Bitcoin Forum

Hey,

I'd like to figure out how fast BIP38 paper wallets could get cracked in case someone gets to them physically and tries to guess the password.

I created three BIP38 encrypted paper wallets with easy to crack passwords. Only small and capital English letters are used (from "a" to "Z", no numbers, no special characters). Say thanks when you get the money : )

I'll update this post with results when all three wallets are redeemed.

Happy cracking!


****************************   FIRST   **************************

Bitcoin Address:
1Pnc9qRUEhPJd4XrKhFRxkSSs2h6XA7ZUR

Encrypted Private Key:
6PfLsoUAbQ4uKuCtAkzer1KH1Rcaw5WMEmShwA6Q9GtwhbiHfaHP6mqqfT

Password: 4-character American name

Prize: 0.01 BTC

****************************   SECOND   **************************

Bitcoin Address:
19kuXV8cBfQMrLXzPNFsvPHxvTZgrfN1pd

Encrypted Private Key:
6PfPLSVx133khpGT7qrEeBWrxxuaQXNpkrBxCfUB92vg93iSj1Mj1Ce49M

Password: 5-letter word

Prize: 0.05 BTC

****************************   THIRD   **************************

Bitcoin Address:
1J5cjne6YVkgRTMTjqnaJVk1CWEEr3CcdX

Encrypted Private Key:
6PfRB98F9vZLhSpqY5URas5vYUU3qYQrpkJFTLuCg1FvDni6LwT3qAirkp

Password: 6 random characters

Prize: 1.0 BTC

*****************************************************************




EDIT:
Third wallet now has 0.5 BTC prize.

And I added one extra wallet:

****************************   FOURTH   **************************

Bitcoin Address:
15p4qtmfRyTHfPYFRmhGYVGhP9FEZYrFsu

Encrypted Private Key:
6PfTCyR1k5FDHwFXm9Uch5aTGXLQQDtzbQt3sKxmN8i2HppJecyoHbzb9i

Password: 5 random characters (small English letters only (a-z))

Prize: 0.2 BTC

*****************************************************************


EDIT 2:
3rd wallet now has 1.0BTC total.
I'll keep the experiment going for another year.


EDIT3:
After 2 years I have decided to stop the experiment.
The password for third wallet was "zLwMiR".


RESULTS:
First wallet was cracked in under 3 hours. [pwd: BarT]
Second wallet was cracked in under 10 hours. [pwd: grAce]
Fourth wallet was cracked in under 2 days. [pwd: pxrmg]
Third wallet was NOT CRACKED in two years. [pwd: zLwMiR]

Good luck everyone:

I'll just leave this here:  http://www.babynames1000.com/four-letter/

I stopped here:

https://github.com/lian/bitcoin-ruby/blob/master/lib/bitcoin/key.rb#L207

Throws me an invalid version exception... Was my first try to crack something, didnt work out ^^

I'll bite, bored at work a little bit. I am as we speak generating word lists for the 4 Character key, lets see how long it takes to even generate all the keys (16 Core Machine). I haven't setup an automated way to Decrypt the key with my word-list yet, so I might just donate the list with the key when it finishes being generated.

Started Generating the word list at 10:45 am

Edit: Added timestamp

From what I understand about BIP38, it uses salsa/scrypt for its encryption algorithm among other things. It takes insanely more powerful hardware to brute force then many other password algo's because it takes such a long time w/ each iteration.
Someone ran a test on it in reddit once ... ah ... here, are the results:
http://www.reddit.com/r/Bitcoin/comments/2yx99h/my_4_character_bip38_cracking_challenge_has_been/
4 char, w/ hints took a year to crack!

But it was with all unicode characters... Here there are 4 characters, only a-Z, so it should work out much faster... as far as I know..

Can this: https://github.com/cscott/bip38-cracker be reupurposed for this challenge?

I also tried it, but couldn't compile it in the end...

Trying to compile, I'll see what I can come up with... Errors out with this: configure.ac:89: warning: macro 'AM_PATH_GLIB_2_0' not found in library

i am still trying to crack that key but after a hour still nothing seems much to crack only luck needed to do that.

