private keys from a secret wallet.

For example, the third key generated from the "this is my password" seed would become "this is my password 3".

Many private keys derived from one private key are more private. At the same time, address reuse poses a potential security threat, even though Bitcoin's cryptographic scheme (elliptic curve) with a good random number generator has been secure so far.

Likewise, as glaatraa demonstrates, the password can be used as a seed for hardware wallets like Ledger or Vault.

Overall safety solution

In addition to storing digital currency wallets, passwords can also serve as a powerful security mechanism.

By using the security code to generate your password, you will experience the advantages of a security wallet.

For example, suppose you run a business that manages millions of dollars worth of digital currency, and for convenience, you want to back up your hot wallet to the Internet. You encrypt your wallet with a password, so the question is: how can you save and share your password as securely as possible?

Passwords should be stored in a way that is sensible and does not draw attention to themselves.

You can share it with the creators through a shared storage such as email or an anonymous pseudo-secure form. But this is not a good solution, as both email and computers can be hacked. If someone uses a Trojan, a login keyboard implant, or a screenshot, this secret security channel will be ineffective.

You could use a physical token that provides 2FA, a hardware wallet or something similar. This is probably one of the best options, but it is still vulnerable to real-life thieves and requires physical delivery to the right place.

Finally, you can write down the combination yourself with a nice pen and paper. This is also a good idea, but it is also vulnerable to thieves and requires you to be in person or go to the post office.

Well, the worst case scenario is: all mailboxes and computers are hacked, emails are opened, and all the secret places you can think of are discovered. In this case, how can we transfer and store passwords without anyone noticing?

Using a password based on something only the creator knows makes it easier to store (send an email with the question to everyone) and harder to steal (only the recipient knows the answer).

Of course, we have not solved the big problem of shared entrance to the founder’s wallet, but多重签名is a solution.

This solution can well solve the now defunct MasterXchange. In fact, we were very confident in this in the past because we used this design in many places, such as encrypting wallets with passwords and unlocking wallets with passwords.

In this way, we can easily store a large number of passwords directly in emails without having to worry about providing passwords to attackers after the email is hacked.

For example, this is a slight change for privacy, the following is one of the passwords we use:

1. What is Adrien Lafuma’s father’s name?

2. What is the name of the friendly former poker pro we met in Amsterdam?

3. What is Adrien's hippie cousin called?

4. Root password of masterXchange development environment

5. Johan Montargon's nickname

6. What was the word of the first game we bet on and where Adrien lost 2.5 bitcoins

We are currently talking about a specific password that can only be used in a specific situation (unlocking the wallet), and these answers are very random (there are many root passwords and they are very random), so there is no need to worry.

Additional safety tips

The secure wallet is used to solve the cold storage technology.

The same advice used in the past for creating paper wallets and brain wallets still applies here: use a fresh operating system offline with no installation files. Live Ubuntu is a good choice.

Make sure you spell the password correctly at different times and that the wallet gives out the same public key every time.

Do not enter your password (or private key) into a search engine or on the Internet, otherwise it will leave a trace. Your password is your private key.

A little philosophy

Earlier I demonstrated how to use a secure wallet to share a secure key (password) in front of everyone. This is very similar to a public key digital currency system, where you can exchange passwords secretly using an unsecured medium by using public keys to each other.

But there is still a problem, you have to know the recipient's public key to ensure that you sign with the correct key. This is why HTTPS authentication requires a third party to ensure that this is the certificate you are looking for.

With a memorized secret mechanism, you can rest assured that only the recipient can decrypt your password.

Using it instead of a private key to hide information is like signing your private shared experiences: only people who share the memory with you can decrypt the information.

This would seem to help build a more general cryptographic system based on this principle, but this is beyond the scope of this article, which focuses on the important uses of Bitcoin cold storage technology.

in conclusion

I hope this article has shown the features of crypto wallets. Crypto wallets may provide a more complete cold storage solution than brain wallets and paper wallets, because they combine the convenience of paper wallets without the risk of theft.

You no longer have to worry about fires or having to store backups at military bases.

Finally, we provide a way to safely share and store passwords even at the risk of theft, which we believe can become an important security tool in Bitcoin transactions.

We hope this helps the Bitcoin and digital currency community.

Thanks to Adrien Lafuma for this insightful discussion.

－－－－
Original article: https://medium.com/@DarkEmi/beyond-brainwallets-question-wallets-267fbd17995f#.9z5ortmw6
Author:DarkEmi
Translator: Wang Er
BTC address: 16enj2bapYdzPfa2DWSVaT1g95MCXg2hHt
Editor: printemps
Source (translation): Babbitt Information (http://www.8btc.com/beyond-brainwallets)