This is actually a long-awaited article, which expounds on my personal views on brainwallets. Although the original author shut down Brainwallet.org for security reasons, I believe that brainwallets have their significance and research value, so I built a mirror and put it online. The content is long, and will be published in several parts. Welcome to watch and discuss.

Brainwallet.org is dead, long live the brainwallet!

What is a brain wallet?

As the name implies, a brain wallet is a Bitcoin wallet that exists in your mind. It is actually a way to generate a Bitcoin private key, which generates the corresponding Bitcoin address by calculating the user's input. You only need to remember a password, and you can use this password to restore the Bitcoin address and private key in the brain wallet program.

Based on this idea, a website called Brainwallet.org appeared in April 2012. This is a web-based JavaScript Bitcoin address generator that generates the corresponding Bitcoin private key and address by performing SHA256 calculation on the content input by the user. The benefits it brings are very obvious: 1. Users do not need to install Bitcoin Core (then called Bitcoin) software, do not need to download huge blockchain data, just need to open a website to easily generate and receive Bitcoin addresses; 2. Users do not need to learn how to regularly back up the wallet.dat file, just need to remember the password they set, and they can get the corresponding private key by calculation when needed.

The emergence of brainwallets was like a fresh spring breeze that brought a lot of vitality to the Bitcoin community when Bitcoin applications were scarce and users had high computer skills. Vitalik Buterin, the author of Electrum, once wrote a guide to brainwallets, "Brain Wallets: The What and the How", in Bitcoin Magazine. In the following years, Brainwallet.org was constantly updated, but this core function remained almost unchanged until it was closed in August 2015.

The Tragedy of Brainwallet.org

Although Brainwallet.org has brought a lot of convenience to everyone, it is often criticized by industry insiders due to its implementation mechanism. For example, Gavin once wrote an article on his personal Github Gist against brain wallets, "Do Not Use A Brainwallet! You Are Likely To Lose Your Coins!", and even made such a statement:

Every time I look at the academic literature on passwords/passphrases, I get more depressed about the feasibility of either giving users a secure passphrase that they will remember or getting a secure passphrase from them. I fear there will be a lot of lost coins if “brain wallets” get popular.

Such concerns are not groundless. In fact, this is determined by the principle of Bitcoin. As a virtual currency based on a P2P network, Bitcoin is actually stored throughout the entire network, rather than in a specific physical medium. Although users can ensure that the private key generated by the brain wallet will not be stolen by Trojans in an offline environment, hackers can use brute force to continuously try and steal the address where the currency is stored when they find it.

In fact, every Bitcoin address (with coins) may be guessed, because every private key is just a special string of characters. The emergence of brain wallets, while giving people the convenience of generating Bitcoin addresses through word sentences, also greatly increases the probability of Bitcoin addresses being guessed.

This has given rise to some gold diggers who enjoy this, such as some hackers who gave detailed codes in the article "Smashing Bitcoin BrainWallets, for fun and profit!" Users only need to set up their own vocabulary and run it. Such attacks were very effective in the early days of Brainwallet.org, because many users only used very simple phrases such as "password1" to generate addresses, and it took no more than ten seconds to brute force such brain wallets.

The most famous one is the brainwallet address 14NWDXkQwcGN1Pd9fboL8npVynD5SfyJAE generated by "bitcoin is awesome", because someone used this phrase to generate the address in 2012, transferred 500 bitcoins into it, and then within less than a minute, all the coins on it were transferred away. Another famous brainwallet address is the address 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T generated by "correct horse battery staple". Since this was the default address of Brainwallet.org in the early days, users continued to use it to directly send coins into it. By the time the website was closed, it had accumulated 15.4 coins, which is really a modern version of waiting for the rabbit.

This is the characteristic of brain wallets: if you can ensure that a unique input is generated, you can basically assume that it is safe. But once someone else can construct the same input, the other party will also gain control of the address. And for a large number of users who use Brainwallet.org to store Bitcoin, most of them are far from having the ability to master this tool.

Although there have been constant calls from the community to boycott brain wallets, what ultimately led to the closure of Brainwallet.org was a study published by Ryan Castellucci, a security researcher at the digital anti-fraud company White Ops, at the DEF CON 23 conference on August 7, 2005.

In the study, Ryan wrote a program called Brainflayer, which can guess 130,000 passwords per second, which is more than ten times the performance of its earlier version. If the software is run on a powerful computer, it costs $1 to check 560 million phrase passwords (related information). Ryan said that he used this program to find more than 730 bitcoins, including a brain wallet generated by "how much wood could a woodchuck chuck if a woodchuck could chuck wood", which contained 250 bitcoins.

This makes the brainwallet phrase that was previously considered secure enough to be proven to be very vulnerable. After the research was published, Brainwallet.org immediately announced on Twitter that it would be permanently closed and cleared its source code on Github.

Now that the matter has come to an end, Brainwallet.org has come to an end. But does this mean that brainwallets are dead? Is the security of brainwallets so poor? All of this needs to start with the detailed principles of brainwallets. In the next article, I will explain this and analyze and discuss the security of brainwallets.