Can you give some hint like first and last letter from those four ? It would be appreciated and will make my work more easy. There are thousand of combination from these 4 letters which is impossible to crack.

First one already done and I can't even compile any cracker, lol...

I guess you are already too late : )

This is a neat idea.. Tempted to put up the .5 BTC I encrypted on a paper wallet and loss the pass...

I am 100% certian the pass is +30 chars.. sooooooooooooooooooooooo ya... lmao.

Can you tell us what was/is the first pass?


this is the tx of the winner: https://blockchain.info/it/tx/7707d4cb6d4dd9b8f30f3308f73fa6c1342aa3344ae3b614e1081f80d0d1f274

First password is "BarT".

can you tell me the second password ;) just kidding anyway good luck who crack first one

congrats to first person who crack that one, any guess for second key would like to crack it and trying to solve that math puzzle.

Second password is a standard 5-letter English word. It should be in any English dictionary.

bitcoin ... oh wait... =P

Well, no luck trying some random shots, neither compiling anything to bruteforce this... I'll quit for now and I bet when I come here later today there will be no more funds, lol

Trying the second one with all 5-letter english words right now... All lowercase, I hope there's no uppercase letters :)

EDIT: Found it! The password was 'grAce'. and DAMMIT someone beat me by ~2 hours :(

EDIT2: And I'm not even going to try the 3rd one. I can try ~20 passwords per second with my current setup, and I've calculated cracking it will take ~30 years...

Thanks for the fun challenge! :)

Wow... 2 out of 3 already cracked... good job guys! Yes, password for second one is "grAce".

I guess third one is going to be a little harder to crack : )

Interesting challenges.

I guess it is almost impossible to crack the third one. I did some searches and math:

First wallet: About 800 4-letter names x lower/upper cases => 12k to 13k

Second wallet: About 9000 5 letter words x lower/upper cases => 250k to 300k

Third wallet: Exactly 52^6 = 19,770,609,664

The fastest cracker we have, Dirbaio, can do 20 tries/second. He will take about about 31.34 years to find! No one will commit this much energy and time to crack the wallet with only 0.1BTC, and therefore the puzzle will not be solved... unless minimalB is going to provide some hints.

omg what a long time will take 31.34 years to crack with your maths calculation but i think if someone have luck then can be cracked in 31.34 seconds. ;)

LOL! Very true! If you are lucky, you can generate a random address (with private key) and it may be the richest address!

i think luck is most important factor to get free bitcoins from cracking private key, but sometime skill works in that kind of matter.

Very much so.  You can get the key on the first try or on the last.

Wow 6 chars is that strong eh.. dang..

What tool did you use? Any good tutorials around?

i also would like to know about that if any thread or tutorials available to know how to crack that pib38, i got pib38 cracker but it's not working for me, any other good software for that?

OK, lets spice things up a little bit.

Third wallet (with 6 random characters from a-Z) now has 0.5 BTC prize.

And I added the Fourth one with 5 random characters using only lower case letters from "a" to "z".

****************************   FOURTH   **************************

Bitcoin Address:
15p4qtmfRyTHfPYFRmhGYVGhP9FEZYrFsu

Encrypted Private Key:
6PfTCyR1k5FDHwFXm9Uch5aTGXLQQDtzbQt3sKxmN8i2HppJecyoHbzb9i

Password: 5 random characters (small English letters only (a-z))

Prize: 0.2 BTC

*****************************************************************

I will add the forth wallet to OP also.

That sounds more affordable than the 6-char one ;)
Will give it a try now.


I used this one: https://github.com/notespace/bip38-cracker
It's quite broken though, I had to fix it. I'll try to clean it up and post it to my github soon. Here's a quick summary of what has to be fixed:

- picocoin submodule broken -> point it to https://github.com/jgarzik/picocoin
- Fix build scripts
- (This one drove me nuts) EC point conversion is broken, it should convert the passpoint as compressed and the pubkey as uncompressed, it was doing both compressed. I made a quick ugly hack in picocoin to workaround this.

Seems like you have quite a bit of processing power. Congratulations, what was the pass on this one?

I would like to get in on this too.
I just have no idea on how to do the cracking.

