@s{quotedtext}
@s{quotedtext}
Because it is critical that YOUR passphrase be different from EVERYBODY ELSE'S passphrase.
Adding your email address or driver's license number or some other certainly-unique-for-you information makes that work.
That shifts the problem from "attacker is trying to guess EVERYBODY's passphrase" to "attacker happens to know that you have a bunch of BTC in a brainwallet and is trying to attack YOUR brainwallet, specifically."
@s{quotedtext}
@s{quotedtext}
Nicely said.
Again: we are really bad at thinking up good, unique passphrases. We share so much experience and culture that whatever you think of, somebody else will probably think of, too. Or some attacker will think of something similar enough to crack your passphrase.
And we are really bad at imaging what it means that an attacker might try a few hundred BILLION passphrases to try to crack everybody's brainwallet.