|
Title: Reasonable Brain Wallet Passphrases? Post by: PrintCoins on March 06, 2013, 04:17:42 PM So I am looking into what would be required for a simple brain wallet passphrase generator that produced simple to remember passphrases, but ones that would not be able to be feasibly cracked within one's lifetime.
This comic was the starting point for me: http://imgs.xkcd.com/comics/password_strength.png and someone created a generator here: http://preshing.com/20110811/xkcd-password-generator Looking at this thread: https://bitcointalk.org/index.php?topic=68930.0 it is considered that the number of possible bitcoin addresses is 2^96 or 8e28 (8x10^28). This passphrase generator does 1949^4 = 1.4e13. If a gigahash is 10^9 hashes per second, than 1 gigahash should be able to generate every possible hash of this in 1.4e4 seconds (or roughly 4 hours). If I use something like this: http://www.infochimps.com/datasets/word-list-100000-official-crossword-words-excel-readable it comes to about 3171 years for a machine producing 1 gigahash per second. (This would have 10^20 different 4 word combinations) Assumptions made: * Checking the blockchain for an address match takes no time (good indexing required to make this fast) * The hashing hardware that is used to solve bitcoin blocks will generate priv/pub keypairs just as fast (This second one I am very unsure of) So to me it seems that using a really basic dictionary of about 2000 words does not produce the security required for this type of environment assuming a 4 word passphrase. A ~100000 word dictionary does produce the needed complexity using today's hardware. Anyone with a better grasp of this stuff want to take a look and see if I am wildly off? Title: Re: Reasonable Brain Wallet Passphrases? Post by: DannyHamilton on March 07, 2013, 12:09:39 AM Looking at this thread: https://bitcointalk.org/index.php?topic=68930.0 it is considered that the number of possible bitcoin addresses is 2^96 or 8e28 (8x10^28). Looking at the thread you linked to, it appears there are 2160 or 1.46e48 (1.46x1048) addresses. Considerably more than 296 Title: Re: Reasonable Brain Wallet Passphrases? Post by: DannyHamilton on March 07, 2013, 12:27:16 AM - snip - If a gigahash is 10^9 hashes per second, than 1 gigahash should be able to generate every possible hash of this in 1.4e4 seconds (or roughly 4 hours). - snip - Generating private/public key pairs involves Eliptic curve encryption. I'm not not sure either, but I suspect that it takes longer than SHA-256 Hash. More importantly, anyone who is not re-using bitcoin addresses is protected behind ECDSA, SHA-256, and RIPEMD-160. This means that for each password that you try, you'll have to do the following steps: Figure out what algorithm the user chose for converting a passphrase to a private key (typically just a SHA-256 hash of the passphrase). Calculate the public key via ECDSA. Calculate SHA-256 hash of the public key. Calculate RIPEMD-160 of the resulting SHA-256 hash. Compare the resulting RIPEMD-160 hash the a list of bitcoin addresses you are attempting to crack. |
