Bitcoin Forum
September 21, 2018, 07:01:25 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: BrainWallet Defcon Attack Discussion, Advice, Q&A, Brainflayer Info, etc.  (Read 10035 times)
ryanc
Member
**
Offline Offline

Activity: 103
Merit: 40


View Profile WWW
August 28, 2015, 08:31:56 PM
 #21

ryanc, I would like to see more documentation about brainflayer as there is almost none.

The initial release of brainflayer deliberately has very limited documentation to keep unskilled people from using it. I will be releasing an enhanced version (with better documentation) soon, now that it's made some news and convinced some people to stop using brainwallets.

In regards a commentary you made in your presentation on how to advert people that they have a weak address. You said that it could be thought sending a small amount to a vanity address but you could send it to a burn address like '1DontUseThisWeakBrainWa11etAf1F98T'. Here you have a python scrypt for generating them, also check the bitcoin address validation wiki entry.

This would pollute the UTXO set, and I don't think it's really any better than using multiple vanity addresses in the same transaction. I was going for subtle at the time.
1537556485
Hero Member
*
Offline Offline

Posts: 1537556485

View Profile Personal Message (Offline)

Ignore
1537556485
Reply with quote  #2

1537556485
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537556485
Hero Member
*
Offline Offline

Posts: 1537556485

View Profile Personal Message (Offline)

Ignore
1537556485
Reply with quote  #2

1537556485
Report to moderator
1537556485
Hero Member
*
Offline Offline

Posts: 1537556485

View Profile Personal Message (Offline)

Ignore
1537556485
Reply with quote  #2

1537556485
Report to moderator
1537556485
Hero Member
*
Offline Offline

Posts: 1537556485

View Profile Personal Message (Offline)

Ignore
1537556485
Reply with quote  #2

1537556485
Report to moderator
frenulum
Full Member
***
Offline Offline

Activity: 145
Merit: 100


View Profile
August 31, 2015, 11:04:05 PM
 #22

Wow. Just read about this tonight. Experimenting with Brain Wallet and found an empty wallet with 2 previous transactions.

It's true. People have no imaginations   :/

edit ... up to 4 now ..  Grin all empty though
edit.. make that 6 ...

Jan 2018 recommendations: HST, ETN, HTML, EOS
crypto_trader#43xzEXrP
Full Member
***
Offline Offline

Activity: 201
Merit: 100


View Profile
November 05, 2017, 01:15:51 AM
 #23

I have several times changed the source of https://brainwalletx.girhub.io/ for supporting a different coins,
but now I was not too lazy and took the time to write a universal brainwallet for all coins.
You can download test it here "CКAЧATЬ": http://rgho.st/8hlwbSy98
1. Unzip to the folder.
2. Drag and drop index.html -> to the tab of your browser.
3. See changes.txt

Just for you all I did add random_seed and XOR
and also I did unlock the "Secure random" button (just found it in the source code).  Grin

Maybe need to add or change anything else? Just PM me.
Elliander
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile
November 21, 2017, 07:24:58 PM
 #24

Out of curiosity, where does the vulnerability originate? Is it in the seed phrase itself, or the way it makes use of the seed phrase? This is important because I noticed that with electrum wallets it will accept any seed phrase I give it meaning that I could technically just think up my own seed phrase to use the same way I'd use a brain wallet. If the issue is with the 12 word seeds it would mean that no seed wallet is safe, but if the issue is something else I'd like to know what that is and what if anything it might mean for other wallets. 

Immortal until proven otherwise.
timisis
Member
**
Offline Offline

Activity: 157
Merit: 10


View Profile
December 12, 2017, 01:51:12 PM
 #25

I have several times changed the source of https://brainwalletx.girhub.io/ for supporting a different coins,
but now I was not too lazy and took the time to write a universal brainwallet for all coins.
You can download test it here "CКAЧATЬ": http://rgho.st/8hlwbSy98
1. Unzip to the folder.
2. Drag and drop index.html -> to the tab of your browser.
3. See changes.txt

Just for you all I did add random_seed and XOR
and also I did unlock the "Secure random" button (just found it in the source code).  Grin

Maybe need to add or change anything else? Just PM me.

Cant make up my mind if this is phishing or an honest typo, but the rating suggests phisher!

ryanc
Member
**
Offline Offline

Activity: 103
Merit: 40


View Profile WWW
March 16, 2018, 01:47:17 AM
 #26

I plan to release an update adding support for this "passphrase plus xor" brainwallet variant, so don't go using it.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!