[nullc]

> Nobody’s real brain wallets are being hacked! It’s just left over traces from someone running aome testing in early days of bitcoin.

I've talked to a LOT of real people who's real brainwallets were hacked. Certainly there is also some 'testing' but that doesn't change the fact that there have been real and substantial losses.

Brainwallets are very dangerous.

A brainwallet is the same thing as using a user provided password to secure a high value system that has an unsalted and public password hash database. This is a negligent practice. In the corporate world it wouldn't be shocking to learn that a security engineer was instantly fired for implementing such a practice.

Good security advice results in practical security even if the user uses the system less than perfectly. Attacker-originated security "advice" provides security only under unrealistic perfect use. Telling people to use brainwallets is like recommending one-time-pad encryption. In practice the security will be fragile if not outright broken though in theory with it may go okay sometimes.

Correct usage would require secure mechanically generated uniformly random seed phrases with a hundred plus bits of entropy. That isn't generally what people do in practice and the few who have often have issues with retention of the string being inevitably very poor, causing them to lose the funds by forgetting (esp after getting a fever). (Of course, if they're going to write it down and they didn't generate it themselves then it's not something anyone should be calling a brainwallet anymore.)