[epscylonb]

Completely agree with the article.

Whether you realise it or not, what you want from a private key is lots of entropy.

A simple pass phrase is easily cracked, a complicated one is hard to remember (and it needs to be remembered exactly).

There may potentially be a small amount of middle ground here, particularly if your memory is very good, but what happens if you get dementia as you get older?.

If you must use a pass phrase, use it to encrypt a truly random private key, this way the only the private key is exposed to the blockchain. An attacker would need the encrypted copy of your private key to brute force it, don't keep this online unless you need to send bitcoins.

[NateDad]

So, you're wrong about the entropy in the pass phrase. XKCD goes into the math, and for a sufficiently long phrase, there's plenty of entropy. And yes he takes into consideration there's only so many English words.

[epscylonb]

I have had this conversation before, what is "sufficiently long"?.

Remembering 10 random words in order isn't that much easier than 10 random alpha numeric chars and symbols. The words might have some mnemonic value, but the point is, if you need entropy, don't mess about, use a real private key.

[DanBC]

You realise that a 10 word Diceware passphrase is significantly stronger than a 10 character (alphanumeric + specials) password, right?

95^10 = 5.9873694e+19

7776^10 = 8.0828128e+38

[epscylonb]

Yeah and both are weaker than a truly random private key, I give up, it's only money after all.

[DanBC]

What do you mean by "truly random" random private key?

How much computing power is needed to attack a 7 word Diceware passphrase?