Vorksholk
Legendary
Offline
Activity: 1713
Merit: 1029
|
|
December 02, 2012, 03:27:50 AM |
|
Got so excited. False positive lol
|
|
|
|
thirdchance57
Full Member
Offline
Activity: 190
Merit: 100
★Bitvest.io★ Play Plinko or Invest!
|
|
December 02, 2012, 03:30:56 AM |
|
i wish i could crack it but i'm just a noob.
awesome work creating the bank note generator
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
December 02, 2012, 03:40:53 AM |
|
K... I think there may be a weakness!!!!, if I understand the code correctly...
HC
If you find one, please share!
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
HotDiggityDawg
Newbie
Offline
Activity: 15
Merit: 0
|
|
December 02, 2012, 03:41:20 AM |
|
I thought I cracked it, and then I realized I hit the "Generate" key on accident lmao. I'm a total noob with no hope of getting this but it's been fun trying! And obviously I'll continue trying Thanks casascius.
|
|
|
|
TTBit
Legendary
Offline
Activity: 1136
Merit: 1001
|
|
December 02, 2012, 04:36:12 AM |
|
My 6 character private keys seem secure enough
|
good judgment comes from experience, and experience comes from bad judgment
|
|
|
finkleshnorts
|
|
December 02, 2012, 04:52:03 AM |
|
hmm, where do I go to write the loops? This is my first application of programming outside school.
|
|
|
|
Elxiliath
Member
Offline
Activity: 66
Merit: 10
|
|
December 02, 2012, 05:03:44 AM |
|
You'll need to make the loop conditional on the input of the text field. But you will have to incorporate the checking functions and have the value change after a negative test and adjust the text field there after.
Try Form1.cs
|
|
|
|
|
bitfreak!
Legendary
Offline
Activity: 1536
Merit: 1000
electronic [r]evolution
|
|
December 02, 2012, 05:26:02 AM Last edit: December 02, 2012, 05:42:44 AM by bitfreak! |
|
Well assuming the password is a word in the dictionary, there are something like 10,000 words which are 5 letters long (that's a very rough guess based on the fact most dictionaries have around 200,000 words).
Some brief testing with the address utility software indicates that it takes about 3.5 seconds to decrypt the private key using my Phenom II X4 810 (also a very rough estimate using only the GUI).
Assuming my calculations so far are remotely correct, to test 10,000 pass phrases when each test takes about 3.5 seconds, will take at least 9 hours. Of course the pass should be found before trying all 10,000.
If the password is a 5 letter English word, it would probably be possible to crack the key using a list of the 5,000 most common 5 letter words or even less. However, the words should be tested in all caps also, so we're back to 10,000.
|
XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
|
|
|
Nolo
|
|
December 02, 2012, 05:33:03 AM |
|
I'd like to give it a shot, but have no experience brute forcing a key. Is there any particular program I could download to try, or is it something I would have to write myself?
|
Charlie Kelly: I'm pleading the 5th. The Attorney: I would advise you do that. Charlie Kelly: I'll take that advice under cooperation, alright? Now, let's say you and I go toe-to-toe on bird law and see who comes out the victor? The Attorney: You know, I don't think I'm going to do anything close to that and I can clearly see you know nothing about the law. 19GpqFsNGP8jS941YYZZjmCSrHwvX3QjiC
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
December 02, 2012, 05:34:17 AM |
|
I not going to do this myself, but I will submit one password guess. The first person to try it and it works, please split the bounty with me. Here is my guess: Bruno.
~Bruno K~
|
|
|
|
Nolo
|
|
December 02, 2012, 05:35:55 AM |
|
I not going to do this myself, but I will submit one password guess. The first person to try it and it works, please split the bounty with me. Here is my guess: Bruno.
~Bruno K~
Sorry no dice.
|
Charlie Kelly: I'm pleading the 5th. The Attorney: I would advise you do that. Charlie Kelly: I'll take that advice under cooperation, alright? Now, let's say you and I go toe-to-toe on bird law and see who comes out the victor? The Attorney: You know, I don't think I'm going to do anything close to that and I can clearly see you know nothing about the law. 19GpqFsNGP8jS941YYZZjmCSrHwvX3QjiC
|
|
|
Elxiliath
Member
Offline
Activity: 66
Merit: 10
|
|
December 02, 2012, 05:59:31 AM |
|
lol, nice. This is getting more interesting the more I drink. Haha. I'm sitting here trying to code in a virtual machine I installed just for this. I don't think I will guess this or get it, but it's fun and would be nice.
