 Show Posts
|
|
Pages: « 1 2 3 [4] 5 6 »
|
Note: These keys can be obtained for free as a promotion, however they need a business email (Something that's not gmail, hotmail, etc. I claimed another using my own domain, mailcrypt.xyz.)
I was able to find the page for this promotion, however I was not able to get a code from it. Bought one because I didn't want to spend any more time messing with it, code applied to my account without a problem. |
|
|
|
By the way, how did you do this?  I've written some custom vanity address generation software with routines specifically designed for finding these kinds of addresses. It's a lot faster than using vanitygen with a regex. I'm hoping to get an address that's all lowercase except for the leading 1 soon. |
|
|
|
|
Tied the digit prefix record.
-----BEGIN BITCOIN SIGNED MESSAGE-----
2016-09-01 controlled by ryanc
-----BEGIN SIGNATURE-----
16675584453962371ghSQbLay9h4MNbRvd
Hz+3a2c/o11nhDURCJCjMbyV03mUyypLpasAjx+cwyr0CTEpmzQtCJfWcqvl4sCppEy8toU+y1yPJ/pLTvYmseE=
-----END BITCOIN SIGNED MESSAGE-----
Also, tied my own lowercase prefix record.
-----BEGIN BITCOIN SIGNED MESSAGE-----
2016-09-01 controlled by ryanc
-----BEGIN SIGNATURE-----
1rknndvxvbnqrembxndnpakqzguycaoaC
H3kxFcsUxHy3QTXYBEZYjt3Fh99gwb4cf5UzU7QE8TTvC+zg8RSOpQlfbS+BdtJQoE4H4ktZyLZHhWzRwwbo7po=
-----END BITCOIN SIGNED MESSAGE-----
|
|
|
|
Do you really think a shift vs. an increment is that much of a difference?
I'd bet, that a more efficient SHA256 and/or RIPEMD160 implementation makes tons of CPU cycles difference and the shift/increment is negligible compared to that.
I was told that doubling is more efficient than incrementing by gmaxwell, and I am planning on testing that with libsecp256k1 for one of my other projects soon (maybe this weekend?). You can speed up ripemd160 a little by using fixed padding for a 256 bit input. I am not aware of a good x86_64 assembly implementation of ripemd160, but this could probably speed things up a little more. Profiling the code might be worth while. |
|
|
|
It actually does exactly what we do: It simply chooses a private key and then increments it. IIRC the docs vanitigen 1 million times, oclvanitygen 100 million times.
Hmm. Looks like you're right, though it does a batch conversion of point format. I should try to add that optimization to brainflayer. Doubling the key rather than incrementing it should still be faster, though. |
|
|
|
|
Oh, also, while I'm commenting about this, I'll mention that if you want to do a massive private key search, you may also want to search for transaction nonces as well. I think that should at least triple your chances of finding something, though the odds are still absurdly small.
|
|
|
|
|
New record for longest lowercase prefix - 31 characters: 1npotwxjsykccxuzwooaouttbkvbyiyvX
bitcoin-cli verifymessage 1npotwxjsykccxuzwooaouttbkvbyiyvX H33jU5nqVP61+9y1ZCGUYwdKWIAru16rD+JwOpfEJxkSGlPK0jlCU3kP5cvwLXH7AVfKd3yP9nOrHFZz8RyzALs= '2016-08-29 controlled by ryanc'
|
|
|
|
Your README makes no indication of source being available, and I didn't want to download the whole archive to look. I'm not aware of the person who did the 2^50 search having published any results, I've just inferred it was done. I've got a blog post about that in progress to be posted soon. My code's up at https://rya.nc/brainflayer, and I think you could use it as-is with a wrapper script. It includes the ability to do search existing addresses for matches. I think I get around 550k/sec on my i7-2600 running on all cores. I always simply include all addresses seen on the blockchain regardless of whether they've got a balance. A friend and I did a talk at a conference last month which briefly mentions sequential search: https://vimeo.com/177318833. Vanitygen uses some techniques to generate addresses without computing individual private keys, and is similar to a randomly ordered search. I could probably hack something together that does that style of search against a large list of addresses, though I think it would be a waste of energy to run that. |
|
|
|
1Boyishness wouldn't really count as it has a capital at its beginning.
