10 BTC 4 U 2 STEAL - Protected by a weak 5-letter password - crack & it's yours!

[CIYAM]

Point well taken - so let's say I wanted to do this (if this is getting too OT I'll leave it at this) - how much BTC would motivate someone to crack it if I

(a) just put an encrypted private key with no source code for the encryption
(b) pasted the encrypted private key along with the encryption source code

Would probably consider a private key that has around 100 BTC balance if there are any takers (for option (a) and maybe at least 10 BTC for option (b)).

[scribe]

So I guess the dictionary hackers should reverse their algos (i.e. do not try anything that is in a word dictionary).

Or at least try all the dictionary entries last... pretty safe bet.  This might give a couple percent speedup.  The password isn't "maybe not a word": it's more like "totally not a word".  I am pretty sure it won't accidentally appear in a dictionary.

If I google the password, I get no meaningful results, just websites dedicated to listing every possible 5-character combination.

So all we need to do is hack your google account and check the search history? Sounds easier, anyway...

Also for reference, it's not "VfHkP".

Also less likely to be a string based on keyboard layout (such as ZaQwE. Which it's not.).

[SgtSpike]

So how are people automatically checking password combinations?  2 results per second and whatnot?  Have you each written/modified code on your own for this?

[runlinux]

I modified the code with 5 nested loops.

I place the current combo in the text box, then have it check the value. On the chance it comes back a match, I exit the loops and continue on with the code to display the private / public key.

[Shermo]

I just wrote a little console application that makes use of the classes, easier to debug that way no faffing with all the other code. Added a few statistics and output every 100 combinations so I have an idea of how its doing... its still too slow to consider actually running though.

[wachtwoord]

I'll disclose the first character of the password at or shortly after 20:00 UTC.

Don't do that.  You've already given away too much information.  I'm genuinely interested in how long it would take someone to realisticly crack a 5 character brainwallet generated private key.  Start a new thread with less characters if you want more action.  That way we can all see how long it takes for different character lengths.  This is definitely a neat experiment to either strengthen or weaken people's piece of mind on using brainwallet.

Even with that info it will take my computer a fortnight to try all possibilities

[wtfvanity]

Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC

[SgtSpike]

Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC

If you give me the code, I'll run it and share half the prize with you if I find it.

[andrew12]

If you give me the code, I'll run it and share half the prize with you if I find it.

Why should he believe you? What if I said that if I was given the code, and I found it, I'd give him 2/3 of the prize? Why should he believe me?

[wtfvanity]

What if I compile the exe and have it email me the result and I split it with you?

[pc]

I have been wondering if there's some way to pool this in a verifiable manner, where work gets sent out kind of like a mining pool, and something like I assume P2Pool does where everybody's verifying that the payment transaction they're working on is "fair" and sending the reward to those participating. I'm not sure how it'd be possible to let somebody know when they'd decrypted the key without them having the key to be able to claim the whole amount themselves, though.

[maaku]

If you give me the code, I'll run it and share half the prize with you if I find it.

Why should he believe you? What if I said that if I was given the code, and I found it, I'd give him 2/3 of the prize? Why should he believe me?

SgtSpike has a long-time presence here, 5452 posts to his name, and a reputation that is probably worth more than 5 btc. You do not.

If I google the password, I get no meaningful results, just websites dedicated to listing every possible 5-character combination.

If only I worked at Google search, I could look for 5-letter random sequences searched in the last few days. Easier if I knew your IP

[cheesemunger]

According to my calculations, once the new info is released I should be able to get it within 5 hours
If I were you, I wouldn't trust anyone to share after. There are way too many scammers around

[wachtwoord]

Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC

If you give me the code, I'll run it and share half the prize with you if I find it.

I'll agree to that deal if you are interested. Want the code or a compiled exe? (and we'll wait for the starting letter to be revealed right?

[Dansker]

I bet the ones that are most likely to win are not even posting in the thread, just waiting to break the code and claim the prize.

[casascius]

I am persuaded that the key will be cracked soon (a few days at the most, but possibly much sooner) without me needing to divulge the first character.  If that's true, then me giving away a character would cut that to a guaranteed crack in hours at most.  There are skilled lurkers on this thread who aren't posting, but they're cracking away.

Pooling and agreeing to share the reward is totally a good idea I'd recommend, and totally acceptable to me (not that I have any say once the money gets taken).  It is no different than pooled mining, other than perhaps without the benefit of having any way to keep anybody honest.

[SgtSpike]

Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC

If you give me the code, I'll run it and share half the prize with you if I find it.

I'll agree to that deal if you are interested. Want the code or a compiled exe? (and we'll wait for the starting letter to be revealed right?

Compiled exe would be great - I've tried compiling things in C before and it just doesn't go well.  I'd rather not go through it again if I can avoid it.

And yes, to anyone who questions whether I would share the prize as I have said I would, I'm not selling out my reputation here (and a multitude of other online presences, since I use this screen name almost exclusively) ever, for any dollar amount.  Keeping my integrity intact and a clear conscience is worth far more than anything money could buy.

I'll start whenever I can (whenever you send me the exe), but certainly, having the starting letter would help expedite the process of finding it.

[wtfvanity]

I'm picking one starting letter and trying my luck. 1 in 13 chance I picked the right first letter. If it's not claimed by the time I finish I'll guess another one.

[tacotime]

if you're aiming for high security for the key, you should uses a high r value (4096, 8192) for salsa20/chacha20 and skein for the block cipher as they're both really slow and expensive.  there's only a tiny amount of data to be decrypted here, and even a 5 character password that is random should be a nightmare to solve.

[CoinDiver]

Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC

If you give me the code, I'll run it and share half the prize with you if I find it.

I'll agree to that deal if you are interested. Want the code or a compiled exe? (and we'll wait for the starting letter to be revealed right?

I'll help. I've got a few fast servers I can let crank away it.