Bitcoin Forum
November 03, 2024, 03:56:14 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 [7] 8 9 »  All
  Print  
Author Topic: 10 BTC 4 U 2 STEAL - Protected by a weak 5-letter password - crack & it's yours!  (Read 20198 times)
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
December 03, 2012, 04:28:19 PM
Last edit: December 03, 2012, 05:04:54 PM by CIYAM Pty. Ltd.
 #121

Point well taken - so let's say I wanted to do this (if this is getting too OT I'll leave it at this) - how much BTC would motivate someone to crack it if I

(a) just put an encrypted private key with no source code for the encryption
(b) pasted the encrypted private key along with the encryption source code

Would probably consider a private key that has around 100 BTC balance if there are any takers (for option (a) and maybe at least 10 BTC for option (b)).

Huh

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
scribe
Sr. Member
****
Offline Offline

Activity: 295
Merit: 250



View Profile WWW
December 03, 2012, 04:40:30 PM
 #122

So I guess the dictionary hackers should reverse their algos (i.e. do not try anything that is in a word dictionary).

Smiley


Or at least try all the dictionary entries last... pretty safe bet.  This might give a couple percent speedup.  The password isn't "maybe not a word": it's more like "totally not a word".  I am pretty sure it won't accidentally appear in a dictionary.

If I google the password, I get no meaningful results, just websites dedicated to listing every possible 5-character combination.

So all we need to do is hack your google account and check the search history? Sounds easier, anyway...

Also for reference, it's not "VfHkP".

Also less likely to be a string based on keyboard layout (such as ZaQwE. Which it's not.).


blocknois.es Bitcoin music label. ~ New release: This Is Art

Read: Bitcoin Life | Wear: FUTUREECONOMY
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
December 03, 2012, 05:03:54 PM
 #123

So how are people automatically checking password combinations?  2 results per second and whatnot?  Have you each written/modified code on your own for this?
runlinux
Hero Member
*****
Offline Offline

Activity: 566
Merit: 500



View Profile WWW
December 03, 2012, 05:11:02 PM
 #124

I modified the code with 5 nested loops.

I place the current combo in the text box, then have it check the value. On the chance it comes back a match, I exit the loops and continue on with the code to display the private / public key.

Shermo
Sr. Member
****
Offline Offline

Activity: 272
Merit: 250



View Profile
December 03, 2012, 05:27:01 PM
 #125

I just wrote a little console application that makes use of the classes, easier to debug that way no faffing with all the other code. Added a few statistics and output every 100 combinations so I have an idea of how its doing... its still too slow to consider actually running though.
wachtwoord
Legendary
*
Offline Offline

Activity: 2338
Merit: 1136


View Profile
December 03, 2012, 05:28:54 PM
 #126

I'll disclose the first character of the password at or shortly after 20:00 UTC.

Don't do that.  You've already given away too much information.  I'm genuinely interested in how long it would take someone to realisticly crack a 5 character brainwallet generated private key.  Start a new thread with less characters if you want more action.  That way we can all see how long it takes for different character lengths.  This is definitely a neat experiment to either strengthen or weaken people's piece of mind on using brainwallet.

Even with that info it will take my computer a fortnight to try all possibilities Smiley
wtfvanity
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


WTF???


View Profile
December 03, 2012, 05:47:41 PM
 #127

Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC

          WTF!     Don't Click Here              
          .      .            .            .        .            .            .          .        .     .               .            .             .            .            .           .            .     .               .         .              .           .            .            .            .     .      .     .    .     .          .            .          .            .            .           .              .     .            .            .           .            .               .         .            .     .            .            .             .            .              .            .            .      .            .            .            .            .            .            .             .          .
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
December 03, 2012, 06:17:07 PM
 #128

Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
If you give me the code, I'll run it and share half the prize with you if I find it.
andrew12
Member
**
Offline Offline

Activity: 67
Merit: 10


View Profile
December 03, 2012, 06:38:31 PM
 #129

If you give me the code, I'll run it and share half the prize with you if I find it.

Why should he believe you? What if I said that if I was given the code, and I found it, I'd give him 2/3 of the prize? Why should he believe me?
wtfvanity
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


WTF???


View Profile
December 03, 2012, 06:43:40 PM
 #130

What if I compile the exe and have it email me the result and I split it with you? Smiley

          WTF!     Don't Click Here              
          .      .            .            .        .            .            .          .        .     .               .            .             .            .            .           .            .     .               .         .              .           .            .            .            .     .      .     .    .     .          .            .          .            .            .           .              .     .            .            .           .            .               .         .            .     .            .            .             .            .              .            .            .      .            .            .            .            .            .            .             .          .
pc
Sr. Member
****
Offline Offline

Activity: 253
Merit: 250


View Profile
December 03, 2012, 06:47:10 PM
 #131

I have been wondering if there's some way to pool this in a verifiable manner, where work gets sent out kind of like a mining pool, and something like I assume P2Pool does where everybody's verifying that the payment transaction they're working on is "fair" and sending the reward to those participating. I'm not sure how it'd be possible to let somebody know when they'd decrypted the key without them having the key to be able to claim the whole amount themselves, though.
maaku
Legendary
*
Offline Offline

Activity: 905
Merit: 1012


View Profile
December 03, 2012, 06:49:15 PM
 #132

If you give me the code, I'll run it and share half the prize with you if I find it.

