Also, there was an ethereum wallet with over 40,000 ETH that got drained.
> By examining 300 billion candidate passwords, we found 884 brain wallets that were active at some point in time. Unfortunately, we also found that nearly all were drained – usually quickly. While our findings are necessarily incomplete, they certainly suggest that brain wallets are not a secure method for using bitcoin. Perhaps the most surprising result of our analysis is the relative scarcity of brain wallets in use today. This is actually quite encouraging, because it means that fewer users are at risk to these attacks than has previously been supposed.
I don’t think that logic holds up.
It’s pretty much an entire paper of FUD.
And no, anyone with 400,000 ETH who claims they used a brain wallet, and oppsie .. someone stole it. Is having a boating accident, if you know what I mean.
I'm a co-author of that paper, we later got funding to do a larger cracking run and found more wallets, and even some that still had balances. See slide 18:
https://rya.nc/files/measuring_the_use_and_abuse_of_brain_wa...
Feeding a massive corpus reddit comments and six years of IRC logs into the cracking tool was particularly interesting.
> And no, anyone with 400,000 ETH who claims they used a brain wallet, and oppsie .. someone stole it. Is having a boating accident, if you know what I mean.
It was about 40,000. The password was "guybrush", and I spoke to the guy who made it. He didn't understand how the tool worked when he made an address. Much later, the Ethereum foundation sent him the ETH. It was gone by the time he went to spend it. Dude put out a press release offering to let whoever did it keep half if they gave back the other half. The ETH hasn't moved since the day it was stolen, almost eight years ago.
I assure you, the guy made a genuine fucky wucky.
If I'd gone blackhat with this research, I could be retired to a volcano lair on a private island by now.
WTF is your angle here?
My angle is that simple brain wallets that use a combination of a memorable phrase with some individual information, like the user’s name, birthdate, address and a 4 digit PIN, used as salt, are then extremely secure. And your paper and the original comment I responded to don’t emphasize that it’s the user’s use of such an systen that makes them vulnerable not the foundation of the technique of brainwallets.
Basically you’re blaming the car for the drivers not understanding how to drive and immediately crashing.
