Bitcoin Forum

Other => Beginners & Help => Topic started by: agent1351 on September 18, 2017, 12:18:03 PM



Title: how were brainwallets hacked?
Post by: agent1351 on September 18, 2017, 12:18:03 PM
hey im a new noob here. how were brainwallets hacked? and how do  you create brainwallet?
here? brainwalletx.github.io   ?


Title: Re: how were brainwallets hacked?
Post by: mocacinno on September 18, 2017, 12:19:26 PM
hey im a new noob here. how were brainwallets hacked? and how do  you create brainwallet?
here? brainwalletx.github.io   ?

hacked? Pretty simple, a brute force attack or a dictionary attack... A lot of people made brainwallets with either a short password, a name, a date or a simple sentence.
For a "hacker" it's fairy easy to generate a script that tries out all combinations shorter than 6 or 7 characters, or go trough a list of names, dates or popular sentenses. Then use the same algorithm as they brainwallet generator to create the private key, generate a public key and and address, then use an api to check if there were unspent outputs that could be spent by the generated private key.

How to generate one? DON'T!!!


Title: Re: how were brainwallets hacked?
Post by: agent1351 on September 18, 2017, 12:25:54 PM
hey im a new noob here. how were brainwallets hacked? and how do  you create brainwallet?
here? brainwalletx.github.io   ?

hacked? Pretty simple, a brute force attack or a dictionary attack... A lot of people made brainwallets with either a short password, a name, a date or a simple sentence.
For a "hacker" it's fairy easy to generate a script that tries out all combinations shorter than 6 or 7 characters, or go trough a list of names, dates or popular sentenses. Then use the same algorithm as they brainwallet generator to create the private key, generate a public key and and address, then use an api to check if there were unspent outputs that could be spent by the generated private key.

How to generate one? DON'T!!!
  okay tnks. but say i create a bitcoinwallet here https://brainwalletx.github.io/   with password: merica
and another dude uses the same password: merica, will he have the same private key then so he can spend mine?


Title: Re: how were brainwallets hacked?
Post by: mocacinno on September 18, 2017, 12:31:54 PM
hey im a new noob here. how were brainwallets hacked? and how do  you create brainwallet?
here? brainwalletx.github.io   ?

hacked? Pretty simple, a brute force attack or a dictionary attack... A lot of people made brainwallets with either a short password, a name, a date or a simple sentence.
For a "hacker" it's fairy easy to generate a script that tries out all combinations shorter than 6 or 7 characters, or go trough a list of names, dates or popular sentenses. Then use the same algorithm as they brainwallet generator to create the private key, generate a public key and and address, then use an api to check if there were unspent outputs that could be spent by the generated private key.

How to generate one? DON'T!!!
  okay tnks. but say i create a bitcoinwallet here https://brainwalletx.github.io/   with password: merica
and another dude uses the same password: merica, will he have the same private key then so he can spend mine?

that's correct... Same password => same private key => can be used to spend the same unspent outputs...


Title: Re: how were brainwallets hacked?
Post by: agent1351 on September 18, 2017, 12:41:50 PM
hey im a new noob here. how were brainwallets hacked? and how do  you create brainwallet?
here? brainwalletx.github.io   ?

hacked? Pretty simple, a brute force attack or a dictionary attack... A lot of people made brainwallets with either a short password, a name, a date or a simple sentence.
For a "hacker" it's fairy easy to generate a script that tries out all combinations shorter than 6 or 7 characters, or go trough a list of names, dates or popular sentenses. Then use the same algorithm as they brainwallet generator to create the private key, generate a public key and and address, then use an api to check if there were unspent outputs that could be spent by the generated private key.

How to generate one? DON'T!!!
  okay tnks. but say i create a bitcoinwallet here https://brainwalletx.github.io/   with password: merica
and another dude uses the same password: merica, will he have the same private key then so he can spend mine?

that's correct... Same password => same private key => can be used to spend the same unspent outputs...
why didnt people just use a regular wallet with password?  brainwallet is like store your money outside your house in detroit then.....


Title: Re: how were brainwallets hacked?
Post by: mocacinno on September 18, 2017, 12:48:22 PM
hey im a new noob here. how were brainwallets hacked? and how do  you create brainwallet?
here? brainwalletx.github.io   ?

hacked? Pretty simple, a brute force attack or a dictionary attack... A lot of people made brainwallets with either a short password, a name, a date or a simple sentence.
For a "hacker" it's fairy easy to generate a script that tries out all combinations shorter than 6 or 7 characters, or go trough a list of names, dates or popular sentenses. Then use the same algorithm as they brainwallet generator to create the private key, generate a public key and and address, then use an api to check if there were unspent outputs that could be spent by the generated private key.

How to generate one? DON'T!!!
 okay tnks. but say i create a bitcoinwallet here https://brainwalletx.github.io/   with password: merica
and another dude uses the same password: merica, will he have the same private key then so he can spend mine?

that's correct... Same password => same private key => can be used to spend the same unspent outputs...
why didnt people just use a regular wallet with password?  brainwallet is like store your money outside your house in detroit then.....

AFAIK, brainwallet was a project that started in the beginning of 2012. At that time, the bitcoin price was under $10/BTC. I assume that at that particular time, there was a completely different mindset towards bitcoin... It must have been more about innovation and wonder, and less about profit.

I can only imagine it must have been fun to store 10 BTC, worth less than $100 (at that moment in time) in a wallet that was generated by the first name of your family members and not by a software wallet you had to keep sync'd on your PC...

Offcourse, now, whith BTC prices hitting $4000/BTC and scammers around every corner, it seems stupid to create a brainwallet...