But it would be cool to learn ;P

Code here -> https://github.com/Dirbaio/bip38-cracker
I've put installation instructions in the readme. Tested with Ubuntu 14.10.

Actually there was this other repo that was linked earlier ( https://github.com/cscott/bip38-cracker ) that is quite faster, probably because it uses scrypt-jane. I fixed it up to read the passwords from stdin so I can either crack from a wordlist or a generated list. Stuff's explained in the README.

It took ~20 hours on three n1-highcpu-16 machines on Google Compute. Each one did ~50 passwords per second, 150 total.
It cost around $38 overall.

So yes, cracking 5-char passwords is definitely feasible for relatively cheap. Would be way cheaper if I had used my own hardware.

The password? The cracker sent me the coins and then I destroyed the instances without writing down the password, silly me. Sorry! :(

Well... you seem to have a lot horsepower :P Quite a bit more than my modest 4 cores.

I'm using this https://github.com/cculianu/brute38 as it's easier to setup the wordlist, allows stopping and resuming and it allows to split the work for several computers. I don't know if the tool you linked is capable of the last two.

Meanwhile, I tested your tool. It has about the same performance as the tool I'm currently using on my devices (about 1 password/second/per core). It would be pretty cool to measure both tools face to face, but the differences in hardware are just too big :)

PS: the tool I linked is also outdated. If you need updated files and help setting up, feel free to send me a PM.

Can you make a github fork like how Dirbaio did?

@Dirbaio: Congrats!

I hope there are hackers out there going after the last one... I am really curious how long will it take...

Wow, congratulations! Lots of computing power is required! Are you trying the 6 random letter challenge?
I guess if OP not giving further hint, it will not be cracked in many years.

Can anyone here teach me a bit about this BIP38 cracking?
I want to learn a bit about it :)

Is there anyone working on last remaining private key or did you give up?

The wallet still has 0.5BTC, I would surely think there is incentive to crack it.   :)

Okay, total Newbie question coming.... ready for it?... wait, wait, wait.... before i ask and ridicule myself, let me at least state that I had absolutely Zero knowledge of anything more difficult than very basic html until I started school recently for programming, so with that being said...

Where the hell do you go to even find the wallets so you can crack them?

That's what I don't get about offline wallets.... I get taking the btc offline for storage; I get sweeping/importing it back online.... but where is the hub, the port, the dock, the space station?!?!?!?

See, total Newb question...

People can't crack a 5 char pass and they thing they'll get into my 25+ char pass..  Funny.

This is a sweet idea non the less.. tempted to add a little more BTC to inspire more people.

I don't get the question of where is the port/hub/dock...?  What do you mean?

He created a wallet, I assume via bitaddress.org and encrypted it. 

One year went by and 3rd wallet is still loaded with bitcoin : )

I decided to keep this experiment going for another year. I've also added extra 0.5BTC and updated the OP.

In case this wallet is not cracked in a year, I'll take back 1BTC and publish the password.

Happy cracking!

Here is a small password hint: If you divide the number of UPPERCASE letters by the number of lowercase letters you get an integer.

This should give you a nice 35% speed boost!

At this rate it would take up to 4 years to crack the Third password. At $38 for 20 hours it's clearly not worth it.

So that means:
0 UP 6 low: 0/6=0: integer
1 UP 5 low: 1/5: nope
2 UP 4 low: 2/4: nope
3 UP 3 low: 3/3=1: integer
4 UP 2 low: 4/2=2: integer
5 UP 1 low: 5/1=5: integer

Wow !! Dude good for you !! Well done !

Thanks OP for doing this its great !

Lol? He already did that 1 year ago and this challenge isnt done yet. Theres still 1 wallet ( third wallet) which still didnt got cracked. Damn, i hope i know whats password in third wallet since the prize is high.

I am also surprised that 3rd wallet is still uncracked. I've got several PMs with "thanks for the money, man!" stating that they will cracked it in a week or two : )
Looks like they miscalculated something...

Anyways... with rising prices and another 10 months to go (2 years total) there is still plenty of time to crack it. Also my hint reduces the time for a brute force attack quite a lot (about 35%).

