Brute-forceable puzzle - free crypto for whoever manages to crack it [SOLVED]

[f3tus]

Well if someone is not capable of filling out 2 textboxes in a UI (one with the words and the other with the passphrase used) then they also won't be able to use any other method such as your shift cipher which requires the same 2 inputs (mnemonic and a date)!

And risk using these online encryption/decryption services who may save the results and steal funds as well? With my method you can do it by hand, you don't need any script.

[NotATether]

So, what was the method used to solve the puzzle?

[f3tus]

You didn't get it.

First, you could just write that down.
"Dear mother, decrypt the following thing by pasting it into the software called XXX on my PC: ..."

Second, that is not what i wrote.

Your secret data you have used for the shift cipher were some dates.
You could use exactly these dates (the secret information) as a key in an AES cipher. That would be already way more secure than your approach since it wouldn't leak anything about the plaintext at all.
And when decrypting, that is exactly the same effort (Taking secret info X and doing Y).

I think it's you who didn't get it... With my method you don't have to rely on any external software or use online services (and risk theft) to decrypt anything, you can do it by hand. And with my method you can simply write down 12-24 BIP-39 words, not random gibberish 100-300 characters. The point is to write them down on a piece of paper, not store them on a computer in crypto.txt that my mother has access to and can simply copy-paste it. That's just extra risk right there.

[f3tus]

So, what was the method used to solve the puzzle?

Waiting for a write-up from the guy who solved it.

[bob123]

And risk using these online encryption/decryption services who may save the results and steal funds as well? With my method you can do it by hand, you don't need any script.

Who said anything about online services?

You do trust your Operating System, right? Then just use the built-in tools. As easy as that.

I think it's you who didn't get it... With my method you don't have to rely on any external software or use online services (and risk theft) to decrypt anything, you can do it by hand. And with my method you can simply write down 12-24 BIP-39 words, not random gibberish 100-300 characters. The point is to write them down on a piece of paper, not store them on a computer in crypto.txt that my mother has access to and can simply copy-paste it. That's just extra risk right there.

You don't need any external software. You can just use your OS.
And you also don't need 100-300 gibberish character, it seems you still didn't get it. Just read my last 2 posts again. You can use the same secret which in your case are a few dates. No additional characters.
The difference is that you don't use a worthless and non-secure mechanisms which leaks the plaintext (your mnemonic code), but a secure algorithm which is used all over the internet to secure messages.

If you don't trust AES, why don't you just use your stupid and insecure shift cipher to communicate with websites instead of TLS?

You have been warned. What you are doing is bad and insecure. And that is not an opinion, but a fact.
You gain almost zero usability but lose tons of security.

I understand that people who don't understand anything at all regarding security and cryptography believe to be able to create a secure mechanisms. Simply because they don't know better.
But the truth is, they can't. Believe it or not. We don't care whether you lose your money. The important part is that everyone else reading this knows that your mechanisms is insecure.

[f3tus]

Who said anything about online services?

You do trust your Operating System, right? Then just use the built-in tools. As easy as that.

Ok, encrypt

Code:

bacon bitter goddess sheriff differ kit sock stomach rhythm skill trade drastic

with password "bla" on Windows 10 without downloading external tools, and then also decrypt it. Let me see the how-to so even my mom can understand.

And you also don't need 100-300 gibberish character, it seems you still didn't get it. Just read my last 2 posts again. You can use the same secret which in your case are a few dates. No additional characters.

You still don't get it. AES encrypting the seed words will produce 100-300 gibberish characters that you need to write down on a piece of paper, case-sensitive. Saving them in crypto.txt on my mother's computer is a bigger security risk, even though the encryption is better.

[bob123]

Ok, encrypt

Code:

bacon bitter goddess sheriff differ kit sock stomach rhythm skill trade drastic

with password "bla" on Windows 10 without downloading external tools, and then also decrypt it. Let me see the how-to so even my mom can understand.

To be honestly, i couldn't care less about your approach and whether your mom will understand anything.

My only concern here is that others might believe this is a gOoD iDeA. That's the only reason i am commenting here. I absolutely don't care about you and your BTC.

