It's like a nano X Prize, seemingly aimed against pass phrases.
Bitcoin wallet hacking is a really fun test case, because it begs people to acknowledge the opportunity costs involved in cracking. Cracking a wallet password can always be baselined against mining.
Cracks should happen whenever:
operations_per_password / wallet_size < operations_per_coin
(You can increase security either by growing your passwords or shrinking your wallets. There's some ideal inflection point in there somewhere...)
There are opportunity costs to cracking passwords in all other scenarios too, they're just harder to observe. ie, whenever it's cheaper to bribe one of your employees than crack their password, then, congrats, your passwords are officially "secure" (even if your business isn't).
Use it to generate the one password that you use for unlocking your password manager, where all of your randomly generated passwords are kept.
Since most people don't do that, this post makes me think that my idle CloudCracker cycles spent mining BTC would actually be better spent mining brainwallets. =)
There are many ways such little cash bonuses can be left 'in the blockchain' for people to discover. Imagine a video/podcast which offers various obscured glimpses of a private key's QR code... the first viewer to freeze-frame and stitch-together collects the prize.
Or imagine any other riddles/puzzles with a solution space resistant to brute-force search. The prize for the first solver can be left in the blockchain, with a private key derived from the solution.
After 'easter eggs' (in real life or software), these could be called 'eggcoins'. (I find a prior use of that term related to a geocached souvenir coin.)
I wonder what the best convention for generating secure brainwallets is. They seem much more prone to dictionary attacks if you're not careful. Is inventing words and nonsensical phrases the norm?
Well, for one thing, don't use just one round of SHA-256. Or more generally: don't use the same algorithm as everyone else. Chain together different hash functions, and/or run them more than once.
Why Nvidia (CUDA)? It it the only hardware you have access to?
If you have access to AMD graphics cards, you should have written your code in OpenCL to target this hardware. Nvidia cards are a lot slower per $ and per Watt than AMD ones when running SHA256/RIPEMD160/ECDSA. That is why vanitygen was done in OpenCL.
If you follow best practice and generate a new address for each tranaction, brainwallets don't scale. At least not until https://en.bitcoin.it/wiki/BIP_0032 is implemented.
One bitcoin is a lot of money (about $40). He created five wallets, so he's giving away $200. That's not a trivial amount of money for such a test.
Since the last half of the password is partially determined by the first half, this doesn't add much additional entropy (an attacker only has to guess your phrase, and which options you've selected).
In practice this may help in a security through obscurity way, but now your method is public.
This may work better for me since I've used phrases from out-of-print books and some are latinized phrases in Sinhalese. I prefer to use random passwords that I can add to a master file that's PGP encrypted, but in the absence of that, I can tailor this to a site and add character rotation.
Bitcoin wallet hacking is a really fun test case, because it begs people to acknowledge the opportunity costs involved in cracking. Cracking a wallet password can always be baselined against mining.
Cracks should happen whenever: operations_per_password / wallet_size < operations_per_coin
(You can increase security either by growing your passwords or shrinking your wallets. There's some ideal inflection point in there somewhere...)
There are opportunity costs to cracking passwords in all other scenarios too, they're just harder to observe. ie, whenever it's cheaper to bribe one of your employees than crack their password, then, congrats, your passwords are officially "secure" (even if your business isn't).