Your pass in 3rd seems very difficult to cracked, lol. Altough you already gave more hint (35%) , im still no have any idea about the pass.

I didn't read all posts in this thread, but I suggest that you use hashcat (https://github.com/hashcat/hashcat), it is the fastest and most developed open source tool for brute-forcing, you can download binaries and read more about it here (http://), The great thing about hashcat is that you can set a cluster (brute forcing pool) of many rigs that have multiple GPUs to crack one password... I've used this software to crack Nokia SL3 Locks and this is the way how I've got into bitcoin in the first place (bought miners from a miner who was selling miners after the first halving).

Sadly, since the amount is only 1 BTC it is not worth my time to try to crack it, maybe in the future when a bitcoin is so valuable that it would justify wasting hash power on it.

Edit: OK you don't have a wallet.dat but you have an encrypted private key so I am not sure about hashcat, it was a couple of years since last time I've used it for Bitcoin so you need to verify this info.

Interesting challenge. So I am assuming I am real safe since my password to all of my desktop wallets is the same , 2 words linked together who make sense only to me plus a few numbers who make sense only to me and some special characters who I always use :) . 13 letters password, upper and lower case plus special character should take 331 years to crack since one 6 random character password needs 31.34 year to get cracked.

Humans are horrible when it comes to randomness thus are horrible with generating a safe and random password (if it make sense to you than it could be guessed), not to mention that if you use the same password multiple times for multiple things the risk of being "hacked" becomes really high, it would just take a key-logger or some site/service being hacked (assuming the hacker gets the hashing/salting keys) and they can have access to every place that has the same password.

Usually hackers do hack for the reason of:
   - There is a justified financial gain.
   - To send a statement.
   - Just prove it can be done.
   - Show off their skills (mostly young hackers).

Just try to do the best security practices, even then you are not 100% safe.

Timelord2067!
1234567890123

Coincidence? I think not...  :-*

I can very easily create a very random password: r7z3gfJ$g)lf*?~3'
I just press the keyboard a few times without looking, to make it more random I used my left hand on my right hand's position too. No way anybody could guess this with a dictionary attack.
But once I create a decent password like this, I can't remember it. And if I can, I will for sure forget it if I don't use it every day.

I'm also "struggling" with the idea how to securely store Bitcoins. Even a hardware wallet ultimately comes down to storing a backup passphrase on a piece of paper. And that piece of paper can be stolen.

Bitcoin Brain Wallets are a special case, you don't need access to any files to be able to brute force it, and you can search for all wallets at the same time. Can you believe the brain wallet thequickbrownfoxjumpedoverthelazydog has received 106 BTC in total?

Thenextweb.com (http://thenextweb.com/shareables/2016/02/10/its-hard-to-decide-which-of-these-cracked-bitcoin-wallet-passwords-is-the-most-stupid/#gref) shows some of the brain wallets found by researchers:
I show these Just to show adding a few numbers to words is not enough to stop a brute force attack.

When I said humans are horrible at generating random passwords, I've already took in considerations the definition of a password, which is a string that grant you access and which you suppose to be the only one (and the trusted second party and maybe a third party) to know.

No one asked you if you can generate a random string (even then, there is a question about your ability to generate great randomness) btw, hardware wallets are maybe the safest thing we have for now, and of course there is nothing 100% secure/safe, when you break things down there is always a point of failure, but your job is to make the possibility of that happening as low as possible. BTW, I wouldn't recommend brain wallet for anyone.

For a hardware wallet, you can write half of the words on one paper the other half on another paper and just keep them separated.

Hints is not enough to find the password.It would very hard to find the password.I divided the number of UPPERCASE letters by the number of lowercase letters I got some numbers.I think password will be  UPPERCASE letters and lowercase letters with integers.Well I will try.

You honestly have no idea what this thread is about, and how the puzzle works. Youre just posting for money.

OP's saying that the amount of uppercase letters will be an integer * lowercase letter. That rules out 2 of 6 possibilities. It's a great help.

Here's a newbie question from yours truly -
Since ASICs are built for cryptography, would it be faster to crack the password with an ASIC (Because I can expect that the main thing that's taking this so long is the BIP38 encryption standard). Or are ASICs only built for hashing?

