Bitcoin Forum
November 03, 2024, 02:03:48 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 7 8 9 »  All
  Print  
Author Topic: 10 BTC 4 U 2 STEAL - Protected by a weak 5-letter password - crack & it's yours!  (Read 20198 times)
kokojie
Legendary
*
Offline Offline

Activity: 1806
Merit: 1003



View Profile
December 02, 2012, 09:45:54 PM
 #81

Found a scrypt implementation for Python written in C, so it should be pretty fast.  100 attempts in 52 sec on my Mac.  Still, that will take 44 days if I had 52 CPUs to run on.  Giving that I still have to implement all the rest of the BIP key decryption in Python (I planned to steal most of it from Armory), I doubt that I will be first to collect the price (and I don't have 52 CPUs to spare).  So I pass.  But it was fun to looking into this. Smiley


Yeah that's still pretty slow, though once casascius reveals more information, your script may be the fastest.

btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
kokojie
Legendary
*
Offline Offline

Activity: 1806
Merit: 1003



View Profile
December 02, 2012, 09:47:48 PM
 #82

scrypt sounds like a great encryption algorithm, even 5 letter passwords take so long to crack. Why isn't this in wide spread use for password encryption?

btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
December 02, 2012, 09:52:51 PM
 #83

scrypt sounds like a great encryption algorithm, even 5 letter passwords take so long to crack. Why isn't this in wide spread use for password encryption?

It wasn't analyzed so intensively like, say, SHA-256.
Evan
Hero Member
*****
Offline Offline

Activity: 507
Merit: 500



View Profile
December 02, 2012, 11:56:21 PM
 #84

Found a scrypt implementation for Python written in C, so it should be pretty fast.  100 attempts in 52 sec on my Mac.  Still, that will take 44 days if I had 52 CPUs to run on.  Giving that I still have to implement all the rest of the BIP key decryption in Python (I planned to steal most of it from Armory), I doubt that I will be first to collect the price (and I don't have 52 CPUs to spare).  So I pass.  But it was fun to looking into this. Smiley


I don't have 52 CPUS to crack with but I do have a Server with two E7-8850 so thats 40 CPUs for you.

Also if you could force this to run via a Nvidia Cuda set up  I am sure the 1536+ cores my GPU have could crack that in a few rounds

I am poor, but i do work for Coin Smiley
1PtHcavXoakgNkQfEQdvnvEksEY2NvwaLM
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 03, 2012, 12:10:01 AM
 #85

The capitalization pattern is: AaAaA

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Elxiliath
Member
**
Offline Offline

Activity: 66
Merit: 10



View Profile
December 03, 2012, 01:13:56 AM
 #86

Now to figure out what it could be.  Smiley  I love this app by the way, saves me using photoshop to manually put in all these QR codes when I generate bills.

YinCoin YangCoin ☯☯First Ever POS/POW Alternator! Multipool! ☯ ☯ http://yinyangpool.com/ 
https://bitcointalk.org/index.php?topic=623937
Bwincoin - 100% Free POS. BL5cYJHSEvjPo19GQa3z7Z3cCEbBY9iCee
Chloride
Newbie
*
Offline Offline

Activity: 26
Merit: 0



View Profile
December 03, 2012, 03:43:06 AM
 #87

I don't know if it helps anyone, but I wrote a quick java program to generate a list dictionary file (plain .txt format) of all possible passwords in the format "AaAaA".

If someone wants to try using it, I'll be happy to give it to them in return for 1 or 2 btc if you managed to crack it.
Trader Steve
Hero Member
*****
Offline Offline

Activity: 836
Merit: 1007


"How do you eat an elephant? One bit at a time..."


View Profile
December 03, 2012, 03:59:50 AM
 #88

So who is sending micro-payments to the address? Are these clues from Mike?
enquirer
Sr. Member
****
Offline Offline

Activity: 306
Merit: 257


View Profile
December 03, 2012, 04:03:45 AM
 #89

I can only tell you that Amazon Extra-Large High-CPU instances are a rip off!
Not faster than a $500 home computer.
And that password is not in a dictionary.
Chloride
Newbie
*
Offline Offline

Activity: 26
Merit: 0



View Profile
December 03, 2012, 04:12:28 AM
 #90

I can only tell you that Amazon Extra-Large High-CPU instances are a rip off!
Not faster than a $500 home computer.
And that password is not in a dictionary.

