Don't pretend you can invent a strong enough, memorable password to protect your Bitcoins: crypto-boffins can crack the so-called "brain wallet."
In research published at the International Association for Cryptologic Research (IACR), University College London's Nicolas Courtois and Guangyan Song and White Ops' Ryan Castellucci benchmarked the Bitcoin secp256k1 elliptic curve, with depressing results.
The group managed to retrieve more than 18,000 Bitcoin passwords, they claim, using an Amazon EC2 m4.4xlarge instance. That yielded a rather stunning 17.9 billion passwords tested per US$1 spent, or less than $60 to check a trillion passwords.
As is so often the case, one reason pass-phrases are recoverable is that they're relatively predictable. Examples of recovered pass-phrases include "say hello to my little friend," "to be or not to be," "Walk Into This Room," "party like it's 1999," "yohohoandabottleofrum," and the all-too-obvious "Arnold Schwarzenegger."
The Register presumes that the person or people using "andreas antonopoulos" as a password are merely admirers of the Bitcoin entrepreneur, rather than Antonopoulos himself using his own name as a password.
While not the first study to look into brute-forcing Bitcoin passwords, the researchers reckon their attack more than doubles the speed of password tests against secp256k1 achieved by the attack first disclosed at last August's DEFCON 23.
Their conclusion is simple – you almost certainly can't invent a password too complex to be brute-forced: "Our research demonstrates again that brain wallets are not secure and no one should use them."
In other words, generating a genuinely strong password and keeping it somewhere safe is irritating, but absolutely necessary. ®