 Show Posts
|
|
Pages: « 1 2 [3] 4 5 6 »
|
Now, please prove me wrong.
You're using math that assumes people generate their passphrases or passwords randomly. It is possible for people to do this. A small number of them do. The problem is that, as every database leak that's included hashed passwords has shown, the vast majority of people choose weak passwords. This is a problem, since brainwallets automatically leak what amounts to a hash immediately on use. So yes, I believe that most people are not capable of choosing a password or passphrase that is sufficiently strong to use as a brainwallet, and there is a mountain of evidence to support me. This is not a matter of ego. I would not feel comfortable in my ability to come up with a password or passphrase that could not be cracked without a secure random number generator. Is it really so hard to believe that I, and others like me, genuinely want to help prevent people from losing money? I am not saying "it's impossible to create a brainwallet that won't be cracked". My argument is that so many people are not able to evaluate whether their passwords or passphrases are strong enough that assisting them in creating a brainwallet is an act of gross negligence. |
|
|
|
I was asked by someone to comment here, since I wrote brainflayer and have coauthored two papers about brainwallet cracking. I am really surprised by the collective refusal of brain wallets. It all started roughly two years ago when suddenly a secret society of crypto guys started a war on brain wallets ... including popular ones like brainwallet.org that I have used thoroughly back then.
Haven't I seen you posting https://bitcointalk.org/index.php?topic=421842.0 in the past about cracking bitcoin keys? Hard to tell, since you've tried to purge your old posts, but your motivation here is highly suspect. What motivation do you think us "crypto guys" have for trying to prevent people from using brainwallets, other than to save people from themselves? This "research" paper does not say how many bitcoins they have collected as the result of cracking brain wallets.
You didn't read the paper, then. Threads on bitcoin talk where people are bragging about cracking brain wallets are listed. Hundreds of BTC have been taken. I have personally had correspondence with people who have lost over 100BTC due to forgetting their brainwallet passphrase. I spoke on the phone with someone who lost about 47k ether from a brainwallet. If someone wants to store bitcoin using a memorized secret, they should use BIP39, optionally combined with BIP32, and use spaced repetition to memorize the seed. If you absolutely insist on coming up with a passphrase yourself and storing bitcoin with it, go use WarpWallet with your email address, name, or phone number as a salt. It's several orders of magnitude more secure against cracking, and multiple independent implementations of the algorithm exist. |
|
|
|
If someone posts in this thread a different private key that also works out to 1PVwqUXrD5phy6gWrqJUrhpsPiBkTnftGg, I'll pay them 5BTC.
Now that's an incentive. I wonder if there would be a better place to announce that than here. As nrg1zer wrote here: https://bitcointalk.org/index.php?topic=1573035.msg16523769#msg16523769even if the owner of 1PVwqUXrD5phy6gWrqJUrhpsPiBkTnftGg sees (and cares about) that drain, how should he know where to look? Rico Actually, let's make that 5BTC or $3000 worth of BTC based on CoinDesk's bitcoin price index at the time of claim, whichever is more. I'm sure otherwise, someone will claim I'm assuming that me having to pay would crash the price. If blockchain.info still has the feature that allows a "public message" to be added to a transaction, that would be a good option for signaling. A message could also be encoded in a series of vanity addresses. For the fellow who figured "how much wood could a woodchuck chuck if a woodchuck could chuck wood" would make for a good brainwallet password, I was able to track him down via his transactions, but luck was a major factor in my ability to do that. This problem was actually discussed somewhat by a fellow who went by "btcrobinhood" on reddit, see here: https://github.com/btcrobinhood/bips/blob/master/bip-1337.mediawiki (note that I have no opinion on that proposal at this time). |
|
|
|
It is far more plausible that this was a "challenge" someone made, to see how long it would take to be solved
Ryan... I take that statement and put it on my stack, where it remains together with your statement, that the 1st 50bits have been searched already. Both statements will have the same weight on my stack for the time being. Rico Well, this result demonstrates that only the outputs of that puzzle transaction were searched by whoever did that, which only mildly surprises me. If someone posts in this thread a different private key that also works out to 1PVwqUXrD5phy6gWrqJUrhpsPiBkTnftGg, I'll pay them 5BTC. The explanation is either a deliberately weak key or bad generation code, and I'm saying that deliberately weak seems more likely because I can't come up with a good explanation of how bad generation code would result in that particular key. |
|
|
|
When the confirmations are through, I may or may not (should I? What are the pros/cons?) publish the PK
The A PK for the hash160 "f6cc30532dba44efe592733887f4f74c589c9602" is 000000000000000000000000000000000000000000000000000022306e3f1a72 Rico It is far more plausible that this was a "challenge" someone made, to see how long it would take to be solved - I have found many such transactions. I doubt that a weak PRNG is the cause of this key, but it being a collision with a properly generated key is so unlikely that we can safely assume that is not what happened. Even if it were, it's not really any cause for concern. Managing to crack a single key via collision by absurd luck is not going to be repeatable. A few keys I've found: 0000000000000000000000000000000000000000000000000000001432e319d1 1AXNh9qGze8s9NchczX6mUDmGdSusqTkRC
fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd035a4fe 1CFpL8KdmCe5AXYAxhhaaangzgVbHb17wQ
000000000000000000000000000000014551231950b75fc4402da1732fc9bea4 17Q8iVzus5k2Jig4enmjU4txjxR1fJHsux
1100000000000000000000000000000000000000000000000000000000002002 1AbswvNoC4kSJVquaqqPBcvMvevw9ecjPB
|
|
|
|
At the moment my only advice is: Move your funds to a P2SH address.