I personally consider "not mixed case" to encompass initial capital, all uppercase, and all lowercase, though lowercase is a lot harder to find. Also, got another one of these last night: bitcoin-cli verifymessage 1BVLECVKSEPVDQLSQVGFJEJRHUNADZSRJQ H3+DqnuLirWa6MzFc+B1XbDYpi4zWfs43esoLzuyuv/URzpno82r8dJtrUkacziEVjbyirni8JiG8SXI4EZ6nQU= 'controlled by ryanc' |
|
|
|
|
FYI, someone already did a search of the addresses of the first 2^50 private keys.
Do you have source code for your tool? Some people don't like running random binaries, and I've already released code that's a lot faster than the speeds you're reporting for doing sequential address searching.
|
|
|
|
@LoyceV i want to request a prefix vanity address to you. But i can't see your giveaway thread. Btw can you make me a prefix for my name. Im willing to pay you because this is 6 letter prefix. Thanks. Send me PM if you read this.
@Kolder I'd be happy to do one for you, PM me what you want and a public key. Capitol O and lower case L aren't valid in bitcoin addresses, so you'd need to choose 1KOlDER 1KoLDER or 1KoLder, or be okay with mixed case. |
|
|
|
So, I found this transaction: https://blockchain.info/tx/f9ae08bebf14e1f2244a69ac00a7e120232203434777949c20223f4728f56c76There's a 33 character all-uppercase-except-the-leading-one address in there, but I have no idea who owns it. It's spent from there, so it's legit. Also three other 34 character all-uppercase-except-the-leading-one addresses. I've generated one of these of my own, with some custom software that's quite a bit faster than vanitygen: bitcoin-cli verifymessage 1JUSKLPYCNLCTSBVHUNENXBBZWGPXUSUXY HzoAya5Ggj9PfyIDt8jmstYssl+Iae1hXZiI9oj0DzFHAtXFqsRFzWBVzJkVoGXBh9CNEulEXuTEUgJAUzAecTE= 'controlled by ryanc'Expect something fun in the next few weeks. :-) I'm also wondering why my 1Boyishness address got removed. AFAIK, it's still the longest word prefix that's not mixed case. |
|
|
|
This "report" is riddled with grammar errors typical of a non-native English speaker. Someone posted it on reddit from a new account and made new accounts to comment in support. Note that poster's account is very new. I wish it were true, since I have a few hundred dollars worth of namecoin, but this just looks like a really bad attempt to pump-and-dump. $ pdfinfo jpm.pdf
Title: Présentation PowerPoint
Author: michaël le rossignol
Creator: Microsoft® PowerPoint® 2010
Producer: Microsoft® PowerPoint® 2010
CreationDate: Sat Oct 10 18:09:48 2015
ModDate: Sat Oct 10 18:09:48 2015
Tagged: yes
Pages: 2
Encrypted: no
Page size: 540 x 720 pts
File size: 265027 bytes
Optimized: no
PDF version: 1.5
|
|
|
|
Wow, the construction that uses is convoluted. Also, a challenge is mentioned - it was spent after about 10 days. Edit: Ah, I see why it got taken so fast. This algorithm is very GPU friendly - computing the meaty part of it can be done in parallel with up to GPU 16384 cores with 8MiB of memory each, and the first and last pass can go up to 64 cores with 2MiB memory each. |
|
|
|
I could tell you which salt I'm using, but the fact is that it still wouldn't matter. The point of the bounty is to get people to think about the sheer magnitude of attempts that would be required to brute force it.
Not really possible to estimate that until we see what the salt was. To give you an idea, if I had used just two words out of the dictionary, there would be 29,404,018,576 different combinations to go through.
Very few people pick two random words out of the entire 171,476 word dictionary. An adult native English speaker with average vocabulary probably knows only 10% of those words. If they actually picked them at random (with dice or a computerized random number generator) as you suggest, out of 100 times (on average), in 81 instance they would not know either word, in 18 instance they would only know one word, and only in one instance would they know both. Tools for picking random words tend to have a list of only around 2,000 words, with the exception of diceware which has nearly 8,000 but is often criticized for having too many obscure words. Crackers know this, and they will optimize by trying more likely (less complicated) things first. Of course, it's still possible for it to be cracked, but you would have to be willing to spend an unreasonable amount of money, have a massive amount of CPU power available to you, or be incredibly lucky.
