|
Title: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 29, 2018, 08:32:57 AM Hi,
As been discussed many times before using a Brainwallet is a bad idea. I ran some test myself and found 18.509 BTC-addresses based on a brainwallet which also has been used in the blockchain before. I tried to compare my results with the results of other researchers but could not find any lists online at all. I found some examples but not a comprehensive list. So I published my own results over here: https://eli5.eu/brainwallet Please note: all published addresses have a balance of 0 so this is not a list for robbers :). There are also a lot of extra datasets I haven't used this far so I expect the numbers to go up once I use them as well (I'm in the middle of perfecting my own tooling and blockchain parser so this will take some more time first). I love to get some feedback and if you have results to share which I missed in this round I'm more than happy to hear from you and include them. TA Title: Re: Collection of 18.509 found and used Brainwallets Post by: keychainX on July 29, 2018, 09:22:20 AM Which dictionary did you use?
One word or multi word attack? Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 29, 2018, 10:12:18 AM I mainly used single words from dictionaries and used passwords from published password dumps.
Title: Re: Collection of 18.509 found and used Brainwallets Post by: keychainX on July 29, 2018, 10:20:21 AM Did you use block parser to create the list?
Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 29, 2018, 10:32:09 AM No, I used my own parser but since it wasn;t/isn't finished yet I got the transactions and balance from using the Blockchain API.
The steps involved for creating such a list:
That's about it. Title: Re: Collection of 18.509 found and used Brainwallets Post by: HeRetiK on July 29, 2018, 10:40:12 AM Oh wow... more than 18k BTC addresses having used single word passphrases is pretty bad. At least most of them don't seem to have been used since 2013.
Did you look into Brainflayer [1] or did you feel more comfortable using a custom made solution? [1] https://github.com/ryancdotorg/brainflayer Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 29, 2018, 11:18:05 AM I did look into Brainflayer and also used it in the process. But you got to keep in mind Brainflayer is not a standalone solution. It depends on creating a Bloom filter based upon all addresses used in the BTC-Blokchain. So you first need to come up with such a list: this is where I used my own parser to create the list. In 2015 when Brainflayer was released there were about 80 Million unique addresses on the blockchain which lead to a lot less false positives than when used on the 400 Million plus unique addresses currently in use. And finally Brainflayer just reports if a match was found it doesn't do any looking into transactions or balances used.
So what I did was make use of Brainflayer to do a very fast scan using a Bloomfilter and I processed the results from there within my own tooling to filter out false positives, duplicates and add extra information on transactions and balances. Title: Re: Collection of 18.509 found and used Brainwallets Post by: philipma1957 on July 29, 2018, 11:39:37 AM most of the ones you found have a 0.00005460 deposit and withdrawal
ie 2 transactions. so I would adjust the 18,509 down to under 2,000 as it is obvious those addresses where designed and used to receive then send 0.00005460 0.0000546 seems to start at 899 and end at 18036 that is more then 17,000 where security was basically an " I don't care do you? " plan. But it does interest me that the first 899 on the list were not like that and used often. Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 29, 2018, 01:20:03 PM I personally believe most of the ones with a 0.00005460 deposit and withdrawal are in there because of some experiment in the past where simple dictionary words were used to see how long it would take for an attacker to grab the funds. I do agree with you the ones with the most transactions are the ones most interesting that's why I sorted the list by number of transactions. I still think the other ones are interesting as well when trying to compose a list of brainwallets which have been used in the past.
Title: Re: Collection of 18.509 found and used Brainwallets Post by: keychainX on July 29, 2018, 01:47:33 PM What is the biggest transaction on those? Anyone above 10BTC?
Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 29, 2018, 03:36:29 PM Biggest is over 500 BTC. As stated on the site (https://eli5.eu/brainwallet/detail/14NWDXkQwcGN1Pd9fboL8npVynD5SfyJAE.html):
General Information The passhrase below was used as a Brainwallet to generate the given address. BTC Address: 14NWDXkQwcGN1Pd9fboL8npVynD5SfyJAE Used passphrase: bitcoin is awesome Total transactions: 19 Amount received: 501.06500863 BTC Amount spent: 501.06500863 BTC Proof You can check the private key is indeed known by verifying the following signed message when running your own node: Code: bitcoin-cli verifymessage "14NWDXkQwcGN1Pd9fboL8npVynD5SfyJAE" "HBi3IJsPku4lbbxJo3KAbghdPUKkpcCkg0E6VqHBDLGoEXvzdcUqI3MLA1bvoe4IcTcB5V4IL+l5XB7YLIchg7E=" "By using a weak brainwallet the private key for address 14NWDXkQwcGN1Pd9fboL8npVynD5SfyJAE has been compromised." Title: Re: Collection of 18.509 found and used Brainwallets Post by: keychainX on July 29, 2018, 04:25:09 PM Cool, thanks! ;)
Title: Re: Collection of 18.509 found and used Brainwallets Post by: o_e_l_e_o on July 29, 2018, 07:38:57 PM Very interesting data, and proof that we are inherently awful at privacy. I think my personal favorite is number 72, "how much wood could a woodchuck chuck if a woodchuck could chuck wood", which has held over 500 BTC.
You've missed a decimal point at entry 266 - it currently says it has held over 2 billion BTC. :D Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 29, 2018, 08:47:46 PM Thanks for pointing out the 2 Billion mistake! I will look into it tomorrow.
Title: Re: Collection of 18.509 found and used Brainwallets Post by: f3tus on July 30, 2018, 07:17:33 AM This thread might be of interest to you: https://bitcointalk.org/index.php?topic=2488493.0
And I did something similar with Ethereum (only used some ~10,000 most common passwords): https://bitcointalk.org/index.php?topic=2488493.msg42291616#msg42291616 Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 30, 2018, 10:14:55 AM Thanks for pointing out those posts. I was aware of the first one (from Pastebin) but haven't yet made my own dataset with the kind of data decscribed in there like BTC-addresses, transaction-id's, merkleroots, etc.
I will read up on your post about Ethereum brainwallets. I'm focussing on BTC for now but it's always nice to read about other experiences! Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 30, 2018, 10:41:47 AM Very interesting data, and proof that we are inherently awful at privacy. I think my personal favorite is number 72, "how much wood could a woodchuck chuck if a woodchuck could chuck wood", which has held over 500 BTC. You've missed a decimal point at entry 266 - it currently says it has held over 2 billion BTC. :D Fixed some nasty bugs which caused some addresses to stay blank on the overview-pages and fixed some wrong amounts_in and amounts_out which were not properly converted in some cases. I also added another 60 new entries to the list based on a small sweep I just completed so the list currently contains 18.569 entries. Finally: I'm always interested in new datasets to try and/or results from other people who conducted this kind of Research. I aim to let this list grow to the best source for compromised brainwallets. Title: Re: Collection of 18.509 found and used Brainwallets Post by: Evil-Knievel on July 30, 2018, 10:50:08 AM As been discussed many times before using a Brainwallet is a bad idea. I disagree, I have never lost anything from a brain wallet but I have lost quite a few coins from failing hardware wallets and dying hard drives. Title: Re: Collection of 18.509 found and used Brainwallets Post by: amaclin1 on July 30, 2018, 10:54:30 AM Is there there a list of addresses in plain text?
I want to compare your list with mine :) Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 30, 2018, 10:59:35 AM As been discussed many times before using a Brainwallet is a bad idea. I disagree, I have never lost anything from a brain wallet but I have lost quite a few coins from failing hardware wallets and dying hard drives. Title: Re: Collection of 18.509 found and used Brainwallets Post by: o_e_l_e_o on July 30, 2018, 11:07:02 AM Let's just hope you want suffer from a dying brain instead of a dying hard drive! :) The human brain is a very fragile thing. There are literally hundreds of completely unpredictable accidents and illnesses that can leave you with profound memory loss. Relying solely on your memory is a bad idea. Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 30, 2018, 11:18:48 AM Is there there a list of addresses in plain text? There isn't one yet but I could build it easily. So you are looking for a text file containing 1 BTC address on each line?I want to compare your list with mine :) Title: Re: Collection of 18.509 found and used Brainwallets Post by: amaclin1 on July 30, 2018, 11:24:29 AM There isn't one yet but I could build it easily. So you are looking for a text file containing 1 BTC address on each line? Any format you prefer :)I am too lazy to copy-paste 38 pages from https://eli5.eu/brainwallet/ ;D Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 30, 2018, 11:30:47 AM I am too lazy to copy-paste 38 pages from https://eli5.eu/brainwallet/ ;D Grab them from this text-file then: https://eli5.eu/brainwallet/btc_brainwallet_v18569.txt Would be nice if you could share the ones I miss! Title: Re: Collection of 18.509 found and used Brainwallets Post by: Thirdspace on July 30, 2018, 01:26:45 PM have you checked whether any of them have BCH or BTG balance? :D
or are they old used addresses with no chance of having balance on recent forks? can you sort the list by the latest date of transaction? might give more insight Title: Re: Collection of 18.509 found and used Brainwallets Post by: HeRetiK on July 30, 2018, 01:46:46 PM have you checked whether any of them have BCH or BTG balance? :D or are they old used addresses with no chance of having balance on recent forks? can you sort the list by the latest date of transaction? might give more insight Good thinking! All of these brainwallets seem to have been cleared up a long time ago though, presumably there are multiple people running regular scans on the most common brainwallet addresses as described by OP. At least that was the state of 2015 when Brainflayer was first introduced at Def Con 23. I'd also love to see a feature for listing the addresses by the latest transaction date though. Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 30, 2018, 03:03:39 PM Forum member amaclin1 did a check and came up with 200 addresses/brainwallets he had which were missing from my list. I just added them to m database and updated the site. My own software indicated two of the entries as a duplicate so the total list now contains 18.767 entries. Thanks for helping/sharing!
To comment on the other request by adding the latest transaction date: This is something I currently do not have present in my database. I will mark is as a future request since I first have to complete/update my own blockchain parser for this. But as mentioned by HeRetiK all of the addresses were emptied a long time ago so way before any fork afaik. Title: Re: Collection of 18.509 found and used Brainwallets Post by: rpstatic on July 30, 2018, 05:31:18 PM Did you also find wallets with any balance on it? Would be interesting if people still use them.
Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on July 30, 2018, 07:27:29 PM Did you also find wallets with any balance on it? Would be interesting if people still use them. No I didn't. It seemed to be a lucrative business once so I can imagine lots of time and computing power has been consumed to find private keys for addresses with non zero balances in the past.Furthermore: I'm just interested in finding as much brainwallets as possible which have been used in the past. I'm not interested in stealing funds which aren't mine. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on September 26, 2018, 04:33:25 AM Bumping this thread as I am also doing something similar, and plan to publish my results to increase awareness of the risk of using sha256 brainwallets.
Like the OP, I'm interested in this only for research purposes, so I scanned all known addresses rather than just cherry picking those with a balance. I'm using brainflayer, but as previously noted, the large number of addresses in the blockchain as of 2018 result in a very high false positive rate (currently around 13%) which requires a lot of post processing. So far I've found 20329 valid keys. The large majority of the keys are based on single English dictionary words, which seem to have been deliberately sent small amounts (for research? for fun?) back in 2013. This particular brainwallet concerns me, as the transactions are recent (March 2018), and for a large value (0.5 BTC): https://www.blockchain.com/btc/address/1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, with minor mangling. Title: Re: Collection of 18.509 found and used Brainwallets Post by: Thirdspace on September 26, 2018, 01:15:30 PM This particular brainwallet concerns me, as the transactions are recent (March 2018), and for a large value (0.5 BTC): https://www.blockchain.com/btc/address/1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR there were 4 transactions competing to sweep balance from 1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR (https://bitaps.com/1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR) The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, with minor mangling. I found two of them were trying on two different addresses with same balance of 0.5 BTC, receiver address 17WRjamo... and 1LdUHTEV... (https://bitaps.com/1LdUHTEVxWJhrhKfy4H3VuYDnTHQVjsdBn) competing on utxo of 1GkGD48u... and 152DXcBq... I think there is more to it than just some bots sweeping some addresses did you also find private key for 152DXcBqGShpC7mBj4XZHQG9uGY9mUtZ8d (https://bitaps.com/152DXcBqGShpC7mBj4XZHQG9uGY9mUtZ8d) ? btw, that receiver address 1LdUHTEV... has balance of 50 BTC :o 450+ tx ins without a single tx out Title: Re: Collection of 18.509 found and used Brainwallets Post by: HeRetiK on September 26, 2018, 01:45:47 PM [...] This particular brainwallet concerns me, as the transactions are recent (March 2018), and for a large value (0.5 BTC): https://www.blockchain.com/btc/address/1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, with minor mangling. It not only suggests bots, it also suggests that these bots iterate through rather impressive lookup tables. Have you checked whether this particular passphrase has been part of a prior leak? You can check here: https://haveibeenpwned.com/Passwords It would be interesting to know whether our brainwallet sweepers are using publicly available password lists or have some pimped collections of their own. there were 4 transactions competing to sweep balance from 1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR (https://bitaps.com/1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR) [...] There seem to be quite a handful of bots competing for the most common passphrases. This talk from 2015 estimates them at half a dozen [1], I wouldn't be surprised if matters have gone worse since then. [1] https://www.youtube.com/watch?v=foil0hzl4Pg (around the 31:30 mark) Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on September 26, 2018, 02:27:43 PM The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, with minor mangling. receiver address 17WRjamo... and 1LdUHTEV... (https://bitaps.com/1LdUHTEVxWJhrhKfy4H3VuYDnTHQVjsdBn) competing on utxo of 1GkGD48u... and 152DXcBq... I think there is more to it than just some bots sweeping some addresses did you also find private key for 152DXcBqGShpC7mBj4XZHQG9uGY9mUtZ8d (https://bitaps.com/152DXcBqGShpC7mBj4XZHQG9uGY9mUtZ8d) ? Not yet. It not only suggests bots, it also suggests that these bots iterate through rather impressive lookup tables. There would be some challenges with maintaining a database that has several billions (maybe even trillions) of records, but it wouldn't be impossible. You would need a BIG bloom filter (to minimise false positives), and a clean and fast key->value database with lots of storage. Have you checked whether this particular passphrase has been part of a prior leak? You can check here: https://haveibeenpwned.com/Passwords It would be interesting to know whether our brainwallet sweepers are using publicly available password lists or have some pimped collections of their own. Oh no — pwned! This password has been seen 1,164 times before Turns out it's not such a mysterious password after all; checking further, it appears in the password lists I downloaded. I thought my system had found it through mangling of lyrics (which it may have still done, independently). The password for 1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR is "loveisallyouneed" Title: Re: Collection of 18.509 found and used Brainwallets Post by: HeRetiK on September 26, 2018, 02:49:06 PM Have you checked whether this particular passphrase has been part of a prior leak? You can check here: https://haveibeenpwned.com/Passwords It would be interesting to know whether our brainwallet sweepers are using publicly available password lists or have some pimped collections of their own. Oh no — pwned! This password has been seen 1,164 times before Turns out it's not such a mysterious password after all; checking further, it appears in the password lists I downloaded. I thought my system had found it through mangling of lyrics (which it may have still done, independently). The password for 1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR is "loveisallyouneed" Alright, that's slightly less worrying then. I was expecting something along the lines of "l0ve1s4lly0un33d" or a 1337 version of "Hey Jude" which would have implied a far vaster lookup table. (assuming it isn't already. well, probably now it will be.) Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on September 26, 2018, 04:14:07 PM Turns out it's not such a mysterious password after all; checking further, it appears in the password lists I downloaded. Alright, that's slightly less worrying then. I was expecting something along the lines of "l0ve1s4lly0un33d" or a 1337 version of "Hey Jude" which would have implied a far vaster lookup table. (assuming it isn't already. well, probably now it will be.) I can think of one method to vastly reduce the amount of storage required for a stealer-bot, and I'm sure that people much smarter than I am have come up with a similar idea. So it's not impossible for a setup to be able to include a wide variety of permutations, in the hope of catching something in the future. I'm using a modest 2TB array on my temporary cracking machine and I estimate that could store around 20 to 25 billion candidate addresses. I had a quick look through the results, and my system has found at least one 8 character password that does not appear in any of the source input files, has zero Google results, and is not on haveibeenpwned. The password evolved by mixing two or more disparate source lines together, and applying some extra mangling (appending, truncating, etc). THAT'S what should scare people off using sha256 wallets: your cool 8 or 10 character "random" password, even one that has no words in it, is not unbreakable. Title: Re: Collection of 18.509 found and used Brainwallets Post by: vit05 on September 27, 2018, 02:59:34 AM Let's just hope you want suffer from a dying brain instead of a dying hard drive! :) The human brain is a very fragile thing. There are literally hundreds of completely unpredictable accidents and illnesses that can leave you with profound memory loss. Relying solely on your memory is a bad idea. It would be very interesting if someone could find papers with statistical research proving what is safer for a period of time greater than 10 years. A human brain or an HD. Something like this would definitely be very useful for many future applications. The simplest way to think about this is that it is much riskier to store a password in the brain than in a hard drive. But perhaps the big complicator is not exactly health issues or an accident. It may be that keeping sentences is not the best way to put something in the brain, it's too risky. And many times we look for something simple as in the case of this password that is just a title of a very famous song. But overall, few people have kept some kind of hard drive for over 10 years. Title: Re: Collection of 18.509 found and used Brainwallets Post by: o_e_l_e_o on September 27, 2018, 09:40:05 AM It would be very interesting if someone could find papers with statistical research proving what is safer for a period of time greater than 10 years. A human brain or an HD. Something like this would definitely be very useful for many future applications. The simplest way to think about this is that it is much riskier to store a password in the brain than in a hard drive. I doubt such papers exist. The answer to the question depends on repetition, though. You can commit a 12 word phrase to memory relatively easily, probably in under an hour. You'll remember it for a day or two, no problem, but you'll have forgotten most of it in a week or two unless you practice it a few times every day. There's no way most people will remember something like that for >10 years unless you are repeating it at least a couple of times a week. And then, as I mentioned, all you need is a mild blow to the head or a bad infection and you've forgotten it. Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on September 27, 2018, 05:04:50 PM Bumping this thread as I am also doing something similar, and plan to publish my results to increase awareness of the risk of using sha256 brainwallets. Thanks for bumping. I kind of felt there was not much interest in this before as I expected to get a lot more responses to the list I published. Publishing the results including proof cost me quite some time. But good to see another person with the same interest :)So far I've found 20329 valid keys. The large majority of the keys are based on single English dictionary words, which seem to have been deliberately sent small amounts (for research? for fun?) back in 2013. I think your results share a lot of findings in my set. I am very much interested in the ones you found so I can update my list with the ones I missed. Any chance you can share your findings? (a list of found words/sentences you found would be enough)The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, wit Yes, there are a couple of bots active which monitor the mempool (using a modified bitcoind client) for incoming transactions. Each address found is then matched against a very large set of addresses composed on all kinds of brainwallets. In other words: Just because the brainwallet "Jack" hasn't been used yet doesn't mean it is a safe brainwallet. When you would deposit some coins into the attached address you can be sure they will be stolen within the blink of an eye.Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on September 28, 2018, 06:03:33 AM Bumping this thread as I am also doing something similar, and plan to publish my results to increase awareness of the risk of using sha256 brainwallets. Thanks for bumping. I kind of felt there was not much interest in this before as I expected to get a lot more responses to the list I published. Publishing the results including proof cost me quite some time. But good to see another person with the same interest :)Yes, I can see you've spent some time collecting the data and making a nice interface to present it. Perhaps you should make a way for people to leave comments? For example, to link to a thread discussing that specific brainwallet. I'm thinking about approaching this from another perspective, making a website that displays (well known) passphrases to show how basic some of them are, and how quickly funds sent to those addresses were swept away. May even try sending small amounts to a few of them (like ryanc did live in one of his presentations) to demonstrate that the funds will be stolen within literally seconds. Obviously, I need to do this in a way that makes it obvious how insecure passphrase brainwallets are, but without making it seem too easy for a would-be thief. (To make it clear: it's NOT easy, and I'd say that in 2018 we'd be beyond the point of diminishing returns.) I think your results share a lot of findings in my set. I am very much interested in the ones you found so I can update my list with the ones I missed. Any chance you can share your findings? (a list of found words/sentences you found would be enough) Still collecting, but I'll share at a later date. I forgot to mention that I'm also including Litecoin and Dogecoin, so some of those keys would not be for Bitcoin. The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, wit Yes, there are a couple of bots active which monitor the mempool (using a modified bitcoind client) for incoming transactions. Each address found is then matched against a very large set of addresses composed on all kinds of brainwallets. In other words: Just because the brainwallet "Jack" hasn't been used yet doesn't mean it is a safe brainwallet. When you would deposit some coins into the attached address you can be sure they will be stolen within the blink of an eye.Yes, I think that's a point that some people will struggle to grasp, that the very first time they use their new brainwallet phrase the funds could be stolen instantly. And also that brainwallet thieves are not focussing on cracking any specific address; the method of cracking will find ANY insecure wallet. So both these arguments fail: - I'm the only one who knows my passphrase - No one cares enough about me to try hacking my wallet This comment on Hacker News from the owner of 1brain... may provide some insight: https://news.ycombinator.com/item?id=7368283 (That was the only thing that account posted on HN. No one ever replied to that comment.) Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 06, 2018, 01:39:53 AM Things were getting a bit boring because my system was only finding one or two new wallets per day, but today it suddenly found about 30 new ones.
Here's another (relatively) recent transaction, which was swept out immediately: https://www.blockchain.com/btc/address/15jG7moSaWgQADbG45cbvc79sHjKBBnxBk Alternate block explorer showing double spend attempts within the same couple of seconds: https://bitaps.com/15jG7moSaWgQADbG45cbvc79sHjKBBnxBk Nearly 1 BTC is not a small amount. Back then it was worth around $15k USD Password is "letthegoodtimesroll" --- This one lasted a bit longer, and uses a non english phrase that doesn't appear in my password lists or haveibeenpwned (so I won't reveal it here) : https://www.blockchain.com/btc/address/1AsUMTvY4bRXKXrFZ1tbQ8xi1Lz3DiBNHt Hopefully the transfer out was by the rightful owner. --- Some of these brainwallet funding transactions have multiple outputs, often with one large output (change?), so I suspect they're withdrawals from an exchange, and people are sending to this cool wallet thing they can generate safely without needing to install any software........ Don't use SHA256 brainwallets! Title: Re: Collection of 18.509 found and used Brainwallets Post by: anthonytcm on October 06, 2018, 10:22:08 PM Hi, As been discussed many times before using a Brainwallet is a bad idea. I ran some test myself and found 18.509 BTC-addresses based on a brainwallet which also has been used in the blockchain before. I tried to compare my results with the results of other researchers but could not find any lists online at all. I found some examples but not a comprehensive list. So I published my own results over here: https://eli5.eu/brainwallet Please note: all published addresses have a balance of 0 so this is not a list for robbers :). There are also a lot of extra datasets I haven't used this far so I expect the numbers to go up once I use them as well (I'm in the middle of perfecting my own tooling and blockchain parser so this will take some more time first). I love to get some feedback and if you have results to share which I missed in this round I'm more than happy to hear from you and include them. TA I went through it and though I don't understand the specifics of how you did it, I am amazed at your findings! Thanks for sharing this! Title: Re: Collection of 18.509 found and used Brainwallets Post by: o_e_l_e_o on October 07, 2018, 09:55:42 AM Alternate block explorer showing double spend attempts within the same couple of seconds: https://bitaps.com/15jG7moSaWgQADbG45cbvc79sHjKBBnxBk Nearly 1 BTC is not a small amount. Back then it was worth around $15k USD Password is "letthegoodtimesroll" This is crazy. Within 2 seconds of the Bitcoin being deposited to that address, 3 different people/bots tried to steal it, and 1 was successful. 1 of the failed attempts was to send it to this address: https://bitaps.com/1GGctqw9UeUd2vUFRdz5fUvHQnmxAEiTAK Every single one of the 104 transactions to this address is trying to empty another address within a second or two of a deposit being made. A lot of them are unsuccessful due to the funds being cleared by someone else first, but this address has still managed to steal 0.166 BTC. What's worse is you can look at pretty much any of those transactions and see two or three more addresses trying the exact same thing, all with their own extensive histories of clearing out other addresses within seconds a transaction being made. If ever there was an argument against using a brain wallet, this is it. Your BTC will be stolen before you've even refreshed your browser and seen that your transaction has been confirmed. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 07, 2018, 11:08:02 AM What's worse is you can look at pretty much any of those transactions and see two or three more addresses trying the exact same thing, all with their own extensive histories of clearing out other addresses within seconds a transaction being made. Hmm, that gives me an idea. It should be possible to do some basic (automated) analysis on brainwallet transactions, to find common theft destination addresses (such as https://www.blockchain.com/btc/address/1brain7kAZxPagLt2HRLxqyc3VgGSa1GR ) and then work back a level or two to find other potential compromised wallets. This may help flag wallets which were not instantly cleaned out - which is a red flag for sure - but where funds ultimately ended up at the same address as the more blatant thefts. If ever there was an argument against using a brain wallet, this is it. Your BTC will be stolen before you've even refreshed your browser and seen that your transaction has been confirmed. I'd say most of the people still using a brain wallet are simply not tech savvy, and see it as a low friction solution for storing their funds. No software is necessary, nor do you need to write down or print out any weird codes. I've done Google searches for some of the plausible real brainwallets (ie not just dust intending to be found as a challenge) and often the only results are block explorer pages; no specific mention of a theft. Could it be that these non tech savvy users don't know who (or where) to ask about the theft, at least in a public forum, and so simply move on? I suspect that in the past, and possibly even now, some services such as exchanges, block explorers, and online wallets offer a feature to withdraw directly to a brain wallet. What could be easier than storing your funds "in a password"? Here's an article from 2013 which shows bots were active even back then: http://cointext.com/2013/11/04/brain-wallet-thefts-increasing/ Title: Re: Collection of 18.509 found and used Brainwallets Post by: o_e_l_e_o on October 07, 2018, 11:20:55 AM I'd say most of the people still using a brain wallet are simply not tech savvy, and see it as a low friction solution for storing their funds. No software is necessary, nor do you need to write down or print out any weird codes. Hell, even people who supposedly are "tech savvy" are using brain wallets. You see them advocated for all the time on these forums. McAfee's latest hardware wallet scam turned out to be a glorified brain wallet. It's no excuse though really - if you can figure out how to buy and transfer bitcoin, you know how to install an app on your phone and use a mobile wallet as a bare minimum. Sure it's not the best, but it's 1000x better than a brain wallet. Brain wallets are for the brainless. Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on October 07, 2018, 11:24:19 AM Hmm, that gives me an idea. It should be possible to do some basic (automated) analysis on brainwallet transactions, to find common theft destination addresses (such as https://www.blockchain.com/btc/address/1brain7kAZxPagLt2HRLxqyc3VgGSa1GR ) and then work back a level or two to find other potential compromised wallets. This may help flag wallets which were not instantly cleaned out - which is a red flag for sure - but where funds ultimately ended up at the same address as the more blatant thefts. I have/had the same idea. Let me know if you're going to work on this. Otherwise I will pick it up. I already have all btc transactions in a database so I guess I already have the right tool in place. Now all I need is (more) time :)Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 07, 2018, 01:22:46 PM I'd say most of the people still using a brain wallet are simply not tech savvy, and see it as a low friction solution for storing their funds. No software is necessary, nor do you need to write down or print out any weird codes. Hell, even people who supposedly are "tech savvy" are using brain wallets. You see them advocated for all the time on these forums. McAfee's latest hardware wallet scam turned out to be a glorified brain wallet. It's no excuse though really - if you can figure out how to buy and transfer bitcoin, you know how to install an app on your phone and use a mobile wallet as a bare minimum. Sure it's not the best, but it's 1000x better than a brain wallet. Yeah, but the term "brain wallet" is fairly broad. We're really only discussing simple privkey = sha256("user chosen passphrase") type wallets in this thread; I've probably failed to make that important distinction when writing my own replies. Brain wallets which use a passphrase generated by a computer, representing a cryptographically strong random private key expressed in text form, are on a completely different level. Even a key-stretched user-entered passphrase with salt is significantly more secure. It's a pity that the same term continues to be used for these more secure methods, because it probably gives some credence to the original wildly insecure version. Hmm, that gives me an idea. It should be possible to do some basic (automated) analysis on brainwallet transactions, to find common theft destination addresses (such as https://www.blockchain.com/btc/address/1brain7kAZxPagLt2HRLxqyc3VgGSa1GR ) and then work back a level or two to find other potential compromised wallets. This may help flag wallets which were not instantly cleaned out - which is a red flag for sure - but where funds ultimately ended up at the same address as the more blatant thefts. I have/had the same idea. Let me know if you're going to work on this. Otherwise I will pick it up. I already have all btc transactions in a database so I guess I already have the right tool in place. Now all I need is (more) time :)Yeah, I know what you mean about time. I've been spending a disproportionate amount of time on this, and also some cash (had to buy some extra HDs, and rent some server space). I'm probably at the point where I've grabbed most of the low hanging fruit by now, so to be honest, the buzz from finding a new (and good) passphrase and being able to trace the wallet's history is wearing off. Although it is interesting to come up with new data sources, and think about how to manipulate them into forms that may represent passphrases. Some of the user-entered data I've collected from websites I run, which have nothing to do with cryptocurrency or infosec, have resulted in SHA256 brainwallet hits. I'm still trying to understand why someone would do this for money. Maybe in 2013 it may have worked, but these days the investment in effort (custom coding) and equipment (storage, virtual CPUs for cracking) seems to outweigh any potential benefit. Perhaps it's a criminal ego thing. Title: Re: Collection of 18.509 found and used Brainwallets Post by: o_e_l_e_o on October 07, 2018, 04:37:14 PM Oh for sure, but as I've mentioned before, the human brain is completely fragile. With no way to back up or recover data, and all it takes is a minor blow to make you forget you even have passphrase, let alone what it is.
