Blog > Bitcoin & Blockchain Tech

How to make a brain wallet

By Craig Wright | 27 Mar 2019 | Bitcoin & Blockchain Tech

In the past, a concept known as a brain wallet was common. It is something that has a lot of value and yet has been overlooked because of bad security practices. The creation of a brain wallet can be incredibly secure. But, it is also something that suffers from the same problems as associated with passwords. And here lies the problem; a brain wallet is not a password and should never be treated as one. There must be sufficient entropy to ensure the security of the system.

If you read the Bitcoin wiki, they tell you not to use human-generated passphrases. Doing as they say is not necessarily best, and in fact, the strength of a brain wallet should be related to the information and value being stored.

If you are storing millions of dollars in a single key, then a simple 12-word brain wallet is a very bad idea. If you are storing USD50 worth of value, not many people are going to seek to crack your passphrase. The reality is that the cranks in the industry love to tell you that you must have perfect security for everything. Seeking such an end is completely wrong.

They, like many in Core, will tell you never to use a brain wallet. The reality, though, is that nobody will crack a good phrase. What they should be teaching is how to create a good brain wallet. Done well, it is completely secure and you can ignore the cries of “it’s not perfect.”

Right now, we still cannot crack 20-character passwords with a few special characters, not in reasonable times. And by reasonable times I mean decades. The secret is not to use two or three words but rather to take something that no one will guess or find and modify.

I can set up a structure that I know and can tell others about, and doing so can offer a source of recovery for a key.

The given page has a key associated with it. It’s from a book I quite enjoyed. Using it, I have a method to create a key. Even with such knowledge, I do not believe someone will find my key. The key has 50 bitcoin associated with it — in fact, it holds/controls 50 bitcoin before any split and has never been spent. It is a brain wallet, and even telling you so and giving you the data needed, I propose that it remains secure.

My process is as follows:

The first footnote of the page has a value, 1547. I start by transposing the number in the first footnote. Here, I take the first number and leave it where it is, then I take the fourth number and place it before the second number.

I now have the number 1754. In footnote 2, there is a number in Roman format, XXX, which comes to be 30. I add the two numbers to get 1784.

I take the number as a year, and now go to the All England Law Reports for the same year.

Footnote 3 in the first book now links to note number 13 in a particular case that occurred in 1784. The case matches the requirements as Earl Cowper translated the Iliad, fixing many of the errors that had been allowed to exist in the papal translation. Earl Cowper had a relationship with the Newton family, yet they derived of Sir Isaac. So, finding the case requires that you know a little of the history of the people.

In my case, it requires you know a little about the case and more.

The brain wallet for the key, one that today holds around USD250,000, can be cracked using note 13 on the page I did not image and a combination of values that can be derived using the text on the first page of the first book. In particular, the first 80 words of the first book I transposed with seven sentences from the reference at point 13 followed by nine sentences of the second image. Every sixth word is deleted from the second, as is every eighth word from the third.

Such a formula is enough for me to create a key that is attached to a brain wallet, one that with the right texts that are of the correct print can be used to reconstruct a secret key. I am also going to categorically claim that with the money remaining in the wallet, it will not be discovered even with the clues.

In fact, there is more entropy in such a simple scheme than there is in any deterministic wallet created by Core.

So, the monkeys who run around saying that the world needs to be perfectly secure are the ones who are clueless. They can argue in DeFcon how they can crack many many simple keys, but the reality is that they simply have no idea about security or risk and seek not to teach people but to become high priests protecting the security of everything through their magic numbers.

So please, crack away. You have access to money right here. Run through every combination you can find as you won’t be stealing; I’m telling you, it’s a prize. I’m also making the some will say bold claim that you will not have a clue what the key is.

A part of the reason is that everyone assumes that it must just be hashed using SHA256.

Well the assumption is not correct.

Let me give you some further information.

I start with SHA512.

Split it in two. The first 256 bits are now hashed using SHA1, and the second 256 bits are hashed using RipeMD160 with the two parts being concatenated and hashed into the key using SHA256.

So, such is the secret to a brain wallet in a very valuable Bitcoin address. From here, you can find the secret key to an ECDSA public key that unlocks a lot of bitcoin. Yet, even giving you all the information, I guarantee that no one will take a single bitcoin from it.

The reality is that brain wallets can be incredibly secure, but we need to teach people how to create a secure system. Even if I was to take a simple passphrase such as “Who is John Galt?” I could make it secure.

In such a case, the security would be in the process that is not shared. I take the word Who, and hash it using SHA1 to obtain H1. I then take the second word is, and hash it using SHA256 to obtain H2. I take the third word John, and again hash it using SHA1 to obtain H3. I then finally take the last word Galt? and hash it using SHA256 to obtain H4.

Now, I simply concatenate all of the values and hash them using SHA512 followed by SHA256:

SHA256[SHA512(H1||H2||H3||H4)]

The result is a value that you will not guess, unless, as I’ve just laid out, you know the process. It’s part of the concept of a brain wallet. To teach people how to use one also involves teaching them how to create a good process and that the process itself is part of the secret.

So, surprise me.

I would be remarkably impressed if somebody was to put together all of the required details even with the information above to obtain money from the brain wallet I have just described.