P.S. I also have a sweet $400 AWS credit. Should I use it on this? Don't know how to crack :-/

Yes you are right he might be misunderstand OP.He really give a nice hint.here should be possibility of password:
5 Uppercase  and 1 lowercase,
4 Uppercase  and 2 lowercase,
3 Uppercase  and 3 lowercase,
0 Uppercase  and 6 lowercase
Interesting but Dont have idea how crack down. ;D

You mean : Within 31.34 years the password will be cracked.

For example if the password is : aaaaab             2 tries to solve.
                                             kjxusl              12,640,320 tries to solve.
                                             ZZZZZZ           19,770,609,664 tries to solve.

It works like this if you use normal Brute-force dictionaries.

But, if you use Rainbow Tables (https://en.wikipedia.org/wiki/Rainbow_table), it may take less (If they work with AES-256 because I can't find one yet).

Note: a 6-letter word (a-Z) dictionary will be : ( 52 ˆ 6 )  ×  8  =  158,164,877,312 Bytes

        52 : the number of possible characters.
        6 : word length
        8 : the size each word will take in bytes, 6 bytes for the 6 letters and 2 bytes for CR (Carriage Return) and LF (Line Feed)

About 147.31GB in Table.

Also, you can split your table, or generate a part of it, then us it to brute-force, then generate another part...

And also, you can use multiple computers with different tables to brute-force.
So, if a computer (probably a VPS) is solving 10 Passwords/Sec. You can use 10 computers with 100 Passwords / Sec.
It will only take : 19,770,609,644 / 100 Passwords / 60 Secs / 60 Mins / 24 Hours / 365.24 Days =
6 Years 3 Months 5 Days 12 Hours 16 Minutes 24 Seconds 54,864.36 microseconds

Not that much time, right?

Nope, just 7 more months to go : )

I take it people are using an actual program for this project?

I tried to put six random digits into https://www.bitaddress.org/ and got the message:


Was also wondering if its just six upper and or lower case letters?  Are there any digits and or characters?  And any non standard symbols? eg umlauts or similar?  Cyrillic/Arabic/Asian ?

That would be true for brainwallet. The challenge is not brainwallet based, it is BIP38 encrypted paper wallet. 6-character brainwallet would be brute forced in few seconds.


Please read the first post for all the password related details.

He give a hint divide the number of UPPERCASE letters by the number of lowercase letters you get an integer.so you can try with integer.someone mentioned how many integer have this password create a table of password with the hint.I wish you could find the password.I dont have much knowledge how to crack.

With the current difficulty and rewards, how much entropy is necessary to make cracking a wallet for 1BTC as rewarding as mining LiteCoin, Etherium or DOGE (they all use scrypt, or do they?)?
 On a slightly unrelated topic, how does scrypt differ from scrypt-jane and how do they differ from my scheme in:
https://bitcointalk.org/index.php?topic=1638955.msg16988889#msg16988889 (https://bitcointalk.org/index.php?topic=1638955.msg16988889#msg16988889)

The password should have more than that, but this is a good benchmark.

After 2 years I've decided to stop the experiment.
The password to unlock 3rd wallet with 1BTC prize was "zLwMiR".

I'd like to thank everyone for  participating in this challenge.
I'd also like to thank BIP38 developers for creating a truly great PW system!

Thanks for the challenge! I did some guessing and the left hand side characters "qwaszx" were used as the first character... Unfortunately I started with CAP for these and have not even completed... This prove that even with hints, it might still take too long (too much cost) to crack a BIP38 encrypted address.

Hi, can anyone help me to find private keys using correct password?  Actually i tried these passwords on  https://brainwalletx.github.io  but it does not display correct btc address. For example: if i input grAce for secound wallet , the output btc address is shown different. Why?  
I checked in both compressed and uncompressed, output is not matching these btc addresses.


I have many unused passwords with some balances but i face similar issue with them!

Can anyone help where i have to put these passwords in order to see correct wallet and private keys?

"Wallet Details" tab at https://bitaddress.org should do the trick : )