Why should he believe you? What if I said that if I was given the code, and I found it, I'd give him 2/3 of the prize? Why should he believe me?

SgtSpike has a long-time presence here, 5452 posts to his name, and a reputation that is probably worth more than 5 btc. You do not.

If I google the password, I get no meaningful results, just websites dedicated to listing every possible 5-character combination.

If only I worked at Google search, I could look for 5-letter random sequences searched in the last few days. Easier if I knew your IP Wink

I'm an independent developer working on bitcoin-core, making my living off community donations.
If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
cheesemunger
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
December 03, 2012, 06:52:16 PM
 #133

According to my calculations, once the new info is released I should be able to get it within 5 hours Smiley
If I were you, I wouldn't trust anyone to share after. There are way too many scammers around
wachtwoord
Legendary
*
Offline Offline

Activity: 2338
Merit: 1136


View Profile
December 03, 2012, 06:55:16 PM
 #134

Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
If you give me the code, I'll run it and share half the prize with you if I find it.

I'll agree to that deal if you are interested. Want the code or a compiled exe? (and we'll wait for the starting letter to be revealed right?
Dansker
Hero Member
*****
Offline Offline

Activity: 740
Merit: 500


Hello world!


View Profile
December 03, 2012, 06:59:30 PM
 #135

I bet the ones that are most likely to win are not even posting in the thread, just waiting to break the code and claim the prize.

casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1140


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
December 03, 2012, 07:01:55 PM
 #136

I am persuaded that the key will be cracked soon (a few days at the most, but possibly much sooner) without me needing to divulge the first character.  If that's true, then me giving away a character would cut that to a guaranteed crack in hours at most.  There are skilled lurkers on this thread who aren't posting, but they're cracking away.

Pooling and agreeing to share the reward is totally a good idea I'd recommend, and totally acceptable to me (not that I have any say once the money gets taken).  It is no different than pooled mining, other than perhaps without the benefit of having any way to keep anybody honest.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
SgtSpike
Legendary
*
Offline Offline

Activity: 1400
Merit: 1005



View Profile
December 03, 2012, 07:05:58 PM
 #137

Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
If you give me the code, I'll run it and share half the prize with you if I find it.

I'll agree to that deal if you are interested. Want the code or a compiled exe? (and we'll wait for the starting letter to be revealed right?
Compiled exe would be great - I've tried compiling things in C before and it just doesn't go well.  I'd rather not go through it again if I can avoid it.

And yes, to anyone who questions whether I would share the prize as I have said I would, I'm not selling out my reputation here (and a multitude of other online presences, since I use this screen name almost exclusively) ever, for any dollar amount.  Keeping my integrity intact and a clear conscience is worth far more than anything money could buy.

I'll start whenever I can (whenever you send me the exe), but certainly, having the starting letter would help expedite the process of finding it.
wtfvanity
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


WTF???


View Profile
December 03, 2012, 07:10:03 PM
 #138

I'm picking one starting letter and trying my luck. 1 in 13 chance I picked the right first letter. If it's not claimed by the time I finish I'll guess another one.

          WTF!     Don't Click Here              
          .      .            .            .        .            .            .          .        .     .               .            .             .            .            .           .            .     .               .         .              .           .            .            .            .     .      .     .    .     .          .            .          .            .            .           .              .     .            .            .           .            .               .         .            .     .            .            .             .            .              .            .            .      .            .            .            .            .            .            .             .          .
tacotime
Legendary
*
Offline Offline

Activity: 1484
Merit: 1005



View Profile
December 03, 2012, 07:14:03 PM
 #139

if you're aiming for high security for the key, you should uses a high r value (4096, 8192) for salsa20/chacha20 and skein for the block cipher as they're both really slow and expensive.  there's only a tiny amount of data to be decrypted here, and even a 5 character password that is random should be a nightmare to solve.

Code:
XMR: 44GBHzv6ZyQdJkjqZje6KLZ3xSyN1hBSFAnLP6EAqJtCRVzMzZmeXTC2AHKDS9aEDTRKmo6a6o9r9j86pYfhCWDkKjbtcns
CoinDiver
Hero Member
*****
Offline Offline

Activity: 778
Merit: 1002


View Profile
December 03, 2012, 07:14:49 PM
 #140

Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
If you give me the code, I'll run it and share half the prize with you if I find it.

I'll agree to that deal if you are interested. Want the code or a compiled exe? (and we'll wait for the starting letter to be revealed right?

I'll help. I've got a few fast servers I can let crank away it.

http://mises.org/daily/3229
BTC:1PEyEKyVZgUvV4moXvCD5rQN21QETGPpLc
Pages: « 1 2 3 4 5 6 [7] 8 9 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!