Even if your brain wallet is more secure than a simple song lyric or something equally stupid, it's still a bad choice for storing your coins. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 08, 2018, 07:24:55 AM Oh for sure, but as I've mentioned before, the human brain is completely fragile. With no way to back up or recover data, and all it takes is a minor blow to make you forget you even have passphrase, let alone what it is. Even if your brain wallet is more secure than a simple song lyric or something equally stupid, it's still a bad choice for storing your coins. But, but... this website says I can withdraw to a password. :D (Some of the still-existing SHA256 brainwallet generator sites do not make it clear just how risky choosing to use/continue using that type of wallet is. I'd say they're partially to blame for the more recent thefts.) --- This is an interesting slide I came across, showing a visual depiction of the 4 digit PIN space, when chosen by humans: https://i.imgur.com/EPC64ET.png I can see a few obvious patterns: 1. 1234 is a popular PIN. 4321 is also up there. 2. 69 is a popular part of a PIN. 3. Repeated double digit sequences are common, eg 1717 or 6969 (the latter appears to be the most popular repeated sequence) 4. 19xx and 20xx are popular; perhaps the year of birth of the card owner, or their offspring. I'm not sure if it would be possible to represent SHA256 brainwallets in a similar visual way, but it would be interesting if there were some way to map phrases to a two or three dimensional space. Title: Re: Collection of 18.509 found and used Brainwallets Post by: o_e_l_e_o on October 08, 2018, 10:09:15 AM -snip- The darker "L" shaped region in the bottom left has an obvious cut off at 12, and also between 28-31, representing a significant portion of people use either DD/MM or MM/DD as a pin. I would wager the majority of these are probably their own date of birth. Lots of number patterns are very obvious too - 2468, 2345, 5678, 9876, 2580/0852 (straight down/up the middle of the keypad). In short - people are bad at security. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 08, 2018, 10:47:52 AM My system just found this wallet:
https://www.blockchain.com/btc/address/17EzdiY1PT1okKj9wnUx8a4eCXaddhgfgR Another recent transaction, although not an immediate sweep, so hopefully not a theft. (The password is not listed in Google or haveibeenpwned.) The funding transaction has lots of small outputs, and one large output, so I suspect this is the hot wallet of an exchange or similar payment service. Really scary that people are still making new SHA256 brain wallets. I wonder if this exchange offers that option? Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 15, 2018, 03:20:15 PM This one seems to be just for fun:
"i killed the bank" https://www.blockchain.com/btc/address/14GZ9Azv3bQqHv2pPDvyezAgHDJ7m1y9aJ Funded with 1 Satoshi in 2012. (The transaction fee was 50000 Satoshis. 8) ) This tiny balance was cleared out in 2015, along with the funds from at least one other brainwallet. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 15, 2018, 03:49:53 PM Doing some quick back of the envelope calculations. Consider this a thought experiment rather than anything too accurate.
My server with a 2010 era quad core CPU can check about 300,000 keys per second. It could probably be pushed further with some tweaking. Let's say (conservatively) that a more modern quad core CPU can do 500,000 and use that as the reference. That means it can check 43.2 billion keys per day. Brute forcing the "correct horse battery staple" space One dictionary that includes a rank of how commonly a word appears on the web ranks the least common word "staple" at 16904. So let's use that hint (some mild cheating) and set our limits to the 20000 most common words. Total keys to check (20000 x 20000 x 20000 x 20000) = 160 000 000 000 000 000 And a server can check this many keys in a day: 43 200 000 000 So in this instance, we would need approximately 10,000 servers running for a year to brute force every combination of those 20000 words. Not practical, but certainly not impossible. But what if we use only the most common 1000? Total keys to check (1000 x 1000 x 1000 x 1000) = 1 000 000 000 000 And a server can check this many keys in a day: 43 200 000 000 In this case, we only need about 23 server days (one server running for 23 days, or 23 servers running for one day) to cover the space. And if we try the top 500: Total keys to check (500 x 500 x 500 x 500) = 62 500 000 000 And a server can check this many keys in a day: 43 200 000 000 Now a single server can cover the whole space in about one and a half days. That's actually (much) less time than to brute force a simple 6 character password. I'm not suggesting that everyone's four-word-wallet can be cracked wide open in a day, but it does mean that low hanging fruit - think simple, common words - will be quickly found. Blockchain+SHA256 brainwallets: the world's biggest encrypted password file... Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 27, 2018, 07:05:58 AM I'm doing a writeup on why SHA256 brainwallets are bad, and I'm working on a list of particularly bad passphrase choices:
- Using a single dictionary word. [Funds will be stolen instantly.] - Using two to four dictionary words in sequence, such as the famous example "correct horse battery staple". [This does not imply that five or more words is necessarily secure.] - Basing your passphrase on a pop culture reference, such as a quote from a movie, or a meme, or song lyrics. - Repeating a dictionary word (or common string such as "123456789") multiple times to form a longer passphrase. - Preprending or appending a few extra letters, numbers, or other characters, to the passphrase. - Converting certain letters to form l33t speak (eg "hello" -> "h3ll0"). - Typing a sentence, or short sequence of random dictionary words, without spaces. - Repeating a simple sequence of characters to form a longer passphrase. - Any patterns related to keyboard layout, such as "qwerty" or "qazwsx". - Part or all of a well known number, such as Pi, or the speed of light. Any other suggestions? Title: Re: Collection of 18.509 found and used Brainwallets Post by: ebliever on October 27, 2018, 03:51:49 PM I wonder, is there any way to estimate the % of brainwallets (either by number of accounts created or amount of funds deposited) that have been compromised? This would take more than just blockchain research but I'm curious as to whether researchers have taken a stab at understanding just how bad use of brainwallets really has been. 1%, 10%, 90% lost?
Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 28, 2018, 02:58:30 AM I wonder, is there any way to estimate the % of brainwallets (either by number of accounts created or amount of funds deposited) that have been compromised? This would take more than just blockchain research but I'm curious as to whether researchers have taken a stab at understanding just how bad use of brainwallets really has been. 1%, 10%, 90% lost? There's really no way to know how many SHA256 (or similar type) brainwallets exist, because the public information (the address, and possibly public key) looks just as random as something generated by a more traditional wallet client. It's not until you crack the passphrase that you know it's a SHA256 brainwallet. As I've surmised previously in the thread, I suspect that a lot of thefts do not go reported, publicly anyway, because the typical person who uses a SHA256 brainwallet is probably not very technically minded, and may not think to find a forum such as BCT where they can ask for help. Pride may also play a part. I imagine there's a fair few exchange support tickets asking about a withdraw that "didn't work". I think that showing how funds can be stolen within literally seconds is a pretty powerful indicator of the potential risk of using a SHA256 brainwallet ... but those same non technically minded people may never find that information. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on November 08, 2018, 12:07:06 PM I saw someone mentioned in an earlier thread that their SHA256 brainwallets were also swiped on testnet, so I just tried a test transaction, sending to 50 random dictionary words that also appear as SHA256 wallets in the main blockchain:
https://testnet.blockchain.info/tx/8956ca8164d08087627e42eb6895984ac4960e61af3a04983de5bd0edbd100e8 This block explorer shows spent outputs: https://live.blockcypher.com/btc-testnet/tx/8956ca8164d08087627e42eb6895984ac4960e61af3a04983de5bd0edbd100e8/ As I write this, only a few minutes after sending, the only output which hasn't been spent appears to be the change (which is a random wallet generated key). All of the SHA256 derived keys were swept within seconds, just like the bots do on mainnet. I was planning to write a very simple bot to demonstrate (on testnet) how quickly funds can be stolen, but it looks like I don't need to bother. Mine would have been a clunky hack that took five or ten minutes to sweep the funds back to the testnet faucet... but it seems there's already something more sophisticated listening in! These are the words I sent to: disparities aggrandize perfectionists genuinely creations earthworms intimidated lengthened conquered decrementing gianni astronomer inapproachable sterilizations interruption insulation nationalize demographic cocoana retransmitted ammunition antagonize vacationing complexion trickiness housebroken embarrassing distraught brownness juxtaposing trigonometry pernicious arrowhead scratchers tempestuously pornographer luxuriant geometrical inorganic reinserting refinement approachable screening broadcasted normalize superposed formulating screenplay cannibalizing glorifies Title: Re: Collection of 18.509 found and used Brainwallets Post by: aplistir on November 08, 2018, 12:28:16 PM I saw someone mentioned in an earlier thread that their SHA256 brainwallets were also swiped on testnet, so I just tried a test transaction, sending to 50 random dictionary words that also appear as SHA256 wallets in the main blockchain: As I write this, only a few minutes after sending, the only output which hasn't been spent appears to be the change (which is a random wallet generated key). All of the SHA256 derived keys were swept within seconds, just like the bots on mainnet. I was planning to write a very simple bot to demonstrate (on testnet) how quickly funds can be stolen, but it looks like I don't need to bother. Mine would have been a clunky hack that took five or ten minutes to sweep the funds back to the testnet faucet... but it seems there's already something more sophisticated listening in! LOL that is funny. Some criminal mastermind is trying to get rich by stealing testnet coins ::) I have to try it out with my testnet coins. Has anyone searched brainwallet addresses with those same words, but doing the sha256 more than once? Would be interesting to know how many addresses have been made with 2*sha256, or 4*sha256 Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on November 08, 2018, 12:39:35 PM LOL that is funny. Some criminal mastermind is trying to get rich by stealing testnet coins ::) I have to try it out with my testnet coins. I guess that's the best way to confirm your bot works. Wouldn't be surprised if some of the funds sent to those addresses (and maybe even their mainnet counterparts) originated from the wallets of the bot authors. I had a quick look at a few of the destination addresses and did note that one transaction sends everything to an address which has been reused multiple times, whereas the others use newly created addresses. So just like mainnet, it's possible there's two or more bots competing in order to sweep the funds first. Has anyone searched brainwallet addresses with those same words, but doing the sha256 more than once? Would be interesting to know how many addresses have been made with 2*sha256, or 4*sha256 I did some basic dictionary checks and only found a few results (on mainnet) : hello (4 rounds) sender (2 rounds) receiver (2 rounds) my property (2 rounds) dupa (1000 rounds) Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on November 18, 2018, 02:56:21 PM Doing some research on other networks, it turns out there are four SHA256 brainwallet passphrases (those that I know of) which are common to all 3 of the Bitcoin, Litecoin, and Dogecoin blockchains. The first two are no surprise:
1. <empty string> 2. correct horse battery staple But the remaining two are odd: 3. 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG 4. 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG11 16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG is a valid Bitcoin address that has been used, it appears in the "sending to sha256 of blockchain data" pastebin, and is tagged "xsimple" on blockchain: https://www.blockchain.com/btc/address/16fawJbgd3hgn1vbCb66o8Hx4rn8fWzFfG As a SHA256 brainwallet passphrase on the Bitcoin blockchain it's not that odd - it's one of many - but why is that passphrase also being used for Dogecoin and Litecoin? And what does xsimple mean? Title: Re: Collection of 18.509 found and used Brainwallets Post by: odolvlobo on November 18, 2018, 09:22:44 PM If anything, this thread shows definitively that no brain wallet based on any kind of memorized passphrase is safe.
Title: Re: Collection of 18.509 found and used Brainwallets Post by: odolvlobo on November 18, 2018, 09:31:09 PM I'm doing a writeup on why SHA256 brainwallets are bad, and I'm working on a list of particularly bad passphrase choices: ... Any other suggestions? The standard brain wallet is generated by hashing a passphrase with SHA-256, but I wonder if there are private keys generated by using other hashes. Running a your search-space through RIPEMD-160 followed by one or more SHA-256 passes might generate some hits. I have no doubts that running your search-space through scrypt will generate some hits on Litecoin and its derivatives. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on November 19, 2018, 08:29:34 PM The standard brain wallet is generated by hashing a passphrase with SHA-256, but I wonder if there are private keys generated by using other hashes. Running a your search-space through RIPEMD-160 followed by one or more SHA-256 passes might generate some hits. I have no doubts that running your search-space through scrypt will generate some hits on Litecoin and its derivatives. I did do some basic testing using the default hash suite available in a standard PHP install. From memory, I found a few hits for key = sha256(md5(string)) hashes. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on December 30, 2018, 05:17:43 PM My system is still finding the occasional SHA256 brainwallet. This wallet stands out because it held 1.7 BTC for nearly 4 years, until being emptied in February 2018:
https://www.blockchain.com/btc/address/00790d4c5ec89c0e30e1343a2eafc901ee136e9b The equivalent balance on the Bitcoin Cash chain was also transferred out. A substantial amount to have sitting in a SHA256 brainwallet through the bubble of 2017/2018. Hopefully the transfer was done by the rightful owner. Maybe cashing out as the downward spiral started? The passphrase is "Thats what she said 1974" Title: Re: Collection of 18.509 found and used Brainwallets Post by: odolvlobo on December 31, 2018, 12:06:14 AM The passphrase is "Thats what she said 1974" I'm curious about how you came up with that phrase. Are you going through permutations of dictionary words (and years) or do you have a database of phrases and quotes, or something else? Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on January 01, 2019, 05:25:36 AM The passphrase is "Thats what she said 1974" I'm curious about how you came up with that phrase. Are you going through permutations of dictionary words (and years) or do you have a database of phrases and quotes, or something else? I've come up with various methods to generate candidate passphrases. In this instance, it was prepending and/or appending common password substrings such as "qwerty", "1234", years etc to a set of common phrases. Basically building all possible phrases from the contents of two distinct dictionaries. Title: Re: Collection of 18.509 found and used Brainwallets Post by: HeRetiK on January 01, 2019, 10:51:33 AM My system is still finding the occasional SHA256 brainwallet. This wallet stands out because it held 1.7 BTC for nearly 4 years, until being emptied in February 2018: https://www.blockchain.com/btc/address/00790d4c5ec89c0e30e1343a2eafc901ee136e9b The equivalent balance on the Bitcoin Cash chain was also transferred out. A substantial amount to have sitting in a SHA256 brainwallet through the bubble of 2017/2018. Hopefully the transfer was done by the rightful owner. Maybe cashing out as the downward spiral started? The passphrase is "Thats what she said 1974" It's pretty much a miracle that a passphrase like this went untouched for nearly 4 years. Looking at how both the BTC and the BCH transaction where made in parallel within minutes, forwarding the coins to identical addresses on both chains, I get a feeling that automation may have been in play though -- the kind of automation that scans for brainwallets and steals them, unfortunately. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on January 28, 2019, 03:28:31 PM Another odd one which was swept last month:
https://www.blockchain.com/btc/address/45990fb9a0434d35607320d7b501938ea70f01c4 The password is the ultra-simple dictionary word "turn", so it's not surprising that it was stolen within minutes, however, 0.02854667 BTC is not exactly an amount you'd send just for fun. Perhaps it was someone new to BTC, who bought $100 worth, then withdrew to a "password protected" wallet without understanding what that meant. Local wallet protected with password "turn" -> Despite password being incredibly weak, funds are still fairly secure. SHA256 brainwallet protected with password "turn" -> Gone in 60 seconds. Title: Re: Collection of 18.509 found and used Brainwallets Post by: o_e_l_e_o on January 28, 2019, 03:43:12 PM The password is the ultra-simple dictionary word "turn", so it's not surprising that it was stolen within minutes Interesting that "turn" is one of the 2048 BIP39 words. Wonder if someone got hopelessly confused between passwords and mnemonic seeds? Or if it's just really bad security and purely a coincidence?Have you checked all the other BIP39 words at any point? Is there a pattern at all? Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on January 29, 2019, 12:13:02 AM The password is the ultra-simple dictionary word "turn", so it's not surprising that it was stolen within minutes Interesting that "turn" is one of the 2048 BIP39 words. Wonder if someone got hopelessly confused between passwords and mnemonic seeds? Or if it's just really bad security and purely a coincidence?Have you checked all the other BIP39 words at any point? Is there a pattern at all? I have specifically checked BIP39, but since they're so simple the words are also covered by other databases, such as dictionary (web words, wikipedia words) and also 5 letter combos. I personally think that someone misunderstood the difference between (local) wallet passwords, and SHA256 passwords, but we'll probably never know. It's a pity we can only speculate. This is the only dictionary word I can recall that's had an appreciable amount sent to it. Everything else is just dust. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on January 29, 2019, 12:18:51 AM I personally think that someone misunderstood the difference between (local) wallet passwords, and SHA256 passwords [...] This is the only dictionary word I can recall that's had an appreciable amount sent to it. Everything else is just dust. Hmm, maybe not. I've just found another $100(ish) transaction, and given that it was sent to the "toy" key 23 hex, it seems to be deliberate. https://www.blockchain.com/btc/address/82e2f248afe732a2e5973600ca97a61fe3d240fd Private key: 0000000000000000000000000000000000000000000000000000000000000023 Swept immediately, of course. Another toy key (0000000000000000000000000000000000000000000000000000000000000d56) with not insignificant amounts recently sent to it: https://www.blockchain.com/btc/address/da681e4e2cd40b6ba6b1f6b4844b10219c7204b5 Title: Re: Collection of 18.509 found and used Brainwallets Post by: DaCryptoRaccoon on February 06, 2019, 12:11:02 PM I have been running some scans like this I grabbed about 2TB of word lists for brain wallet hunting.
At the moment it is currently syncing up with bitcoin-abe into mysql database (taking forever) I wrote a small python script to create seeds that can be piped into a seed checker as such. Code: import random Still buggy welcome any adaptation ;) Code:
I have also been piping in random text like such Code: 1xjPr0ta5PsTrKTlETa3 No results yet from random data. From text word lists I have found around 500+ empty brain wallets so far most of which have already been published in the list. I have been collecting hash160 addresses from the blockchain and have them in a bloom filter searching against the word list but still no results with a small sample space of hash160 at the moment. I have also been testing with random hex being pushed to the brain wallet. Code: //using namespace std; instead of creating the lists I am piping the output of the scan direct to the scanner which save on the disk space some what. I would like to hash some lists of words I have then pipe the input to the scanner what would be the best method of hashing large passwords lists to a specific hash output? Thanks Title: Re: Collection of 18.509 found and used Brainwallets Post by: HeRetiK on February 06, 2019, 02:43:24 PM where is admin, mod? Why topics like this can exist? Security liabilities need to be discussed publicly, otherwise you have no basis for public discourse, awareness and improvement. Note that this thread is about monitoring and documenting cases of brainwallet thefts, rather than stealing them. While these thefts are happening regardless of whether threads like this exist, it may prevent some people from generating weak brainwallets and becoming victims themselves. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on February 06, 2019, 05:48:51 PM so why have to write and post script here? Teach everybody do with him? I don't think there's really been any great detail discussed in this thread. This is not a plug and play Docker image that any script kiddie can have running in 30 seconds. Although the basic premise is simple, building a system that can efficiently check trillions of potential passphrases against hundreds of millions of active addresses is not a trivial task, and it's become more difficult as the blockchain grows. I've spent many hours developing custom tools, a lot longer than I probably should have, but this is a hobby, not a criminal business. If I was driven by something besides geeky curiosity I probably never would have bothered. This is unlikely to be profitable for a criminal. It's not 2015 any more. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on February 06, 2019, 06:13:43 PM I wrote a small python script to create seeds that can be piped into a seed checker as such. Output 12:12 twist flush ranch screen yard film option walk stuff sick maximum stumble Hmm... what's the point of throwing randomly selected word sets at your address checker? The chances of matching a 12 word passphrase are essentially zero. I think your size calcs may be off a bit, too. I pre-calculated the RMD160 values for all ASCII 1 to 5 character words, and the output is about 0.9TB in size. To increase to 6 characters would result in a file size about 95 times that (about 80TB) and to go up to 7 characters would result in an output of over 7000TB. And consider the amount of time needed to check 135 trillion entries. That's one of the interesting things about SHA256 brainwallets (so long as you're doing this for fun) : it can be easy to find them, but it's also very, very hard. :) Title: Re: Collection of 18.509 found and used Brainwallets Post by: HeRetiK on February 06, 2019, 10:30:58 PM I think your size calcs may be off a bit, too. I pre-calculated the RMD160 values for all ASCII 1 to 5 character words, and the output is about 0.9TB in size. To increase to 6 characters would result in a file size about 95 times that (about 80TB) and to go up to 7 characters would result in an output of over 7000TB. And consider the amount of time needed to check 135 trillion entries. How long did it take you to generate a rainbow table of this size? I'm just curious about the timescale (so hardware specs for reference would also be nice). Sorry in case you already mentioned it upthread and I overlooked it. That's one of the interesting things about SHA256 brainwallets (so long as you're doing this for fun) : it can be easy to find them, but it's also very, very hard. :) Stealing brainwallets is probably still profitable though, as I assume that the running costs are close to nil once you've set up the infrastructure. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on February 07, 2019, 03:06:14 AM I think your size calcs may be off a bit, too. I pre-calculated the RMD160 values for all ASCII 1 to 5 character words, and the output is about 0.9TB in size. To increase to 6 characters would result in a file size about 95 times that (about 80TB) and to go up to 7 characters would result in an output of over 7000TB. And consider the amount of time needed to check 135 trillion entries. How long did it take you to generate a rainbow table of this size? I'm just curious about the timescale (so hardware specs for reference would also be nice). It took something like 3 weeks, on a leased 4 core Xeon server. Sorting and removing duplicates from 1TB+ of raw data presented some challenges. Note that this table is not indexed in any way, it's just a text file with hashes. I use a custom filter program to check which of those precomputed hashes appear in a given blockchain. To go further and build a database that can watch for known addresses in real time would be quite a bit more complex, and would need a lot more than 0.9TB of disk space. That's one of the interesting things about SHA256 brainwallets (so long as you're doing this for fun) : it can be easy to find them, but it's also very, very hard. :) Stealing brainwallets is probably still profitable though, as I assume that the running costs are close to nil once you've set up the infrastructure. I disagree, which is why I qualified my above statement with "so long as you're doing this for fun". Imagine how many things have to go right when someone sends funds to a weak SHA256 brainwallet: - The thief needs a fast connection with multiple peers so that his bot (hopefully) sees the funding transaction first. - The thief needs a fast database server that is able to check the outputs of each new transaction, and if any addresses are known, return a private key (or keys), within a very short period of time. - The thief needs to decide how much of a fee to pay for the sweep transaction, bearing in mind that someone else's bot may choose a higher fee to override the transaction. (This could end up being a race to the bottom.) - The thief then needs his sweep transaction to be the one that propagates out to the majority of nodes (and more specifically, mining nodes) first. I've probably missed other factors. This is not the sort of thing you can run on a $5/mo VPS. I don't think it would be worth it, but as I've stated in this thread earlier, maybe it's an ego thing. Title: Re: Collection of 18.509 found and used Brainwallets Post by: Effingham Hoofnagle on February 07, 2019, 03:59:56 AM Seems like a waste of time to use random BIP words, as the seed word generation process involves checks, and many randomly generated combinations will be invalid.