You still don't get it. AES encrypting the seed words will produce 100-300 gibberish characters [...]

AES is a Block Cipher which works on 16 bytes blocks.
Assuming a 12 word mnemonic code, that's 132 bit (=16.5 byte) which results in a 32 byte output. If you want to store the IV together with the cipher text, that would be another 16 byte resulting in 48 byte in total.
That's nowhere close to "100-300 gibberish characters".

A 24 word mnemonic would result in 16 more bytes (a total of 64 bytes).

Now, instead of trying to call other people out on "not getting it" where "it" equals your shitty approach every sane person in the crypto scene wouldn't even touch with a stick, learn the fundamentals. Only then, we can start talking about encryption schemes and security in general.

[f3tus]

To be honestly, i couldn't care less about your approach and whether your mom will understand anything.

My only concern here is that others might believe this is a gOoD iDeA. That's the only reason i am commenting here. I absolutely don't care about you and your BTC.

So when you realize you're talking bullshit and making things up on the fly "jUsT uSe yOuR oS tO eNcRyPt tHe SeEd WoRdS" you just resort to petty remarks and say how you couldn't care less. Hurr durr. Just be honest and admit you're talking out of your ass.

AES is a Block Cipher which works on 16 bytes blocks.
Assuming a 12 word mnemonic code, that's 132 bit (=16.5 byte) which results in a 32 byte output. If you want to store the IV together with the cipher text, that would be another 16 byte resulting in 48 byte in total.
That's nowhere close to "100-300 gibberish characters".

A 24 word mnemonic would result in 16 more bytes (a total of 64 bytes).

Go to https://aesencryption.net/ (something my or your mom would find on the internet), input the seed words, encrypt, count the number of characters.

Now, instead of trying to call other people out on "not getting it" where "it" equals your shitty approach every sane person in the crypto scene wouldn't even touch with a stick, learn the fundamentals. Only then, we can start talking about encryption schemes and security in general.

But you actually still don't get it because you have your head so far up your rear end and you're entirely missing the point: the point is to write down the seed words on a piece of paper and also allow family members to easily access your wallet if anything happens to you. You can either write it down in plain-text, which is not a good idea because any thief finding the paper can steal your funds, or, encrypt the seed words in some way to prevent that from happening.

Your pRoPosEd method either involves a) external/online software to do, b) storing it digitally in a file for easier copy-paste into said external software, or c) writing down 100-300 random hard-to-read Base64 characters on a piece of paper, case-sensitive, and hoping for no human error when typing it into said external software (and on paper!). My method doesn't involve external software, you can encrypt/decrypt by hand, you can write it down in easy human-readable words, it can provide plausible deniability and yes, security through obscurity (you wouldn't know whether the seed words I wrote down are encrypted (or how), mistyped, or (as long as the last word is a valid checksum) if I send a small amount of decoy crypto to that wallet, that's all you'd think there is).

A wrench attack is the only thing my method is really vulnerable to, because it's obviously crypto seed words the paper holds (hence I also made this easy way to obfuscate the seed words by mapping them to their Traditional Chinese BIP-39 Unicode counterparts: https://github.com/mifunetoshiro/bip39_obfuscator), whereas AES encrypted gibberish gives you greater protection in this regard. A trade-off for easier and more human-friendly storing and recovering of crypto (the very reason why BIP-39 got made, lol.

And in any case, the only reason somebody was able to crack this puzzle was because I gave out the exact encryption algorithm and numerous hints to make it intentionally easier. If I just came here and said "crack this, it's encrypted, good luck lol", absolutely nobody would be able to do it, because the possibilities I could have used to encrypt it are endless. It'd be the same as trying to brute-force Satoshi's private keys.

[f3tus]

Why don't you just use BIP 39 passphrase, then save the seed words on crypto.txt without the passphrase itself?

Most wallets do not offer that possibility, they generate a 12, 15, 24 word wallet for you. Of course using TREZOR/Ledger with a passphrase is safer, but you could even use that AND date-shift encrypt it for EXTRA security.

