From Bitcoin Wiki
Revision as of 03:39, 4 August 2012 by Casascius (talk | contribs) (Precaution)
Jump to: navigation, search

A brainwallet refers to the concept of storing Bitcoins in one's own mind by memorization of a passphrase. As long as the passphrase is not recorded anywhere, the Bitcoins can be thought of as existing nowhere except in the mind of the holder. If a brainwallet is forgotten or the person dies or is permanently incapacitated, the Bitcoins are lost forever.

A brainwallet is created simply by starting with a unique phrase. The phrase must be sufficiently long to prevent brute-force guessing - a short password, a simple phrase, or a phrase taken from published literature is likely to be stolen by hackers who use computers to quickly try combinations. A suggestion is to take a memorable phrase and change it in a silly way that is difficult to predict.

The phrase is turned into a 256-bit private key with a hashing or key derivation algorithm (example: SHA256). That private key is then used to compute a Bitcoin address, or a deterministic sequence of addresses. This conversion can be done with a utility such as Casascius Bitcoin Utility or Electrum.

Bitcoins are sent to the address. In order to recover the Bitcoins, one must recompute the private key with the same phrase. The private key is imported into a wallet.

Example brainwallet

First, a phrase is chosen.

"Man made it to the moon,, and decided it stinked like yellow cheeeese."

Note that the extraneous characters and broken grammar are intentional, this makes the passphrase harder to attack.

The SHA256 hash of this string is calculated. (Note, this is also the private key in hex, and must be kept secret).

SHA256 = 74 E8 60 03 A7 4C BA 14 ED 92 74 30 1E F4 75 FE C0 DA 8B 0F 76 48 69 FC 14 43 5A E0 36 8F DD B9

This number is turned into a Bitcoin address using the standard published algorithm.

Bitcoin address = 1CeU9ugjwfsnzrhqjKy1HUBzXCCXVC76m1

End result: Bitcoins sent to this address are accessible to someone who knows the original phrase. The extraneous characters, of course, must be remembered intact.


It is very important when creating a brainwallet to use a passphrase that has a very high level of entropy. If this is not done, theft of the brainwallet is an eventual certainty.

This is not a simple suggestion. This is a requirement. Most people when asked to create a secure password, with everything they've heard about creating a password, will still create a password that if used for a brainwallet, will result in the eventual theft of their funds. The simple fact of the matter is that hacking a brainwallet password is just simple mathematical exercise that requires no internet access, no communication, leaves no trace, so hackers can collectively try multiple trillions of passwords every second in the privacy of their own homes with the very same equipment they use for mining bitcoins (in the usual sense). Your bank might tell you that a 10 character password with uppercase, lowercase, numbers and symbols is a strong password, but it is not strong enough to secure a brainwallet. A password that might be strong enough for traditional banking or a social website is completely unacceptable for a brainwallet.

A brainwallet passphrase, at a minimum, needs to be an entire original sentence that does not appear in any song or literature. Security is enhanced simply by including some sort of memorable personal information, which doesn't necessarily even have to be secret (e.g. an e-mail address, or phone number). A good brainwallet passphrase will have dozens of characters.