[messaging] Peerio
Ben Laurie
ben at links.org
Thu Jan 15 02:37:35 PST 2015
On 14 January 2015 at 23:02, Mike Hearn <mike at plan99.net> wrote:
> My big question (sorry Nadim, if this has been addressed before as part of
> the MiniLock discussions) is what stops passphrases being brute forced. It
> seems from the spec that the passphrase == private key and public key is
> then derived from that, in the usual ECC manner.
>
> The Bitcoin community has learned the hard way that there are no secure
> passphrases. Example:
>
> https://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/
>
> Just lost 4 BTC out of a hacked brain wallet. The pass phrase was a line
> from an obscure poem in Afrikaans. Somebody out there has a really
> comprehensive dictionary attack program running.
>
> Fuck. I thought I had my big-boy pants on.
If you calculate the entropy of quotations, its pretty apparent that
they're really not very safe (sorry, I did this years ago,
back-of-envelope figures lost in mists of time).
You need, IMO, to make up a phrase of your very own.
More information about the Messaging
mailing list