He has stated that the password is 5 letters long, in the format of "AaAaA".
I simply generated a textfile containing every combination of letters in the format, it amounts to ~90mb in a .txt file.
Not so much a dictionary as a list of all possible results.
runlinux
Hero Member
*****
Offline Offline

Activity: 566
Merit: 500



View Profile WWW
December 03, 2012, 04:20:39 AM
 #91

im getting about 2 results a second on my 4.5GHz 3960X. We'll how it fairs in the morning. for some reason, its only using 50% of the CPU... time to dig into some code Smiley

Raize
Donator
Legendary
*
Offline Offline

Activity: 1419
Merit: 1015


View Profile
December 03, 2012, 04:28:36 AM
 #92

Mike, I'm interested in more what you're doing with these paper wallets. Is the idea to let us print our own paper currency for exchange between friends and family without having to even own a client?
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 03, 2012, 06:42:21 AM
 #93

So who is sending micro-payments to the address? Are these clues from Mike?


I'm not sending the micro-payments.  Amusing though.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
HotDiggityDawg
Newbie
*
Offline Offline

Activity: 15
Merit: 0


View Profile
December 03, 2012, 06:48:20 AM
 #94

So who is sending micro-payments to the address? Are these clues from Mike?


I'm not sending the micro-payments.  Amusing though.

Well damn, and I thought I was onto something! Cheesy
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 03, 2012, 06:51:52 AM
 #95

Mike, I'm interested in more what you're doing with these paper wallets. Is the idea to let us print our own paper currency for exchange between friends and family without having to even own a client?

Yeah, that's one typical use case... there are many others, and quite honestly I expect that there will be many use cases I haven't thought of, that somebody else will.

The password aspect makes it useful for much bigger amounts.  "Here Abby, here's the 165 BTC you bought from me when they were $6 that I've been holding all this time for you.  Now there is a new way I can just give it to you as bills, just in case you'd like to spend a couple of them on the internet without having to ask me for them, since they're money after all.  There are ten BTC10 bills and thirteen BTC5's.  The password is (some phrase based on an inside joke).  Don't worry if you lose these, because as long as you don't lose the password with them, I can always bail you out for whatever you haven't spent, since I made a copy and will remember the password too."  (then shove my copy of her bills in a safe deposit box and then I can stop mentally subtracting her BTC from my own wallet balance as a liability, or worrying I'll ever lose track or ability to give her her money)

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
hardcore-fs
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile WWW
December 03, 2012, 07:05:41 AM
 #96

So who is sending micro-payments to the address? Are these clues from Mike?


I'm not sending the micro-payments.  Amusing though.

Well damn, and I thought I was onto something! Cheesy

LOL, if you dug a little deeper you would be.

BTC:1PCTzvkZUFuUF7DA6aMEVjBUUp35wN5JtF
Shermo
Sr. Member
****
Offline Offline

Activity: 272
Merit: 250



View Profile
December 03, 2012, 07:14:20 AM
 #97

My implementation is down to 30hours with the new information... do-able now Smiley
Shermo
Sr. Member
****
Offline Offline

Activity: 272
Merit: 250



View Profile
December 03, 2012, 07:27:59 AM
 #98

Crap I just realised I've been reading my time estimates wrong / outputting them not how I thought... actually, I'm at 30 DAYS not hours... bah!
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 03, 2012, 07:37:53 AM
 #99

Crap I just realised I've been reading my time estimates wrong / outputting them not how I thought... actually, I'm at 30 DAYS not hours... bah!

I anticipate offering another difficulty drop soon.  But will post a time before providing one of major value.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
December 03, 2012, 08:18:09 AM
 #100

OMG. Is there any REAL hacker?
Pages: « 1 2 3 4 [5] 6 7 8 9 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!