|
Title: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: LoyceV on May 24, 2024, 02:04:23 PM TL;DR
Years ago, I sent some Bitcoin to an address without any physical backup, to see if I could find it back years later. Now, I can't find them back. Lol. Long version I combined a brainwallet with BIP38 encryption to make it very hard to crack. A bit like this proposal (https://bitcointalk.org/index.php?topic=1719563.0), but my own version. I kept notes of what I did: Code: 1. Passphrase > brainwallet > uncompressed privkey I remember the amount on 2 addresses used to fund it. I don't remember the transaction fee. I don't remember the year I did all this. I guess it was somewhere between 2017 and 2020. I'm pretty sure all addresses involved were legacy. Blockchair's transaction search (https://blockchair.com/bitcoin/transactions#) gives thousands of potential transactions. I can narrow it down to less than a thousand by making some assumptions. I can't select all search options I'd need for a lower number of transactions. I do remember the passphrases used. I won't say I'm 100% certain, so let's say I'm 99% certain those are correct. That makes it likely there's something in my method that I can't reproduce. I am 100% certain nobody brute-forced my private key. The passphrase was too long for heavy BIP38 encryption, and the setup was too complicated (so automated searches (which are used to attack all regular brainwallets at once) can't be used. Questions Why did I do step 1 and 2? That could have been done in one step, unless I'm missing something now. Does BIP38 encryption always produce the same encrypted key, or could the same privkey and passphrase produce a different encrypted string if I use different software? I probably used bitaddress.org or the other (now scamming) paper wallet site from back in those days. The annoying part: to try anything, takes me several manual actions on an air-gapped system. I can't quickly test a lot of options. How much? I wasn't dumb enough to use a large amount, but I'd still like to find it back. I won't lose sleep over the amount, but I already know if I can't recover it, it's going to torment me for years. I rarely lose data, and I don't like it. No spam Self-moderated to prevent spam. Discussion is of course allowed. I already know I was stupid, but feel free to rub it in :P Telling me "I told you so" is allowed too :P Title: Re: I lost access to Bitcoins in my made-up brainwallet Post by: Upgrade00 on May 24, 2024, 02:23:14 PM I don't remember the address. I'm guessing the most plausible things you can remember here would be the amount and a more accurate time of transaction, this ca narrow down the search a lot further. You can try linking the action to at other event you did before or after at the time, so for example if you were taking an exam when you did this or attended a wedding. With the address you can use any available tool that works now to check that with the passphrase to know if it's valid.I remember the amount on 2 addresses used to fund it. I don't remember the transaction fee. I don't remember the year I did all this. I guess it was somewhere between 2017 and 2020. If you do get the amount and it's less insignificant, it will make the 'I told you sos' more fun'. Also do you think at that time you would have left some clues for you now to find it? Title: Re: I lost access to Bitcoins in my made-up brainwallet Post by: DaveF on May 24, 2024, 02:29:34 PM I don't remember the address. I remember the amount on 2 addresses used to fund it. Can you work it another way? Did you send them from a wallet you control? If so can you narrow down the info from there? The annoying part: to try anything, takes me several manual actions on an air-gapped system. I can't quickly test a lot of options. And I wasn't dumb enough to use a large amount, but I'd still like to find it back. I won't lose sleep over the amount... If it's an amount you don't mind loosing then stop worrying about using an air gapped system that is taking you more time and effort. You are more likely to make a mistake and miss the fact they yes you did find the addresses & keys. Other then to see if you could was there another reason for this? Perhaps something else that may help you remember. i.e. I was annoyed at DaveF when I did this so I vanitygenned 1FuckDave as one of the addresses? -Dave Title: Re: I lost access to Bitcoins in my made-up brainwallet Post by: Charles-Tim on May 24, 2024, 02:36:24 PM Does BIP38 encryption always produce the same encrypted key, or could the same privkey and passphrase produce a different encrypted string if I use different software? I probably used bitaddress.org or the other (now scamming) paper wallet site from back in those days. The annoying part: to try anything, takes me several manual actions on an air-gapped system. I can't quickly test a lot of options. I have been trying the second website which is now a scam website. I tried it just to know how the encryption is but if you try anything with passphrase on the site, it will keep on loading and not give you any result. I just want to test it, not use it. If it is on bitaddress, it will always give you the same encryption if you use the same passphrase to encrypt the private key. I think BIP38 is a standardized encryption and it supposed to be the same result irrespective of the website used, but some Title: Re: I lost access to Bitcoins in my made-up brainwallet Post by: promise444c5 on May 24, 2024, 02:38:53 PM ~ I'm currently new to these though but can you retry same process over and over again on empty wallets ?? Title: Re: I lost access to Bitcoins in my made-up brainwallet Post by: LoyceV on May 25, 2024, 08:45:31 AM I'm guessing the most plausible things you can remember here would be the amount and a more accurate time of transaction, this ca narrow down the