Bitcoin Forum
June 26, 2019, 07:17:47 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
  Home Help Search Login Register More  
  Show Posts
Pages: « 1 2 3 4 [5] 6 »
81  Bitcoin / Project Development / Re: [LIST] Compilation of Brainwallets, Paperwallets & Multisig Addresses Generators on: August 31, 2015, 05:22:52 AM
Any further suggestions?

Prominently mention that it's a really bad idea for people to come up with passphrases themselves and link to diceware. At least eight words.
82  Bitcoin / Project Development / Re: brainwallet.io on: August 31, 2015, 04:44:16 AM
It could be even more interesting to have an always updated website with the stats about the current costs of some/many configurations, so the user can choose which one he prefers.

The user should still not be coming up with a password or passphrase themselves. If they use an actually random passphrase they can ensure it has enough actual entropy to not be cracked.

Tools like brainwallet.io and warpwallet are like giving clean needles to heroin addicts. Harm reduction. Heroin (brainwallet-like tools with user-generated passwords/passphrases) is bad, but we can at least make it slightly less bad...
83  Bitcoin / Project Development / Re: brainwallet.io on: August 31, 2015, 03:59:51 AM
For those of you complaining to people linking to my slides/blog posts about brainwallets - I'm currently testing support for brainwallet.io in brainflayer. My limited benchmarking gives an estimate of about 75k passphrases guessed per dollar on Amazon EC2 spot instances.
It would be interesting to change these settings to see which are enough to get near 1 passphrase per 1 dollar Smiley (or even lower)
N=218, r=8, p=1, dkLen=32

The issue is that a legitimate user has to spend the same amount of work as the cracker per passphrase, so there is a practical limit on how much work the KDF can do. With scrypt specifically, scrypt(N=218, r=8, p=1) uses 256MiB of memory - scrypt(N=220, r=8, p=1) would be 1GiB. If you wanted scrypt to take longer than that, I'd probably suggest something like PBKDF2(iter=64, prf=scrypt(N=220, r=8, p=1)) which would take several minutes to run and is probably close to the upper bound of what anyone is willing to put up with.

You could also force some extra randomness into this by generating say, four hex digits as part of the salt and telling the user to write it down. Lose the digits and you have to brute force them - time consuming but possible. The cracker, though, doesn't have them and has to try them all in addition to whatever other salt there is... 
84  Bitcoin / Bitcoin Discussion / Re: "Why I'm releasing a brainwallet cracker at DEFCON 23" on: August 31, 2015, 01:09:51 AM
i don't mean to be harsh but honestly if the passphrase of the brain wallet was "how much wood..." the owner deserves to lose 250BTC and more.
the first thing that the brainwallet itself in the password field suggests is not to use popular phrases.
https://www.google.com/search?q=how+much+wood+could+a+woodchuck+chuck+if+a+woodchuck+could+chuck+wood

there is even a film with the same name for gods sake!
https://en.wikipedia.org/wiki/How_Much_Wood_Would_a_Woodchuck_Chuck_(film)

At the time that wallet was made, brainwallet.org had "correct horse battery staple" as the placeholder text. Nothing on the site said not to used phrases like that.
85  Bitcoin / Project Development / Re: [LIST] Compilation of Brainwallets, Paperwallets & Multisig Addresses Generators on: August 30, 2015, 05:44:17 PM
Regarding KDFs, I would score them on a logarithmic scale based on spot instance cracking cost, and severely penalize anything that doesn't include a salt. I would be very surprised if someone made ASICs to try to crack Bitcoin keys generated via brainwallet or otherwise due to very large (well over a million dollars) one time costs. GPUs are likely, FPGAs may be difficult due to memory requirements.

Helpfulness of KDFs is also a little unusual because the public key computations themselves take a bit of work. For example, PBKDF2 with 64 rounds would only double the cracking cost vs a classic brainwallet.
86  Bitcoin / Project Development / Re: brainwallet.io on: August 30, 2015, 05:40:53 PM
For those of you complaining to people linking to my slides/blog posts about brainwallets - I'm currently testing support for brainwallet.io in brainflayer. My limited benchmarking gives an estimate of about 75k passphrases guessed per dollar on Amazon EC2 spot instances.

Wow that's better than I thought it would be. Thanks for taking the time to do that. For comparison I'm curious to know the benchmark results for brainwallet.org. Could you provide that as well?  

Never mind, I saw in your presentation that the answer is 560 million passphrases per $1.

I would rephrase your benchmark statistic for brainwallet.io to say "75k passphrase-salt combinations per $1". You would spend a lot more than $1 trying to crack one passphrase because you would have to go through every possible salt.

"Better" as in you expected it to be more or less expensive? Cracking benchmarks are typically understood to imply the numbers are for a single salt, if salts are used.
87  Bitcoin / Project Development / Re: brainwallet.io on: August 30, 2015, 04:00:05 PM
For those of you complaining to people linking to my slides/blog posts about brainwallets - I'm currently testing support for brainwallet.io in brainflayer. My limited benchmarking gives an estimate of about 75k 750k passphrases guessed per dollar on Amazon EC2 spot instances.

Edit: I am bad at math.
88  Bitcoin / Project Development / Re: [LIST] Compilation of Brainwallets, Paperwallets & Multisig Addresses Generators on: August 29, 2015, 09:48:31 PM
I also think that rating based on the number of KDFs combined does not make sense. You need to take the work factors into account.
89  Bitcoin / Project Development / Re: [LIST] Compilation of Brainwallets, Paperwallets & Multisig Addresses Generators on: August 29, 2015, 09:12:19 PM
coinb.in is using the dangerously weak "classic" brainwallet algorithm. It also includes third party javascript which can do whatever it wants. Why is it rated so highly on security?
90  Bitcoin / Project Development / Re: brainwallet.io on: August 29, 2015, 08:48:46 PM
Why are you using uncompressed keys?