Plus, even with a list of valid word combinations, it's a fools game in terms of odds. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on February 07, 2019, 05:50:41 AM Plus, even with a list of valid word combinations, it's a fools game in terms of odds. May as well just generate random private keys then. :) Code: // output random hex digits as a 256 bit priv key Although this program seems silly, it was done for a purpose: to check the false positive rate of brainflayer. Title: Re: Collection of 18.509 found and used Brainwallets Post by: DaCryptoRaccoon on February 07, 2019, 12:20:07 PM Seems like a waste of time to use random BIP words, as the seed word generation process involves checks, and many randomly generated combinations will be invalid. Plus, even with a list of valid word combinations, it's a fools game in terms of odds. That may be the case but what about weak seeds I also think the use of the script below might be helpful? Hmm... what's the point of throwing randomly selected word sets at your address checker? The chances of matching a 12 word passphrase are essentially zero. I think your size calcs may be off a bit, too. I pre-calculated the RMD160 values for all ASCII 1 to 5 character words, and the output is about 0.9TB in size. To increase to 6 characters would result in a file size about 95 times that (about 80TB) and to go up to 7 characters would result in an output of over 7000TB. And consider the amount of time needed to check 135 trillion entries. That's one of the interesting things about SHA256 brainwallets (so long as you're doing this for fun) : it can be easy to find them, but it's also very, very hard. :) As for the tables sizes I think they are about right to be honest they are not hash160's they are raw hex combinations see below I have tested on the smaller value ones at the come out pretty close to the figures quoted. So the DB for this type of data is vast. I am currently at around block 259090 of importing all the transactions into mysql database ( Currently 3 days reading from blk files) Code: Combination data from 10Hex ./10hex | brainflayer -v -b example.blf after setting up ABE it is far quicker at checking against the database for balance than my previous method of API calls to Blockchain.com Code: def mn_encode( message ): Title: Re: Collection of 18.509 found and used Brainwallets Post by: DaCryptoRaccoon on February 07, 2019, 12:35:25 PM where is admin, mod? Why topics like this can exist? Security liabilities need to be discussed publicly, otherwise you have no basis for public discourse, awareness and improvement. Note that this thread is about monitoring and documenting cases of brainwallet thefts, rather than stealing them. While these thefts are happening regardless of whether threads like this exist, it may prevent some people from generating weak brainwallets and becoming victims themselves. so why have to write and post script here? Teach everybody do with him? 1. Most of this code is available online or on github as already said we do this to improve the security of bitcoin to help users understand about brain wallets and the dangers of them. 2. I feel it much better to see a community attempting to eradicate and document this by-design un-secure wallet. 3. Who would you rather be talking about this issue, the open community who are pushing new users away from this dangerous way to store funds or the criminals behind closed forums scanning new users funds away. I have a feeling this guy has a brain wallet :) Title: Re: Collection of 18.509 found and used Brainwallets Post by: DaCryptoRaccoon on February 07, 2019, 01:34:27 PM The tools are already out there.
You could argue publishing the result to be a issue but nothing I have posted is not already in the public domain. https://www.youtube.com/watch?v=foil0hzl4Pg A simple google search or github will show how many tools are out there for this type of thing. Title: Re: Collection of 18.509 found and used Brainwallets Post by: HeRetiK on February 07, 2019, 02:43:32 PM i just ask why you have to write and post script here. Now anyone can use your script and scan brainwallets with you Because simply closing your eyes to a problem won't make it go away. Anyone willing and able to steal brainwallets won't need a thread like this to run their operation. Anyone lacking the skills and tools to steal brainwallets won't gain either from simply following a thread like this. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on February 19, 2019, 06:36:51 AM I cache the blockchain API data. Just had a thought to delete the cached data for wallets which were previously showing (small) balances, and noticed that despite the almost nil value of each wallet, some have been cleaned out within the past few months. (A symbolic act? A researcher importing private keys into his client then forgetting about them?)
https://www.blockchain.com/btc/address/462259f237e3cd1b088e466da8f6da3428971a07 psykachu39 (0.00000001) https://www.blockchain.com/btc/address/551222dc9f6f3ce2ec65b338549e35a8f8f14afa psykachu56 (0.00000001) https://www.blockchain.com/btc/address/58ce18bdc94c7f2601e48f1aa27fabde545634ee psykachu137 (0.00000001) https://www.blockchain.com/btc/address/7d44d5edef9b6f21ae780d1918dc2e28ea4e1ed2 psykachu138 (0.00000001) https://www.blockchain.com/btc/address/97202615f86a3cdeb991d3623a692e2ab7380886 hello world hello world hello world hello world hello world hello worldhello world hello world hello world hello world hello world hello world (0.00001661) https://www.blockchain.com/btc/address/59c872935f6c0acc81aa953cf3009f96597b250f orenattar@gmail.com (0.00000600) https://www.blockchain.com/btc/address/e0d996260606eb7994517a2b173f917c79d55745 fuck bitcoin (0.00001000) Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on February 23, 2019, 10:21:18 PM A symbolic act? My guess is someone uses a (dumb) script that doesn't check if the balance is worth the fee.Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on March 28, 2019, 02:44:43 PM Latest passphrase to be found is one of those that seems so obvious once it's been discovered.
https://www.blockchain.com/btc/address/377a08e417b77640cdf8ce300d45897384479e38 The passphrase is (in its entirety) Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. https://en.wikipedia.org/wiki/Lorem_ipsum Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on March 30, 2019, 06:50:04 AM An unusual passphrase:
WARNING: This key is not certified with a trusted signature! (That's the passphrase.) https://www.blockchain.com/btc/address/8d940736aae07fb4df7865b1e163d7bcd4112ce0 Title: Re: Collection of 18.509 found and used Brainwallets Post by: djhomeschool on April 06, 2019, 02:58:35 PM Is there any python script to start testing passprhases or wordlists? I would like to test some private lists.
EDIT: found one and got it working Title: Re: Collection of 18.509 found and used Brainwallets Post by: odolvlobo on April 06, 2019, 07:15:17 PM An unusual passphrase: WARNING: This key is not certified with a trusted signature! (That's the passphrase.) https://www.blockchain.com/btc/address/8d940736aae07fb4df7865b1e163d7bcd4112ce0 The fact that you were able to find this convinces me that any passphrase that can be memorized is not safe. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on April 07, 2019, 05:10:20 AM An unusual passphrase: WARNING: This key is not certified with a trusted signature! (That's the passphrase.) https://www.blockchain.com/btc/address/8d940736aae07fb4df7865b1e163d7bcd4112ce0 The fact that you were able to find this convinces me that any passphrase that can be memorized is not safe. This appears to be generated by GPG, so at first I thought it may have been someone feeding the output to SHA256 to generate their private key - without realising the output was an error message - but from a quick look the program is more verbose when reporting such an error. Perhaps it's a geeky easter egg? The way I found it was odd: I extracted strings from my boot drive, and fed them to brainflayer... Title: Re: Collection of 18.509 found and used Brainwallets Post by: djhomeschool on April 07, 2019, 11:40:24 AM Did a small test:
Code: dictionary word, received bitcoins, wallet address, private address, current balance Nothing very special but interesting to see some wallets had 0.1 or more in them in the past. Title: Re: Collection of 18.509 found and used Brainwallets Post by: mr.mister on April 09, 2019, 12:02:17 PM As been discussed many times before using a Brainwallet is a bad idea. I disagree, I have never lost anything from a brain wallet but I have lost quite a few coins from failing hardware wallets and dying hard drives. I have to agree. It would appear to me that your Brainwallet will be as secure as the passphrase you used to create it. So if you choose a very difficult passphrase your brainwallet will be secure. I would assume it's the same as choosing a passphrase for your encryption vault. Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on April 09, 2019, 12:45:34 PM I would assume it's the same as choosing a passphrase for your encryption vault. It's not. To brute force your own local encryption, an attacker needs access to your encrypted file, and dedicate all his computing power to just your case.With Brainwallets, one attacker can brute force all existing users on the planet at the same time, and thus has a much larger chance of finding a match. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on April 09, 2019, 12:54:04 PM I have to agree. It would appear to me that your Brainwallet will be as secure as the passphrase you used to create it. So if you choose a very difficult passphrase your brainwallet will be secure. I would assume it's the same as choosing a passphrase for your encryption vault. I can think of two very important differences with brainwallets, versus a wallet.dat encrypted by a Bitcoin client: 1. The blockchain is like a public password file that can be passively cracked. If someone cracks your passphrase, they can steal the funds, without ever needing physical or remote access to your machine in order to copy wallet.dat. 2. Brainwallet cracking doesn't need to be targeted. It's only a little less efficient to check each candidate passphrase against the entire set of unspent outputs - every funded address on the blockchain - versus just one specific address. A basic SHA256(passphrase) brainwallet is very dangerous, because the keys can be checked at a great rate. My ageing Core2Quad server can check around 14 billion candidate passphrases per day. edit: It's not. To brute force your own local encryption, an attacker needs access to your encrypted file, and dedicate all his computing power to just your case. With Brainwallets, one attacker can brute force all existing users on the planet at the same time, and thus has a much larger chance of finding a match. Okay, well you said the same thing I did, just faster... :) Title: Re: Collection of 18.509 found and used Brainwallets Post by: BurtW on April 09, 2019, 06:23:48 PM Code: cows,0.24308000 cows? really... cows? Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on April 10, 2019, 01:18:00 AM Code: cows,0.24308000 cows? really... cows? There's several thousand dictionary word brainwallets which were funded with 0.0000546 BTC back in 2013, however, looking more closely, this is not the typical dictionary word brainwallet. There are 30234 transactions associated with this address!!! https://www.blockchain.com/btc/address/fee56f465d92e6c52a8dd455e4e10cf835554097 Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on April 21, 2019, 12:10:56 AM This is for Litecoin, but I thought I'd mention it because of the substantial (~$30,000 USD at the time, more now) amount involved.
http://explorer.litecoin.net/address/LP27QTd7DpQTEyoREubXSY2JhyBPBbiqFa https://ltc.explorer.berrywallet.io/address/LP27QTd7DpQTEyoREubXSY2JhyBPBbiqFa Around a year ago, this address was funded with 500 LTC, then a few hours later, 0.99 LTC was added, and a few minutes after that, the entire 500.99 LTC balance was transferred out. I'm going to withhold the passphrase because of the value and relatively recent transactions, but it's simply someone's name, and from some basic research it seems that he's involved with investing in Litecoin. Some kind of vanity thing, either by the person with that name (side thought: I wonder how many people use their real name as passphrases for their encrypted local wallets?), or someone else trying to make a point? Not a small amount, either way. Title: Re: Collection of 18.509 found and used Brainwallets Post by: digitalcitizen on April 25, 2019, 11:49:40 PM Code: cows,0.24308000 cows? really... cows? There's several thousand dictionary word brainwallets which were funded with 0.0000546 BTC back in 2013, however, looking more closely, this is not the typical dictionary word brainwallet. There are 30234 transactions associated with this address!!! https://www.blockchain.com/btc/address/fee56f465d92e6c52a8dd455e4e10cf835554097 Found a lot of those old ones running a brain wallet search tool with standard spelling dictionaries on most *nix systems, where the dictionary itself was run through a password transform tool. For instance /usr/share/dict/american-english or equivalent. Title: Re: Collection of 18.509 found and used Brainwallets Post by: Syche on May 05, 2019, 03:13:35 PM Is there any python script to start testing passprhases or wordlists? I would like to test some private lists. EDIT: found one and got it working could you let me know how i can get started, been looking for this, i dont have any coding skills but i would like to feed my own ideas into the system and see what results come out, thanks. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on May 06, 2019, 07:10:20 AM Another unusual SHA256 brainwallet, derived from a rather long passphrase... one billion and two characters, to be exact. One billion and one of them are numerical digits.
Can you guess what it may be? :) https://www.blockchain.com/btc/address/cd66242a2f19b7b6eeb4f4eaf7aa69d071ade6c6 I notice that 1GMaxweLLbo8mdXvnnC19Wt2wigiYUKgEB (gmaxwell) appears in 3 transactions which spend both the 1GMaxweLLbo8mdXvnnC19Wt2wigiYUKgEB and brainwallet outputs, so it appears those transactions were created by him (or someone possessing his privkey). Possibly related to this coin mixing thread I found: https://bitcointalk.org/index.php?topic=139581.0 Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on May 06, 2019, 07:34:21 AM Can you guess what it may be? :) Something like:1000000000000000000000000000000000...............000000000000000000000000000000 000a Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on May 06, 2019, 08:55:59 AM Can you guess what it may be? :) Something like:1000000000000000000000000000000000...............000000000000000000000000000000 000a Strong hint: Think... Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceMobile on May 06, 2019, 09:19:34 AM Lol 3.1415927….......
How did you even try that? And have you tried more decimals? Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on May 06, 2019, 10:10:07 AM Lol 3.1415927…....... How did you even try that? And have you tried more decimals? Two things had to happen to discover that particular private key: 1. I decided to try feeding the SHA256 hash of every file on my NAS to brainflayer. 2. One of those files contained the value of Pi to a billion decimal places. Another match was the hash of the goatse photo. (If you don't know what that is, goatse is an old school shock site that is very, very NSFW. I didn't even realise I had that photo sitting on my storage.) Title: Re: Collection of 18.509 found and used Brainwallets Post by: HeRetiK on May 06, 2019, 11:07:32 AM Another match was the hash of the goatse photo. (If you don't know what that is, goatse is an old school shock site that is very, very NSFW. I didn't even realise I had that photo sitting on my storage.) ...because of course it was. There should be a word for being surprised while not being surprised at all while feeling both disgusted and nostalgic at the same time. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on May 07, 2019, 02:53:45 PM I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase.
https://en.bitcoin.it/wiki/Mini_private_key_format Given that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash. By the way, funds have been sent to (and promptly swept from) the address associated with the sample mini private key on that page: https://www.blockchain.com/btc/address/7f6ab65fa911f558ca2dde3e9d073acb02c0d5c6 (uncompressed: 1CciesT23BNionJeXrbxmjc7ywfiyM4oLW ) https://www.blockchain.com/btc/address/f78c1591f3f34fd1fe339dc371069b7b492bf370 (compressed: 1PZuicD1ACRfBuKEgp2XaJhVvnwpeETDyn ) Title: Re: Collection of 18.509 found and used Brainwallets Post by: DaCryptoRaccoon on May 11, 2019, 11:49:10 AM I created a simple word smasher as a way to pipe content to BF.
So I use the power of 2 scale with randint between specific values. Depending on the size of the list you will need to set the values according. I did find a few wallets this way with specific word lists being used and changes to the values. I have another version that will take content and hash it with hashlib and pipe the output to BF and again this also threw back some results. Code: ## Word Smash Power Of 2 Some of the values Code:
Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on May 18, 2019, 01:18:54 PM Around USD100 worth of BTC sent to a weak private key, stolen pretty much immediately:
https://www.blockchain.com/btc/address/a27d952a793dd83d82cfaa8431c6d36450683f6d The key is 00000000000000000000000000000000000000000000000000000000000005a1, a value which anyone playing with key cracking would almost certainly attempt. (With my modest setup, a single core running bitflayer in private key mode would find this key around 0.01 seconds after starting.) Again not really sure of the intent. Was this someone throwing a hundred bucks away for fun, or the result of buggy private key generation? Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on May 19, 2019, 04:49:25 AM Speaking of weak private keys, this one had 0.1647412 BTC (approximately $USD 1133) sent over two successive transactions back in August 2018:
https://www.blockchain.com/btc/address/1KWj99Jwd9LGGC2Y1c9c4cmvWvYTQrLFVc Promptly swept away. The private key is 000000000000000000000000000000000000000000000000000000000000001f, which is essentially the 30th possible key if you count upwards. Something that could be discovered manually. Exceptionally weak. Title: Re: Collection of 18.509 found and used Brainwallets Post by: BurtW on May 20, 2019, 02:36:01 PM LBC (https://lbc.cryptoguru.org/stats) has sequentially searched and swept all private keys under 55 bits and is pressing on at about 20.82 trillion keys per day. So all short private keys are a bad idea.
Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on May 20, 2019, 05:22:25 PM LBC (https://lbc.cryptoguru.org/stats) has sequentially searched and swept all private keys under 55 bits and is pressing on at about 20.82 trillion keys per day. So all short private keys are a bad idea. Sound advice, but bear in mind that the really low ones (say, 32 bits or so) are likely watched by bots for future activity, rather than simply being checked once by LBC. Title: Re: Collection of 18.509 found and used Brainwallets Post by: daboehla on June 05, 2019, 04:50:12 PM Last big transaction to weak private key on my radar was 0,06473026 to 0xBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
(1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet) Why does somebody do this? Donation to the bots? or really accidentally? Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on June 05, 2019, 07:16:37 PM Last big transaction to weak private key on my radar was 0,06473026 to 0xBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB I'm amazed it lasted that long: it took 7 minutes (https://www.blockchain.com/btc/address/1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet) to be sweeped! The private key to address 1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet was even posted on Bitcointalk in 2011:(1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet) Why does somebody do this? Donation to the bots? or really accidentally? Code: Addr B: 1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet (PrivKey:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb) Title: Re: Collection of 18.509 found and used Brainwallets Post by: malevolent on June 05, 2019, 08:07:38 PM I'm amazed it lasted that long: it took 7 minutes (https://www.blockchain.com/btc/address/1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet) to be sweeped! I'm not. I would imagine almost everything that could be feasibly stolen has been stolen between 2011-2015. Around 2013 it has become increasingly clear that most people choose too easy passwords for brainwallets and their use has been discouraged, and if you really have to use one, at least use one with key-stretching, such as warpwallet. Now thieves can either put increasingly more resources into searching for (most likely older) brainwallets, whose owner might have emptied them anyway, or fight for scraps that occasionally gets sent to some of the easier brainwallets. There probably aren't that many people nowadays who're bothering with monitoring brainwallets, otherwise the address you linked would have been emptied in under 7 seconds instead of 7 minutes. Title: Re: Collection of 18.509 found and used Brainwallets Post by: daboehla on June 06, 2019, 06:22:58 AM I'm amazed it lasted that long: it took 7 minutes (https://www.blockchain.com/btc/address/1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet) to be sweeped! I'm not. I would imagine almost everything that could be feasibly stolen has been stolen between 2011-2015. Around 2013 it has become increasingly clear that most people choose too easy passwords for brainwallets and their use has been discouraged, and if you really have to use one, at least use one with key-stretching, such as warpwallet. Now thieves can either put increasingly more resources into searching for (most likely older) brainwallets, whose owner might have emptied them anyway, or fight for scraps that occasionally gets sent to some of the easier brainwallets. There probably aren't that many people nowadays who're bothering with monitoring brainwallets, otherwise the address you linked would have been emptied in under 7 seconds instead of 7 minutes. Because I also run a program, which tries to empty these weak private keys. At 29.05.2019 00:41:26.300 I recorded the transaction. (+2 timezone) On 29.05.2019 00:41:26.324 I already got txn-mempool-conflict So I think there are Many very fast out there. Title: Re: Collection of 18.509 found and used Brainwallets Post by: daboehla on June 06, 2019, 11:16:14 AM Today was also a high value transaction to weak private key:
06.06.2019 10:39:25.107 0,25000000 1FJJTKza3HovjzguAnMY9VYPu5Kd6CRKa -> 07D6D38FF15148A755F8E64F2C3F7860DEBEBB1C / 00000000000000000000000000000000000000000000000000000000000007B7 / LowerAddr Title: Re: Collection of 18.509 found and used Brainwallets Post by: buwaytress on June 06, 2019, 11:46:14 AM I'm amazed it lasted that long: it took 7 minutes (https://www.blockchain.com/btc/address/1NiEGXeURREqqMjCvjCeZn6SwEBZ9AdVet) to be sweeped! I'm not. I would imagine almost everything that could be feasibly stolen has been stolen between 2011-2015. Around 2013 it has become increasingly clear that most people choose too easy passwords for brainwallets and their use has been discouraged, and if you really have to use one, at least use one with key-stretching, such as warpwallet. Now thieves can either put increasingly more resources into searching for (most likely older) brainwallets, whose owner might have emptied them anyway, or fight for scraps that occasionally gets sent to some of the easier brainwallets. There probably aren't that many people nowadays who're bothering with monitoring brainwallets, otherwise the address you linked would have been emptied in under 7 seconds instead of 7 minutes. Because I also run a program, which tries to empty these weak private keys. At 29.05.2019 00:41:26.300 I recorded the transaction. (+2 timezone) On 29.05.2019 00:41:26.324 I already got txn-mempool-conflict So I think there are Many very fast out there. Indeed! 7 minutes was merely the time between blocks, as it turns out. So we can actually confirm that after all these years there are still people who actively run programs that automatically empties these addresses, even those as old as 8 years like this one now. Curious to know, does your program know of and then attempts the sweep transaction as soon as confirmation is received or do you already try to sweep it when the incoming tx is recognised? In other words, is your sweep tx created as soon as incoming tx is broadcast or only once confirmed? $500 is not bad at all. Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on June 06, 2019, 11:55:17 AM Today was also a high value transaction to weak private key: Someone paid 21% ($400) fee to steal these funds! Bots are competing heavily to get picked by a miner.06.06.2019 10:39:25.107 0,25000000 1FJJTKza3HovjzguAnMY9VYPu5Kd6CRKa -> 07D6D38FF15148A755F8E64F2C3F7860DEBEBB1C / 00000000000000000000000000000000000000000000000000000000000007B7 / LowerAddr Curious to know, does your program know of and then attempts the sweep transaction as soon as confirmation is received or do you already try to sweep it when the incoming tx is recognised? The theft gets confirmed in the same block as the original transaction, so it doesn't wait for a confirmation.Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on June 06, 2019, 12:59:50 PM Today was also a high value transaction to weak private key: 06.06.2019 10:39:25.107 0,25000000 1FJJTKza3HovjzguAnMY9VYPu5Kd6CRKa -> 07D6D38FF15148A755F8E64F2C3F7860DEBEBB1C / 00000000000000000000000000000000000000000000000000000000000007B7 / LowerAddr Pure speculation here - I'm not very good at following transaction trails - but the source wallet has a high number of transactions and large cumulative balance, so I'm guessing it could be an exchange wallet, and that 0.25 BTC was a withdrawal by a customer. Question is, how did the funds end up being sent to that address? Was this some internal software deliberately stealing funds, or did this key get imported into someone's wallet somehow? IDEA: exchanges and any other services which allow customers to withdraw should maintain a blacklist of addresses with weak keys / broken brainwallets, so that any attempts to send to such an address are blocked. Title: Re: Collection of 18.509 found and used Brainwallets Post by: malevolent on June 06, 2019, 07:41:54 PM I wanted to say someone's watching this thread, but I think $400 is a bit too much to waste on proving a point. I wonder how many more tried to steal those coins.
Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on June 06, 2019, 10:52:43 PM I wanted to say someone's watching this thread, but I think $400 is a bit too much to waste on proving a point. I wonder how many more tried to steal those coins. Sweep bots existed long before this thread was started... Title: Re: Collection of 18.509 found and used Brainwallets Post by: malevolent on June 06, 2019, 11:53:10 PM Sweep bots existed long before this thread was started... Doesn't mean many people still bother running them. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on June 07, 2019, 07:04:51 AM Sweep bots existed long before this thread was started... Doesn't mean many people still bother running them. I posted in this thread a few months ago that even on testnet funds get swiped instantly. :) Title: Re: Collection of 18.509 found and used Brainwallets Post by: DaCryptoRaccoon on June 09, 2019, 11:27:26 AM The real issues is the weak PK values here and education on how to create secure keys.