search a lot further. I think it must have been 2018, but I could be off. I can't narrow it down more accurately. I know the input amounts, the sum of that minus the transaction fee is on the address I'm looking for. Unless it was dusted later, in that case the balance can be a bit higher.Quote If you do get the amount and it's less insignificant, it will make the 'I told you sos' more fun'. Over time, when the value increases, it's going to be more fun :PI don't remember the address. Can you work it another way? Did you send them from a wallet you control?I remember the amount on 2 addresses used to fund it. Quote If so can you narrow down the info from there? I'm considering writing a script to search all block data (https://bitcointalk.org/index.php?topic=5307550.0), to narrow it down. That's going to be a lot of work though, and even if I know the exact address, that doesn't solve my problem. But it would make it easier to know when I have the correct key.Quote If it's an amount you don't mind loosing then stop worrying about using an air gapped system that is taking you more time and effort. You are more likely to make a mistake and miss the fact they yes you did find the addresses & keys. I would trust my normal computer with this amount, but since I'm using a browser to do the encryption, I don't want it to have internet access. And I would prefer to keep the passphrases secure for future use: I can only remember a few long passphrases with a high degree of certainty for a very long time. If I have to come up with a new one, chances are I'll forget it at some point.Quote Other then to see if you could was there another reason for this? Perhaps something else that may help you remember. Lol. Nope, the address came from a BIP38 brainwallet as described.i.e. I was annoyed at DaveF when I did this so I vanitygenned 1FuckDave as one of the addresses? I have been trying the second website which is now a scam website. I tried it just to know how the encryption is but if you try anything with passphrase on the site, it will keep on loading and not give you any result. I just want to test it, not use it. I have an old version, from before the site got sold. You may still be able to find it on Github.Quote If it is on bitaddress, it will always give you the same encryption if you use the same passphrase to encrypt the private key. I'll do some more testing with this.I'm currently new to these though but can you retry same process over and over again on empty wallets ?? Yes. Actually, all I get is empty wallets.I should have just posted a BIP38 encrypted key on Bitcointalk as a backup :P I like "treasure hunts". I like Bitcoin puzzles. I even like Fork recoveries. It always feels like a challenge to find money. I like it. But puzzles that I can't solve are frustrating, until someone else solves them. In this case, that won't happen, which is why this will be "tormenting" me forever until I find it :D Title: Re: I lost access to Bitcoins in my made-up brainwallet Post by: satscraper on May 25, 2024, 11:01:08 AM Questions Why did I do step 1 and 2? That could have been done in one step, unless I'm missing something now. Certainly you could do it in one single step. Probably you didn't notice BIP-38 encryption option at first, thus , applied it afterwards Questions Does BIP38 encryption always produce the same encrypted key, Yes, providing it is properly coded. Questions could the same privkey and passphrase produce a different encrypted string if I use different software? Yes, providing the different software is intentionally designed to produce a different encrypted string (the aim being to steal your fund) , known to person, who is behind this software, Title: Re: I lost access to Bitcoins in my made-up brainwallet Post by: garlonicon on May 25, 2024, 11:49:40 AM Quote Years ago, I sent some Bitcoin to an address without any physical backup, to see if I could find it back years later. Now, I can't find them back. Lol. Yes, it is quite common. Having at least a single physical backup is very important. If someone want to dig into the chain, then I have a similar puzzle, good luck finding it:1. The amount was exactly 10k satoshis. 2. It was sent from this site as a giveaway, for writing an email: https://web.archive.org/web/20150106042627/http://99bitcoins.com:80/get-your-first-bitcoin/ 3. I put that into this scammy wallet, probably in 2015: https://bitcointalk.org/index.php?topic=943146.0 I guess this was the first time, when I saw some on-chain transaction, filled with the data I wanted to use. Of course, those coins are now gone, and that website is no longer reachable (also because Tor moved into new address types). Probably those coins were moved long time ago, but no matter how hard I tried, it is impossible for me, to find them. Also, the mailbox, which I used, was removed in 2016, so it is long gone. Quote I'm guessing the most plausible things you can remember here would be the amount and a more accurate time of transaction, this ca narrow down the search a lot further. I don't think so. If I am wrong, then tell me: which address I put in my email then, in 2015, when I received my 10k sats?Quote But puzzles that I can't solve are frustrating, until someone else solves them. There are many unsolved puzzles, related to brainwallets, for example bc1qt2mdkehmphggajer3ur3g8l754scj4fdrmw3rn now contains 0.01 BTC. I guess it is related into writing "pi" value somehow, but the most obvious things, like writing "3.14" in ECDSA, does not lead to the right key (and addresses like 17mKugcBDEJbu391Fq41AdwLeGHwJLPRDf were cleared long time ago).Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: LoyceV on May 25, 2024, 01:45:44 PM Guess what: I figured it out! It turns out my mind had added a character to my passphrase, that shouldn't be there. Without it, I can recover the address.
