I'm really trying to explain why this is not such a good idea as it might seem at first sight. But it's difficult  I really do *get* your point - but when you see how little I changed (and not randomly at all) I do think you might be forced to change your mind (after people have been hacking at it for days and have so far been unable to guess basically just a couple of minor changes to a very simple equation). BTW - I am up for at least a 50 BTC challenge (open ended with no clues but you will be giving the GPG encrypted private key and the message that contains the Bitcoin private key out) with a new bash script (which I will publish) based upon the same idea (but I will use a 6 character initial password for that challenge - it's my money after all). This is the Bitcoin way to build open source after all! |
|
|
|
after reading 10 pages, I guess I'll keep on reading instead of trying to solve the "riddle"... :-"
Actually believe or not that is the only thing that has prevented such a weak password from being cracked already (am almost tempted to release the weak password but won't do that until after the last hint). |
|
|
|
Can we know the exact length of the string and how many times was the password repeated?
The next hint should definitely help with this (but please remember that the point is that it is a riddle/puzzle - I will only give out the information you have requested in the *last* hint as I think it should be cracked within minutes after that). Whist waiting for someone to solve this (IMO not so hard to solve) problem I have come up with an even better idea (more on this to come) and I have now added a "bcrypt" call to the script that I will be publishing in the distro I am creating for the purposes of doing the same thing I have done here (if starting with a 4 char password and a very simple math equation has proven so difficult the you can imagine how much harder the *real thing* will be). |
|
|
|
|
Well the next hint isn't due for a while so you probably still have time.
|
|
|
|
Adding to your equations and patterns examples, say you have 40 different equations and patterns to choose from which can each take an x,y of 1-10. That would be an additional 40 * 10 * 10 possibilities or 11.9 additional bits of entropy. So in this example, adding the 40 equation and pattern options adds additional 'strength' of 2 extra characters. (23.8 + 11.9 = 35.7)
Personally, I would rather use a standard KDF (like PBKDF2, scrypt, bcrypt) over using a custom key-strengthening method like this. If in the future you ever want someone else to implement your generation method, any of these standard algorithms are already documented, cryptanalyzed, implemented as libraries, and have tuneable levels of strengthening so they can be future-proofed.
Thanks for the info and yes I was going to add a call to one of those to the bash script for good measure (this challenge was mostly as a bit of an experiment). |
|
|
|
|
Securing the distro is another issue as is securing the computer (will be discussing that in another thread after this) and although I agree a program rather than a bash script would be better if you have a secure computer (the most important thing) and a distro that you trust (not quite as important really as the script is running programs that can be tested).
Turning this into something more "Gavin's grandma" friendly would be quite hard - but I have some ideas about this.
The first being to have a list of meta-password logic templates (such as "math equations", "sewing patterns", etc.) and after you choose the logic template you would then supply the "variables" (let's say at least a couple of numbers) and then it would create a specific password script line (to replace the one in default template).
So from a menu I select: Math Equations
then from a sub-menu I select: x+y=z
and type in values 1, 2 for x and y and it might then spit out:
$password+$password$password=$password$password$password
|
|
|
|
Thanks - so if did this: opassword=`echo "($password $password $password)" | sha256sum`
# This strips off the trailing space and dash from sha256sum.
opassword=`echo $opassword | awk -F ' ' '{ print $1 }'`
for i in {1..99} # NOTE: Also change the # of iterations here.
do
password=`echo "$password $opassword $password" | sha256sum`
done
password=`echo $password $opassword | awk -F ' ' '{ print $1 }'`
how would that change things? |
|
|
|
its just his guess how long we need, i need around 1 min per sweep (creating wordlist and bruteforcing it).
Oh - must have got confused by all the stats - so if the script was changed to this: password="${password}+${password}=${password}${password}@L3AsT"
opassword=$password
for i in {1..999}
do
password=`echo "$password $opassword $password" | sha256sum`
done
Could you give me an estimate of the sweep time? |
|
|
|
whats $opassword? ERROR: Undefined variable T_LOCAL!
it would'nt make it longer since theres no math in it, just simple strings. it would even be faster since the string is shorter.
Sorry - I should have made it clearer $opassword is the original password (and you can see it is being used along with the hash and some extra salt to rehash so the string is not shorter and of course the number 999 would be changeable). |
|
|
|
btw - I gather you are down to around 10 secs per "sweep" - now if the script were to have the following addition: for i in {1..999}
do
password=`echo "$password 1+1=2 $opassword" | sha256sum`
done
how much slower would that make each pass? (this is nothing to do with the actual challenge but for inclusion in a distro) |
|
|
|
time is of the essence
If you are throwing in the towel then please post a BTC address here (or send me one in a PM) so I can at least throw 1 BTC your way for the time spent on this. For those who dont have enough hashing power, u can send me patterns per PM and il test em, if they match u get a portion of the 10BTC (going to distribute it fair to all who helped, including me).
Doh - just as I posted - well glad to see you haven't given up! |
|
|
|
"Solve a riddle, guess a 4 char password and add 10 BTC to your xmas stocking!" <-- why not "Solve a riddle, bruteforce a 4 char password with an unknown salt and add 10 BTC to your xmas stocking! )"
All will be revealed in time but I will add now that the title of this topic was not inaccurate. |
|
|
|
|
Next hint to be posted after 400 confirmations (unless there is consensus here for me to give it earlier).
|
|
|
|
BTW don't know if you guys have read this: https://bitcoinfoundation.org/blog/?p=58but I think a case could be made for some "grant" coins towards creating a GUI that could assist with creating a secret such as that so far elusive changed equation in my bash script. |
|
|
|
Just woke up again to find that we are at confirmation # 202 so here is the next hint: |
|
|
|
|
Well it's very early now in Beijing but woke up wondering whether the 10 BTC was still there - and amazingly it still is (and I see now only another 15 confirmations before the next hint).
Although I respect the skepticism of any "brainwallet" approach I do hope that this "putting my money where my mouth is" approach will at least convince some that the idea can work (although even my much improved script could itself be improved through the use of say scrypt).
|
|
|
|
For those wondering exactly where I am headed with this concept - it is to ideally present to an end user a list of questions that will be able to then be used to automatically modify the password hashing script to generate an algorithm in a manner that is very secure (on a secured computer of course - more to come on this in the CIYAM Open thread) without too much effort (but the end user's creativity is and will always be the *key* ingredient with this approach). I never said that this would be a trivial matter (or that this is the best solution to the problem) but I hope that this challenge has at least shown that the idea has some merit. Also using this method I am fairly sure that I've now managed to secure all of CIYAM Open's future BTC tx's for an outlay of under 100 USD (shitty old notebooks are cheap here in China - but you should have seen the look on the salesman's face when my wife asked for the WiFi card to be *removed* because "she hates the internet"  ). |
|
|
|
BTW - I'd like to pass on a special thank you to the mods for allowing this thread to stay in Bitcoin Discussion. Bitcointalk is a pretty awesome place to be! |
|
|
|
We will not crack this challenge ass long as you have your algorithm protected!
Precisely! As the Electrum guys say "protect the seed"! |
|
|
|
I think you have to allow more time. If someone could crack my Electrum wallet seed in 24 hours I'd call it useless.
Understood - that is why I am not giving the next hint until confirmation # 200 and that next hint may not be the last one either (really I just didn't want to drag this out too long in the same way that Mike Caldwell handled his similar challenge but if you guys think that it is worthwhile then we can keep at it - understand that in the *real* version the brute force cracking is going to be a hell of a lot tougher than for this trial - and we can have a challenge for that if people are interested in let's say 50 BTC). |
|
|
|
|
Show Posts