Rico
I don't understand why you would give that advice, given that you're aware that it is much easier (but still so hard as to be not a remotely plausible threat) to brute force a collision with a P2SH address than it is to do so for a P2PKH address. |
|
|
|
|
Overnight, I got the same email to both my butterfly labs email address and bitcointalk address.
|
|
|
|
Your consulting fee of 0.3BTC per hour seems okay to me. But are you aware of Keccak-256 on which ETH is based? I want you to help me write Python code and a C2(Command and Control Github Server) for Keccak-256 attack vectors as described in the following paper(downloadable PDF document): http://link.springer.com/chapter/10.1007/978-3-642-34047-5_25From my perspective it's a challenging task, but could prove to be financially rewarding to a Billionth degree(literally speaking) I look forward to hearing from you. The attacks described in the paper only apply to reduced round versions of keccak which aren't ever used other than for cryptanalysis. They won't work on the regular version, which has 24 rounds. |
|
|
|
IIRC, Theymos is using doublesha256 to store the password in the database so if your password is pretty decent it would be a long time before its compromised.
That would be *very* weak as a password hashing algorithm, and I doubt this is true. Simple Machines Forum seems to use salted sha1 as the default. Edit: On LeakedSource, it says very old passwords were hashed with md5 and newer ones were hashed with sha256crypt (which is salted and slow). |
|
|
|
I am also seeing this. I use a unique email address that is a long string of random alphanumeric characters - too many to guess. It was added to my bitcoin talk account February 2013. One from "BitCoin-Carrding" admin@ink-hack.su, and just now 'Eden Smizaski invited you to view the file "WorldPay_Trade_Report_-_ September 2016.zip" on Dropbox.' which is a zipfile full of nasty obfuscated javascript. |
|
|
|
These are all compressed addresses, and if you watch closer, you'll see you don't need to search the whole key-space. If you're 'hunting' these https://blockchain.info/tx/08389f34c98c606322740c0be6a7125d9860bb8d5cb182c02f98461e5fa6cd15 addresses, you can start with the lowest 'possible' inside the given key-space(it's not always the first-one), and after a found you can skip to the next one! EDIT: For example Address 48: 281474976710656 - 562949953421311 (whole bit-space) Address 49: 1000000000000000 - 1125899906842623 (just a part of the bit-space) That was accounted for in my estimate. |
|
|
|
Addresses that start with 3 are not "normal" addresses. These are p2sh addresses, they are based off of a script. They don't have an associated public key, they are based off of a script which is hashed and becomes the address. You can't really generate vanity p2sh addresses.
There's a fork of vanitygen that will generate vanity p2sh addresses using a script in the format of [OP_1 PUBKEY OP_1 OP_CHECKMULTISIG], and there are more efficient methods possible. |
|
|
|
Someone has generated an address that is all uppercase though, if that counts.
I recently generated this one: 1woukheyeacxfpxtpkxjqxureevdkbywjI have a few that are all uppercase aside from the 1 as well, though I haven't used them. |
|
|
|
|
This one's a little silly:
1MdxK1BVKBMTv8VdBTKy8Kx3BBvVvK8vyd
Contains only twelve unique characters.
Generating addresses with no repeated characters is trivially easy.
|
|
|
|
|
FWIW, my interest in this project is primarily to find various "easter egg" transactions people have made, and try to infer the cracking others have done in the past. I find it unlikely at this point that there are keys produced by broken random number generators that have not already been drained.
|
|
|
|
It doesn't matter what your clock shows. Looks like you're dreaming 24 hours a day.
Do you simply not understand the concept of geeks sinking a bunch of time into a project because they enjoy it? For example, people are still working on cracking the RC5-72 challenge even though there's little point to it now, and no possibility of making money off it. |
|
|
|
The new generator will be an evolutionary descendant of father brainflayer and mother supervanitygen. Or vice versa - I'm not sure. It'll be mostly based on supervanitygen - it has a bunch of very nice optimizations for fast incremental searching, and I've been hacking on the code for other projects. |
|
|
|
This thread of rare addresses is rare itself. Nice one!
But please let me ask, how do you make custom addresses? I wanna try to join the fun too. Thanks.
I'm using custom software to generate mine, but in general, check out vanitygen. Depending on what you want, it may take a long time. |
|
|
|
|