|
|
|
|
adamstgBit
Legendary
Offline
Activity: 1904
Merit: 1037
Trusted Bitcoiner
|
|
December 02, 2012, 06:07:01 AM |
|
well, i wasted some time on the problem can't find a C++ version of the SCrypt, so i gave up BTW the password is not "MikeC"
|
|
|
|
Elxiliath
Member
Offline
Activity: 66
Merit: 10
|
|
December 02, 2012, 06:09:51 AM |
|
The coding process is pretty straight forward, it should be easy to compile your own app with both the code or decode process and attempt it.
|
|
|
|
kokojie
Legendary
Offline
Activity: 1806
Merit: 1003
|
|
December 02, 2012, 06:10:22 AM |
|
hmm, where do I go to write the loops? This is my first application of programming outside school.
There's no point in writing the loop in C#, as someone already pointed out, using C#, it would take 36 years to crack. You have to rewrite the entire decryption algorithm, in another language, that has a fast scrypt implementation. But if you want to try, the loop should be written in btnPrivWIFToHex_Click method, which is in Form1.cs
|
btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
|
|
|
bitfreak!
Legendary
Offline
Activity: 1536
Merit: 1000
electronic [r]evolution
|
|
December 02, 2012, 06:10:56 AM |
|
Here are some good 5-letter word lists for those who want to take the dictionary approach. 8938 5-letter words: http://www.poslarchive.com/math/scrabble/lists/common-5.html5757 5-letter words: http://homepage.cs.uiowa.edu/~sriram/21/fall07/words.dat
|
XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
|
|
|
hardcore-fs
|
|
December 02, 2012, 06:17:53 AM |
|
K... I think there may be a weakness!!!!, if I understand the code correctly...
HC
If you find one, please share! Well I'd started and my F***** RAID just crashed. So I may as well share it.... if I understand it correctly....... It seems that it may have a similar weakness to the zip format.. if I'm not mistaken. public override bool DecryptWithPassphrase(string passphrase){ .....} If we look down we see: byte[] checksum = sha256.ComputeHash(utf8.GetBytes(passphrase + "?")); if (hex[2] != 0x80) { if ((checksum[0] & 0x7f) != hex[2] || (checksum[1] & 0x7e) != (hex[3] & 0x7e)) { return false; } } It seems we can recover a partial solution, because if it is NOT a partial solution the above will fail. By getting the products up-to this stage, popping them over the serial port to an fpga...... and since Bitcoin is DOUBLE sh256 We can get two engines cycling thrugh the Sha256 keys for the range AAAAA-zzzzz ( actually by splitting the space over two devices we can half the searchtime with a brute it becomes 190102016 Each time we get a 'hit' from the above, we pop it back to the computer to drop it into the code that follows the above code in "DecryptWithPassphrase" so even with a XUPV5 I can get over 500MHS through the key address space 52*52*52*52*52=380204032 0.76 seconds Unless my maths have broken down. Like I say my development env. crashed so I've nothing to test with.
|
BTC:1PCTzvkZUFuUF7DA6aMEVjBUUp35wN5JtF
|
|
|
adamstgBit
Legendary
Offline
Activity: 1904
Merit: 1037
Trusted Bitcoiner
|
|
December 02, 2012, 06:21:29 AM |
|
hmm, where do I go to write the loops? This is my first application of programming outside school.
There's no point in writing the loop in C#, as someone already pointed out, using C#, it would take 36 years to crack. You have to rewrite the entire decryption algorithm, in another language, that has a fast scrypt implementation. But if you want to try, the loop should be written in btnPrivWIFToHex_Click method, which is in Form1.cs I have a funny feeling scrypt will be slow no matter what the language The algorithm was specifically designed to make it costly to perform large scale custom hardware attacks by requiring large amounts of memory good luck
|
|
|
|
bitfreak!
Legendary
Offline
Activity: 1536
Merit: 1000
electronic [r]evolution
|
|
December 02, 2012, 06:36:30 AM |
|
I just read this: On modern hardware and with default parameters, the cost of cracking the password on a file encrypted by scrypt enc is approximately 100 billion times more than the cost of cracking the same password on a file encrypted by openssl enc; this means that a five-character password using scrypt is stronger than a ten-character password using openssl.https://www.tarsnap.com/scrypt.htmlThere's no way anyone is going to crack this via simple brute force. A dictionary attack is the only plausible option. If the password is a random jumble of lowercase and uppercase characters, I doubt anyone will crack it.
|
XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
|
|
|
|