The Magnet 29: Can you outsmart my brain wallet?
BRAIN WALLET
Can you outsmart my brain wallet?
To send bitcoin to someone you need three things: some bitcoin, a private key, and the sender’s bitcoin address. Let’s look at the address first. A bitcoin address is a lot like a bank account number. Here's an example of a bitcoin address:
18PQ4ZhNJq4wrd41AoWPCv65CPUSFQbRk4Each bitcoin address has a private key* paired to it. You need this key to move money out of an address (you don’t need a key to receive money into an address). Using a private key is like signing a check.
How do you get some bitcoin? There’s an easy way and a hard way. The easy way is to have someone transfer it to your bitcoin address. The hard way is to mine it. (I’m not going to get into mining, but here’s a good video about mining.)
How do you get a bitcoin address and a private key to send and receive bitcoin? You make them! That’s one of the interesting features of bitcoin. You don’t need permission from anyone to use the bitcoin network. You can make your own address and keys using open source software. Once you have an address and a private key, anyone anywhere can send bitcoin to your address, and you can send bitcoin to anyone’s address. There’s no bank or intermediary to oversee or prevent the transaction.
In practice, the easiest way to generate a bitcoin address and a private key is to use a bitcoin wallet application.** When you set up a wallet for the first time, the app will randomly choose 12 or 24 words that it pulls from a standard dictionary of 2048 words. (The wallet will also instruct you to write them down on a piece of paper for safekeeping.) These words are the starting seed that the wallet uses to generate addresses and private keys using a standard algorithm.
Here’s an example of a 12-word seed phrase:
ship smoke donor hockey mouse advance bleak casino section man thought taxiYou can go to this website and create new bitcoin seed phrases and keys to your heart’s content by clicking the GENERATE key over and over.*** (UPDATE: A magnet reader named Tim told me it’s not a good idea to actually use bitcoin seeds from a website, because your activity could be monitored, or the website could check all the seeds it has given out and steal any funds that it finds. Use a wallet app instead.)
If you ever lose your phone or computer, you can grab the piece of paper with your seed phrase and regenerate the same keys. That’s why it’s important to write down your seed phrase and keep it in a safe place. It’s also important to never show anyone your seed phrase because they could use it to reconstitute your private key and take all your bitcoin.
There’s another way to save your seed phrase besides writing it down. You can memorize it. Look at the 12-word seed above. You could create a story to help you remember the words. “A SHIP had SMOKE pouring from a hole, so an organ DONOR used a HOCKEY puck to plug the hole. It was a MOUSE hole… (and so on)” It probably wouldn’t take too long to commit the story to memory. Bitcoin people call this a “brain wallet.” You could travel anywhere in the world with your brain wallet safely stored between your ears. If you ever needed to send someone bitcoin, you could install wallet software on a phone or computer and type in the seed phrase.
Most bitcoin security exports advise against brain wallets. For one thing, you could forget the words. And if you die, your beneficiaries are screwed.
The worst kind of brain wallet uses a phrase from a book or a song lyric as the seed. Some people do it anyway. You can go to a site like this and enter any phrase you can think of, like “In a hole in the ground there lived a hobbit,” or “We come from the land of the ice and snow from the midnight sun where the hot springs flow” and it will generate a unique bitcoin address and private key from these words. The website, What Are Crypto Brain Wallets? explains why this is a bad idea:
Humans can’t be trusted to create phrases with sufficient randomness — and don’t even think about using your favorite poem or song lyric. There are programs constantly scanning the blockchain for easy-to-crack brain wallets. One researcher created some wallets from song lyrics and book passages, all of which were cracked in a day. One was cracked in under a second.
I tried entering some popular phrases into the brain wallet generator and checked Blockchain.com to see if anyone was using them. It didn’t take long for me to find a phrase that had been used to make an account that had 68 transactions totaling 0.028 bitcoin. For the protection of the address owner, I won’t print the phrase here.
Just for fun, I created a brain wallet using the opening sentence of a book as the seed phrase. I transferred $50 worth of BCH (Bitcoin Cash) into the account. You can see it on the blockchain here. If you can guess the seed phrase, you are welcome to the money.
Here are a few hints:
I didn’t use any punctuation in the sentence.
Only the first letter is capitalized.
The book is a novel written in the 20th century and is one you’ve probably heard of.
If you can find or write a program to automate the process, I encourage it. Otherwise, you can use bitaddress.org to generate a brain wallet from a sentence. If the bitcoin address is 18PQ4ZhNJq4wrd41AoWPCv65CPUSFQbRk4 then you win! You will also see the Private Key on the same page, which you can import into a wallet, like BRD, and then move the money to a secure address under your control. Or, if it’s easier, you can prove that you found the right sentence by emailing me the private key generated by the sentence, and I’ll PayPal or Venmo you the money.
If no one successfully raids my brain wallet, I’ll include an additional hint or two in the next issue.
*It’s important to keep your private key secret because anyone who has it also has control of the bitcoin associated with that address. And if you lose your private key, the money will remain stuck in that address forever. You’ll be able to see it, but you won’t be able to do anything with it. (A couple of years ago, I forgot the PIN code to a little USB device that securely stores my private key. I wrote about the experience of trying to recover the PIN code for Wired.)
**“Wallet” is a misleading term because a bitcoin wallet doesn’t store bitcoin, it holds your private key and lets you send instructions to the bitcoin network to move a certain amount of bitcoin from one address to another.
***Don’t worry about “using up” all the possibilities. There are 2048 to the power of twelve different numbers you can generate using 12-word seed phrases from the list. If you could click the generate button a trillion times a second it would take 170,000,000,000,000,000,000 years to exhaust the supply.
I’ve read many an explanation from plenty of smart folk on the subject of protecting digital currency. Your description of the process was clear, concise and a great example of why your SubStack is worthy of subscription.