The concept of a brainwallet has been around for a few years.
The only thing you need is to remember your passphrase and make sure it’s not written down anywhere.For example wallets like Electrum, Armory and Mycelium create backup mnemonic words seeds. But you need a really strong passphrase. Your phrase is turned into a 256-bit private key which is then used to compute a Bitcoin address. But any user who thinks they have chosen a strong passphrase might be up for a surprise.
At next month hacker conference DefCon, a cracking software will be released publicly that can change the way people think of bitcoin security forever. The author of the cracking program, Ryan Castellucci says to Wired Magazine: “…people are terrible random number generators.” In his testing of his new updated program Brainflayer, he found a wallet containing 250 bitcoins in just a few hours.
If his software Brainflayer was to run on a botnet of malware-hijckade computers, it could possibly generate up to 100 billion passphrases a second. Not as fast as NSA’s trillion passphrases a second, but still a remarkable achievement. Bitcoin users brainwallets have been hacked before. But on August the 7th 2015, the cracking program will be available online. Why is Ryan releasing his program to the public? On his personal website, he states:
I will be presenting some research on that at DEFCON (particularly weak brainwallets have been robbed within seconds), but I can only divine so much information indirectly. Releasing a cracker will give concrete, indisputable evidence of what’s actually possible, and mine probably isn’t faster than what bad guys are already using. Hopefully this will convince people not to use (or stop using) brainwallets.
If you have a lame passphrase that is taken from any website, book, dictionary or made up with a few special characters, this is the time to upgrade your passphrase. Not even Edward Snowden’s “MargaretThatcheris110%SEXY.” is safe anymore…