Shermo
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 08:42:38 AM |
|
It's not really hacking, its purely brute force thats necessary... you can improve some of the algorithm for speed but aside from that there are about 5 million combinations to try and my system is doing about 2 attempts per second that's still roughly 2500000 seconds, approx 30 days.
|
|
|
|
SurReality89
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 08:59:42 AM |
|
pretty sure there is exactly 9,765,625 (26^5) possibilities. so more like double 5mil. so the longest it would take is 56.5 days (if you were to guess in alphabetical order and the password turned out being ZzZzZ)
|
|
|
|
Shermo
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 09:07:54 AM |
|
Given the information that has been released there are exactly 5940688 combinations to try...
|
|
|
|
paybitcoin
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 85
Merit: 10
1h79nc
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 09:26:27 AM |
|
Yes, for the parameters of this contest, it is much easier/less time/cheaper to brute force it than investigate weaknesses in any of the elliptic curve math, scrypt, AES, or SHA256.
Right now I have ported BIP 38 to C and threaded it, and it is running on an Amazon EC2 instance at about 10-12 attempts / sec. I am using the standard scrypt library and jgarzik's new libccoin and a clean slate implementation of the BIP. So that's still about 12 days of CPU crunching... At the very least, there should be a (super hacked together, ugly code) version of the BIP in C!
Also, there is still only information enough to get it down to 26 ^ 5 = 11,881,376. Right? Just that the capitalization is AaAaA?
|
|
|
|
wachtwoord
Legendary
Offline
Activity: 2324
Merit: 1125
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 09:28:52 AM |
|
The first letter is N-Z
|
|
|
|
paybitcoin
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 85
Merit: 10
1h79nc
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 09:38:13 AM |
|
The first letter is N-Z
Good to know!!!
|
|
|
|
picobit
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 09:42:19 AM |
|
The first letter is N-Z
Are you just teasing us, or did casascius tell you? ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
|
|
|
|
Shermo
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 09:49:33 AM |
|
casascius said it a few pages back ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
|
|
|
|
picobit
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 09:51:04 AM |
|
Sure, he did. I am sleeping. I thought this was the new info he promised. Sorry, wachtwoord!
|
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 02:40:50 PM |
|
RoBoT (If it works, I desire a 50/50 split)
~Bruno K~
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 03:12:45 PM |
|
Maybe one of the following (got bored after the letter S sorry)?
NeRdY NiCeR NiChE NiFtY NiNjA NiMdA NoIsE NoTeD NoVeL NuKeD NuTtY OdDeR OdDlY OmEgA OuTeD OvErT PaNdA PaNiC PaRsE PaStE PaStY PaYeD PaYeR PeAlS PeEvE PeRkS PhOnY PiCkY PiNgS PiVoT PiXeL PoStS PrIcY PrOoF PrOmO QuErY QuEsT QuOtA QuOtE RaCeR RaCeS RaDiI RaDiO RaDiX RaLlY RaPiD ReIgN ReLaX ReLaY ReLiC RePaY RePlY RoGuE RoOkY RoSeS RuBlE RuLeR RuSeS SaLeS SaVeD SaVeR SaVeS ScAmS ScArY SeAlS SeEdS SeEkS SeIzE SeNsE ShAdY ShAkY ShArK ShInY ShOwN ShOwY SiGnS SkInT SlEeK SlEeP SlOwS SlYeR SmOkE SnAiL SnAkY SnArE SnOrE SoLvE SpAcE SpAcY SpOiL SpOoF StAkE StArS StArT StAsH StEaL StUdY SwEaT
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 03:17:15 PM |
|
I'll disclose the first character of the password at or shortly after 20:00 UTC.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
nevafuse
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 03:23:49 PM |
|
I'll disclose the first character of the password at or shortly after 20:00 UTC.
