yeah, that sounds acceptable (and almost exactly the amount of time I was thinking about that would be needed by a mid/high end consumer CPU).
This also proofs that it's not that clever to use brain wallets and it's also quite dangerous that the user can choose any (mid-size) password they want. Maybe a random password automatically generated or an entropy check etc would be needed, just to avoid users using long but weak passwords.
It would be also interesting to know if some users generated an address that already existed (by incident!), because user choosen passwords statistically seem to be weak even if they need to be of a certain length. The sha256 () of a weak password doesn't protect you that someone else already has that private key. I think this is a known problem and therefore the bip38 approach would be much better (with random data). This is also why I thought about bip38 when I saw paper wallet in the first post of this thread.
This also proofs that it's not that clever to use brain wallets and it's also quite dangerous that the user can choose any (mid-size) password they want. Maybe a random password automatically generated or an entropy check etc would be needed, just to avoid users using long but weak passwords.
It would be also interesting to know if some users generated an address that already existed (by incident!), because user choosen passwords statistically seem to be weak even if they need to be of a certain length. The sha256 () of a weak password doesn't protect you that someone else already has that private key. I think this is a known problem and therefore the bip38 approach would be much better (with random data). This is also why I thought about bip38 when I saw paper wallet in the first post of this thread.