I tested lot's of the tools that are available out there even going as far as to parse the entire blockchain into MySQL table while running ABE and BF and a few other scanners I have there are still 100's of un-secure wallets out there waiting to be picked up by the sweepers (just for the record I don't sweep funds and never will.) But it's quite a concern that many people seem to have funds laying out there which any competent person with python and a word list could find. I also ran some checking on the old style electrum seeds with a "modified" word list and have had some wallets return with funds highest was around 0.15 BTC. I am unable to post the results as the wallets seems to be active. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on June 20, 2019, 12:00:36 PM https://www.blockchain.com/btc/address/b09a09458fe9bb86b0d897b4c244b05432bad28d
This one is interesting for a number of reasons... - It seems to be a relatively early use of a SHA256 brainwallet (January 2012). - The transaction originally funding this brainwallet split 1 BTC into neat sets of 0.001 and 0.005 BTC. Could other outputs from this transaction - there are 101 in total - also be brainwallets, or some other kind of special address? Some are still unspent, 7.5 years later. - A second set of funds (6.08 BTC) was sent a couple of weeks later, then all funds were swept the following year. Over time, the value of 6.08 BTC appreciated from around $USD 35 in February 2012, to almost $USD 600 in July 2013. (The sweep output is still unspent; 6.08 BTC is now worth nearly $60,000. Hope the owner still has the privkey!) The passphrase is just let the lovin take ahold Title: Re: Collection of 18.509 found and used Brainwallets Post by: DaCryptoRaccoon on June 23, 2019, 03:19:53 PM https://www.blockchain.com/btc/address/b09a09458fe9bb86b0d897b4c244b05432bad28d This one is interesting for a number of reasons... - It seems to be a relatively early use of a SHA256 brainwallet (January 2012). - The transaction originally funding this brainwallet split 1 BTC into neat sets of 0.001 and 0.005 BTC. Could other outputs from this transaction - there are 101 in total - also be brainwallets, or some other kind of special address? Some are still unspent, 7.5 years later. - A second set of funds (6.08 BTC) was sent a couple of weeks later, then all funds were swept the following year. Over time, the value of 6.08 BTC appreciated from around $USD 35 in February 2012, to almost $USD 600 in July 2013. (The sweep output is still unspent; 6.08 BTC is now worth nearly $60,000. Hope the owner still has the privkey!) The passphrase is just let the lovin take ahold I think there are still many many more to be found out there my guess. Interesting find on the 6 words are those song lyrics by any chance? Title: Re: Collection of 18.509 found and used Brainwallets Post by: avw on June 26, 2019, 10:15:51 AM - The transaction originally funding this brainwallet split 1 BTC into neat sets of 0.001 and 0.005 BTC. Could other outputs from this transaction - there are 101 in total - also be brainwallets, or some other kind of special address? Some are still unspent, 7.5 years later. You can see that addresses are arranged alphabetically, sorted by first two letters (first is always lowercase).Looks like addresses were generated by vanitygen. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on June 27, 2019, 08:14:59 AM - The transaction originally funding this brainwallet split 1 BTC into neat sets of 0.001 and 0.005 BTC. Could other outputs from this transaction - there are 101 in total - also be brainwallets, or some other kind of special address? Some are still unspent, 7.5 years later. You can see that addresses are arranged alphabetically, sorted by first two letters (first is always lowercase).Looks like addresses were generated by vanitygen. I thought at first you were onto something, but when you look more closely, it is not cleanly sorted. For example, the address 1Ct2qiAXf6iYHQ3iUB3sfinR5SfzhYQf4u (output 86) is alphabetically lower than the address 1FuicRGD8kQoPmnsXTirEoeoVtVwrjQs7T (output 0) Here is the raw transaction: https://www.almightycoins.org/cc5e0d2d0f46b56ab57027e236ed3ebff4ed7157238947db2ae59cddca60e08b.txt And the output scripts only, which show the RIPEMD160 hex representation of the addresses: https://www.almightycoins.org/cc5e0d2d0f46b56ab57027e236ed3ebff4ed7157238947db2ae59cddca60e08b-outputscript.txt You can see here the outputs are loosely but not perfectly sorted. There is still something unusual about this selection of addresses, because for 92 of the 101 outputs, the first byte of the RIPEMD160 hash is between a3 and cf. This includes the address which is generated from the passphrase "just let the lovin take ahold" (first byte is b0). If the addresses were truly random, you would expect a much wider distribution over 101 values, but only 9 values fall outside of that cluster. So there's some kind of filtering going on, for whatever reason. Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on June 27, 2019, 08:36:15 AM So there's some kind of filtering going on, for whatever reason. My guess: someone created a list of addresses, sorted it, and copied a part of it to be funded. I don't think there's much more behind it.Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on June 27, 2019, 09:24:09 AM So there's some kind of filtering going on, for whatever reason. My guess: someone created a list of addresses, sorted it, and copied a part of it to be funded. I don't think there's much more behind it.Occam's razor? I guess so, although it would seem more likely if only a single address (say, for change) was the odd one out. Just for fun, I quickly hacked together something to generate four random words and filter the output so that the first bytes of the address are b0, 9a, 09 (which match the last passphrase I mentioned in this thread). The same could be done with real-world phrases if you had a sufficient number of them. A crude form of SHA256 brainwallet vanity address generation. 1H6nTM5TVQc31YqhVzVPrRUmNsL9pGJAwV b09a091fccb7e1f2f0a8120f3e17117a79759920 "captaining financial conservatism mayonnaise" 1H6nTPYd9sKto7bn7ptVqGWzD3mUdByNMy b09a0947f10d65c58ad6f7bc551b85d6d399b3b5 "gladiator playmates reduction disseminates" 1H6nTZUuqwmwKy6C64UK5jAdZATAMfpasK b09a09e9865339e6a5beabd64682380bd7862fd3 "physicists rottenness displaces processed" === ADDED LATER === Here's some real-world phrases which happen to match the simple vanity address requirements from above. I forgot about it and left things running for longer than I should have. 1H6nTagcotDzbyM3W3ymWRBRcwuJV1Cpvd b09a09fd11c309d6ae2321406c3cd8540cee9174 "scott and andrea" 1H6nTRxrjZ3PiiPvwLwegQFrtBURsKvjUo b09a096f42e5efd99614509be6625e7c1119b539 "colonel edward mandell house" 1H6nTUtXkLPgU36ufJeVEpTmPvbVGXLypV b09a099ed5ce28e7f241ce53893045ad88d48da3 "never gonna be as big as jesus" (Note: These are examples from my vanity generation experiment, not actual cracked passphrases.) Title: Re: Collection of 18.509 found and used Brainwallets Post by: larks500 on June 27, 2019, 11:49:36 AM What if you add your own personal coding to the obvious phrase?
Lets say, replace all the letters A with B. For example "cbptbining finbncial conservbtism mbyonnbise" instead of "captaining financial conservatism mayonnaise" Will it more difficult to get the key? Title: Re: Collection of 18.509 found and used Brainwallets Post by: BurtW on June 27, 2019, 01:24:21 PM What if you add your own personal coding to the obvious phrase? I think the point of this entire thread can be summed up as follows:Lets say, replace all the letters A with B. For example "cbptbining finbncial conservbtism mbyonnbise" instead of "captaining financial conservatism mayonnaise" Will it more difficult to get the key? Give up and use a secure random number generator based on a qualified true random number source of entropy unless you want to lose your Bitcoins. Title: Re: Collection of 18.509 found and used Brainwallets Post by: ABCbits on June 27, 2019, 06:07:26 PM Will it more difficult to get the key? Most likely yes, but : 1. It's useless if attacker know you use brainwallet & know this method 2. Unless you write down passphrase for brain wallet, you will forget your passphrase or/and your clever method 3. It's still far less secure than simply use CSPRNG to generate your private key/seed Title: Re: Collection of 18.509 found and used Brainwallets Post by: HeRetiK on June 27, 2019, 08:55:05 PM What if you add your own personal coding to the obvious phrase? Lets say, replace all the letters A with B. For example "cbptbining finbncial conservbtism mbyonnbise" instead of "captaining financial conservatism mayonnaise" Will it more difficult to get the key? Maybe a bit, but not really. An attacker with the skills and resources to create and scan a precomputed list of brainwallets based on the most common words and phrases will likely also start scanning the most common permutations eventually. So it's safer in the sense that the coins will probably only be snatched after a couple of days instead of after a couple of seconds. Granted, given a long enough passphrase or a complex enough "cipher" your coins should be reasonably secure. However it's hard to guess at which point this is the case, which is why one should resort to more reliable methods. It's probably not at 4-word phrases with single-letter-replacements though. Title: Re: Collection of 18.509 found and used Brainwallets Post by: larks500 on June 28, 2019, 06:15:23 AM What if you add your own personal coding to the obvious phrase? I think the point of this entire thread can be summed up as follows:Lets say, replace all the letters A with B. For example "cbptbining finbncial conservbtism mbyonnbise" instead of "captaining financial conservatism mayonnaise" Will it more difficult to get the key? Give up and use a secure random number generator based on a qualified true random number source of entropy unless you want to lose your Bitcoins. Yes. Random key it is the best decision, but problem that it is easy forget this random key. You should keep this random key or feed in other place than your mind, so it is additional risk. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on June 29, 2019, 01:49:12 AM Yes. Random key it is the best decision, but problem that it is easy forget this random key. Forget? Normally human can't even remember number with length above 10, let alone private with 256-bit length (or 64 if you try to remember HEX format) I realised the other day that I still remember a few (randomly generated) 10 character passwords that I haven't used for years, and if I put them together, they could form a fairly strong 40 character brainwallet phrase. The difference with those passwords is that they were protecting access to a server, and if I forgot them, I could recover access in some other way (boot with rescue disk, phone call to data centre etc). Different matter if I forgot my brainwallet password. :o --------- I've seen someone (I think ryanc) mention before using a combination of a passphrase plus a random (weakish) seed. The seed needs to be printed out and stored somewhere safely. The beauty of this arrangement is that the seed is weak enough to be expendable, but strong enough to add some extra protection against casual hunting. If the seed is lost, you can use a program to brute force it until it finds a match for your brainwallet address. The strength of the seed is chosen so that some time (say one to two days) of brute forcing would be required. It won't stop an attacker who is focussed specifically on you, but it will add extra protection against people who are just hunting for any passphrase matches. You could also store some funds using the passphrase alone, using that brainwallet as a canary to alert you that someone has discovered your passphrase. For example: 10 BTC in the brainwallet-with-seed "MYPASSPHRASE_sVjH$4R" 0.1 BTC in the canary brainwallet "MYPASSPHRASE" Disclaimer: I mention this only out of interest and don't represent that it would necessarily be secure. I don't think SHA256 brainwallets are secure anyway, so... Title: Re: Collection of 18.509 found and used Brainwallets Post by: larks500 on June 29, 2019, 08:56:18 AM Yes. Random key it is the best decision, but problem that it is easy forget this random key. Forget? Normally human can't even remember number with length above 10, let alone private with 256-bit length (or 64 if you try to remember HEX format) You should keep this random key or feed in other place than your mind, so it is additional risk. To be fair, any option have it's own pros and cons. But it's most common practice (except we randomly generate xprv/seed) & you probably use this method as well. Sure. It is absolutely right. But we are started talking about brain wallets and brain wallet feed could be generated randomly. I can keep in mind 16 random generated words, but problem that words are already existed and could be generated again. Good way to change 1 word from this 16 to your own created word. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on June 30, 2019, 09:28:17 AM I've seen someone (I think ryanc) mention before using a combination of a passphrase plus a random (weakish) seed. The seed needs to be printed out and stored somewhere safely. The beauty of this arrangement is that the seed is weak enough to be expendable, but strong enough to add some extra protection against casual hunting. If the seed is lost, you can use a program to brute force it until it finds a match for your brainwallet address. The strength of the seed is chosen so that some time (say one to two days) of brute forcing would be required. Interesting idea, while it's far less secure than CSPRNG/PRNG, it's acceptable assuming no one know you use this method. No, that would be security through obscurity. It's fun to have some cool secret way to generate your key, but if it's too complex, you (or your benefactors, say if you suddenly die) could risk losing the funds. The point is that if you must use a brainwallet, the random seed will at least make it more secure against untargeted privkey hunters. Remember that each ATTEMPT at brute forcing the passphrase+seed takes 2 days, so in theory, even a reasonably common dictionary word as your passphrase could take years to crack. (In practice, a cracker is going to be using multiple cores and possibly optimised cracking methods, so it will take less time.) Multiple seeds can be used, for example: 1. Seed #0, which is an internal seed that is not disclosed or stored. This must be brute forced when re-generating the private key, so it is quite weak. It is intended as some extra protection against an attack. 2. Seed #1 (stored in one location) which takes ~1 day to brute force if lost. 3. Seed #2 (stored in another location) which takes ~1 day to brute force if lost. If the user has the passphrase, seed #1, and seed #2, all it takes is (say) 60 seconds to brute force the internal seed, and generate the correct privkey. If the user loses either of the seeds, it takes 60 seconds + 1 day. If the user loses both seeds, it takes 60 seconds + 1 day + 1 day. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on July 07, 2019, 10:44:34 PM Nearly $2k USD blown by sending to a very weak key (7b7)
Swiped quickly, with about $USD400 paid to the miner which incorporated the transaction. I really hope this was deliberate. ??? https://www.blockchain.com/btc/address/02b443fb5654d5fb6323dff432b90f6e204b9676 Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on July 14, 2019, 12:25:40 AM This one is unusual because:
1. It was sent around 3 months ago to a seemingly random passphrase (looks like a 21 letter keyboard bash), but that passphrase appears in a password list from 2012. 2. This time it was a whopping 1 BTC ($USD 4k at the time), swiped immediately. Why was 1 BTC sent, in 2019, to a brain wallet using a passphrase that's been known for 7+ years? Because of the large amount and recent transaction, I won't reveal the passphrase publicly, but I'm sure there's a few people reading this that who know it. And there's at least one bot that does... https://www.blockchain.com/btc/address/af867f1c5287676c97dfc402e3e642ac97652670 Title: Re: Collection of 18.509 found and used Brainwallets Post by: avw on July 15, 2019, 04:23:28 PM also ran some checking on the old style electrum seeds with a "modified" word list... What is "old style" different from the new?Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on July 22, 2019, 06:52:47 AM Multiple seeds can be used, for example: 1. Seed #0, which is an internal seed that is not disclosed or stored. This must be brute forced when re-generating the private key, so it is quite weak. It is intended as some extra protection against an attack. 2. Seed #1 (stored in one location) which takes ~1 day to brute force if lost. 3. Seed #2 (stored in another location) which takes ~1 day to brute force if lost. If the user has the passphrase, seed #1, and seed #2, all it takes is (say) 60 seconds to brute force the internal seed, and generate the correct privkey. If the user loses either of the seeds, it takes 60 seconds + 1 day. If the user loses both seeds, it takes 60 seconds + 1 day + 1 day. Was thinking about this again today, and I've found a flaw in the above. I believe the total effort required to cover the search space is actually the product of the effort per seed, rather than the sum. This is because there's no way to know if you've correctly found a match for a single seed. The complete passphrase+seed+seed+seed combination is either matched, or not matched; there's no way to match a part of it. In other words, if you lose both seeds, it will take 60 x 86400 x 86400 seconds (5,184,000 days) to brute force all possibilities, not 60 + 86400 + 86400 (2 days and 60 seconds). To be able to independently crack a lost seed would require additional external validation, such as a hash of each seed stored in the blockchain. Just wanted to update the above idea to point out that multiple seeds won't work as expected. A single seed would still work, since there's only one unknown part to force if it is lost. Title: Re: Collection of 18.509 found and used Brainwallets Post by: igordata on July 23, 2019, 10:04:07 AM If the user has the passphrase, seed #1, and seed #2, all it takes is (say) 60 seconds to brute force the internal seed, and generate the correct privkey. why do we need #0 if it's so easy to brute force it then?If the user loses either of the seeds, it takes 60 seconds + 1 day. no, if you loses both seeds you die :DEdit: yep, if I lose one of #1 or #2 seeds it gonna take a month to brute force it of a couple of weeks with 50% probability if I'm lucky guy. If I lose both seeds I'm in the deep trouble even if I'm extremely lucky. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on July 23, 2019, 11:36:25 AM If the user has the passphrase, seed #1, and seed #2, all it takes is (say) 60 seconds to brute force the internal seed, and generate the correct privkey. why do we need #0 if it's so easy to brute force it then?Shrug. I guess as some extra protection if the two main seeds (which would need to be printed out or stored somewhere) are recovered by an attacker. Without seed #0 the attacker would only need to bruteforce the passphrase, but by requiring the additional (unknown) seed the work is increased by a factor of at least a few million. Disclaimer: I'm not a cryptographer, so I freely admit these ideas are probably a little crazy. Title: Re: Collection of 18.509 found and used Brainwallets Post by: igordata on July 24, 2019, 04:46:49 PM OK, you're right. We have a passphrase and without #0 it is just a millisecond to try. With #0 each passphrase will take a minute to try.
Title: Re: Collection of 18.509 found and used Brainwallets Post by: odolvlobo on July 24, 2019, 09:59:37 PM Multiple seeds can be used, for example: 1. Seed #0, which is an internal seed that is not disclosed or stored. This must be brute forced when re-generating the private key, so it is quite weak. It is intended as some extra protection against an attack. 2. Seed #1 (stored in one location) which takes ~1 day to brute force if lost. 3. Seed #2 (stored in another location) which takes ~1 day to brute force if lost. If the user has the passphrase, seed #1, and seed #2, all it takes is (say) 60 seconds to brute force the internal seed, and generate the correct privkey. If the user loses either of the seeds, it takes 60 seconds + 1 day. If the user loses both seeds, it takes 60 seconds + 1 day + 1 day. I wold like to point out that your times are correct only if the user has a way to know that an individual seed has has been cracked. Otherwise, you must multiply the number of attempts rather than add them. Edit: Oh, I see that you have already arrived at that conclusion. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on July 25, 2019, 01:56:30 AM [...] If the user loses both seeds, it takes 60 seconds + 1 day + 1 day. I wold like to point out that your times are correct only if the user has a way to know that an individual seed has has been cracked. Otherwise, you must multiply the number of attempts rather than add them. Edit: Oh, I see that you have already arrived at that conclusion. You're the second person to point this out after I corrected myself. ;) You could store hash(passphrase+seedX) in the blockchain so that the brainwallet client can figure out when it has cracked the seed, but that means an attacker also has that clue. Not such a good idea: now an attacker can hunt for hash(passphrase+seedX) matches to discover seeds with weak passphrases, and once they find two different seeds with the same passphrase, they're less than 60 seconds away from finding a private key. Title: Re: Collection of 18.509 found and used Brainwallets Post by: igordata on July 25, 2019, 09:31:20 AM > hash(passphrase+seedX)
that operation reduces security due to attacker can brute force quicker with a single hash iteration Title: Re: Collection of 18.509 found and used Brainwallets Post by: TechPriest on July 25, 2019, 06:58:37 PM I've seen someone (I think ryanc) mention before using a combination of a passphrase plus a random (weakish) seed. The seed needs to be printed out and stored somewhere safely. The beauty of this arrangement is that the seed is weak enough to be expendable, but strong enough to add some extra protection against casual hunting. If the seed is lost, you can use a program to brute force it until it finds a match for your brainwallet address. The strength of the seed is chosen so that some time (say one to two days) of brute forcing would be required. Interesting idea, while it's far less secure than CSPRNG/PRNG, it's acceptable assuming no one know you use this method. No, that would be security through obscurity. It's fun to have some cool secret way to generate your key, but if it's too complex, you (or your benefactors, say if you suddenly die) could risk losing the funds. The point is that if you must use a brainwallet, the random seed will at least make it more secure against untargeted privkey hunters. Remember that each ATTEMPT at brute forcing the passphrase+seed takes 2 days, so in theory, even a reasonably common dictionary word as your passphrase could take years to crack. (In practice, a cracker is going to be using multiple cores and possibly optimised cracking methods, so it will take less time.) Multiple seeds can be used, for example: 1. Seed #0, which is an internal seed that is not disclosed or stored. This must be brute forced when re-generating the private key, so it is quite weak. It is intended as some extra protection against an attack. 2. Seed #1 (stored in one location) which takes ~1 day to brute force if lost. 3. Seed #2 (stored in another location) which takes ~1 day to brute force if lost. If the user has the passphrase, seed #1, and seed #2, all it takes is (say) 60 seconds to brute force the internal seed, and generate the correct privkey. If the user loses either of the seeds, it takes 60 seconds + 1 day. If the user loses both seeds, it takes 60 seconds + 1 day + 1 day. That is very compicated, really. Also, if noone doesn't know your passphrase you shouldn't afraid seed compomising. Because the fact of knowing your seed can't help to hacker. If you afraid that your passphrase will be brute forced or social hacked (as we know, people's brain provides very low enthropy) , then i have some interesting algorithm for you: 1. Create easy master passphrase you always will remember. 2. Create your own algorithm of lower passphrase derivation. It can be like: Code: SHA2/RIPEMD-160(my-master-passphrase-that-I-always-remember + "1") That's it. You can use different wallets for different purposes without fear your wallets being linked (like addresses in one wallet). Also, while only you know derivation algorithm no one can get access to your wallets even seed or/and master-passphrase compomised. You can store your seed without any protection, you can put it into the bank or write on paper. To hack all your wallets, hacker needs to know your seed + master-passphrase + derivation algorithm. It's not so easy to hack such protection. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on July 31, 2019, 04:53:29 PM https://www.blockchain.com/btc/address/1d923c954d8901d559f1262fec66ed08fdac73cb
Value of around $USD 55 swept immediately. At least one of the inputs in the funding transaction appears to be an exchange hot wallet (1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s, which has nearly half a million transactions [edit: this is a Binance wallet -> https://twitter.com/binance/status/961666467325358081]). Are people still deliberately withdrawing funds to brainwallets? The passphrase is "weadmittedwewerepowerlessoveralcoholthatourliveshadbecomeunmanageable" which appears to be the text (sans spaces) of the first step in the 12 step Alcoholics Anonymous program. It amazes me how obscure passphrases are still swept away almost immediately. The cracking that I do for fun represents literally months of CPU time and trillions of candidate passphrases. At full tilt my i7 can push out about 43 billion passphrases per day, which would require over 1TB of storage per day if saved permanently. People running stealer bots must have massive databases of pre-computed candidate passphrases. Title: Re: Collection of 18.509 found and used Brainwallets Post by: itod on August 01, 2019, 08:17:40 AM Are people still deliberately withdrawing funds to brainwallets? Brainwallets were the worst idea from the beginning, but for some mysterious reason they are attractive to newbies. There s something in the human psychology, I guess the simplicity of the solution and the masochistic aspect torturing themselves to remember long passphrases and the risk they may forget it which has an allure off challenge. There is also an aspect they do not get the math and reasoning behind reliable alternatives, like Bitcoin Core wallet, that turns them away from better alternatives. Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on August 01, 2019, 10:58:45 AM Brainwallets were the worst idea from the beginning There are 2 problems:1. Anyone can search all existing brainwallets at the same time 2. It doesn't require much CPU-power to test a password Without promoting brainwallets, I could think of several solutions: 1. If you add something unique to you to a brainwallet, it's much less likely to be found. Say I would add LoyceValenzuela to this: "weadmittedwewerepowerlessoveralcoholthatourliveshadbecomeunmanageable" That would make:weadmittedwewerepowerlessoveralcoholthatourliveshadbecomeunmanageableLoyceValen zuela and instantly adds many more possibilities to the search space than "just" searching all available digital text on the planet. Or add your phone number. It's not perfect, but it makes it several orders of magnitude less likely to be brute-forced. 2. The protocol should use CPU-intensive encryption like BIP38 uses. That reduces the number of tries per second from billions to dozens. Title: Re: Collection of 18.509 found and used Brainwallets Post by: Welsh on August 01, 2019, 12:21:10 PM Brainwallets were the worst idea from the beginning They're flawed due to the fact that they're easy to bruteforce, and test different password combinations on without any sort of limit. However, a brainwallet is as secure as the user makes it. As LoyceV points out putting unique information within a sentence instantly makes it more difficult to crack. Common passwords for brainwallets used to be sentences from books, and I think there was a pretty famous one which used a random page in the Lord Of The Rings books. I've never used a brainwallet, and would recommend against them just for the sole reason that they can be attacked easier than most other ways of storing Bitcoin. Title: Re: Collection of 18.509 found and used Brainwallets Post by: itod on August 01, 2019, 05:23:38 PM Brainwallets were the worst idea from the beginning ...1. If you add something unique to you to a brainwallet, it's much less likely to be found. Say I would add LoyceValenzuela to this: "weadmittedwewerepowerlessoveralcoholthatourliveshadbecomeunmanageable" That would make:weadmittedwewerepowerlessoveralcoholthatourliveshadbecomeunmanageableLoyceValen zuela and instantly adds many more possibilities to the search space than "just" searching all available digital text on the planet. Or add your phone number. It's not perfect, but it makes it several orders of magnitude less likely to be brute-forced. ... Don't do this, there is no need for it. Just use regular high quality wallet like Bitcoin Core wallet and you will get incomparably more secure private keys without the need for any mental gymnastics. The quality wallets get their entropy from the hardware layer beneath, not from something humans can think of. Title: Re: Collection of 18.509 found and used Brainwallets Post by: malevolent on August 01, 2019, 08:14:19 PM 2. The protocol should use CPU-intensive encryption like BIP38 uses. That reduces the number of tries per second from billions to dozens. Most commonly used brainwallets, i.e. single round unsalted SHA-256 are a terrible idea leading to loss of funds for many users, but something like a warpwallet isn't too bad if someone's really set on using a brainwallet: https://keybase.io/warp Using a salt should still be recommended though. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on August 13, 2019, 08:43:04 AM Now for something a little different:
https://www.blockchain.com/btc/address/674239f32cd4041965f3a9e1fdeb09356f07887a Passphrase: ประวิตร วงษ์สุวรรณ According to Google this is Thai, and translates to "Wittawong Suwan" but I think the correct (Westernised) translation is Prawit Wongsuwan, who is a General that became the Deputy Prime Minister after a 2014 coup. He seems to be fond of expensive watches. Title: Re: Collection of 18.509 found and used Brainwallets Post by: rosengold on August 30, 2019, 10:07:05 PM Don't let this list dies ;D
https://www.blockchain.com/btc/address/1KTtPr67kxRu1MTk5FyqQj1Q8xT95KCFMP (https://www.blockchain.com/btc/address/1KTtPr67kxRu1MTk5FyqQj1Q8xT95KCFMP) Quote Bitcoin: A Peer-to-Peer Electronic Cash System Thanks for that coffee :P Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on August 31, 2019, 10:23:56 AM Don't let this list dies ;D https://www.blockchain.com/btc/address/1KTtPr67kxRu1MTk5FyqQj1Q8xT95KCFMP (https://www.blockchain.com/btc/address/1KTtPr67kxRu1MTk5FyqQj1Q8xT95KCFMP) Quote Bitcoin: A Peer-to-Peer Electronic Cash System Thanks for that coffee :P Some other variations: Peer to Peer Electronic Cash System Peer-to-Peer Electronic Cash (on testnet) Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on September 09, 2019, 09:25:23 AM 0.4995 BTC rested in this brainwallet for about a week:
https://www.blockchain.com/btc/address/1NibpGrUoUd9ywXm5Q2Zx5w12pZN3V3z8G Since the transactions are so recent, I am not going to disclose the passphrase, but let's just say that it's the title of something. Not super weak, but not exactly secure, especially when you're sending half a Bitcoin to it. Don't know if the rightful owner took the funds, or they were stolen, but if I can find it, so can someone else. The chain of transactions leading up to the one funding this address look interesting, can anyone better at exploring blockchains than I am offer an explanation? Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on September 15, 2019, 05:02:03 PM This brain wallet hasn't been used for several years, but even back in 2013 it held a substantial amount of funds (USD $6k+), protected by a weak passphrase:
https://www.blockchain.com/btc/address/16jLdtAxgXVwcG93MyPcNALXMCv3D6dyDB The passphrase is "arretonprimaryschool" Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on September 17, 2019, 06:13:02 AM An idea I came up with today: using a standard wallet file (must be encrypted) to create a hidden "brainwallet" private key.
