It's pretty good but I wouldn't use a brain wallet anyway.

It's generally better to just make a good password as opposed to doing something complicated like this. AES can be implemented in different ways as far as how it uses initialization vectors and salts, and how key stretching works. If you don't know what that means, don't worry, but the point is you'll have to encrypt with the same program, or a compatible one, or the result will be different. This might be a problem if you try to recover your wallet a few years down the line and can't find the program you used.

Also, although in this case the 20 character password may help to add entrophy to the 35 character password, it's generally bad practice to use "tricks" in an attempt to add entropy. For example if you hash 1234 with sha1(), although it may make guessing harder, it technically doesn't increase the entropy of the password. Encryption never adds entropy since it's deterministic. You only get the amount of entropy that you put in.

I would recommend that instead of doing that you just make one good password of at least 16 characters (longer if you use a non-random password or passphrase). Beyond 16 characters IMHO the increased risk of forgetting your password by far exceeds any additional security.

Isn't there something about human-generated pass phrases having poor entropy/randomness compared to computer-generated ones that might be applicable here?


I'm not quite sure about this one. For example, my laptop is currently encrypted with a 40+ character password with symbols, uppercase letters, lowercase letters, and numbers. Part of it even incorporates a verse in a poem that I wrote in a conlang (a made up language) which only I can understand. It looks like complete gibberish but I've been using it on my laptop without a problem for over two years. I wouldn't use it as my brainwallet because I'd be worried about the above but even that being said, I'd still be surprised if it were easily crackable.

I think there are better ways to store btc then brainwallets, I don't think they will last.

With brain wallets the question of sufficient entropy is not so much as to how long the paraphrase is, but is more how close to being truly random it is. If parts of it contain words that can be found in any piece of literature (backwards or forwards - including the dictionary - in any language) then you are likely vulnerable. If there is not any kind of pattern to your paraphrase then even a shorter paraphrase could potentially keep your funds safe.

A word to the wise: using a brain wallet is very similar to using an address that was generated with a flawed RNG. It may provide some level of security, but you have a much greater chance of having your coins stolen at some point in time.

I'm pretty sure I will remember how the wallet containing all my funds is encrypted , I'll probably write it down too.


Yeah, it seems like I had not understood what entropy means.
But overall , would this improve the security , by making it harder to guess ?

I need the second password also because I'm going to try to create a paper version of the first one , just in case.


It is non random , so I was aiming for 25 - 50 characters. I was hoping 35 characters would be enough.

NO!

This is how you DON'T do a brain wallet. There is NO SUCH THING as obscure when it comes to passwords protecting your money!!!!

If it's anything that has ever been written down and known to people other than yourself, it is UNSUITABLE for a brain wallet!

What I mean by that is that the program might not exist at some point in the future. If the password is non-random it might help make it harder to guess. That length might be good or it might not... If it contains words, you should only count every word as one character.