Probably true, see my previous comment. To some people, it's obvious that this is impractical, and they think it's pointless. To some people, they think it's a malicious way to trick people into wasting their time and money attempting to brute force it. And to some people it's a learning experience, allowing them to understand the purpose and effect of having multiple salt options to chose from. The latter is what I'm after.
The thing is, if your tool became popular, it'd be unlikely for any particular person's wallet to be drained by thieves. What a thief will do is pre-build tables of salt and password/passphrase combinations and watch the network for transactions to the matching addresses. If they suspect someone in particular of having used brainwallet.io (which is different from classic brainwallets which are egregiously insecure - brainwallet.io is only kinda risky in comparsion) they'll gather as much information as they can about that person and spend some time running a targeted attack based on what they know about them. If you choose to use this tool, and do not generate a passphrase randomly, you are gambling against unknown odds. There will be an unknown number of attackers with an unknown amount of computing power at their disposal, and they'd love to take your money. |
|
|
|
For the value of the prize, one should be able to make about eight to nine million guesses (~23 bits) using a bunch of spot instances. If I want to use all the CPU on my computers at home for the rest of the month I can probably manage about a hundred million guesses (~27 bits) for about $50 worth of electricity (my marginal cost of electricity is about $0.35/kWh  ). I am not going to attempt this challenge - seems like a waste of electricity/money. If you want people play, increase the bounty substantially and/or offer more information about the salt. |
|
|
|
it seems the best way to create a nxt brain wallet is by using a combination of data only you know. say phone numbers, addresses, and chinese/japanese characters. Then mix it up with your own password. good luck trying to guess that and no way in hell would you forget it nor the need to write it down. right now nxt has the ability to host bitcoin addresses via the multigateway, in effect giving nxt the ability to host your other coins with just one passphrase. www.jnxt.org/nxt -- login with account to test it out: NXT-MRCC-2YLS-8M54-3CMAJYeah indeed, it's also best to use some words that can't be found in dictionaries and add special characters in front of and in between words. Plus you'd need to use a passphrase of at least 64 characters. ...just use diceware - you'll probably screw up picking one with meat. Some of the brainwallets I cracked were in chinese and russian. If I am reading that whitepaper right, NXT is actually weaker than normal brainwallets because curve25519 is substantially faster than secp256k1 for public key generation. Passphrase length does not matter. Passphrase language does not matter. All that matters is predictability. There is no way to measure the predictability of human-generated passphrases, but we can measure the predictability of random passphrases. So use random passphrases. |
|
|
|
Thanks for putting this together. It's nice to see brainwallet.io on the list!
I'm surprised to see bitaddress.org ranked so low. Is theirs not considered true random?
It is random (using SJCL). It's penalized for offering classic brainwallet. I'm not sure how much the scoring methodology makes sense. |
|
|
|
For example are signatures of signed transactions RFC 6979 complient? Is TOR supported? Are stealth addresses supported? Is bip32 and HD supported? Is op_return working and can that be combined with multisig? are multiple networks accepted? Is the site compatable with other leading sites? Can the site be downloaded and fully run offline, whilst still being able to create and create and sign transactions. Can you create and sign a transaction with the other sites listed or is it purely for address generation? I could go on and on and on.
These are all excellent points. |
|
|
|
coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?
You realise that bitaddress.org also uses the same brain wallet algorithm as coinb.in, so I'm not sure why its been singled out. bitaddress.org should also remove the brainwallet option, but it does at least require a minimum of 15 characters and warns about cracking/theft. That being said, the next version will allow the user to select a bunch of different algorithms.
This is possibly an unpopular opinion, but offering a bunch of security choices that most people don't really understand isn't actually a good thing. What I would suggest is using WarpWallet's scheme with the salt *required* and a strong recommendation that a random passphrase be used (provide a generator). You could also provide a "classic brainwallet" option with a warning that makes it clear that it's very weak and should only be used to sweep old brainwallets. Also what third party JavaScript? Google analytics? If that actually puts you and others off I'll remove it.
*edit*: removed analytics.
Yes, I was talking about Google Analytics. If I were a bad person and could get one SSL certificate for any site of my choosing, it would be Google Analytics - it's a super high value target because of how widely used it is. Cloudflare is also a tremendously high value target, but I doubt arguing against it would get very far. |
|
|
|
|