To me, this proves (and/or confirms) 2 things: 1. My "it's all in my head" storage system works. 2. My "it's all in my head" storage system is far too risky. The funny part is: I took notes of the method I used, because I wasn't sure I'd remember all the details (even though, as a relative Bitcoin Newbie back then, I didn't realize the first 2 steps could have been done in one step). What surprised me, is that I doubted the method I wrote down, and not the passphrase I memorized: I do remember the passphrases used. I won't say I'm 100% certain, so let's say I'm 99% certain those are correct. That makes it likely there's something in my method that I can't reproduce. It was the other way around. It's funny how my mind tricks me into trusting .... my mind ;DLessons learned Don't do brainwallets :P Even though I'll keep this one for now, it's still not recommended. And if you do insist (which you should only do if you know for sure it's difficult enough to withstand brute-force attacks): keep a backup. Or just don't do it. But if you do, and if you can't restore it in the future: please open a topic about it :P which address I put in my email then, in 2015, when I received my 10k sats? That's not much to go on. It gives 71,371 possible transactions (https://blockchair.com/bitcoin/transactions?s=time(desc)&q=output_total(10000),time(2015-01-01..2015-12-31)#).Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: NotATether on May 25, 2024, 02:27:35 PM I don't get this part:
Quote 1. Passphrase > brainwallet > uncompressed privkey If you didn't initially know the address then when you use the private key to generate its base58 address, you could've checked it for a balance on a block explorer, without the other steps. Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: LoyceV on May 25, 2024, 03:05:18 PM I don't get this part: This is a better description:Quote 1. Passphrase > brainwallet > uncompressed privkey Code: 1. Passphrase for brainwallet + passphrase2 for BIP38 (on air-gapped bitaddress.org) > compressed key (starting with 6P) Quote If you didn't initially know the address then when you use the private key to generate its base58 address, you could've checked it for a balance on a block explorer, without the other steps. I didn't know the address nor privkey. Now I know both again.As an example (I did this online because it's only for testing):
Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: NotATether on May 25, 2024, 03:27:25 PM By now, a Segwit version would be better. BIP38 with segwit addresses would be non-standard, because it only mentions encoding the address into compressed or uncompressed base58. I don't think anyone actually uses BIP38 anymore outside the collectibles community. There are better ways to encrypt large amounts of private keys especially the ones that are derived from HD keys. PS: Your algorithm for deriving a brainwallet is quite hard to remember :P Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: LoyceV on May 25, 2024, 04:30:43 PM BIP38 with segwit addresses would be non-standard, because it only mentions encoding the address into compressed or uncompressed base58. I could create a Segwit address from the resulting private key.Quote I don't think anyone actually uses BIP38 anymore outside the collectibles community. I think you're wrong, but can't prove it ;)Quote There are better ways to encrypt large amounts of private keys especially the ones that are derived from HD keys. Do tell: how? What standard encryption is heavy enough to keep $1000 secure for 2 years with password zLwMiR (https://bitcointalk.org/index.php?topic=1014202.0), even after giving hints? I'd like to use something better, but I haven't seen anything that follows a standard.For the record: this exercise wasn't only about encryption, it was about remembering everything from scratch. Quote PS: Your algorithm for deriving a brainwallet is quite hard to remember :P That's why I wrote it down ;)Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: Cricktor on May 26, 2024, 08:01:50 PM Out of curiosity: the subtraction of 1 from the intermediate 6P private key (I assume after conversion from WIF to hex format, otherwise the WIF's checksum would break) is an intentional obfuscation step?