[bob123]

Go to https://aesencryption.net/ (something my or your mom would find on the internet), input the seed words, encrypt, count the number of characters.

I don't to visit any website. I know how AES works behind the scenes. I don't care what a random website outputs on an arbitrary input.

Your pRoPosEd method either involves a) external/online software to do

No, it doesn't. Check openssl for example. It comes with literally every linux distro out there.

b) storing it digitally in a file for easier copy-paste into said external software

Not true.

or c) writing down 100-300 random hard-to-read Base64 characters on a piece of paper, case-sensitive, and hoping for no human error when typing it into said external software (and on paper!).

As shown in my previous post, a 12 word mnemonic results in 48 byte which can be easily represented by 48 characters.

My method [...] and yes, security through obscurity [...]

That is one reason why it is bad.
Another one is that it leaks bits of the plain text.

Any of these 2 reasons is enough to deem that as a bad design.

A wrench attack is the only thing my method is really vulnerable to

It's not.
Simply cryptanalysis and even bruteforcing is enough to break your "scheme".


It might work for you, you can feel safe as much as you want.
Trust me, no one here cares about you and your coins.

Just stop pretending your "mechanism" is good. It is not even close to being acceptable.

[f3tus]

I don't to visit any website. I know how AES works behind the scenes. I don't care what a random website outputs on an arbitrary input.

LOL.

No, it doesn't. Check openssl for example. It comes with literally every linux distro out there.

Yes it does. Windows does not come with it, so you have to download it or similar software. Stop pretending only Linux exists and that everyone uses or knows how to use Linux.

As shown in my previous post, a 12 word mnemonic results in 48 byte which can be easily represented by 48 characters.

openssl enc -k blabla -aes256 -base64 -e -in seedwords.txt -out encrypted_seedwords.txt:

U2FsdGVkX1/boCM0jlccYHbJiy9dEc0fko5UiDWHTIY/au62xL802na5+2osDm7I
3VZ9JuwDob0mK3lT5ygY1ypkm0/Hp+1fsor3kWtzK/E0AE6Bd50n7YFYlvGmnQp4

128 characters. Now just let me explain to my mother how to make a bootable Linux distro and run the above openssl command in reverse, noting to remember to use aes256 and not aes192, aes128, etc. Easy.

That is one reason why it is bad.
Another one is that it leaks bits of the plain text.

Any of these 2 reasons is enough to deem that as a bad design.

So BIP-39 is a stupid and bad idea, saving the wallet's key in an easy and human readable format?

It's not.
Simply cryptanalysis and even bruteforcing is enough to break your "scheme".

Yes, after I provided the exact algorithm and hints to make it crackable. Once again:

If I just came here and said "crack this, it's encrypted, good luck lol", absolutely nobody would be able to do it, because the possibilities I could have used to encrypt it are endless. It'd be the same as trying to brute-force Satoshi's private keys.

Just stop pretending your "mechanism" is good. It is not even close to being acceptable.

Still not getting it and missing the point. Your alternative is to write down 100-300 random characters on a piece of paper (have fun with that) and then require your family to be above-average computer literate to be able to decrypt it. This is exactly why BIP-39 was made, to avoid having to do that, and to write down your wallet's key in an easy and human-readable format. But yes, a better and cryptographically secure (which mine isn't, and I never claimed it was) way would be if there was an accepted standard to convert AES encrypted text into BIP-39 words and write it down that way. But even this way would require extra computer knowledge to decrypt, not something your Average Joe would know how to do. Again, mine is simpler and can be done by hand. A trade-off for simplicity.

[bob123]

That is one reason why it is bad.
Another one is that it leaks bits of the plain text.

Any of these 2 reasons is enough to deem that as a bad design.

So BIP-39 is a stupid and bad idea, saving the wallet's key in an easy and human readable format?

BIP39 is neither security by obscurity nor does it leak plaintext bits.

Still not getting it and missing the point. Your alternative is to write down 100-300 random characters on a piece of paper (have fun with that) and then require your family to be above-average computer literate to be able to decrypt it.

These are neither 100-300 chars, nor is it too difficult for an average person to decrypt it using a 3-5 step instruction.