These help protect the hidden key: 1. You need access to the wallet file; an attack would need to be targeted. 2. You need the password to unlock the wallet; that's the brain part. 3. There is no external indication that the hidden key exists. To create the hidden key: 1. Combine all unencrypted private keys in the wallet in some way (eg SHA256 hash of concatenated keys) 2. For additional bruteforce protection, stretch the new key. But here's the cool part: the wallet can be completely cleared of all funds, either before or after you create the new key. This means that if anyone does gain access to the wallet file, all they see is a wallet with no balance (this can be seen without needing the wallet password). Even if they suspect you may be using a hidden key, they cannot regenerate it unless they know the password to decrypt the wallet. tl;dr you can create a hidden key from a wallet with zero balance that anyone poking around your file system will probably ignore. Thoughts? Title: Re: Collection of 18.509 found and used Brainwallets Post by: odolvlobo on September 17, 2019, 08:13:53 AM These help protect the hidden key: 1. You need access to the wallet file; an attack would need to be targeted. 2. You need the password to unlock the wallet; that's the brain part. 3. There is no external indication that the hidden key exists. To create the hidden key: 1. Combine all unencrypted private keys in the wallet in some way (eg SHA256 hash of concatenated keys) 2. For additional bruteforce protection, stretch the new key. But here's the cool part: the wallet can be completely cleared of all funds, either before or after you create the new key. This means that if anyone does gain access to the wallet file, all they see is a wallet with no balance (this can be seen without needing the wallet password). Even if they suspect you may be using a hidden key, they cannot regenerate it unless they know the password to decrypt the wallet. tl;dr you can create a hidden key from a wallet with zero balance that anyone poking around your file system will probably ignore. I feel like that is about equivalent to a password-protected wallet with a sprinkle of additional cleverness thrown in. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on September 19, 2019, 02:27:12 AM This address is kind of related to brainwallets:
https://www.blockchain.com/btc/address/1HT7xU2Ngenf7D4yocz2SAcnNLW7rK8d4E Current balance is 72.13442756 BTC. The classic brainwallet is created with ripemd160(sha256(pubkey(sha256("passphrase")))), but this address is the result of ripemd160(sha256("")) I don't know if it's a broken brainwallet generator, or just a broken wallet. Possibly the latter, with the wallet mistakenly hashing a zero length buffer, instead of hashing the pubkey. Any funds sent here are permanently lost, because there's no private key involved in the address generation process. Despite this, nearly $15k USD worth of Bitcoin has been sent there in the past 12 months! https://github.com/bitcoin/bitcoin/issues/445 I think it would be a good idea if wallet software included a blacklist of such addresses, as well as known weak brainwallets, showing an additional dialog with a strong warning that funds may be permanently lost (or stolen) if the transaction proceeds. Checking any generated (inbound) addresses against the list would also help catch any glaring address generation bugs. (An assert that the result must not equal <hash of empty string> after each call to sha256 or ripemd160 would have caught this error.) Title: Re: Collection of 18.509 found and used Brainwallets Post by: MrFreeDragon on October 14, 2019, 06:46:46 PM https://www.blockchain.com/btc/address/b09a09458fe9bb86b0d897b4c244b05432bad28d This one is interesting for a number of reasons... - It seems to be a relatively early use of a SHA256 brainwallet (January 2012). - The transaction originally funding this brainwallet split 1 BTC into neat sets of 0.001 and 0.005 BTC. Could other outputs from this transaction - there are 101 in total - also be brainwallets, or some other kind of special address? Some are still unspent, 7.5 years later. - A second set of funds (6.08 BTC) was sent a couple of weeks later, then all funds were swept the following year. Over time, the value of 6.08 BTC appreciated from around $USD 35 in February 2012, to almost $USD 600 in July 2013. (The sweep output is still unspent; 6.08 BTC is now worth nearly $60,000. Hope the owner still has the privkey!) The passphrase is just let the lovin take ahold I think there are still many many more to be found out there my guess. Interesting find on the 6 words are those song lyrics by any chance? Yes, that was a song ) Have a look since 1:01 https://youtu.be/JBCJKbLhHwU?t=60 By the way, interesting way to promote the singer ;D Put some words of the song as the passphrase to the private key and make transactions with that wallet! Title: Re: Collection of 18.509 found and used Brainwallets Post by: MrFreeDragon on October 14, 2019, 07:56:14 PM This address is kind of related to brainwallets: https://www.blockchain.com/btc/address/1HT7xU2Ngenf7D4yocz2SAcnNLW7rK8d4E Current balance is 72.13442756 BTC. The classic brainwallet is created with ripemd160(sha256(pubkey(sha256("passphrase")))), but this address is the result of ripemd160(sha256("")) Can you clarify please? sha256("") is e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ripemd160(sha256("")) is ba084d3f143f2896809d3f1d7dffed472b39d8de And this is the hash160 of another address with the balance 0.000928 BTC: https://www.blockchain.com/btc/address/1HxedVkdFALLtLzqKFfDBzPyZRLq7QKbm5 (https://www.blockchain.com/btc/address/1HxedVkdFALLtLzqKFfDBzPyZRLq7QKbm5) I don't know if it's a broken brainwallet generator, or just a broken wallet. Possibly the latter, with the wallet mistakenly hashing a zero length buffer, instead of hashing the pubkey. Any funds sent here are permanently lost, because there's no private key involved in the address generation process. Despite this, nearly $15k USD worth of Bitcoin has been sent there in the past 12 months! I guess that these funds lost like some other funds on the address with the lost private keys. As there are in average 2^96 possible private keys for every bitcoin hash160 address, so some "other" private key could fit the address you mentioned. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 14, 2019, 10:16:48 PM This address is kind of related to brainwallets: https://www.blockchain.com/btc/address/1HT7xU2Ngenf7D4yocz2SAcnNLW7rK8d4E Current balance is 72.13442756 BTC. The classic brainwallet is created with ripemd160(sha256(pubkey(sha256("passphrase")))), but this address is the result of ripemd160(sha256("")) Can you clarify please? sha256("") is e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ripemd160(sha256("")) is ba084d3f143f2896809d3f1d7dffed472b39d8de And this is the hash160 of another address with the balance 0.000928 BTC: https://www.blockchain.com/btc/address/1HxedVkdFALLtLzqKFfDBzPyZRLq7QKbm5 (https://www.blockchain.com/btc/address/1HxedVkdFALLtLzqKFfDBzPyZRLq7QKbm5) ba084d3f143f2896809d3f1d7dffed472b39d8de is the result when you provide e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 to the input of RIPEMD160 as a hex representation (in ASCII characters), but it should be raw bytes. In other words, you've calculated ripemd160(hex_display_string(sha256("")) Unsure how to do it with Linux (there's no RIPEMD160 application on my Ubuntu install) but under BSD this will convert the hex output of the SHA256 commandline application to raw bytes, so that the correct RMD160 value is calculated: $ cat /dev/null | sha256 | xxd -r -p | rmd160 b472a266d0bd89c13706a4132ccfb16f7c3b9fcb Title: Re: Collection of 18.509 found and used Brainwallets Post by: MrFreeDragon on October 15, 2019, 12:03:25 AM Can you clarify please? sha256("") is e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ripemd160(sha256("")) is ba084d3f143f2896809d3f1d7dffed472b39d8de And this is the hash160 of another address with the balance 0.000928 BTC: https://www.blockchain.com/btc/address/1HxedVkdFALLtLzqKFfDBzPyZRLq7QKbm5 (https://www.blockchain.com/btc/address/1HxedVkdFALLtLzqKFfDBzPyZRLq7QKbm5) ba084d3f143f2896809d3f1d7dffed472b39d8de is the result when you provide e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 to the input of RIPEMD160 as a hex representation (in ASCII characters), but it should be raw bytes. In other words, you've calculated ripemd160(hex_display_string(sha256("")) Unsure how to do it with Linux (there's no RIPEMD160 application on my Ubuntu install) but under BSD this will convert the hex output of the SHA256 commandline application to raw bytes, so that the correct RMD160 value is calculated: $ cat /dev/null | sha256 | xxd -r -p | rmd160 b472a266d0bd89c13706a4132ccfb16f7c3b9fcb Yes, right, thank you. I made a quick check with the online tool, and of course it pushed ascii characters, not bytes. Made the test on python and receieved the same value ass yours: Code: >>> import hashlib However, making this "small mistake" I found another not empty brain wallet with the small balance ;) Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 15, 2019, 04:01:23 AM However, making this "small mistake" I found another not empty brain wallet with the small balance ;) Yes, at least one other person (or program) made the same mistake. :) Hopefully a bug which was quickly noticed, since those funds are also unspendable. Title: Re: Collection of 18.509 found and used Brainwallets Post by: bartekjagoda on October 15, 2019, 03:32:32 PM Hi, As been discussed many times before using a Brainwallet is a bad idea. I ran some test myself and found 18.509 BTC-addresses based on a brainwallet which also has been used in the blockchain before. I tried to compare my results with the results of other researchers but could not find any lists online at all. I found some examples but not a comprehensive list. So I published my own results over here: https://eli5.eu/brainwallet Please note: all published addresses have a balance of 0 so this is not a list for robbers :). There are also a lot of extra datasets I haven't used this far so I expect the numbers to go up once I use them as well (I'm in the middle of perfecting my own tooling and blockchain parser so this will take some more time first). I love to get some feedback and if you have results to share which I missed in this round I'm more than happy to hear from you and include them. TA Do you have a repo for the code?? Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 28, 2019, 04:40:22 PM I wrote a program to create a simple mapping for the brainwallet passphrases I've cracked. Here are the most common mappings.
A=capital letter a=lowercase letter d=digit p=punctuation ?=other First field is the number of times this mapping appears in the passphrase list. 5327 > aaaaaaaaa 4145 > aaaaaaaaaa 2847 > aaaaaaaaaaa 1781 > aaaaaaaaaaaa 1081 > aaaaaaaaaaaaa 784 > Aaaaaaaaa 518 > aaaaaaaaaaaaaa 475 > Aaaaaaaaaa 280 > aaaaaaaaaaaaaaa 244 > Aaaaaaaaaaa 122 > Aaaaaaaaaaaa 113 > aaaaaaaaaaaaaaaa 89 > aaaaaa 87 > aaaaa 85 > aaaaaaaadd 75 > aaaaaaa 72 > aaaa 66 > Aaaaaaaaaaaaa 64 > aaaaaaaaaaaaaaaaa 56 > aaaaaaaa 43 > aaaaaaaaaaaaaaaaaa 41 > Aaaaaaaaaaadd 38 > aaaaaaaaddd 38 > Aaaaaaaaaaaaaa 34 > aaa 27 > Aaaaaaaaaaaaaaa 20 > dddddddddd 18 > aaaaaaaad 17 > aaaaaaaaaaaaaaaaaaaa 17 > aaaaaaaaaaaaaaaaaaa 16 > Aaaaaaaaaaaaaaaa 15 > Aaaa 13 > Aaaaaaa 13 > AaAaaaaaa 12 > dddddd 12 > Aaaaaaaa 12 > Aaaaa 11 > dddddddd 11 > dddd 11 > Aa Aaaaadd 10 > aaaaaaaaad 10 > aaaaaaaaaaaaaad 9 > aaaaa aaaaa 9 > Aaaaaaaaaaad 9 > Aa Aaaaad 9 > AAAAA Ad 8 > ddd 8 > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 8 > aaaaaaaaaaaaaaaaaaaaa 7 > aaaaadddd 7 > aaaaaaaaaaaaaaaaaaaaaaaa 7 > aaaaa aaaaaa 7 > Aaaaaa ... The large majority (shown in the first several lines) would be the dust sent to several dictionary words, which isn't very interesting. There's some more interesting ones further down, like aaaaaaaadd, Aaaaaaaaaaadd, AAAAA Ad, etc. At the bottom you see the long tail where passphrases are unique sentences: 1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa aaaaaaaa aaa aaaa 1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa aaaaaaaa aaa 1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa aaaaaaaa 1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa 1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa 1 > aaaa aa aaa aaaaaaaa aaaa aaa 1 > aaaa aa aaa aaaaaaaa aaaa 1 > aaaa aa aaa aaaaaaaa 1 > aaaa aa aaa aaaaaa 1 > aaaa aa aaa aaaa aaa aa aaa aaaaaaaaa 1 > aaaa aa aaa aaaa aaa aa aaa aaaaaaaa 1 > aaaa aa aaa aaaa aaa aa aaa aaaaaa 1 > aaaa aa aaa aaaa aaa aa aaa aaaa Probably not much practical use - even if filtered using this mapping the brute force search space would still be impossibly large - but it's interesting... Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on October 28, 2019, 04:45:38 PM I wrote a program to create a simple mapping for the brainwallet passphrases I've cracked. Here are the most common mappings. I assume this mapping is mainly based on the brute-force method used: I assume it didn't search for just random strings, so for example ??d?pa???A? doesn't show up becasue it was never found!A=capital letter a=lowercase letter d=digit p=punctuation ?=other Am I right? Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 29, 2019, 01:30:20 AM I wrote a program to create a simple mapping for the brainwallet passphrases I've cracked. Here are the most common mappings. I assume this mapping is mainly based on the brute-force method used: I assume it didn't search for just random strings, so for example ??d?pa???A? doesn't show up becasue it was never found!A=capital letter a=lowercase letter d=digit p=punctuation ?=other Am I right? It's a mapping of passphrases that were already found (by other methods). Really just a visualization of what was previously discovered. The other mapping characters do appear lower in the list: ... 4 > AAAAAAAAAd 4 > ?????????? 4 > ????????? ... 2 > a aaaa ?? aaaaa aaaa ... 1 > pppAaaa aaaaa pppAaaaappp pa??a??a??a??a??p 1 > Aa aaa aaaappp ???p??d??p??? pp??? The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr Title: Re: Collection of 18.509 found and used Brainwallets Post by: odolvlobo on October 29, 2019, 08:34:36 PM I assume this mapping is mainly based on the brute-force method used: I assume it didn't search for just random strings, so for example ??d?pa???A? doesn't show up becasue it was never found! Am I right? It's a mapping of passphrases that were already found (by other methods). Really just a visualization of what was previously discovered. I think he is asserting that your results are filtered by the search algorithms because results that aren't found by the search algorithms won't be in the list, and changing the the algorithms will change the list. It would similar to the difference between lists based on cracked passwords and lists based on leaked passwords. The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr That is another great example showing how a brain wallet is not secure. Title: Re: Collection of 18.509 found and used Brainwallets Post by: MrFreeDragon on October 30, 2019, 02:18:00 AM -snip- The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr That is another great example showing how a brain wallet is not secure.The most examples with brain wallets are related to small amounts. There were some large amounts, but only in the very past. All the recent disclosed and found wallets are just very small. For example this one with "To the moon!!! ┗(°0°)┛ ..○" passphrase had only 0.000006 BTC in transactions. So there is one explanation for this: the address was used just for test/education/presentation purposes. Nothing serious. The same is with all the majority of brain wallets. Morover, the funds on "to the moon" address (18vqVNQi9fobKZcJWCjZNoDzBxronENfZr) stored only for 9 hours, and after that were transferred togeter with other 60 addresses to new address. The majority were small amounts like 256 satoshi. So, somebody made experiments with the transactions, or these were the activities of a bot. I do not beleive that somebody keeps real funds on brain wallet. Interesting thing: the destination address of 600 satoshis released from "To the moon!!! ┗(°0°)┛ ..○" still has the balance 22.32BTC (https://www.blockchain.com/btc/address/1AzRkXiGpHbXyWok4uXvCzmezDuW8FGa3m). Who knows, may be this was not just experiment but another puzzle? ) Like you need to find all the passphrases for small released wallets in order to understand the main key. PS. Look at this: https://www.youtube.com/watch?v=KBX89TY6uXI Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on October 30, 2019, 10:07:26 PM -snip- The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr That is another great example showing how a brain wallet is not secure.The most examples with brain wallets are related to small amounts. There were some large amounts, but only in the very past. All the recent disclosed and found wallets are just very small. For example this one with "To the moon!!! ┗(°0°)┛ ..○" passphrase had only 0.000006 BTC in transactions. I agree that a lot of recent brainwallet activity seems to be just for curiosity and fun, but I'm still finding the occasional large transaction. - March 2019: 1 BTC sent to a 21 character passphrase that appears in cracked/leaked password lists. https://bitcointalk.org/index.php?topic=4768828.msg51813899#msg51813899 - June 2019: 0.25 BTC sent to weak key 0x7b7. https://bitcointalk.org/index.php?topic=4768828.msg51745655#msg51745655 - August 2019: 0.4495 BTC stayed for just over a week in a brainwallet which has a title for the passphrase. Subsequently another 0.01 was sent and it seems to have been swept immediately. https://bitcointalk.org/index.php?topic=4768828.msg52403221#msg52403221 Title: Re: Collection of 18.509 found and used Brainwallets Post by: MrFreeDragon on October 30, 2019, 11:39:22 PM -snip- The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr That is another great example showing how a brain wallet is not secure.The most examples with brain wallets are related to small amounts. There were some large amounts, but only in the very past. All the recent disclosed and found wallets are just very small. For example this one with "To the moon!!! ┗(°0°)┛ ..○" passphrase had only 0.000006 BTC in transactions. I agree that a lot of recent brainwallet activity seems to be just for curiosity and fun, but I'm still finding the occasional large transaction. - March 2019: 1 BTC sent to a 21 character passphrase that appears in cracked/leaked password lists. https://bitcointalk.org/index.php?topic=4768828.msg51813899#msg51813899 - June 2019: 0.25 BTC sent to weak key 0x7b7. https://bitcointalk.org/index.php?topic=4768828.msg51745655#msg51745655 - August 2019: 0.4495 BTC stayed for just over a week in a brainwallet which has a title for the passphrase. Subsequently another 0.01 was sent and it seems to have been swept immediately. https://bitcointalk.org/index.php?topic=4768828.msg52403221#msg52403221 Yes, this is noted and clear for me. I agree that 0.5-1BTC is a valuable amount. However people could play with different amounts. For example, ones will play with 100-1,000 satoshi, and others will play with 0.1-1BTC. Play money are different for different people. And yes, 0.5-1BTC is real "digital riches" for ones and only play funds for others. I still do not beleive that somebody keeps real funds on brain wallet. Even that somebody put 0.5BTC to brain wallet, these fund are not real funds for him, but only play money. Anyway, thank you for sharing your findings! Title: Re: Collection of 18.509 found and used Brainwallets Post by: iparktur on November 03, 2019, 08:49:29 PM -snip- The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr That is another great example showing how a brain wallet is not secure.The most examples with brain wallets are related to small amounts. There were some large amounts, but only in the very past. All the recent disclosed and found wallets are just very small. For example this one with "To the moon!!! ┗(°0°)┛ ..○" passphrase had only 0.000006 BTC in transactions. I agree that a lot of recent brainwallet activity seems to be just for curiosity and fun, but I'm still finding the occasional large transaction. - March 2019: 1 BTC sent to a 21 character passphrase that appears in cracked/leaked password lists. https://bitcointalk.org/index.php?topic=4768828.msg51813899#msg51813899 - June 2019: 0.25 BTC sent to weak key 0x7b7. https://bitcointalk.org/index.php?topic=4768828.msg51745655#msg51745655 - August 2019: 0.4495 BTC stayed for just over a week in a brainwallet which has a title for the passphrase. Subsequently another 0.01 was sent and it seems to have been swept immediately. https://bitcointalk.org/index.php?topic=4768828.msg52403221#msg52403221 Hi almightyruler ! Can you send me PM ? Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on December 03, 2019, 01:23:11 AM A small amount sent by someone making a statement:
https://www.blockchain.com/btc/address/15h4F5yxeJHDgDJR5dnJwsNbETpktMnQzm "Nick Szabo is Satoshi Nakamoto" Title: Re: Collection of 18.509 found and used Brainwallets Post by: Danydee on December 04, 2019, 09:20:44 PM Using the bitaddress.org donations address ( 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN ) on the passphrase field of the brainWallet generate the address ( 1Ns55SngRhshA8kEnyuQ9ELZZPN7ubYfQJ ) wich contain some small transactions ! :o
Title: Re: Collection of 18.509 found and used Brainwallets Post by: naska21 on December 07, 2019, 07:41:44 AM A small amount sent by someone making a statement: https://www.blockchain.com/btc/address/15h4F5yxeJHDgDJR5dnJwsNbETpktMnQzm "Nick Szabo is Satoshi Nakamoto" There are people who believe this stuff is real,and it is therefore not surprising that someone of them has incorporated that statement into his BTC transaction. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on December 13, 2019, 06:37:20 AM Using the bitaddress.org donations address ( 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN ) on the passphrase field of the brainWallet generate the address ( 1Ns55SngRhshA8kEnyuQ9ELZZPN7ubYfQJ ) wich contain some small transactions ! :o There's also two similar passphrases I've found (original address in bold) : h1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBNz g1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBNy "Nick Szabo is Satoshi Nakamoto" There are people who believe this stuff is real,and it is therefore not surprising that someone of them has incorporated that statement into his BTC transaction. No such entry for Craight Wright, though. :D Title: Re: Collection of 18.509 found and used Brainwallets Post by: MrFreeDragon on December 13, 2019, 10:57:17 AM I still beleive that the most brain wallets are not serious wallets, and used for test/education/fun transactions. For these transactions (as well as for some quick transit transactions) no need to create the crypto secured wallet, and the brain wallet is used.