Don't do that. You've already given away too much information. I'm genuinely interested in how long it would take someone to realisticly crack a 5 character brainwallet generated private key. Start a new thread with less characters if you want more action. That way we can all see how long it takes for different character lengths. This is definitely a neat experiment to either strengthen or weaken people's piece of mind on using brainwallet.
|
The only reason to limit the block size is to subsidize non-Bitcoin currencies
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 03:49:19 PM |
|
I will avoid disclosing the first character if I am presented with credible evidence that someone is highly likely to crack it within the next 48 hours without the help. PM if needed. I don't want it to be a 2-week contest where everyone gives up because they're bored.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 04:01:26 PM |
|
One last crack at the 5 letter words after S:
TaKeR TaKeS TaLeS TaLkS TaRdY TaSkS TaStE TaStY TaXeD TaXeS TeAmS TeArS TeArY TeAsE TeChS TeChY TeLlS TeMpT TeNtH TeNtS TeStS TeStY ThEfT ThEiR ThEmE ThErE ThEsE ThIcK ThIeF ThInG ThOsE ThRoW ThUmB TiGeR TiGhT TiMeD TiMeR TiMiD TiNnY ToAsT ToDaY ToIlS ToKeN ToNaL ToOlS ToPiC ToRsE ToTaL ToWeL ToXiC TrApS TrAsH TrEnD TrIaL TrIcK TrIeD TrIeS TrIpE TrItE TrOlL TrOvE TrUeR TrUlY TuNeD TwEaK TwIsT UlTrA UnDeR UnDiD UnDuE UnFiT UnTiL UnZiP UrGeD UrGeR UrGeS UrInE UsAgE UsErS UsHeR UsInG UsUaL UsUrP UsUrY VaLuE VaLvE VaPoR VaUlT VeNoM ViDeO ViNeS ViNyL ViRaL ViSiT ViViD VoDkA VoIcE VoIlA VoLtS VoTeD VoTeR VoTeS VoUcH WaCkY WaGeD WaGeS WaGeR WaIvE WaNnA WaNtS WaRtS WaStE WeArY WeAvE WeEpS WeIrD WhAcK WhAmS WhEeL WhErE WhIcH WhIlE WhImS WhIsK WhOlE WiDeR WiElD WiNeS WiNkS WiReD WiTcH WiZeN WoRdS WoRdY WoRkS WoRmY WoRrY WoRsE WoRsT WoUlD WrAtH WrEaK WrEcK WrEsT WrItE WrOtE YaChT YaCkS YaKkA YaRdS YaRnS YaWnS YeArN YeLlS YeSeD YiElD YiKeS YiPeS YoUrS YoUtH ZeBrA ZeRoS ZeStY ZoMbI ZoNeD ZoNeS ZoNkS ZoOmS
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 04:10:19 PM |
|
The correct password isn't a recognizable word. It's essentially five random letters.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 04:12:07 PM |
|
So I guess the dictionary hackers should reverse their algos (i.e. do not try anything that is in a word dictionary). ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) BTW - this has been a very interesting experiment and quite a valuable lesson about the value of scrypt.
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 04:13:17 PM |
|
So I guess the dictionary hackers should reverse their algos (i.e. do not try anything that is in a word dictionary). ![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif) Or at least try all the dictionary entries last... pretty safe bet. This might give a couple percent speedup. The password isn't "maybe not a word": it's more like "totally not a word". I am pretty sure it won't accidentally appear in a dictionary. If I google the password, I get no meaningful results, just websites dedicated to listing every possible 5-character combination.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 04:17:40 PM |
|
Actually I've always wondered how good an encryption algo that I wrote years ago actually is (only went as far as verifying that no zip type software could shrink an encrypted file) and now this has given me an idea about how to test that (i.e. encrypt a Bitcoin private key with my algo and publish it for all to try).
|
|
|
|
casascius (OP)
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
December 03, 2012, 04:21:24 PM |
|
Having the output of an encryptor be poorly compressible is a common property of pretty much all encryptors, good or bad. It is not a useful indicator of strength (although the opposite is true: if the output is compressible by anything more than a token percentage point or two, due to compressibility of non-encrypted metadata or slack space in the file, it's pretty much a given that the encryption should be easy to crack, and probably isn't "encryption" in the first place).
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|