It recently came to my attention that John McAfee has been advertising a cryptocurrency hardware wallet from a company called Bitfi, with the claim that it is "unhackable". There's even a $250,000 bounty[1] to hack it. I do not have one of the actual devices in my possession, but from my review of the publicly available "source code" [PDF] and their private key calculator, my conclusion is that their product is most charitably described as a "footgun".

At DEFCON 22, Dan Kaminsky and I talked a little bit about something I built which he dubbed "Storybits[1]". Storybits can reversibly transform short strings of binary data into a series of words designed to produce a mental image. Order of the words does not matter, and many typos can be corrected automatically. I already had working code at the time of that talk, but since then it's just been sitting around on my computer. People have been asking about it, so I put it up on GitHub, though it's still a hacky prototype. I've thrown together a demo and written a bit about how it works.

On August 7^th I will be giving a talk at DEF CON about cracking brainwallets. As part of that talk, I will be releasing a fast[1] brainwallet cracker. I'm writing this post to provide a little insight as to why I'm giving away a tool that could be used to steal. I also hope that people who are currently using brainwallets will take notice and move to a more secure storage method.

I've seen a lot of people expressing concern that Bitcoin mining ASICs are going to lead to some sort of password cracking apocalypse.

They won't.