Of course there are some real wallets generated in "brain wallet way", but such wallets can be counted on one hand. By the way, what do you think about time locked wallets based on easy brain wallets? Let's say we take the easy passphrase "bitcoin", hence the corresponding brain compressed address to it is 18VkRiDhFu2Z17AvtpU3vL2LbTXDzCvDVo (this address has already been used of course). However, we take the public key of this address (02218ad6cdc632e7ae7d04472374311cebbbbf0ab540d2d08c3400bb844c654231) and create the time locked wallet (for example with the help of this tool: https://coinb.in/#newTimeLocked), let's say with time lock 31 December 2019: https://coinb.in/?verify=0450650a5eb1752102218ad6cdc632e7ae7d04472374311cebbbbf0ab540d2d08c3400bb844c654231ac#verify We receive the P2SH address 3NTavRnFZHkMmSFYVMz5PPb48WsNyVszDW, which could be accessed only by both redeem script and private key/signature from that easy address (18VkRiDhFu2Z17AvtpU3vL2LbTXDzCvDVo). The redeem script will not by available in blockchain till the funds are released from the address. Title: Re: Collection of 18.509 found and used Brainwallets Post by: daboehla on December 20, 2019, 02:55:10 PM WOW big transaction to a brainwallet:
0,50000000 16qVRutZ7rZuPx7NMtapvZorWYjyaME2Ue -> 400453AC5E19A058EC45A33550FDC496E0B26AD0 / 5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8 / Brainwallets ??? ??? ??? Title: Re: Collection of 18.509 found and used Brainwallets Post by: stalker00075 on December 20, 2019, 05:44:13 PM WOW big transaction to a brainwallet: 0,50000000 16qVRutZ7rZuPx7NMtapvZorWYjyaME2Ue -> 400453AC5E19A058EC45A33550FDC496E0B26AD0 / 5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8 / Brainwallets ??? ??? ??? brainwallet "password" Title: Re: Collection of 18.509 found and used Brainwallets Post by: daboehla on December 20, 2019, 06:28:46 PM WOW big transaction to a brainwallet: 0,50000000 16qVRutZ7rZuPx7NMtapvZorWYjyaME2Ue -> 400453AC5E19A058EC45A33550FDC496E0B26AD0 / 5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8 / Brainwallets ??? ??? ??? brainwallet "password" why should somebody do this :O Title: Re: Collection of 18.509 found and used Brainwallets Post by: MrFreeDragon on December 21, 2019, 10:12:43 AM WOW big transaction to a brainwallet: 0,50000000 16qVRutZ7rZuPx7NMtapvZorWYjyaME2Ue -> 400453AC5E19A058EC45A33550FDC496E0B26AD0 / 5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8 / Brainwallets ??? ??? ??? brainwallet "password" It seems that sombody "was listening" to this brainwallet address because the outgoing 0.5BTC transaction was included in the same block as incoming transaction (block 608894) Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on December 22, 2019, 06:20:54 AM WOW big transaction to a brainwallet: 0,50000000 16qVRutZ7rZuPx7NMtapvZorWYjyaME2Ue -> 400453AC5E19A058EC45A33550FDC496E0B26AD0 / 5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8 / Brainwallets ??? ??? ??? brainwallet "password" It seems that sombody "was listening" to this brainwallet address because the outgoing 0.5BTC transaction was included in the same block as incoming transaction (block 608894) Very likely. Some block explorers show double spend attempts. Some of the earlier messages in this thread include links to show that double spends happened multiple times shortly after a known brainwallet was funded. Presumably the double spend attempts are by several different "brainwallet stealer" bots. I've even seen funds sent to dictionary word brainwallets on testnet vanish instantly. Wonder if the person who lost 0.5 BTC used a brainwallet generator that helpfully prefilled the password field with the word "password", intending the user to replace it with their own text? Title: Re: Collection of 18.509 found and used Brainwallets Post by: Financisto on December 27, 2019, 01:33:44 AM Hello there,
I started (some years ago) a list that's a compilation of (open-source) Brainwallet projects (for study and improvement purposes only) here: https://bitcointalk.org/index.php?topic=1164163.0 (https://bitcointalk.org/index.php?topic=1164163.0) Enjoy! Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on January 20, 2020, 04:19:34 AM A couple of months ago someone sent 3.4 BTC to a brainwallet
Funds were appropriated immediately; sweep transaction was included in the same block as the funding transaction. https://www.blockchain.com/btc/address/13QZd78daoq3HaMKN9KAdFsVY9iYLKLfbm Since it's so recent I won't post the passphrase, but it seems to be just a simple saying, perhaps also referring to a book title. 3.4 BTC!!! Title: Re: Collection of 18.509 found and used Brainwallets Post by: BTCW on May 19, 2020, 02:24:03 PM I have discovered what I called "perturbed SHA256 hashes". Like this:
SHA256("398") leads to Code: 188c1fdca79d927f6e812133173fc41d3a4e57074de521020274caa9bb29af7d (found in "all" hash databases) which is probably in every bot's database. However, check this out Code: 188c1fdca79d927f6e812133173fc41d3a4e57074de521020274caa9bb29ae57 (found in "no" hash databases) Both are found on the blockchain. Notice the pattern? The two differ only by a few bytes at the end of the hexadecimal string. The latter one is with an extraordinarily high certainty not the SHA256 hash of a known input. Looks like someone took a known hash and changed it just a little. Clever! My recommendation is perturbing well-known hashes. Title: Re: Collection of 18.509 found and used Brainwallets Post by: BTCW on May 27, 2020, 06:41:56 PM I thought this was a little cute
Code: printf '\xF0\x9F\x92\xA9' | sha256sum https://www.blockchain.com/btc/address/1CNmL3ECHtAPxb9QZWrW29bq4t9T4SDUR4 Since it is (pseudocode): SHA256(poop emoji) (Reference: https://www.fileformat.info/info/unicode/char/1f4a9/index.htm) Conclusion: Add emojis to your wordlists :) Title: Re: Collection of 18.509 found and used Brainwallets Post by: ashraful1980 on July 11, 2020, 07:53:16 AM I thought this was a little cute Code: printf '\xF0\x9F\x92\xA9' | sha256sum https://www.blockchain.com/btc/address/1CNmL3ECHtAPxb9QZWrW29bq4t9T4SDUR4 Since it is (pseudocode): SHA256(poop emoji) (Reference: https://www.fileformat.info/info/unicode/char/1f4a9/index.htm) Conclusion: Add emojis to your wordlists :) Dear Sir, You are really great. But i have a question that the value of '\xF0\x9F\x92\xA9' how to find and where from found...... Title: Re: Collection of 18.509 found and used Brainwallets Post by: vapourminer on July 11, 2020, 12:32:16 PM I think it would be a good idea if wallet software included a blacklist of such addresses, as well as known weak brainwallets, showing an additional dialog with a strong warning that funds may be permanently lost (or stolen) if the transaction proceeds. Checking any generated (inbound) addresses against the list would also help catch any glaring address generation bugs. (An assert that the result must not equal <hash of empty string> after each call to sha256 or ripemd160 would have caught this error.) centralized database of bad addys? may sound good on 1st glance but nope for me. maybe check against some private, local blacklist maintained by the user but thats up the user. EDIT: saw that post was 7 months old oops Title: Re: Collection of 18.509 found and used Brainwallets Post by: BASE16 on July 11, 2020, 05:09:06 PM I thought this was a little cute Code: printf '\xF0\x9F\x92\xA9' | sha256sum https://www.blockchain.com/btc/address/1CNmL3ECHtAPxb9QZWrW29bq4t9T4SDUR4 Since it is (pseudocode): SHA256(poop emoji) (Reference: https://www.fileformat.info/info/unicode/char/1f4a9/index.htm) Conclusion: Add emojis to your wordlists :) Dear Sir, You are really great. But i have a question that the value of '\xF0\x9F\x92\xA9' how to find and where from found...... Hi please see emoji bytecode here https://apps.timwhitlock.info/emoji/tables/unicode (https://apps.timwhitlock.info/emoji/tables/unicode) :) Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on July 20, 2020, 04:18:36 AM I think it would be a good idea if wallet software included a blacklist of such addresses, as well as known weak brainwallets, showing an additional dialog with a strong warning that funds may be permanently lost (or stolen) if the transaction proceeds. Checking any generated (inbound) addresses against the list would also help catch any glaring address generation bugs. (An assert that the result must not equal <hash of empty string> after each call to sha256 or ripemd160 would have caught this error.) centralized database of bad addys? may sound good on 1st glance but nope for me. maybe check against some private, local blacklist maintained by the user but thats up the user. EDIT: saw that post was 7 months old oops The blacklist check doesn't need to block the transaction, just strongly advise that it's a known compromised/problem address and to double check that everything is correct before clicking on OK. It's not a general blacklist, just specifically for addresses where the keys are widely known (SHA256 dictionary words, low range private keys) or they are 99.99999999% likely to be unspendable (address of 0, RIPEMD160 hash of dictionary words, RIPEMD160 hash of empty string). Perhaps you think I was suggesting that there should be some global "this person ripped me off so I want to add their address" kind of thing... no. BTW, wallet software is pretty centralized anyway, right? :) I would actually appreciate if a wallet popped up a warning that my funds were likely to be lost. Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on July 20, 2020, 06:01:25 AM BTW, wallet software is pretty centralized anyway, right? :) I would actually appreciate if a wallet popped up a warning that my funds were likely to be lost. I see no point in this. If I'm paying someone who sent me a compromized address, he could just as well scam me by using a brand new address so this doesn't help. If my own wallet generates a new address, proper random generation should ensure it's not part of such a list. You could easily create and publish billions of private keys, I don't want such a database bloating my wallet.If you're manually creating such an address using dumb methods, you're on your own :P Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on July 20, 2020, 08:03:10 AM BTW, wallet software is pretty centralized anyway, right? :) I would actually appreciate if a wallet popped up a warning that my funds were likely to be lost. I see no point in this. If I'm paying someone who sent me a compromized address, he could just as well scam me by using a brand new address so this doesn't help.I don't understand your point. Why would a scammer invite you to send money to an address where the private key is known by multiple people? This is nothing to do with scamming - it's about preventing mistakes. Like people sending to the brainwallet "password", or software having a brain fart and sending to the hash of a blank string. Original post for more context: https://bitcointalk.org/index.php?topic=4768828.msg52494961#msg52494961 Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on July 20, 2020, 08:51:23 AM Why would a scammer invite you to send money to an address where the private key is known by multiple people? I had a different interpretation of what you meant.Quote This is nothing to do with scamming - it's about preventing mistakes. Like people sending to the brainwallet "password", or software having a brain fart and sending to the hash of a blank string. Still, that's going to be a very long list. Brainwallets must be brute-forced by many different attackers who check billions of addresses.Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on July 21, 2020, 12:45:35 AM This is nothing to do with scamming - it's about preventing mistakes. Like people sending to the brainwallet "password", or software having a brain fart and sending to the hash of a blank string. Still, that's going to be a very long list. Brainwallets must be brute-forced by many different attackers who check billions of addresses.Yeah, there's no way it could be a comprehensive list (and with user passphrases, no list could be near 100% complete anyway), so I could imagine it getting out of hand, however even a list with say 50k entries could still prevent some silly mistakes. (I wonder if anyone has ever trolled a victim by convincing them to send funds to a provably unspendable address? The troll gains no financial benefit, but the victim still suffers a loss.) Title: Re: Collection of 18.509 found and used Brainwallets Post by: naufragus on July 21, 2020, 12:59:48 AM that is almost silly
we need to be sure the parametre space is large enough Title: Re: Collection of 18.509 found and used Brainwallets Post by: DaCryptoRaccoon on July 21, 2020, 09:05:45 PM This is nothing to do with scamming - it's about preventing mistakes. Like people sending to the brainwallet "password", or software having a brain fart and sending to the hash of a blank string. Still, that's going to be a very long list. Brainwallets must be brute-forced by many different attackers who check billions of addresses.Yeah, there's no way it could be a comprehensive list (and with user passphrases, no list could be near 100% complete anyway), so I could imagine it getting out of hand, however even a list with say 50k entries could still prevent some silly mistakes. (I wonder if anyone has ever trolled a victim by convincing them to send funds to a provably unspendable address? The troll gains no financial benefit, but the victim still suffers a loss.) This sounds horrible I sometimes wonder about funds that end up sent to these known addresses it would be nice if there was somewhere you could check this like you do with haveibeenpwnd password checker it would be nice to be able to throw a public key into something similar to see if it's known already on the network I know a simple check on explorer would do but if there were a way to collect all the known brainwallets or "weak" addressing i'm sure people would use it. Anyone found anymore interesting ones recent? Title: Re: Collection of 18.509 found and used Brainwallets Post by: cr4zyd3v on July 21, 2020, 09:57:32 PM This video https://www.youtube.com/watch?v=Xml4Gx3huag (https://www.youtube.com/watch?v=Xml4Gx3huag) has a very cool approach about how to find private keys in the open source repos from github.. I wonder if a smart enough sql query could be able to find brain wallets..
Title: Re: Collection of 18.509 found and used Brainwallets Post by: PlutonowyPokrzycz on January 12, 2021, 03:19:29 PM I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase. https://en.bitcoin.it/wiki/Mini_private_key_format Given that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash. By the way, funds have been sent to (and promptly swept from) the address associated with the sample mini private key on that page: https://www.blockchain.com/btc/address/7f6ab65fa911f558ca2dde3e9d073acb02c0d5c6 (uncompressed: 1CciesT23BNionJeXrbxmjc7ywfiyM4oLW ) https://www.blockchain.com/btc/address/f78c1591f3f34fd1fe339dc371069b7b492bf370 (compressed: 1PZuicD1ACRfBuKEgp2XaJhVvnwpeETDyn ) Hi, How do you manage to hash 300k passphrases per second? What do you use for that? My Pythons script with 'bictoin' library on 8 cores is doing only 800/s :( Title: Re: Collection of 18.509 found and used Brainwallets Post by: NotATether on January 12, 2021, 05:00:48 PM Hi, How do you manage to hash 300k passphrases per second? What do you use for that? My Pythons script with 'bictoin' library on 8 cores is doing only 800/s :( He definitely did not use Python because that's the reason your script is so slow! Python executes all statements through an interpreter, it does not compile it down into assembly code so the extra overhead that the Python runtime is adding is killing the speed of your script. You should look into using brainflayer (https://github.com/ryancdotorg/brainflayer) which is written in C, and is optimized with its own hashing functions instead of relying on a third-party library. Title: Re: Collection of 18.509 found and used Brainwallets Post by: szosti94 on January 23, 2021, 01:21:44 PM Hi, I have a question about braiflayer, I launched it, found a hash and password, the problem is that I don't know how to get information about the wallet and key, how to get the address and private key with the hash sha265 and password?
Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on April 09, 2021, 03:38:30 PM 2. One of those files contained the value of Pi to a billion decimal places. I thought about this post when I found the private key to 111exFkjLXP5mXmEfVqGd2r7bXQhVhux3 (https://blockchair.com/bitcoin/address/111exFkjLXP5mXmEfVqGd2r7bXQhVhux3): it's the second set (https://gist.github.com/retrohacker/e5fff72b7b75ee058924) of pi's 64 hex characters: 9216D5D98979FB1BD1310BA698DFB5AC2FFD72DBD01ADFB7B8E1AFED6A267E96Back then, it took half a day to be sweep 0.37149557 BTC (41.29 USD). Title: Re: Collection of 18.509 found and used Brainwallets Post by: NotATether on April 10, 2021, 06:52:56 AM Just for future reference:
Hi, I have a question about braiflayer, I launched it, found a hash and password, the problem is that I don't know how to get information about the wallet and key, how to get the address and private key with the hash sha265 and password? You start with getting the private key. The double SHA256 hash of the password will give you that, and you can derive the public key from it as normal - Elliptic curve multiply, and then RIPEMD160 the public key, hash that through double SHA256 again and take the first four bytes of that and stick it at the end. Then stick a 0x00 byte at the beginning and encode the combined byte array through BASE58Check to get the address. 2. One of those files contained the value of Pi to a billion decimal places. I thought about this post when I found the private key to 111exFkjLXP5mXmEfVqGd2r7bXQhVhux3 (https://blockchair.com/bitcoin/address/111exFkjLXP5mXmEfVqGd2r7bXQhVhux3): it's the second set (https://gist.github.com/retrohacker/e5fff72b7b75ee058924) of pi's 64 hex characters: 9216D5D98979FB1BD1310BA698DFB5AC2FFD72DBD01ADFB7B8E1AFED6A267E96Back then, it took half a day to be sweep 0.37149557 BTC (41.29 USD). I think it's just a coincidence that some brainwallets hash to Pi digits since Pi doesn't really have anything to do with number theory. Title: Re: Collection of 18.509 found and used Brainwallets Post by: fxsniper on April 10, 2021, 11:18:36 AM Brainwallets is keyword or message + sha256 = private key , right? What if using random 256 number (character) and + sha256 = private key it still safety? or random text 256 character and + sha256 = private key still safety? Brainwallets count only word and language human read only right? Title: Re: Collection of 18.509 found and used Brainwallets Post by: NotATether on April 10, 2021, 11:24:00 AM Brainwallets is keyword or message + sha256 = private key , right? Yes. What if using random 256 number (character) and + sha256 = private key it still safety? or random text 256 character and + sha256 = private key still safety? Think of it this way - your brainwallet is just as secure as a password, so if you hash a 256-character text then the security will be equal to using a 256-character password (that is hashed with double SHA256 into a database by some server somewhere). I would not view any kind of brainwallet safe. Even if you're using extremely long lengths, there is no probably secure brainwallet generator that doesn't leak the password in memory. Brainwallets count only word and language human read only right? Not quite. Anything that you'd use as a password can be considered a brainwallet, it's not limited to English words, or any language's words in particular. Title: Re: Collection of 18.509 found and used Brainwallets Post by: NotATether on April 11, 2021, 09:11:17 AM Think of it this way - your brainwallet is just as secure as a password, so if you hash a 256-character text then the security will be equal to using a 256-character password (that is hashed with double SHA256 into a database by some server somewhere). Except the attacker can brute-force unlimited times, while on website/server you have very limited try. Additionally, single SHA-256 uses very few resource and good GPU can make few hundred MH/s. I was actually referring to the case where a site's database with the password hashes is stolen. Then you'd be able to run as many tries as you want. Title: Re: Collection of 18.509 found and used Brainwallets Post by: ABCbits on April 11, 2021, 09:15:43 AM I was actually referring to the case where a site's database with the password hashes is stolen. Then you'd be able to run as many tries as you want. I see, but AFAIK most website isn't that stupid. They usually would use salting, hash the password many times or just use algorithm focused on security (such as PBKDF2). Meanwhile, most brainwallet only use single SHA-256 hash. Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on April 11, 2021, 09:25:20 AM I was actually referring to the case where a site's database with the password hashes is stolen. Then you'd be able to run as many tries as you want. Brainwallets are much worse: an attacker can try to brute-force all of them at the same time, while with a hacked password database you have to try them one by one (assuming the password hash uses something like hash("secretKey777" + username + password); (https://security.stackexchange.com/questions/69421/is-it-a-good-idea-to-use-the-users-username-as-a-salt-when-hashing-a-password-l)).So, if 100,000 brainwallets are in use, it's 100,000 times more likely to find one of them than cracking a password. You can improve this by adding for instance your real name or email address as a salt to your brainwallet (but it's still not recommended to do). Title: Re: Collection of 18.509 found and used Brainwallets Post by: fxsniper on April 11, 2021, 09:44:39 AM I agree Brainwallets are much worse
Brainwallets use keywords + sha256 I see mini private key is using by 30 character and hash with sha256 still safety but mini privatekey have format However random text and number or text only or number only 256 character (or 512 character ) hash with sha256 (64 character), I think it is safety not easy to butte force with random 256 key easy (just 64 bit key but some duplicate some private key will duplicate with number 265 bit (77 character) convert to HEX (64 character) private key require HEX in 64 character right so, What method to can generate it to safety? Title: Re: Collection of 18.509 found and used Brainwallets Post by: NotATether on April 11, 2021, 04:46:16 PM ...while with a hacked password database you have to try them one by one (assuming the password hash uses something like hash("secretKey777" + username + password); (https://security.stackexchange.com/questions/69421/is-it-a-good-idea-to-use-the-users-username-as-a-salt-when-hashing-a-password-l)). Just to point out, if you reverse the order in which you hash this stuff and make it hash(password + salt), and you leave the value of hash(password) somewhere, somebody can do a length extension attack (https://en.wikipedia.org/wiki/Length_extension_attack), especially on SHA256, by using that value to compute the hash of the password plus anything appended to it without knowing the password itself. And in a way, if your salt is constant and an attacker managers to find it elsewhere, the length extension attack negates the security of the salt. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PlutonowyPokrzycz on May 18, 2021, 10:13:42 AM I wonder what was the oldest brainwallet ever found. Vasek reported this one in her paper: "This string contains 0.25 BTC hiding in plain sight." -> 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64
It has been used for the first time on 2011-07-14. The story behind it here: https://bitcointalk.org/index.php?topic=28877.0 1. Was there anything older found by anyone? 2. What has been used before? Purely random generated numbers? Title: Re: Collection of 18.509 found and used Brainwallets Post by: PlutonowyPokrzycz on May 18, 2021, 10:33:00 AM And look how wrong your first impression can be...
I was good until Step 4. Agreed. We urgently need a user-friendly import/export function in the client! This is the most secure "wallet" there could possibly be. No no copies of wallet.dat, no encryption, no USB stick/paper/printing which can be lost, no malware which secretly steals my coins, no storage or bank vault, no life CD, no nothing! Just a simple passphrase I can remember. Since nothing is stored or written down anywhere this wallet concept is basically impossible to compromise. The only flaw is that I might forget my passphrase, but I can still write hints/clues which can make my help remember while still being 100% secure. We need this. . Title: Re: Collection of 18.509 found and used Brainwallets Post by: MrFreeDragon on November 07, 2021, 09:03:59 PM Brain wallets are used for fun purposes I believe:
Code: ~$ echo -n "odolvlobo ozono" | sha256sum So, brain wallet for odolvlobo ozono leads to the address 13u28uKzciwUpqCtVrCzk5d8KSbypjokck with the transactions dated 2 years ago ;) Title: Re: Collection of 18.509 found and used Brainwallets Post by: PrimeNumber7 on November 08, 2021, 02:11:46 AM Let's say (conservatively) that a more modern quad core CPU can do 500,000 and use that as the reference. That means it can check 43.2 billion keys per day. Most "brain wallets" are not brute-forced. Hackers will use various literature as a starting point for passphraises, and will use permutations of said phrases to check for a brain wallet with coin unspent. Brute forcing the "correct horse battery staple" space The reason for the above is that, although the English language is vast, and it would be difficult to brute force a random 4-word brain wallet, most people are not going to select words for a brain wallet at random. Most people will select words that are easy to remember because they coincide with a meaningful event, or are otherwise meaningful to the person. This is not random, and as such can be easily be "guessed" by hackers. If you were to create a brain wallet of 4 words randomly selected from 171k English words, it would be one possibility out of ~855 million trillion possible combinations. However, if the brain wallet is created from some set of words in a book or bible verse, the possible combinations is reduced by multiple magnitudes. Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on November 08, 2021, 08:37:25 AM Brain wallets are used for fun purposes I believe: The associated uncompressed Bitcoin address is 1GRUEoTSW9MRcNooxFRt8h8eL9gsPgGxzu, which looks like a vanity address for grue (https://bitcointalk.org/index.php?action=profile;u=5797), but it's unused so I guess that is a coincidence.Code: ~$ echo -n "odolvlobo ozono" | sha256sum Quote So, brain wallet for odolvlobo ozono leads to the address 13u28uKzciwUpqCtVrCzk5d8KSbypjokck with the transactions dated 2 years ago ;) Title: Re: Collection of 18.509 found and used Brainwallets Post by: odolvlobo on November 08, 2021, 08:50:57 AM User odolvlobo (http://User [url=https://bitcointalk.org/index.php?action=profile;u=62955) just got 555 sats FYI, I don't think that is my address (I don't remember creating it). I don't know why someone would use "odolvlobo ozono" for a brain wallet, except that they noticed the words in a post and thought they were obscure enough to use. Apparently not. Title: Re: Collection of 18.509 found and used Brainwallets Post by: MrFreeDragon on November 08, 2021, 09:59:54 PM Brain wallets are used for fun purposes I believe: The associated uncompressed Bitcoin address is 1GRUEoTSW9MRcNooxFRt8h8eL9gsPgGxzu, which looks like a vanity address for grue (https://bitcointalk.org/index.php?action=profile;u=5797), but it's unused so I guess that is a coincidence.Code: ~$ echo -n "odolvlobo ozono" | sha256sum -snip- Wow, what is the connection between odolvlobo and grue except for the fact they are both Legendary members? Interesting thing that the brainwallet from one's name signature leads to the the vanity address of another one. Title: Re: Collection of 18.509 found and used Brainwallets Post by: Danydee on November 08, 2021, 10:21:15 PM ;D ;D ;D ;D ;D It makes think to a puzzle ! ( ozono ) z <=> n (N) Title: Re: Collection of 18.509 found and used Brainwallets Post by: mynonce on November 11, 2021, 07:19:35 PM Hi, ... I love to get some feedback ... Is it possible, that Satoshi used for his ''early mined coins'' precalculated SHA256 addresses like we do it here? Title: Re: Collection of 18.509 found and used Brainwallets Post by: ABCbits on November 12, 2021, 10:54:11 AM Hi, ... I love to get some feedback ... Is it possible, that Satoshi used for his ''early mined coins'' precalculated SHA256 addresses like we do it here? Possible? Yes, but IMO it's very unlikely since, 1. Satoshi also use SHA256 for Proof of Work, which means he know how fast SHA-256 speed on CPU/GPU. 2. Creating private key with such weak method allow people to steal Satoshi's Bitcoin and impersonate Satoshi easier, which could disrupt Bitcoin in many ways (e.g. crashing Bitcoin price, influence people to reduce strength of Bitcoin protocol, etc.). Title: Re: Collection of 18.509 found and used Brainwallets Post by: odolvlobo on November 12, 2021, 09:01:18 PM Code: ~$ echo -n "odolvlobo ozono" | sha256sum Interesting thing that the brainwallet from one's name signature leads to the the vanity address of another one. If it isn't a coincidence, then there is a serious problem. Also, there are 3.4 million Bitcointalk users, so the chances of a random address matching a user's name seems pretty high to me. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PrimeNumber7 on November 12, 2021, 11:03:22 PM Code: ~$ echo -n "odolvlobo ozono" | sha256sum Interesting thing that the brainwallet from one's name signature leads to the the vanity address of another one. If it isn't a coincidence, then there is a serious problem. Also, there are 3.4 million Bitcointalk users, so the chances of a random address matching a user's name seems pretty high to me. The chances of that particular brain wallet being associated with an address with that particular "vanity" would be the same as any other vanity of that length. Title: Re: Collection of 18.509 found and used Brainwallets Post by: larry_vw_1955 on November 14, 2021, 04:54:30 AM Let me pipe in here about brainwallets since I know a thing or two about them. I think the standard sha256 brainwallet was invented for one reason only: to steal peoples money. Anyone with half a brain would be very wary of using the standard sha256 brainwallet. Not that it can't be done it just probably shouldn't. The fact that people have huge databases of precomputed hashes lying around proves that. Now if the brainwallet algorithm was a secret then that would make you guys that store these large databases of hashes look like some one fumbling around in the dark wearing a pair of sunglasses. You wouldn't have the slightest clue how to begin your search even if you knew the brainwallet passphrase. without the algorithm, you might as well just start picking private keys at random and seeing if they match the address.