For compatibility.  

With what? It seems like pretty much all tools have been supporting compressed keys for quite some time.
91  Bitcoin / Project Development / Re: brainwallet.io on: August 28, 2015, 09:29:20 PM
The documentation on the website as to what algorithm brainwallet.io uses is inaccurate.

It says:

Quote
key = scrypt(passphrase, salt, N=218, r=8, p=1, dkLen=32)
keypair = generate_bitcoin_keypair(sha256(key))

It's actually:

Quote
key = hex(scrypt(passphrase, salt, N=218, r=8, p=1, dkLen=32))
keypair = generate_bitcoin_keypair(sha256(key))

Why are you using uncompressed keys?
92  Bitcoin / Project Development / Re: brainwallet.io on: August 28, 2015, 09:07:40 PM
If you're going to print it, just use BIP38 paper wallets. If you're worried about it getting lost, make multiple copies.
93  Economy / Service Discussion / Re: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. on: August 28, 2015, 08:31:56 PM
ryanc, I would like to see more documentation about brainflayer as there is almost none.

The initial release of brainflayer deliberately has very limited documentation to keep unskilled people from using it. I will be releasing an enhanced version (with better documentation) soon, now that it's made some news and convinced some people to stop using brainwallets.

In regards a commentary you made in your presentation on how to advert people that they have a weak address. You said that it could be thought sending a small amount to a vanity address but you could send it to a burn address like '1DontUseThisWeakBrainWa11etAf1F98T'. Here you have a python scrypt for generating them, also check the bitcoin address validation wiki entry.

This would pollute the UTXO set, and I don't think it's really any better than using multiple vanity addresses in the same transaction. I was going for subtle at the time.
94  Economy / Service Discussion / Re: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. on: August 10, 2015, 10:40:09 PM
If you memorize Electrum seed, it will be a brainwallet. Roll Eyes Wink

There's a couple of things people use the term "brainwallet" to mean.

1. The weak cryptocurrency private key generation scheme of SHA256(passphrase)

2. Brainwallet.org, a site implementing the SHA256(passphrase) algorithm as well as some miscellaneous tools

3. Any scheme turning a user chosen passphrase into a cryptocurrency private key

4. Any scheme where a user memorizes a generated passphrase representing a cryptocurrency private key

Brainflayer specifically targets number one in that list.

95  Economy / Service Discussion / Re: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. on: August 10, 2015, 02:08:03 PM
So who is that whitehat who has 800BTC.

btcspry said that based on a misunderstanding of some sort. What I said was that I ran a "peak balance analysis" on all the brainwallets I cracked, and the total was about 733 BTC. This does not reflect the balances they had when I found them - it's the most they ever held. I do not know how much of this was moved out by the legitimate owners and how much was stolen.
96  Economy / Service Discussion / Re: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc. on: August 10, 2015, 12:36:00 AM
I want to be absolutely clear - other than by accident (and those coins were returned within minutes) - I have not taken anyone's bitcoins. I will be following up with a blog post sharing more details of my research soon.

You could try asking btcrobinhood on reddit - they have a bot that sweeps brainwallets. I believe that their policy is to return 100% if you are able to demonstrate ownership sufficiently.

I would consider helping to recover forgotten brainwallet passphrases (using a tailored search), but I don't have a policy on this at the moment.
97  Alternate cryptocurrencies / Altcoin Discussion / Re: Namecoin - Determine Block Height from Block Hash on: May 28, 2014, 03:04:03 AM
I've written a patch that adds this and a few other properties to Namecoin's getblock RPC call.

https://github.com/namecoin/namecoin/issues/87
https://gist.github.com/ryancdotorg/5e610e9ee546beed367d
98  Bitcoin / Bitcoin Discussion / Re: Create vanity bitcoin addresses four times as fast on: November 13, 2013, 12:24:49 AM
Is there source for your version of oclvanitygen so I can build/use it on Linux?

Would be happy to help debug if there's any problems.
99  Bitcoin / Pools / Re: [50 Th/s] 50BTC.com - PPS|Stratum+Vardiff|Port 80|QIWI,Yandex,Mobile,WM... on: August 22, 2013, 07:25:00 PM
I just rebooted and now my batch file no longer gets my usb miner going. All that changed was a reboot so I am confused.



I wanted to point out that you haven't removed enough of the bitcoin address to accomplish anything. There are around 20 million addresses which have been used on the blockchain. 5 characters (excluding the leading 1) is enough to uniquely identify an address in most cases.
100  Bitcoin / Bitcoin Discussion / Re: Rare address hall of fame on: June 02, 2013, 11:52:24 PM
Ten letters, initial cap:

Address: 1BoyishnessfwHq3wSkCkJ7iafUdjhghfU
Message: ryanc has the private key for this address
Signature: HNXprtkKxbjNzUEXJk/B+8z4MbyXnVrdZ+n+ZsmIHMTWm7DywDsXR9HymjMZYnHHrhBUxVVhwNM8l12A0GBLXCU=

bitcoind verifymessage 1BoyishnessfwHq3wSkCkJ7iafUdjhghfU HNXprtkKxbjNzUEXJk/B+8z4MbyXnVrdZ+n+ZsmIHMTWm7DywDsXR9HymjMZYnHHrhBUxVVhwNM8l12A0GBLXCU= 'ryanc has the private key for this address'

In the block chain:

https://blockchain.info/tx/168c7062b66ab089842e0a98aa8955da7207fbed93930118de2e74f6394f5f68

Also, 1Methioninejxahkk89KXoTjDXX8MbQ74G is in that transaction.
Pages: « 1 2 3 4 [5] 6 »
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!