Your recipe is already a bit complex. But why this subtraction step? Didn't you trust your initial passphrase1 and encryption passphrase2 enough? Simple brainwallets (by human standards) are in many cases fundamentally flawed which has been proven. You simply can't use anything that's online available as source for a simple brainwallet (simple in terms of taking only the SHA-256 of the source phrase as private key). Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: LoyceV on May 26, 2024, 08:16:35 PM Out of curiosity: the subtraction of 1 from the intermediate 6P private key (I assume after conversion from WIF to hex format, otherwise the WIF's checksum would break) is an intentional obfuscation step? I'm not subtracting "-1", I'm adding it (see this example (https://bitcointalk.org/index.php?topic=5497667.msg64125626#msg64125626)) as a nonce. I could use "-2" to get the next address. In a way, they're like hardened private keys: if one leaks, it's not possible to find the next one.Quote Simple brainwallets (by human standards) are in many cases fundamentally flawed which has been proven. You simply can't use anything that's online available as source for a simple brainwallet (simple in terms of taking only the SHA-256 of the source phrase as private key). Have a look at WarpWallet.Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: Kruw on May 27, 2024, 04:39:16 PM I was throwing away some old empty seeds I had written down and saw the 12 words from my first hardware wallet. I had memorized these before, but I switched devices ~5 years ago. Out of those 12 words I memorized, I only remembered 1 now.
Strength of passwords and number of unique passwords seems like a bottleneck that humans are running into. Machines are becoming more powerful at guessing passwords, so humans are required to remember longer and more complex phrases. To access my Bitcoin wallet on my node running on my laptop, I'm burdened with 4 layers of passwords - disk decryption, user login, node login, wallet login. Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: apogio on May 27, 2024, 06:15:56 PM Quote I don't think anyone actually uses BIP38 anymore outside the collectibles community. I think you're wrong, but can't prove it ;)I could help proving this statement :P Now, seriously, were you doing an experiment (for fun) ? Personally, if I used something like that, I would definitely keep the phrases in paper backups, without ever mentioning or stating they had anything to do with Bitcoin. Simple brainwallets (by human standards) are in many cases fundamentally flawed which has been proven. You simply can't use anything that's online available as source for a simple brainwallet (simple in terms of taking only the SHA-256 of the source phrase as private key). Or use my tool https://bitcointalk.org/index.php?topic=5488789 (Only kidding of course!) Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: Cricktor on May 27, 2024, 10:12:46 PM Or use my tool https://bitcointalk.org/index.php?topic=5488789 (Only kidding of course!) While I like your Bash script, I don't think I will ever use brainwallet addresses. I'm quite well aware of the unreliability of my own memory, unless I train and use memorized details on a regular basis, emphasis on regular. I'm simply too old to keep stuff solely in my head. For me this would be a sure recipe for desaster, especially when I don't have to use it frequently. If I were tempted to use brainwallet addresses, I'd use also additional protection with BIP38 encryption, but I'd keep'n'hide a written backup for sure, which kind of defeats the purpose of a true brainwallet. I shall not be tempted... Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: pooya87 on May 28, 2024, 04:45:22 AM The funny part is: I took notes of the method I used, because I wasn't sure I'd remember all the details (even though, as a relative Bitcoin Newbie back then, I didn't realize the first 2 steps could have been done in one step). What surprised me, is that I doubted the method I wrote down, and not the passphrase: Another flaw in this whole thing is "inventing your own method". It is never a good idea specially when it comes to cryptography related stuff. There are a lot of things that could go wrong, from small bugs that could not be reproduced when trying to recover to serious bugs that could be categorized as security flaw.Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: larry_vw_1955 on May 28, 2024, 05:19:23 AM Another flaw in this whole thing is "inventing your own method". but in his case it's not because it is cryptographically weak. its because after a few years, you won't remember what the steps you did are. unless you wrote them down. which you're not supposed to do with a "brainwallet"...I combined a brain wallet with BIP38 encryption to make it very hard to crack. Quote A bit like this proposal (https://bitcointalk.org/index.php?topic=1719563.0), but my own version. I kept notes of what I did: and of course you kept notes of what you did because if you wouldn't have you probably would have forgotten those 3 simple steps. and they were very simple. and yet, we all find even simple steps hard to recall after YEARS. Code: 1. Passphrase > brainwallet > uncompressed privkey to get even more security why not iterate this entire procedure 10 times? taking the output of step 3 as the input to step 1. surely that would be even MORE secure because what adversary would go through all of that? Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: LoyceV on May 28, 2024, 09:49:02 AM Now, seriously, were you doing an experiment (for fun) ? Kinda :)Quote Personally, if I used something like that, I would definitely keep the phrases in paper backups What's the fun in that? I wanted it to be more than a hypothetical "I remembered it". If I would have written it down, I would have looked at it and never known if I could recover it from memory alone.Another flaw in this whole thing is "inventing your own method". It is never a good idea specially when it comes to cryptography related stuff. There are a lot of things that could go wrong, from small bugs that could not be reproduced when trying to recover to serious bugs that could be categorized as security flaw. Yep, I agree :)The reason I did this, was because I wanted to add heavy encryption to a brainwallet, and at the same time avoid the brute-forcers who can attack all "standard" brainwallets at the same time. Now, there's WarpWallet for that. but in his case it's not because it is cryptographically weak. its because after a few years, you won't remember what the I did: I wrote down the steps, and that's not a weakness in the system. I've posted my steps here, it now serves as an additional backup of the steps I took, but doesn't help anyone to gain access to my coins.you could have just eliminated the bip38 part since the final step was just hashing some string to get the private key. anyone else finds any other string with the same hash they don't need to reproduce your bip38 step at all :o but i think your premise is you think your string is the only one that anyone could ever use to get that hash. it's an assumption. It's a very good assumption!You're saying anyone could use any different random number to gain access to your Bitcoin address. Duh :P There are about 296 valid private keys for each Bitcoin address. If anyone could find them, Bitcoin wouldn't exist. Quote to get even more security why not iterate this entire procedure 10 times? taking the output of step 3 as the input to step 1. If that would be necessary, they would have included 10 more rounds in the BIP38 protocol. Adding just one more character to the BIP38-passphrase adds much more "strength" than doing 10 rounds of encryption.Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: Quickseller on May 28, 2024, 10:23:38 AM I do remember the passphrases used. As an example (I did this online because it's only for testing):
I don't really see much value in knowing the details of the transaction if you don't know the private key, and the private key can lead you to information that will allow you to get the details of the transaction so you can create a new transaction to spend the coin. Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: larry_vw_1955 on May 28, 2024, 10:19:54 PM The reason I did this, was because I wanted to add heavy encryption to a brainwallet, what does that even mean though? i don't think you're really encrypting anything. encryption is typically encrypting a final output. your final output is a clear private key.Quote and at the same time avoid the brute-forcers who can attack all "standard" brainwallets at the same time. so why not use warpwallet then? its harder to brute force than your scheme. and now that you have published your scheme, so that the whole world can know, your bitcoin private key is more likely to be broken than someone using warpwallet.Now, there's WarpWallet for that. Quote I did: I wrote down the steps, and that's not a weakness in the system. I've posted my steps here, it now serves as an additional backup of the steps I took, but doesn't help anyone to gain access to my coins. it makes it more likely they will gain access to your coins than if you never published your "brainwallet algorithm". since according to you that's the only way they could come up with the same private key.Quote Quote to get even more security why not iterate this entire procedure 10 times? taking the output of step 3 as the input to step 1. If that would be necessary, they would have included 10 more rounds in the BIP38 protocol. Adding just one more character to the BIP38-passphrase adds much more "strength" than doing 10 rounds of encryption.Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: LoyceV on May 29, 2024, 07:35:08 AM Maybe I am missing something, but if you remember the passphrases used? Why couldn't you just use the passphrasees to generate the private key and address? You must have missed this part:my mind had added a character to my passphrase Now I can reproduce it again.Quote I don't really see much value in knowing the details of the transaction if you don't know the private key Without knowing the address, I had to search the list of all funded addresses each time to see if I had the correct one. It added a manual step to the checking process.The reason I did this, was because I wanted to add heavy encryption to a brainwallet, what does that even mean though? i don't think you're really encrypting anything. encryption is typically encrypting a final output. your final output is a clear private key.Quote so why not use warpwallet then? When I created this, I didn't know WarpWallet exists. And I'm not entirely sure I can trust it. I do trust BIP38 (for this reason (https://bitcointalk.org/index.php?topic=1014202.0)).Quote it makes it more likely they will gain access to your coins than if you never published your "brainwallet algorithm". since according to you that's the only way they could come up with the same private key. Good luck with that :PWhat you're suggesting is called security through obscurity: Quote from: security through obscurity Criticism I trust my passphrase to be difficult enough.Security by obscurity alone is discouraged and not recommended by standards bodies. The National Institute of Standards and Technology (NIST) in the United States recommends against this practice: "System security should not depend on the secrecy of the implementation or its components."[9] now those are some pretty big statements you made there which i'm not so sure i can agree with. for example, if adding one more character is more secure than doing 10 rounds of encryption then i don't know what to say. except maybe we disagree. :o If you don't understand that one random character added to the passphrase adds more "difficulty" than 10 rounds of the same encryption, I give up :PBut here's a hint: First wallet was cracked in under 3 hours. [pwd: BarT] Second wallet was cracked in under 10 hours. [pwd: grAce] Fourth wallet was cracked in under 2 days. [pwd: pxrmg] Third wallet was NOT CRACKED in two years. [pwd: zLwMiR] Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: larry_vw_1955 on May 30, 2024, 02:51:27 AM What you're suggesting is called security through obscurity: Quote I trust my passphrase to be difficult enough. i could say the same thing about my simple sha256 brainwallet. Quote If you don't understand that one random character added to the passphrase adds more "difficulty" than 10 rounds of the same encryption, I give up :P i imagine you're not talking about step 3 in your algorithm: Code: 3. Take this 6P encrypted key, add -1, use this as brainwallet and fund the compressed addy a bip 38 encrypted private key is already long enough. adding -1,-2 and so on was your idea of having some type of way to generate extra addresses in a sequential manner. it doesn't really do anything for security. so we're back to where we started which is the original passphrase. if it's long enough, its not feasible to hack no matter what brainwallet algorithm you use. i think you would probably agree with that statement. so the real issue is why we would need to invent a new rather obscure algorithm to do a brainwallet when we could achieve the same thing by just increasing the length of our passphrase Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: LoyceV on May 30, 2024, 07:06:37 AM so the real issue is why we would need to invent a new rather obscure algorithm to do a brainwallet when we could achieve the same thing by just increasing the length of our passphrase Every existing "classic" brainwallet is attacked by many people doing billions if not trillions of password hacking attempts per second. See Collection of 18.509 found and used Brainwallets (https://bitcointalk.org/index.php?topic=4768828.0). By adding BIP38 to the equation, suddenly an attacker would only be able to do a few attempts per second. It's not worth the electricity to even try.Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: larry_vw_1955 on May 31, 2024, 05:40:55 AM As an example (I did this online because it's only for testing):
Quote
Before you start funding an address like that, you should probably make sure whatever software you are using to generate that compressed address works with other software tools the same way. 1BsQ1rYAi2nNpnqpCLyQS4fkV4dEf3jegB would be the correct compressed address for a brainwallet corresponding to the passphrase "6PRKrgToVFyMzHL3qYa9Pq7e1ZugAiaYGYUxK2ccVaUoSeK9PYnqFti5Br-1". That's another issue with trying to use bip38 and brainwallets is that bip38 is pretty well DEPRECATED by now and not really recommended. It's a fact of life that not all Bip38 tools produce the same output. So you better stick with the software you originally used to encrypt which apparently is bitaddress. Quote Every existing "classic" brainwallet is attacked by many people doing billions if not trillions of password hacking attempts per second. i wouldnt say "every". maybe just the sha256 one. Quote See Collection of 18.509 found and used Brainwallets (https://bitcointalk.org/index.php?topic=4768828.0). By adding BIP38 to the equation, suddenly an attacker would only be able to do a few attempts per second. It's not worth the electricity to even try. so would making your sha256 brainwallet "unclassic" by making a few small modifications to how it worked like having a second passphrase (which your's has anyway)... Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: LoyceV on May 31, 2024, 06:02:00 AM Before you start funding an address like that, you should probably make sure whatever software you are using to generate that compressed address works with other software tools the same way. Before funding, I indeed reproduce my steps using different software.Quote 1BsQ1rYAi2nNpnqpCLyQS4fkV4dEf3jegB would be the correct compressed address for a brainwallet corresponding to the passphrase "6PRKrgToVFyMzHL3qYa9Pq7e1ZugAiaYGYUxK2ccVaUoSeK9PYnqFti5Br-1". You're right, I copied the addy from the previous step instead of the final step. There's another reason to verify everything twice, which I didn't do for this example. I've edited my post.Quote That's another issue with trying to use bip38 and brainwallets is that bip38 is pretty well DEPRECATED by now and not really recommended. Says who? It's a standard that's widely used, but just in case, I keep my own copies of the software. And so do many other people, I'm pretty sure someone would share it if I'd ask for it 20 years from now.I've actually thought about creating an archive site with all kinds of old Bitcoin-related software, but I didn't want to deal with potential copyright issues. Quote It's a fact of life that not all Bip38 tools produce the same output. That's what I thought, but I couldn't find evidence for it. This would indeed mess up my system.Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: apogio on May 31, 2024, 06:22:12 PM That's another issue with trying to use bip38 and brainwallets is that bip38 is pretty well DEPRECATED by now and not really recommended. It's a fact of life that not all Bip38 tools produce the same output. So you better stick with the software you originally used to encrypt which apparently is bitaddress. That's what I thought, but I couldn't find evidence for it. This would indeed mess up my system. Any info about it? Sounds like an intriguing case-study. Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: Cricktor on June 01, 2024, 07:20:19 AM It's a fact of life that not all Bip38 tools produce the same output. I'd like to see proof for this claim! Which commonly used tools or wallets have a flawed BIP38 implementation? Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: LoyceV on June 01, 2024, 07:56:51 AM Which commonly used tools or wallets have a flawed BIP38 implementation? I've used Mycelium to decrypt BIP38 in the past, but I've only used BitAddress (and the (now phishing) site that's based on it) to create them. It makes sense BIP38 was mostly used for paper wallets, which would explain why other wallets don't create them.Not that it matters much for me, BitAddress is widely used and that's what I'll use in the future to decrypt this. I've already tested 2 different BitAddress versions, both produce the same. Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: Pmalek on June 01, 2024, 08:24:05 AM I'd like to see proof for this claim! Which commonly used tools or wallets have a flawed BIP38 implementation? If they are using the same standard in the exact same way, the results have to be identical. If you have input 1 that is being encrypted with said standard, it has to spit out result 1. If you are getting results 2 and 3 as well, there is some deviation somewhere. A flawed tool or wallet would produce different results. But that's not a problem with the implementation, but rather the scheme that buggy software is using.Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: nomachine on June 01, 2024, 10:07:48 AM It must be the same result. If it is used:
Code: prefactor = hexstrlify(scrypt.hash(password, salt, 16384, 8, 8, 32)) Maybe there are different tools that have different prefixes. (nothing else can cause confusion) Code: Range in base58check encoding for non-EC-multiplied keys without compression (prefix 6PR): I have my own tool that only encode/decode EC-multiplied keys (prefix 6Pn). Code: import scrypt result form KEY.txt Private key (wif) Compressed : KxSomWg95w2qRi5S3cuC5FPcQdXiWhHRaWpZZcLkXgvE1UAyhfZq Private key (wif) Uncompressed: 5J6Pq9Y56ecm3szePoCNYKfevqc44ZEh1Lu1afpXFf3YVh13Ccb Bitcoin address Compressed: 15aAb6P6ysSAR3SEtit6MWWgNPXZgn5YFj Bitcoin address Uncompressed: 13XDLESCf3UDBLjGoSEdLH9ksHNuYAybPR bip38 is pretty well DEPRECATED by now and not really recommended. The tools, for example, in python, are outdated. But that doesn't stop me from updating them myself. BIP38 is unhackable. I barely manage to encode/decode 100 per second with all possible accelerations around. The scrypt function is slow by design. It can NOT be accelerated. The parameters that include N=16384, r=8, and p=8. The N parameter defines the CPU/memory cost, and larger values like that make the function more memory-intensive. This is a deliberate design choice to prevent attackers from using specialized hardware, like GPUs or ASICs, which might have less memory available per processing unit. Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: larry_vw_1955 on June 02, 2024, 12:04:14 AM It's a fact of life that not all Bip38 tools produce the same output. I'd like to see proof for this claim! Which commonly used tools or wallets have a flawed BIP38 implementation? none that i know of that are commonly used tools such as bitaddress. but there's this piece of bip38 python software that only implements EC non-multiply mode. It is completely unaware of the multiply mode. So when it comes across encrypted private keys of that type, it decodes them but incorrectly. I woudn't call it a bug, I would call it more like being an incomplete implementation of bip38. but that could certainly lead to confusion. i can't really say the name of the software but it's definitely not commonly used. it's just something someone wrote but didn't really complete it, i guess. i just happened to come across it and i became aware of that bug when i tried testing it out on some EC multiply test addresses. if this particular software developer made that mistake though, it's possible someone else might too if they are just a hobbyist programmer so it's something to lookout for... :o even software like bitaddress for bip38 it is not a complete implementation. it can decode EC multiply but I think it uses the non-multiply mode to encode. but i guess it is ok. Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: mamuu on June 02, 2024, 10:29:18 PM TL;DR Years ago, I sent some Bitcoin to an address without any physical backup, to see if I could find it back years later. Now, I can't find them back. Lol. Long version I combined a brainwallet with BIP38 encryption to make it very hard to crack. A bit like this proposal (https://bitcointalk.org/index.php?topic=1719563.0), but my own version. I kept notes of what I did: Code: 1. Passphrase > brainwallet > uncompressed privkey I remember the amount on 2 addresses used to fund it. I don't remember the transaction fee. I don't remember the year I did all this. I guess it was somewhere between 2017 and 2020. I'm pretty sure all addresses involved were legacy. Blockchair's transaction search (https://blockchair.com/bitcoin/transactions#) gives thousands of potential transactions. I can narrow it down to less than a thousand by making some assumptions. I can't select all search options I'd need for a lower number of transactions. I do remember the passphrases used. I won't say I'm 100% certain, so let's say I'm 99% certain those are correct. That makes it likely there's something in my method that I can't reproduce. I am 100% certain nobody brute-forced my private key. The passphrase was too long for heavy BIP38 encryption, and the setup was too complicated (so automated searches (which are used to attack all regular brainwallets at once) can't be used. Questions Why did I do step 1 and 2? That could have been done in one step, unless I'm missing something now. Does BIP38 encryption always produce the same encrypted key, or could the same privkey and passphrase produce a different encrypted string if I use different software? I probably used bitaddress.org or the other (now scamming) paper wallet site from back in those days. The annoying part: to try anything, takes me several manual actions on an air-gapped system. I can't quickly test a lot of options. How much? I wasn't dumb enough to use a large amount, but I'd still like to find it back. I won't lose sleep over the amount, but I already know if I can't recover it, it's going to torment me for years. I rarely lose data, and I don't like it. No spam Self-moderated to prevent spam. Discussion is of course allowed. I already know I was stupid, but feel free to rub it in :P Telling me "I told you so" is allowed too :P Hello. Can you simulate the process step by step? For example. let's say you chose brainwallet Passphrase ‘mamu’ in the first step. can you write each step and share the result of each step? I need to understand the process you are doing, then I can write suggestions for you. Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: larry_vw_1955 on June 03, 2024, 04:41:55 AM Hello. Can you simulate the process step by step? he already did in post 11: https://bitcointalk.org/index.php?topic=5497667.msg64125626#msg64125626 Title: Re: I REGAINED access to Bitcoins in my made-up brainwallet! Post by: LoyceV on June 03, 2024, 05:46:18 AM can you write each step and share the result of each step? See this post (https://bitcointalk.org/index.php?topic=5497667.msg64125626#msg64125626). Reading the topic before responding helps. Also, there's no need for long quotes.Quote I need to understand the process you are doing, then I can write suggestions for you. Why? Even the topic title shows I regained access. |