just think about it. some of you guys are like cavemen in the stone age when it comes to even testing simple alternatives to the sha256 brainwallet. to say nothing of someone that had a more sophisctocated method of producing their brainwallet addresses. now bring on the hate. Title: Re: Collection of 18.509 found and used Brainwallets Post by: itod on November 14, 2021, 09:31:27 AM Let me pipe in here about brainwallets since I know a thing or two about them. I think the standard sha256 brainwallet was invented for one reason only: to steal peoples money. Anyone with half a brain would be very wary of using the standard sha256 brainwallet. Not that it can't be done it just probably shouldn't. The fact that people have huge databases of precomputed hashes lying around proves that. Now if the brainwallet algorithm was a secret then that would make you guys that store these large databases of hashes look like some one fumbling around in the dark wearing a pair of sunglasses. You wouldn't have the slightest clue how to begin your search even if you knew the brainwallet passphrase. without the algorithm, you might as well just start picking private keys at random and seeing if they match the address. just think about it. some of you guys are like cavemen in the stone age when it comes to even testing simple alternatives to the sha256 brainwallet. to say nothing of someone that had a more sophisctocated method of producing their brainwallet addresses. now bring on the hate. Amen! I've being talking about this forewer. To be completly honest: it may not be invetned to steel peoples money, maybe the general idea was to remove any needed computer skills as an obstacle from going into BTC, but once it was there, the motivation for promoting this flawed concept may be exactly that. Talking to people who claim brainwallets are secure enough is like talkin to cult members, no rational argument gets through. Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on November 14, 2021, 09:49:25 AM Talking to people who claim brainwallets are secure enough is like talkin to cult members, no rational argument gets through. Of course it is possible, just not for most people (including me) ;)I've never used it, but if you use for instance Update: I already mentioned it many times, but also check https://keybase.io/warp (https://keybase.io/warp). This is the one I was looking for, thanks.Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on November 14, 2021, 10:02:23 AM now bring on the hate. Why would we bring on the hate because you give your opinion/view on the matter?Title: Re: Collection of 18.509 found and used Brainwallets Post by: larry_vw_1955 on November 14, 2021, 10:27:16 AM But if the algorithm itself is secret/closed-source, only the author and people who trust the author who would use it. In another thread https://bitcointalk.org/index.php?topic=5369436.msg58401834#msg58401834 (https://bitcointalk.org/index.php?topic=5369436.msg58401834#msg58401834) I posted the btc address and brainwallet phrase for a secret brainwallet algorithm i came up with I don't think its been cracked yet! That's right! I gave away the brainwallet phrase for free something one would traditionally want to keep secret and something an attacker would not have the pleasure of necessarily knowing under most circumstances. Of course, it's not going to do them any good... I should really fund that address sometime to encourage people to "give it their best shot". ;D But first I need to commit that dang algorithm to memory. ::) Quote Why would we bring on the hate because you give your opinion/view on the matter? Assumed that people want other people using the simple sha256 brainwallet and dont want someone saying it's a bad idea? To be completly honest: it may not be invetned to steel peoples money, maybe the general idea was to remove any needed computer skills as an obstacle from going into BTC, but once it was there, the motivation for promoting this flawed concept may be exactly that. Talking to people who claim brainwallets are secure enough is like talkin to cult members, no rational argument gets through. Well I think it's like you said. the idea started out innocent enough. the idea kind of caught on and people were using brain wallets like crazy. that's kind of died down with hd wallets and things but in the early days, i guess brainwallets were all the rage. once the weaknesses were realized it was too late cat was out of the bag, default sha256 brainwallet was the de facto standard even though as i think you and the other person posted links to warpwallet and brainwallet.io which are way more secure. but they missed the boat. the train took off without them long ago so the story goes... ;D [moderator's note: consecutive posts merged] Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on November 17, 2021, 10:37:09 AM I wonder what was the oldest brainwallet ever found. Vasek reported this one in her paper: "This string contains 0.25 BTC hiding in plain sight." -> 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64 It has been used for the first time on 2011-07-14. The story behind it here: https://bitcointalk.org/index.php?topic=28877.0 1. Was there anything older found by anyone? 2. What has been used before? Purely random generated numbers? Interesting question, I was curious myself so did some analysis into this. This is the top-5 of known brainwallets and when they first were used on the bitcoin blockchain: Code: Date first used Address Passphrase used Disclaimer: based on the brainwallets I have available. Could be older ones I simply am not aware of. If that's the case please let me know! Title: Re: Collection of 18.509 found and used Brainwallets Post by: larry_vw_1955 on November 18, 2021, 02:37:27 AM I wonder what was the oldest brainwallet ever found. Vasek reported this one in her paper: "This string contains 0.25 BTC hiding in plain sight." -> 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64 It has been used for the first time on 2011-07-14. The story behind it here: https://bitcointalk.org/index.php?topic=28877.0 So it does seem the "This string contains 0.25 BTC hiding in plain sight." was indeed the very first one. it would have had to have been because most of the people in that thread seeemed totally clueless about how. except the person that lifted the funds in the first 5 minutes. oh actually that person was clueless too! ;D Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on August 06, 2022, 08:24:38 PM I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase. https://en.bitcoin.it/wiki/Mini_private_key_format Given that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash. I came across my simple mini key generator tonight, and I'm having another play with it. The naive version uses random() and outputs about 8000 valid keys per second on a single core of an i7-3960X. I updated it to use the xoshiro256** PRNG, and the speed increases to around 13000 valid keys per second. Because the generation process requires that the first byte of the candidate hash be '00', on average only 1/256 candidates will be valid, so it's really testing about 3.3 million keys per second. It's still a massive search space (58^30?), even for a SHA256 brainwallet, and prematurely discarding 255 out of 256 candidates does not reduce the search space... it just makes searching faster. Plus, how many Casascius coins were ever created, and how many would still be funded? So this is really just a curiosity. Here's a small sample of randomly generated valid keys: Code: S8Q2r4p3HKtDGYXYgcoE6N The private key is simply the SHA256 hash of the string, like a brainwallet. Some useless information, but hopefully it might kickstart the thread again. :) Title: Re: Collection of 18.509 found and used Brainwallets Post by: fubly on August 06, 2022, 08:54:57 PM Hi, ... I love to get some feedback ... Is it possible, that Satoshi used for his ''early mined coins'' precalculated SHA256 addresses like we do it here? I don't know, but here: https://github.com/sCrypt-Inc/boilerplate (https://github.com/sCrypt-Inc/boilerplate) you will find a script wich can check if he uses the same private key to create a new address Title: Re: Collection of 18.509 found and used Brainwallets Post by: phrutis on August 06, 2022, 09:21:25 PM ~ Some useless information, but hopefully it might kickstart the thread again. :) Not that useless :) We have something that could kickstart the thread too: https://github.com/phrutis/BrainWords (https://github.com/phrutis/BrainWords) Search passphrases on the fastest program in the world GPU RTX 3090: 180 Mkey/s GPU RTX 3080: 150 Mkey/s Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on August 06, 2022, 09:31:43 PM We have something that could kickstart the thread too: https://github.com/phrutis/BrainWords (https://github.com/phrutis/BrainWords) A link posted by a newbie to a github rep that only has executables, and no source? That's a pass from me... Title: Re: Collection of 18.509 found and used Brainwallets Post by: odolvlobo on August 07, 2022, 12:39:16 AM I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase. ...... The private key is simply the SHA256 hash of the string, like a brainwallet. The fact that the private key is derived using SHA-256 does not make it a brain wallet. A HD wallet seed comes from the SHA-512 hash of the BIP-39 seed phrase. Does that make an HD wallet a brain wallet? A brain wallet is derived from something that can be memorized. That is why it is called a "brain" wallet. The mini-key is a random sequence and is not intended to be memorized so it is not basically a SHA-256 brain wallet. Because the generation process requires that the first byte of the candidate hash be '00', on average only 1/256 candidates will be valid, so it's really testing about 3.3 million keys per second. Another minor correction: The hash of the string concatenated with a '?' must have a first byte of 0, and not the hash of the string itself. It does reduce the number of keys that must be checked as you noted, but the derived private key itself does not always begin with a 0-byte. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PrimeNumber7 on August 07, 2022, 07:39:19 AM I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase. https://en.bitcoin.it/wiki/Mini_private_key_format Given that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash. I came across my simple mini key generator tonight, and I'm having another play with it. The naive version uses random() and outputs about 8000 valid keys per second on a single core of an i7-3960X. I updated it to use the xoshiro256** PRNG, and the speed increases to around 13000 valid keys per second. Because the generation process requires that the first byte of the candidate hash be '00', on average only 1/256 candidates will be valid, so it's really testing about 3.3 million keys per second. It's still a massive search space (58^30?), even for a SHA256 brainwallet, and prematurely discarding 255 out of 256 candidates does not reduce the search space... it just makes searching faster. Plus, how many Casascius coins were ever created, and how many would still be funded? So this is really just a curiosity. For example, if a brain wallet is a phrase that is found in literature, there are a very limited number of phrases in literature, and the number of candidate brain wallets are many orders of magnitude less than the number of potential private keys. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PawGo on August 07, 2022, 07:44:09 AM The fact that the private key is derived using SHA-256 does not make it a brain wallet. A HD wallet seed comes from the SHA-512 hash of the BIP-39 seed phrase. Does that make an HD wallet a brain wallet? A brain wallet is derived from something that can be memorized. That is why it is called a "brain" wallet. The mini-key is a random sequence and is not intended to be memorized so it is not basically a SHA-256 brain wallet. What about "my private key is generated from 111th block's hash in bitcoin blockchain"? You do not remember exact value which is used to produce private key, but you remember the way how to find it - exactly like "my phrase is second verse of song X". One thing is sure in my opinion - brain wallets belongs to past. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PrimeNumber7 on August 07, 2022, 09:30:56 AM The fact that the private key is derived using SHA-256 does not make it a brain wallet. A HD wallet seed comes from the SHA-512 hash of the BIP-39 seed phrase. Does that make an HD wallet a brain wallet? A brain wallet is derived from something that can be memorized. That is why it is called a "brain" wallet. The mini-key is a random sequence and is not intended to be memorized so it is not basically a SHA-256 brain wallet. What about "my private key is generated from 111th block's hash in bitcoin blockchain"? You do not remember exact value which is used to produce private key, but you remember the way how to find it - exactly like "my phrase is second verse of song X". One thing is sure in my opinion - brain wallets belongs to past. Title: Re: Collection of 18.509 found and used Brainwallets Post by: Cricktor on August 07, 2022, 09:56:08 AM So true. It's rare to see such large amounts get likely lost to those "snatchers". On 2022-07-27 some (not so smart) entity sent 0.9BTC to the "empty string" brainwallet in block 746835 (tx 37e166a1e52e96bcfe535738082e328ef8db56aafd6945d9cad6f2afdb34b4a4) which was very likely claimed by some of those bots who constantly monitor mempool transactions for such brainwallet transactions.
Seriously, how stupid is someone to use SHA256("") or SHA256 of any publicly available data, block hashes included, as private key and believe this is in any way "smart"? Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on August 07, 2022, 01:43:06 PM Seriously, how stupid is someone to use SHA256("") More likely to be a programming error. I recall suggesting a few years ago in this thread that something like (pseudoish code) assert(key != 0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855) would have avoided this particular issue. Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on August 07, 2022, 03:33:39 PM I came across my simple mini key generator tonight, and I'm having another play with it. I did that for a while a couple of years back (with a python generator), trying to create vanity addresses with mini private key, but I had to search through large output files and the output was far too slow to find anything meaningful.The naive version uses random() and outputs about 8000 valid keys per second on a single core of an i7-3960X. One thing is sure in my opinion - brain wallets belongs to past. I'm pretty sure people still use them. Even better if they use something they use much heavier encryption (such as WarpWallet).The idea of simply remembering your money is appealing to me (but I don't dare risk it for a large amount). Title: Re: Collection of 18.509 found and used Brainwallets Post by: BlackHatCoiner on August 07, 2022, 04:06:54 PM I'm pretty sure people still use them. Even better if they use something they use much heavier encryption (such as WarpWallet). What I don't understand is why don't they use the hash function millions of times to make their brain wallet even more secure? We all know that just hashing a subjectively difficult passphrase isn't as much secure as it is to generate an entropy randomly. There wouldn't be such thread if brain wallet users hashed more than once, because, apparently, some passphrases aren't as strong as they thought. The idea of simply remembering your money is appealing to me (but I don't dare risk it for a large amount). Title: Re: Collection of 18.509 found and used Brainwallets Post by: pooya87 on August 07, 2022, 04:37:01 PM What I don't understand is why don't they use the hash function millions of times to make their brain wallet even more secure? It has to do with the time consumption. When the user enters a password they want to get their address as soon as possible, if you increase the number of hashes it would consume more time hence ruins user experience. And considering that brainwallets that I've seen are browser based they are even more limited to the amount of computing power they can use so the process could be even slower than it could be.Besides, brainwallets aren't serious projects and weren't designed for security at first. Some tried to replace SHA256 with stronger algorithms such as scrypt but such projects don't gain any popularity since the idea of brainwallet itself is flawed. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PawGo on August 07, 2022, 04:40:00 PM What I don't understand is why don't they use the hash function millions of times to make their brain wallet even more secure? We all know that just hashing a subjectively difficult passphrase isn't as much secure as it is to generate an entropy randomly. There wouldn't be such thread if brain wallet users hashed more than once, because, apparently, some passphrases aren't as strong as they thought. Because it is not kind of "standard". If at this moment you have an idea to create a new wallet using a given phrase, you have software to do it quickly. I am not aware of any program which would accept other parameters, like number of iterations. We may imagine that you want to launch hash function 20220807 times - and even if you forget that number but you remember period of time when the wallet was created, there is still way to restore it. Seriously, how stupid is someone to use SHA256("") or SHA256 of any publicly available data, block hashes included, as private key and believe this is in any way "smart"? Honestly speaking, I have asked Loyce to prepare list of tx ids and launched search on that. The result is surprising! (I mean it is surprising how many wallets were using that method). Each of that values generates address which was used in the past. Code: 305ba804e692949587a24ea94a48e1d800732589e9203a8bfc271b9bc0c50f7a It was my try to solve Lauda Memorial Puzzle, as "All of the information required to reconstruct the private key is published on the blockchain". But it was not as easy ;-) Title: Re: Collection of 18.509 found and used Brainwallets Post by: BitcoinADAB on August 07, 2022, 06:13:43 PM ~ as "All of the information required to reconstruct the private key is published on the blockchain". But it was not as easy ;-) Maybe also valid for Satoshi's mined blocks? ~ We can visualize with the blockchain data, how satoshi Mine his coins: Title: Re: Collection of 18.509 found and used Brainwallets Post by: Cricktor on August 07, 2022, 09:07:38 PM Seriously, how stupid is someone to use SHA256("") More likely to be a programming error. I recall suggesting a few years ago in this thread that something like (pseudoish code) assert(key != 0xe3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855) would have avoided this particular issue. Maybe a few of them might have been some programming errors, but I doubt that for the majority of funding transactions for this private key. Many are probing or dusting, but why should there be such a lot of wacky programming? About the half of the total transactions are funding, the other half is stealing the coins as of now, today. Ridiculous game...
Maybe also valid for Satoshi's mined blocks? Who knows, Satoshi was smarter than many. I doubt he used some deterministic way to compute his used private keys. But I can only guess wildly...Title: Re: Collection of 18.509 found and used Brainwallets Post by: BlackHatCoiner on August 07, 2022, 09:22:34 PM It has to do with the time consumption. Sure, you don't want to wait for 10-15 minutes? Wait a few seconds to do a few thousands hashes. You can't seriously trade security for a few seconds.And considering that brainwallets that I've seen are browser based they are even more limited to the amount of computing power they can use so the process could be even slower than it could be. Browser-based wallets are generally 🚩🚩🚩Some tried to replace SHA256 with stronger algorithms such as scrypt but such projects don't gain any popularity since the idea of brainwallet itself is flawed. It's outdated currently that we have standards such as BIP39, but it might wasn't a bad idea to create a secure brainwallet if the other choice was to keep a wallet.dat secure.We may imagine that you want to launch hash function 20220807 times - and even if you forget that number but you remember period of time when the wallet was created, there is still way to restore it. If you remember the passphrase, there's no problem. Just hash the hash, until you find the proper hash.Title: Re: Collection of 18.509 found and used Brainwallets Post by: PrimeNumber7 on August 07, 2022, 09:24:55 PM I'm pretty sure people still use them. Even better if they use something they use much heavier encryption (such as WarpWallet). What I don't understand is why don't they use the hash function millions of times to make their brain wallet even more secure? We all know that just hashing a subjectively difficult passphrase isn't as much secure as it is to generate an entropy randomly. There wouldn't be such thread if brain wallet users hashed more than once, because, apparently, some passphrases aren't as strong as they thought. The idea of simply remembering your money is appealing to me (but I don't dare risk it for a large amount). Title: Re: Collection of 18.509 found and used Brainwallets Post by: BlackHatCoiner on August 07, 2022, 09:38:02 PM Dont do this. Hashing a pass phrase will not result in additional entropy. If an adversary were to know that you hashed a brain wallet pass phrase, they could do the same to brain wallet candidate pass phrases they believe you are likely to use. It does the same harm it does for an attacker to know that my password is 18 characters long. It lowers my security, but it's infeasible to break it if chosen properly. Same happens with more hashes; if an adversary knew that I'm hashing a million times, he'd need a million times his computational power to do the same work.Title: Re: Collection of 18.509 found and used Brainwallets Post by: PrimeNumber7 on August 07, 2022, 09:54:29 PM Dont do this. Hashing a pass phrase will not result in additional entropy. If an adversary were to know that you hashed a brain wallet pass phrase, they could do the same to brain wallet candidate pass phrases they believe you are likely to use. It does the same harm it does for an attacker to know that my password is 18 characters long. It lowers my security, but it's infeasible to break it if chosen properly. Same happens with more hashes; if an adversary knew that I'm hashing a million times, he'd need a million times his computational power to do the same work.Title: Re: Collection of 18.509 found and used Brainwallets Post by: Maidak on August 08, 2022, 02:45:08 AM Hi, As been discussed many times before using a Brainwallet is a bad idea. I ran some test myself and found 18.509 BTC-addresses based on a brainwallet which also has been used in the blockchain before. I tried to compare my results with the results of other researchers but could not find any lists online at all. I found some examples but not a comprehensive list. So I published my own results over here: https://eli5.eu/brainwallet Please note: all published addresses have a balance of 0 so this is not a list for robbers :). There are also a lot of extra datasets I haven't used this far so I expect the numbers to go up once I use them as well (I'm in the middle of perfecting my own tooling and blockchain parser so this will take some more time first). I love to get some feedback and if you have results to share which I missed in this round I'm more than happy to hear from you and include them. TA ahahaha wow so whats the public address ? Title: Re: Collection of 18.509 found and used Brainwallets Post by: pooya87 on August 08, 2022, 02:54:21 AM It's outdated currently that we have standards such as BIP39, but it might wasn't a bad idea to create a secure brainwallet if the other choice was to keep a wallet.dat secure. These two are not comparable though and BIP39 wasn't a replacement. That's because the brainwallet is a "human memorizable string" while BIP39 is a "human readable string", or in other words you are not supposed to memorize your mnemonic but you are supposed to memorize your brainwallet.Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on August 08, 2022, 05:56:46 AM I'm pretty sure people still use them. Even better if they use something they use much heavier encryption (such as WarpWallet). What I don't understand is why don't they use the hash function millions of times to make their brain wallet even more secure?The idea of simply remembering your money is appealing to me (but I don't dare risk it for a large amount). But isn't that what WarpWallet (https://keybase.io/warp) was created for? 524,288 times scrypt, followed by 65,536 times pbkdf2. A simple manual "brute-force" tells me that "satoshi" was used to deposit 0.0003 BTC (https://blockchair.com/bitcoin/address/1DChnBTeDCRGxTV55oxJRYRTRqdN1j4Fxu) in 2015. It wasn't moved out instantly (only after 7 blocks). If you use a decent password, and your email as salt, it's much more secure than regular brainwallets. My own (very inaccurate) estimate: a million times more secure because of the heavy encryption, and another factor one million because of the email address that makes it impossible to brute-force everyone's wallet at once. Honestly speaking, I have asked Loyce to prepare list of tx ids and launched search on that. The result is surprising! (I mean it is surprising how many wallets were using that method). Each of that values generates address which was used in the past. The first one I checked lost 7.72 BTC (https://blockchair.com/bitcoin/address/113pJ2WaiZRBwA9HTFuiSF2KX1h7gSPJfU) in 2014 (back then valued at almost $3k).The scope of realistic brain wallets is very small when compared to all potential private keys. Requiring an adversary to do a million times more work might sound like a lot, but compared to all potential private keys, it really is not. If you're the only one who uses 1,276,816 rounds of hashing, the number of potential wallets that can be found is limited to only your wallets, versus many different wallets that all use only one round.Title: Re: Collection of 18.509 found and used Brainwallets Post by: PrimeNumber7 on August 08, 2022, 07:42:53 AM I'm pretty sure people still use them. Even better if they use something they use much heavier encryption (such as WarpWallet). What I don't understand is why don't they use the hash function millions of times to make their brain wallet even more secure?The idea of simply remembering your money is appealing to me (but I don't dare risk it for a large amount). But isn't that what WarpWallet (https://keybase.io/warp) was created for? 524,288 times scrypt, followed by 65,536 times pbkdf2. A simple manual "brute-force" tells me that "satoshi" was used to deposit 0.0003 BTC (https://blockchair.com/bitcoin/address/1DChnBTeDCRGxTV55oxJRYRTRqdN1j4Fxu) in 2015. It wasn't moved out instantly (only after 7 blocks). <> The scope of realistic brain wallets is very small when compared to all potential private keys. Requiring an adversary to do a million times more work might sound like a lot, but compared to all potential private keys, it really is not. If you're the only one who uses 1,276,816 rounds of hashing, the number of potential wallets that can be found is limited to only your wallets, versus many different wallets that all use only one round.Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on August 08, 2022, 07:55:20 AM How is someone supposed to remember the exact number of hashing rounds? I think in both the WarpWallet and your proposed ~1.2 million rounds of hashing implementations, you will need to either document the rounds of hashing, or rely on a third party to help calculate the private key, and I don't think this meets the definition of a brain wallet. With WarpWallet you can (and should!) keep your own offline copy.If you're going for a "weird" number of hashing rounds, I can think of many ways to remember the number. It could be your phone number or full date of birth. Or just something you remember. Worst-case, if you forget the exact number, you can still brute-force it yourself given that you know the pass phrase. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PawGo on August 08, 2022, 07:56:15 AM How is someone supposed to remember the exact number of hashing rounds? I think in both the WarpWallet and your proposed ~1.2 million rounds of hashing implementations, you will need to either document the rounds of hashing, or rely on a third party to help calculate the private key, and I don't think this meets the definition of a brain wallet. Talking about definition - there is no strict definition. The idea is that you "remember" how to produce private key. Somehow (I do not know why and how) single iteration of sha256 became "a standard". You may use other hash algorithm (eth & keccak), you may use other number of iterations, you may use any other way you want - as long as you remember what to do, it could be still a "brain wallet" (the question is if you remember your 12/24 words seed, is it brain wallet or not, theoretically yes). The more additional steps you use or need to perform, it complicates thing and make it easier to forget. About number of iterations - you may use date, like I proposed few posts ago. Then you may know that number of possible iterations was for example between 20210101 and 20221231. But then we go to another point - are you able to restore your private key quickly? With single iteration of sha256 - probably yes. With more complicated scenarios - you will probably need your own dedicated program. Of course we may think about many many possible ways to "remember" private key. Even the ways which allows you to restore that using just a piece of paper and pencil - for example, you take your name, dog's name, email address, phone number etc, take letters as a numbers (a=1, b=2, whatever) and then use modulo 16 to produce hex string. Is it possible? yes. The question is if it is safe - I would say it is probably safer than typical sha256 brainwallet from common phrase, because it is very custom method and there is no automated attack for that (yet). Title: Re: Collection of 18.509 found and used Brainwallets Post by: BlackHatCoiner on August 08, 2022, 08:49:32 AM These two are not comparable though and BIP39 wasn't a replacement. It wasn't a replacement, but an even better proposal. Yes, you don't memorize seed phrases, but write them down. But: If you told me to choose between brain wallets and securing a wallet.dat file, which is how things worked before BIP39, I'd go with the former.I'm pretty sure some people do that. And I'm pretty sure some others are searching for it too. Hadn't found the choice from popular brain wallets such as: https://brainwalletx.github.io/. Title: Re: Collection of 18.509 found and used Brainwallets Post by: Cricktor on August 08, 2022, 10:12:23 AM An arbitrary number of SHA-256 rounds for your brainwallet secret is still security by obscurity for me. If your to be memorized secret is "bad" or publicly available anywhere you trust that no attacker tries to check multiple SHA-256 rounds. I wouldn't bet that no one is going to try this.