It doesn't make any sense to create a shitty and insecure shift-cipher (which has to be taught how to use) instead for example just a BIP39 passphrase. Most proper wallets can handle this.
That would be way more easy to use than either AES or your shift shit cipher.

In the end it comes down to two pieces which have to be stored: the secret and the (encrypted) data.
Whether this is your plaintext-leaking-mnemonic [data] with the instruction and dates [the secret] or simply the securely (non-leaking) BIP39 passphrase protected mnemonic [data] and the passphrase [the secret] doesn't matter. The difference is, one is secure while the other one isn't.
I'd even argue that the passphrase protected mnemonic is easier to handle for non-techy people than your garbage.

[f3tus]

BIP39 is neither security by obscurity nor does it leak plaintext bits.

It's an easy way to store your wallet's seed; it doesn't leak anything because it is "the leak". I employ this same simple and easy way to store the seed words, not random 100-300 character Base64 encrypted gibberish. You still don't get it.

These are neither 100-300 chars

Yes they are, 128 in the example above by AES256 encrypting 12 mnemonic words with the password "blabla". Are you blind or intentionally obtuse?

It doesn't make any sense to create a shitty and insecure shift-cipher (which has to be taught how to use) instead for example just a BIP39 passphrase. Most proper wallets can handle this.

Most wallets generate your 12-24 seed words for you, without the possibility of using a passphrase, so no. This is meant for those cases. So you've got 3 options: 1. write the seed words as is; 2. write them cryptographically securely encrypted as 100-300 character gibberish; 3. write them down not cryptographically securely encrypted but in easy human-readable BIP-39 words that are still realistically impossible to crack without knowing the method used, which still gives you plenty of time to recover your funds in case of theft. Do you get it now? (well there is the 4th option of buying a TREZOR/Ledger and moving all the funds there)

[f3tus]

Anyway, here's the write-up from the guy who cracked it and his code:

https://www.reddit.com/r/CryptoCurrency/comments/p2jkh3/how_i_solved_utoshiromiballzas_puzzle_in_just/
https://github.com/willhblackburn/brute-force-seedshift-puzzle-pub

The dates used to encrypt the seed words were:
1956-05-04
2014-08-28
(Hal Finney's birth & death)

Encrypted:

Code:

bacon bitter goddess sheriff differ kit sock stomach rhythm skill trade drastic

Original:

Code:

broom bike glove six devote jazz sunset stereo reunion solid toss disagree

Ethereum address: 0x9F316FAe2Bdb7cb6aa31B1776F0fe9041eFc2516

[f3tus]

IMO 7 days is quite short since he use free (?) API and single-thread software.

Because I gave out hints it's only 2 dates and in 1900-2021 range, to make it easy.

[NotATether]

IMO 7 days is quite short since he use free (?) API and single-thread software.

Because I gave out hints it's only 2 dates and in 1900-2021 range, to make it easy.

I'm kinda surprised the Etherscan API wasn't rate limiting him. From my experience with APIs, most of them autoban your IP address if you hit them too many times. Sure, they throttle you to a few requests per minute at any rate. That was my original deterrence from making a Blockchair API calling script that running overnight.

The bitcoins still haven't been found yet, apparently, only the ethereum.

[bob123]

I already read the part where you gave those hint, but i still think it's quite short.

This indeed was way too easy.

If the probability of winning is larger than negligible (smaller than the inverse of any polynomial function), it is not cryptographically secure and therefore is a bad encryptio scheme.
So, even if this mechanisms wouldn't leak plaintext bits (which it does) and if it wouldn't be purely based on security through obscurity (which it does), it still would be a worthless scheme.

[f3tus]

This indeed was way too easy.

Because I made it easy enough to be cracked, hence the puzzle.

So, even [...] if it wouldn't be purely based on security through obscurity (which it does), it still would be a worthless scheme.

It's not. It's not cryptographically secure, but it's still quite secure, depending on how you use it:

With 2 dates in 1900-2021 range there are about 1 billion possibilities. With 3 dates it's 14 trillion, with 4 dates it's 158 quadrillion. Good luck cracking that.