This is a segment from the Supply Shock newsletter. To read full editions, subscribe.
Bitcoin is hard money, in more ways than one.
The never-ending task of keeping BTC safe might be one of the hardest. There are plenty of options — hardware wallets, software solutions and even multi-sigs can do the trick, depending on how they’re implemented.
But if you’re legendary Bitcoiner Peter Todd, you might opt for the trusty brain wallet. And luckily for us, he’s told us exactly how he would do it.
(P.S. Catch Peter Todd on stage at Permissionless IV in Brooklyn later this month, as he sits down with Pete Rizzo for an intimate chat to kick off Day 1.)
First, a disclaimer: Todd shared his brain wallet process a long time ago, in August 2012, over a year before BIP-39 was introduced.
BIP-39 brought mnemonic phrases to Bitcoin and made room for a 25th word to be layered on top, which significantly boosted the level of entropy, keeping private keys safe from brute force attacks.
All that only makes Todd’s process more impressive, even if he might use a different method today. He effectively did what BIP-39 does with his mind (and some help from Bitcoin itself).
The method
Here’s how, in Todd’s own words:
- “Generate a password that you can remember individually. Personally I use the program pwgen which produces ‘pronounceable passwords.’ I use it in eight-character upper/numerals/symbols mode.
- Write that password down. Yes this is heresy; you’ll securely destroy it later.
- Memorize that password. This is a lot easier than you think. I find if I spend five minutes a day memorizing a password I can recall it easily in a week or so, and have probably memorized it pretty much permanently after a month or two. Remember studying in university? Use those techniques. Flashcards are very effective; an important part of memorization is being forced to recall what you are trying to memorize.
- Repeat until you have five different passwords memorized. During this process it helps to do something like encrypting different files with the sub-passwords, and practice decrypting them to ensure you don’t forget the individual parts. This also allows you to avoid having copies of the parts of the password if you’re paranoid.
- Take all five passwords and concatenate them into one big super password: eiS9ui@R + vi4Ug~ee + Aetito0 + ohB$oh9w + Roh”k2ie = eiS9ui@Rvi4Ug~eeAetito0ohB$oh9wRoh”k2ie
- Use this password! Eventually you will forget it, although the time it takes to forget it will go down exponentially the longer you use it. For me, I make a point of using my passwords every month or so. Even just recalling it mentally is enough.”
As always, a relevant xkcd.
Follow those steps and your password would be 49 characters long. Ideally, Todd would like at least 128 bits of entropy to eliminate any risk of brute force. By his own analysis, his optimal configuration for pwgen would generate 221 bits of entropy — “almost the gold-standard 256-bits level that modern encryption provides.”
In practice, this works by feeding the memorized password to the Bitcoin client’s encryptwallet function. The client would re-encrypt the wallet.dat file using that password as the key.
Any potential thieves — in meatspace or cyberspace — would need to somehow syphon the password from your brain before they could ever get to your bitcoin. Just whatever you do, do not forget the password. “You just gotta trust that you really can learn,” Todd wrote.
All hail the safe deposit box
Read the full article here