Brain wallets have in many cases proven to be a terrible idea, because those who failed and were cracked had initially bad or worse secrets. Your initial secret must already be complex and good enough to withstand even heavy possible cracking in the first place. If it isn't, don't use a brainwallet. Yes, a high number of hashing rounds do delay an attacker, I don't dismiss this. It still leaves the risk open to crack a brainwallet, especially with a poorly chosen initial secret. And don't forget (haha, what a coincidence) that the human memory is a fragile thing. It's easy to forget something if you don't repeat it regularly. It's easy to become ill or injured and forget more than you can imagine. To verify you memorized something complex enough, you should have it properly written down. Then it doesn't make much sense to me to memorize it anymore and I could skip the whole brainwallet thing alltogether. Title: Re: Collection of 18.509 found and used Brainwallets Post by: ABCbits on August 08, 2022, 11:46:11 AM These two are not comparable though and BIP39 wasn't a replacement. It wasn't a replacement, but an even better proposal. Yes, you don't memorize seed phrases, but write them down. But: If you told me to choose between brain wallets and securing a wallet.dat file, which is how things worked before BIP39, I'd go with the former.Since you mention wallet.dat which usually associated with Bitcoin Core, i'd like to mention Bitcoin Core doesn't use BIP39. You still have to backup your wallet.dat or alternatively master private key from dumpwallet command/output descriptor. ... Then it doesn't make much sense to me to memorize it anymore and I could skip the whole brainwallet thing alltogether. For most cases, i would agree. But i'd like to quote a page from Bitcoin Wiki. Quote from: https://en.bitcoin.it/wiki/Brainwallet Brainwallets are not recommended to be used in general because of fallible human memory. But in special situations they could be very useful, for example when fleeing a country as a refugee with only the clothes on your back. Title: Re: Collection of 18.509 found and used Brainwallets Post by: d3bt3 on August 08, 2022, 01:06:01 PM For most cases, i would agree. But i'd like to quote a page from Bitcoin Wiki. So for such case use https://brainwalletx.github.io/ ?Quote from: https://en.bitcoin.it/wiki/Brainwallet Brainwallets are not recommended to be used in general because of fallible human memory. But in special situations they could be very useful, for example when fleeing a country as a refugee with only the clothes on your back. Title: Re: Collection of 18.509 found and used Brainwallets Post by: itod on August 08, 2022, 01:25:44 PM These two are not comparable though and BIP39 wasn't a replacement. It wasn't a replacement, but an even better proposal. Yes, you don't memorize seed phrases, but write them down. But: If you told me to choose between brain wallets and securing a wallet.dat file, which is how things worked before BIP39, I'd go with the former.Since you mention wallet.dat which usually associated with Bitcoin Core, i'd like to mention Bitcoin Core doesn't use BIP39. You still have to backup your wallet.dat or alternatively master private key from dumpwallet command/output descriptor. Backing up wallet.dat that is encrypted with decent passphrase is not a big issue, attacker first has to hack you to access your backup, and then has to attack the file's encryption passhprase. This is so complicated attack vector that all attackers rather choose to attack idiotic brainwallets. Title: Re: Collection of 18.509 found and used Brainwallets Post by: ABCbits on August 09, 2022, 09:14:32 AM For most cases, i would agree. But i'd like to quote a page from Bitcoin Wiki. So for such case use https://brainwalletx.github.io/ ?Quote from: https://en.bitcoin.it/wiki/Brainwallet Brainwallets are not recommended to be used in general because of fallible human memory. But in special situations they could be very useful, for example when fleeing a country as a refugee with only the clothes on your back. Tool you mentioned only use single SHA-256. Use WarpWallet[1] or rehashaddress (part of ecctools[2]) instead, which harder to brute force. [1] https://keybase.io/warp (https://keybase.io/warp) [2] https://github.com/albertobsd/ecctools#rehashaddress (https://github.com/albertobsd/ecctools#rehashaddress) Title: Re: Collection of 18.509 found and used Brainwallets Post by: fxsniper on August 15, 2022, 09:47:18 AM [2] https://github.com/albertobsd/ecctools#rehashaddress (https://github.com/albertobsd/ecctools#rehashaddress) rehashaddress it work by using privatekey to hash with sha-256 and use it again for next privatekey and loop right? Title: Re: Collection of 18.509 found and used Brainwallets Post by: fxsniper on August 15, 2022, 11:40:12 AM No, rehashaddress use user-chosen password/passphrase. It'll hash at least one time and perform additional rehash based on m parameter value. Here's snippet from the source code comment. Thank you. I got it. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PrimeNumber7 on August 21, 2022, 09:48:56 PM How is someone supposed to remember the exact number of hashing rounds? I think in both the WarpWallet and your proposed ~1.2 million rounds of hashing implementations, you will need to either document the rounds of hashing, or rely on a third party to help calculate the private key, and I don't think this meets the definition of a brain wallet. With WarpWallet you can (and should!) keep your own offline copy.If you're going for a "weird" number of hashing rounds, I can think of many ways to remember the number. It could be your phone number or full date of birth. Or just something you remember. Worst-case, if you forget the exact number, you can still brute-force it yourself given that you know the pass phrase. Title: Re: Collection of 18.509 found and used Brainwallets Post by: phrutis on August 21, 2022, 10:55:17 PM https://en.bitcoin.it/wiki/Mini_private_key_format I came across my simple mini key generator tonight, and I'm having another play with it. Here you have another toy to play with : https://github.com/phrutis/MiniKeys2 (https://github.com/phrutis/MiniKeys2) This is the fastest public program to find old Serie1 minikeys (22 characters) in the world. Title: Re: Collection of 18.509 found and used Brainwallets Post by: almightyruler on September 18, 2022, 11:19:16 PM Here you have another toy to play with : https://github.com/phrutis/MiniKeys2 (https://github.com/phrutis/MiniKeys2) This is the fastest public program to find old Serie1 minikeys (22 characters) in the world. Link 404? Other repositories under that account seem to be cracking based, with executables only... so yeah, nah. Title: Re: Collection of 18.509 found and used Brainwallets Post by: n0nce on September 18, 2022, 11:24:43 PM Here you have another toy to play with : https://github.com/phrutis/MiniKeys2 (https://github.com/phrutis/MiniKeys2) This is the fastest public program to find old Serie1 minikeys (22 characters) in the world. Link 404? Other repositories under that account seem to be cracking based, with executables only... so yeah, nah. https://github.com/Yanmailde/Phrutis_MiniKeys2 No source code either, just binaries; so proceed with extreme caution. Maybe it's possible to contact the repo's owner to clarify. Title: Re: Collection of 18.509 found and used Brainwallets Post by: ABCbits on September 19, 2022, 12:30:20 PM --snip-- No vouch or idea whether legit or not, but there is one result on GitHub:https://github.com/Yanmailde/Phrutis_MiniKeys2 No source code either, just binaries; so proceed with extreme caution. Maybe it's possible to contact the repo's owner to clarify. After reading one of the FAQ and knowing the owner delete original repository, you could wasting your time. Quote from: https://github.com/Yanmailde/Phrutis_MiniKeys2 If I find the private key can I take all the coins for myself? No, you will find the encrypted key. Only the organizers can decrypt this key and pay you a 50%. I'd recommend people to use different tool such as https://github.com/Coding-Enthusiast/FinderOuter (https://github.com/Coding-Enthusiast/FinderOuter) to brute force mini private key. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PlutonowyPokrzycz on September 23, 2022, 04:11:19 PM Interesting update...
Address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN is derived from hashed empty string "". Two moths ago (!) someone sent almost 1BTC to this address. I guess by mistake. It took as mush as 10 minutes to drain this address. https://www.blockchain.com/btc/tx/37e166a1e52e96bcfe535738082e328ef8db56aafd6945d9cad6f2afdb34b4a4 Title: Re: Collection of 18.509 found and used Brainwallets Post by: casinotester0001 on September 23, 2022, 06:01:23 PM Interesting update... Address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN is derived from hashed empty string "". Two moths ago (!) someone sent almost 1BTC to this address. I guess by mistake. It took as mush as 10 minutes to drain this address. https://www.blockchain.com/btc/tx/37e166a1e52e96bcfe535738082e328ef8db56aafd6945d9cad6f2afdb34b4a4 Maybe the miner inserted both transactions into the block and we never saw them in the mempool before being in the block. Title: Re: Collection of 18.509 found and used Brainwallets Post by: COBRAS on September 25, 2022, 06:27:55 PM Interesting update... Address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN is derived from hashed empty string "". Two moths ago (!) someone sent almost 1BTC to this address. I guess by mistake. It took as mush as 10 minutes to drain this address. https://www.blockchain.com/btc/tx/37e166a1e52e96bcfe535738082e328ef8db56aafd6945d9cad6f2afdb34b4a4 adres privkey https://privatekeys.pw/address/bitcoin/1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN Title: Re: Collection of 18.509 found and used Brainwallets Post by: larry_vw_1955 on October 12, 2022, 11:18:27 PM Interesting update... Address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN is derived from hashed empty string "". Two moths ago (!) someone sent almost 1BTC to this address. I guess by mistake. It took as mush as 10 minutes to drain this address. https://www.blockchain.com/btc/tx/37e166a1e52e96bcfe535738082e328ef8db56aafd6945d9cad6f2afdb34b4a4 how would someone make a mistake like that? it doesn't seem probable. Title: Re: Collection of 18.509 found and used Brainwallets Post by: n0nce on October 13, 2022, 11:57:25 PM Interesting update... Address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN is derived from hashed empty string "". Two moths ago (!) someone sent almost 1BTC to this address. I guess by mistake. It took as mush as 10 minutes to drain this address. https://www.blockchain.com/btc/tx/37e166a1e52e96bcfe535738082e328ef8db56aafd6945d9cad6f2afdb34b4a4 how would someone make a mistake like that? it doesn't seem probable. I.e.: (1) Send 1BTC to address whose private key is publicly known. (2) Sweep the funds a few minutes later (depending on the amount of plausible deniability vs. risk you're willing to take). (3) Claim you mistakenly sent the funds and that they're gone, since it's an address whose private key is known. Then mix and be happy. Just an idea. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PrivatePerson on October 14, 2022, 03:12:15 AM I guess it's always possible to use something like this for money laundering. (2) See how your BTC was collected by someone else's bot.I.e.: (1) Send 1BTC to address whose private key is publicly known. (3) Cry because you are a loser ;D Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on October 14, 2022, 09:28:05 AM I guess it's always possible to use something like this for money laundering. That's not money laundering. It sounds more like a "boating accident".~ (3) Claim you mistakenly sent the funds and that they're gone, since it's an address whose private key is known. Quote Then mix and be happy. Just an idea. Now you have money you don't officially have, and can't officially spend. Great for buying drugs, terrible for buying a car.Title: Re: Collection of 18.509 found and used Brainwallets Post by: n0nce on October 14, 2022, 10:43:03 PM I guess it's always possible to use something like this for money laundering. (2) See how your BTC was collected by someone else's bot.I.e.: (1) Send 1BTC to address whose private key is publicly known. (3) Cry because you are a loser ;D Never claimed that this was a risk-free method. ;) As we saw above, it took a whole 10 minutes for (maybe) a bot to sweep the funds. I guess it's always possible to use something like this for money laundering. I.e.: (1) Send 1BTC to address whose private key is publicly known. (2) Sweep the funds a few minutes later (depending on the amount of plausible deniability vs. risk you're willing to take). (3) Claim you mistakenly sent the funds and that they're gone, since it's an address whose private key is known. Alternatively, generate private key with relative weak (but not publicly known) string before executing your idea. After some time you could make an account on social media/forum and claim you found another weak Brainwallets which already emptied. P.S. This is informative post, i'm not taking any responsibility if you weaken your privacy or lose your money :P. I guess it's always possible to use something like this for money laundering. That's not money laundering. It sounds more like a "boating accident".~ (3) Claim you mistakenly sent the funds and that they're gone, since it's an address whose private key is known. Quote Then mix and be happy. Just an idea. Now you have money you don't officially have, and can't officially spend. Great for buying drugs, terrible for buying a car.Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on October 15, 2022, 09:12:41 AM I actually addressed your criticism: 'a few minutes later (depending on the amount of plausible deniability vs. risk you're willing to take)'. It's rare, but I think you missed the point completely. It doesn't take 10 minutes to sweep the funds (and you shouldn't trust Blockchain.com on this). This is what Blockchair.com shows:Never claimed that this was a risk-free method. ;) As we saw above, it took a whole 10 minutes for (maybe) a bot to sweep the funds. https://loyce.club/other/anditsgone.png I give it half a second between the moment you broadcast the transaction, and the moment you see it disappear from the compromised address. Many bots are competing to steel those funds, and the fastest wins. You won't have minutes, you won't have seconds. Your money is instantly gone. Quote Now you have money you don't officially have, and can't officially spend. Great for buying drugs, terrible for buying a car. Very true. Similar to mixing and buying on decentralized exchange, I guess. Except you can keep / export Bisq trade records and mixing receipts. Would you recommend this?Title: Re: Collection of 18.509 found and used Brainwallets Post by: PawGo on October 21, 2022, 06:39:11 AM Quote Then mix and be happy. Just an idea. Now you have money you don't officially have, and can't officially spend. Great for buying drugs, terrible for buying a car.recently I have found https://bitcars.eu/ Nice initiative, but I did not investigate deeply how they wok - if they sell cars directly or if it is just a catalogue with offers where owner accepts crypto. But what I like is that they offer almost everything - from aston martin sport car to volkswagen camper ;) Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on October 21, 2022, 07:18:45 AM recently I have found https://bitcars.eu/ Nice initiative, but I did not investigate deeply how they wok - if they sell cars directly or if it is just a catalogue with offers where owner accepts crypto. But what I like is that they offer almost everything - from aston martin sport car to volkswagen camper ;) That doesn't change the problem if you have "drug money": if you register the car in your name, you have some explaining to do when you get checked.Title: Re: Collection of 18.509 found and used Brainwallets Post by: casinotester0001 on October 21, 2022, 09:03:48 AM recently I have found https://bitcars.eu/ Nice initiative, but I did not investigate deeply how they wok - if they sell cars directly or if it is just a catalogue with offers where owner accepts crypto. But what I like is that they offer almost everything - from aston martin sport car to volkswagen camper ;) © BitCars | The Crypto Car Marketplace. Since 2016 (btw they are in Switzerland) https://bitcars.eu/pages/bitcars-bitcoin-automobile-boutique-imprint-legal-disclosure :) Title: Re: Collection of 18.509 found and used Brainwallets Post by: PlutonowyPokrzycz on August 08, 2023, 09:46:10 PM So far I've seen only those online lists of brainwallets. I wonder if there are others available?
Most of you probably know this science paper "The Bitcoin Brain Drain: Examining the Use and Abuse of Bitcoin Brain Wallets" (Marie Vasek, Joseph Bonneau, R. Castellucci, C. Keith, T. Moore). It is available from this link: https://tylermoore.utulsa.edu/fc16.pdf Authors do not reveal brainwallets in clear text. However, I've found this resource that contains files that are attachments to this paper: https://dataverse.harvard.edu/dataset.xhtml;jsessionid=3b3325c3157850e2d961cf61dfb1?persistentId=doi%3A10.7910%2FDVN%2FRZHL3X&version=&q=&fileTypeGroupFacet=&fileAccess=Public&fileSortField=type The most interesting files are probably: brainmaster.tab and attacksrc.tab files. They contain a list of more than 19k addresses identified to be protected with a brainwallet (again, no brainwallets in clear text, just information about the length of string). There are still many addresses in Vasek's list that you will not find on the websites mentioned in the beginning. Some people that participated in this topic have their own lists of brainwallets. I wonder if there is anyone who cracked all addresses from Vasek's list? Probably not. Then, how many of them remain a mystery to you, still? Are there other lists like this from Vasek? I mean, just addresses without brainwallets revealed? Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on August 09, 2023, 05:02:21 AM The most interesting files are probably: brainmaster.tab and attacksrc.tab files. They contain a list of more than 19k addresses identified to be protected with a brainwallet That's easy to check: get all Bitcoin addresses with a balance (https://bitcointalk.org/index.php?topic=5254914.0) and find the duplicates. There's only one:I wonder if there is anyone who cracked all addresses from Vasek's list? Probably not. Then, how many of them remain a mystery to you, still? 15Mjbr23k7LfadNVAMmFZwdzcL5VFHe9gC (https://blockchair.com/bitcoin/address/15Mjbr23k7LfadNVAMmFZwdzcL5VFHe9gC). There's 0.001 BTC in there since 2014. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PlutonowyPokrzycz on August 09, 2023, 06:39:34 AM That's easy to check: get all Bitcoin addresses with a balance (https://bitcointalk.org/index.php?topic=5254914.0) and find the duplicates. There's only one: Thanks, I know that, but I was not thinking about balances - just about brainwallets (phrases used to generate BTC addresses). Maybe let's use numbers to illustrate this.15Mjbr23k7LfadNVAMmFZwdzcL5VFHe9gC (https://blockchair.com/bitcoin/address/15Mjbr23k7LfadNVAMmFZwdzcL5VFHe9gC). There's 0.001 BTC in there since 2014. Vasek list - 19430 addresses (contains addresses created between 2011 and January 2017) Eli5 list - 18982 addresses (last time I've scrapped the website) If you compare them there are: - 18741 addresses common to both lists - 689 addresses that are unknown to Eli5 Privatekeys.pw made progress in revealing the brainwallets, but still there are 611 addresses with brainwallet unknown. So, I was wondering if there is anyone that cracked all or most of the remaining 611 addresses (list below). Code: address,compressed,pwdlength,endbalance,numdrains,firstTTD,totalamt,firstseen Title: Re: Collection of 18.509 found and used Brainwallets Post by: LoyceV on August 09, 2023, 06:47:18 AM So, I was wondering if there is anyone that cracked all or most of the remaining 611 addresses (list below). Probably. But they have no incentive to share the private keys, they're just quietly waiting for a deposit to be the first one to snatch it.Title: Re: Collection of 18.509 found and used Brainwallets Post by: PlutonowyPokrzycz on August 09, 2023, 08:15:57 AM Probably. But they have no incentive to share the private keys, they're just quietly waiting for a deposit to be the first one to snatch it. If revealing private keys is too much to ask for, revealing just cracked addresses would be great :)Title: Re: Collection of 18.509 found and used Brainwallets Post by: PlutonowyPokrzycz on August 09, 2023, 08:24:30 AM Hi, I wonder if OP has new content to update his website? :)As been discussed many times before using a Brainwallet is a bad idea. I ran some test myself and found 18.509 BTC-addresses based on a brainwallet which also has been used in the blockchain before. I tried to compare my results with the results of other researchers but could not find any lists online at all. I found some examples but not a comprehensive list. So I published my own results over here: https://eli5.eu/brainwallet Please note: all published addresses have a balance of 0 so this is not a list for robbers :). There are also a lot of extra datasets I haven't used this far so I expect the numbers to go up once I use them as well (I'm in the middle of perfecting my own tooling and blockchain parser so this will take some more time first). I love to get some feedback and if you have results to share which I missed in this round I'm more than happy to hear from you and include them. TA or maybe almightyruler? This brain wallet hasn't been used for several years, but even back in 2013 it held a substantial amount of funds (USD $6k+), protected by a weak passphrase: https://www.blockchain.com/btc/address/16jLdtAxgXVwcG93MyPcNALXMCv3D6dyDB The passphrase is "arretonprimaryschool" Title: Re: Collection of 18.509 found and used Brainwallets Post by: ymgve2 on August 12, 2023, 02:14:03 PM Here's the majority of your remaining list. Still got 77 missing. To make it more interesting I've masked the first 3 characters of each password:
https://zerobin.net/?25d328abfbe6601d#xmClTcLN8qitoLRO5862qS9Q1fB3NfOrNGU+z9Z+Dj4= I also see you don't have 145Sph2eiNGp5WVAkdJKg9Z2PMhTGSS9iT on your remaining list. Did someone ever find out what the private key was? I know it's been used as a brainwallet string, maybe you did a mistake and filtered it out because of that. Title: Re: Collection of 18.509 found and used Brainwallets Post by: PlutonowyPokrzycz on August 12, 2023, 10:07:46 PM Here's the majority of your remaining list. Still got 77 missing. To make it more interesting I've masked the first 3 characters of each password: Thanks a million! This is useful!https://zerobin.net/?25d328abfbe6601d#xmClTcLN8qitoLRO5862qS9Q1fB3NfOrNGU+z9Z+Dj4= I also see you don't have 145Sph2eiNGp5WVAkdJKg9Z2PMhTGSS9iT on your remaining list. Did someone ever find out what the private key was? I know it's been used as a brainwallet string, maybe you did a mistake and filtered it out because of that. P.S. brainwallet for 145Sph2eiNGp5WVAkdJKg9Z2PMhTGSS9iT is "XXXX was here." Title: Re: Collection of 18.509 found and used Brainwallets Post by: PlutonowyPokrzycz on August 13, 2023, 11:08:00 AM If someone could share 139 characters long passphrase to 1BQmbdHdtdJnGbhNLgnr5w5pKJ4aFghdLp...
https://i.kym-cdn.com/entries/icons/original/000/011/976/That_Would_Be_Great_meme.jpg Vasek and team have found it on Reddit Title: Re: Collection of 18.509 found and used Brainwallets Post by: Sanka555 on November 07, 2023, 05:25:08 AM So far I've seen only those online lists of brainwallets. I wonder if there are others available? Has anyone parsed the list of brain phrases from these lists? maybe just a text file? so that I don’t have to do stupid work a second time. I just need a list of words-address. Without xxx. thank you very much in advance
Most of you probably know this science paper "The Bitcoin Brain Drain: Examining the Use and Abuse of Bitcoin Brain Wallets" (Marie Vasek, Joseph Bonneau, R. Castellucci, C. Keith, T. Moore). It is available from this link: https://tylermoore.utulsa.edu/fc16.pdf Authors do not reveal brainwallets in clear text. However, I've found this resource that contains files that are attachments to this paper: https://dataverse.harvard.edu/dataset.xhtml;jsessionid=3b3325c3157850e2d961cf61dfb1?persistentId=doi%3A10.7910%2FDVN%2FRZHL3X&version=&q=&fileTypeGroupFacet=&fileAccess=Public&fileSortField=type The most interesting files are probably: brainmaster.tab and attacksrc.tab files. They contain a list of more than 19k addresses identified to be protected with a brainwallet (again, no brainwallets in clear text, just information about the length of string). There are still many addresses in Vasek's list that you will not find on the websites mentioned in the beginning. Some people that participated in this topic have their own lists of brainwallets. I wonder if there is anyone who cracked all addresses from Vasek's list? Probably not. Then, how many of them remain a mystery to you, still? Are there other lists like this from Vasek? I mean, just addresses without brainwallets revealed? Title: Re: Collection of 18.509 found and used Brainwallets Post by: ymgve2 on February 14, 2024, 04:43:13 PM I noticed a while back that a lot of the brainwallets in the collection were filled with exactly 20108 satoshis, with phrases ranging from single words to some random seeming passwords. The repeated amount seemed weird, and I then discovered that someone back in 2014 had filled 456 addresses with exactly 20108 satoshis each.
I suspect this is some form of challenge/canary where each address is a different brainwallet, with varying levels of complexity in the phrase. Here are the transactions I've found so far: https://www.blockchain.com/explorer/transactions/btc/16df5eed4c8d7ff965cf9d3676c7b71d80398714727792e71b7118abe3e16b03 https://www.blockchain.com/explorer/transactions/btc/b17d08f6b945a6a9edb526f2faaef9b825eaa27c14f454bd53bb423e44750e16 https://www.blockchain.com/explorer/transactions/btc/70ff6fc9ef96c80a435a0595477708630d092285ebeca30aa899d4dd409b1b45 https://www.blockchain.com/explorer/transactions/btc/16e72e11bfefe3222e5a3876d1038e49aaec8bc7c247212f8917c94e5b6fff49 https://www.blockchain.com/explorer/transactions/btc/594a3757b99943d4789fc588167cb40fd44e57f131f3822a3c9af2930ee01f52 https://www.blockchain.com/explorer/transactions/btc/4b07f21a2d9c408af5542288554aec49ac49195cf10295f1b17aa829d701a3dc https://www.blockchain.com/explorer/transactions/btc/b71a1a9dc95319eae181d64865b16bf34deabdee0a689176df8aba450df34081 https://www.blockchain.com/explorer/transactions/btc/280933eae25e17a7a7274c4b672880b7c488c929872394dbc6ccacf9f68fc7c3 https://www.blockchain.com/explorer/transactions/btc/34b56d4dac1d43c8a7b8f922e044424094670445b1388fb89b79a0b607a2a28f https://www.blockchain.com/explorer/transactions/btc/151f1b9dc77e7dfd77e2f23790d5dc6f8026602553fe64ff2ec4d641e644f9a8 https://www.blockchain.com/explorer/transactions/btc/c03fa7f40dc185e29b64c4ae421544364d9600fc1e960b1e0406b5fc1efc1843 https://www.blockchain.com/explorer/transactions/btc/78b5acfa93abd3d6761806dbcc88a82d9efc070bc798edf9cf70d75a8803351c https://www.blockchain.com/explorer/transactions/btc/06f34556aa9fa495ae31fbb8134a66997f2a9672261a0d20c39d6eaa99ae323c https://www.blockchain.com/explorer/transactions/btc/ccfd4b7ac82ef4dd944ab6174c77cef4cd80f12c3333443dbfd30133b9e4849f https://www.blockchain.com/explorer/transactions/btc/39142cb1fce6109333c8672b00fa53cf1d75f4d5b23aac6204aae868df56bd65 https://www.blockchain.com/explorer/transactions/btc/5160e527cca3d98bcea61b70519d4d434df9e7da8f7bef62c114ce369747ab58 Now, to the real reson for the post - I just noticed that after almost a year of no activity, someone has started draining a few of these addresses again. I wonder if this means some more optimized brainwallet cracker has been developed, or someone has built a cracking machine that's much faster than previous attempts. The curious thing is that the drained coins go to both standard and segwit addresses, so it might indicate there are multiple people working on this cracking. And as always, if you use a standard SHA256 brainwallet, this is another indication that your coins will be taken sooner or later. Title: Re: Collection of 18.509 found and used Brainwallets Post by: whanau on February 16, 2024, 03:08:00 AM Now, to the real reson for the post - I just noticed that after almost a year of no activity, someone has started draining a few of these addresses again. I wonder if this means some more optimized brainwallet cracker has been developed, or someone has built a cracking machine that's much faster than previous attempts. There was a brainflayer3 program which was supposed to have been much quicker. However it seems to have disappeared from github. I wasn't able to compile it as there were 3 or 4 differences in the make file. I fixed 3, but the last one defeated me. If you want the code, I will send it to you. Title: Re: Collection of 18.509 found and used Brainwallets Post by: TheArchaeologist on March 14, 2024, 10:21:48 AM Based on some questions I got above or in DM:
There is a plaint text file that lists all the addresses as mentioned on eli5.eu/brainwallet: https://eli5.eu/brainwallet/btc_brainwallet_v18569.txt (https://eli5.eu/brainwallet/btc_brainwallet_v18569.txt). Only addresses. TA |
