Assuming my private key for a bitcoin wallet is derived from SHA256(passphrase) and the passphrase is 8 words long, how long would it take the average attacker to crack my bitcoin wallet through a bruteforce dictionary attack?
If you choose the words yourself, and they do not form a sentence, and they are not random, you are likely to be limiting yourself to a much shorter wordlist than you think, and your resulting brainwallet can be bruteforced (if that is even necessary) much sooner than anyone might calculate. I'm not a linguistics expert, but I would hazard a guess and say that the working vocabulary of most people is made up of fewer than 1,000 words, even if they may recognize 10,000 or more. That would give you, at best, roughly 80 bits of entropy for an 8 word passphrase. If the words form a sentence, then entropy drops significantly, because the rules of grammar apply and therefore limits word choices. An article or a noun are the types most likely to be chosen as the first word, for example.
The prevailing wisdom is to avoid the brainwallet concept altogether. I would agree, unless you are really that good at creating a password/passphrase with high apparent entropy to potential crackers, and high memorability for yourself. Most people aren't.
There are many forms to store your bitcoins as well as to create wallets. One of the early methods to create bitcoin wallets was known as brain wallets. Unfortunately, this user-friendly method allowed you to enter a password or passphrase which was then hashed using an algorithm such as SHA-256 and used as seed to generate your private key. Due to its popularity and easy usage, many Brain wallets were used in the last few years with weak passwords or passphrases, transforming the Blockchain wallet address hashes in password or passphrases representation of your private key. This weak way of generating your private key allowed attackers to steal your bitcoins just by doing password cracking against the hashes stored in the Blockchain.
The attempt to recover a password just by knowing its encrypted representation can be made mainly using three techniques. Dictionary attacks, which is the fastest method and consists of comparing the dictionary word with the password hash. Another method is the brute force attack, which is the most powerful one but the time it takes to recover the password might render the attack unfeasible. This is of course dependable on the complexity of the password and the chosen algorithm. Finally, there is the hybrid technique which consists of combining words in a dictionary with word mangling rules.
Fifth step, we launch brainflayer using our favorite dictionary against the bloom filter file we generated in the previous step. If there is a match you will see the password or passphrase and the corresponding hash. In the output of cracked password you could see C or U in the second column. This is to indicate if the key is Compressed or Uncompressed. In the below image you can see these steps. 2b1af7f3a8