K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 27, 2012, 08:49:40 AM |
|
after reading 10 pages, I guess I'll keep on reading instead of trying to solve the "riddle"... :-"
just in case ur interested: For those who dont have enough hashing power, u can send me patterns per PM and il test em, if they match u get a portion of the 10BTC (going to distribute it fair to all who helped, including me).
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
franky1
Legendary
Online
Activity: 4270
Merit: 4538
|
|
December 27, 2012, 08:56:15 AM |
|
i bet the 4 digit code will end up being
xmas or XM45
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
btctalk
|
|
December 27, 2012, 09:09:01 AM |
|
after reading 10 pages, I guess I'll keep on reading instead of trying to solve the "riddle"... :-"
just in case ur interested: For those who dont have enough hashing power, u can send me patterns per PM and il test em, if they match u get a portion of the 10BTC (going to distribute it fair to all who helped, including me).
lol, I have to sleep on it first
|
|
|
|
Red Emerald
|
|
December 27, 2012, 09:11:21 AM |
|
Well no luck so far. Here's the basics of my script for generating the dictionary. #!/usr/bin/env python import itertools import hashlib import string
dict_name = 'dict.txt'
with open(dict_name, 'a') as f: for pw in itertools.product(string.ascii_letters + string.digits, repeat=4): pw = ''.join(pw) for p in [ '+'.join([pw]*2) + '=' + pw * 2, # you can put a bunch of different patterns here ]: hashed = hashlib.sha256(p).hexdigest() f.write(hashed+'\n')
print '~/src/JohnTheRipper/run/john --wordlist=%s hash' % dict_name
At first I was printing the hashes and then piping it to john, but it wasn't using all of my cores. I need to get CUDA running on this, or maybe play with it for a few minutes on my GPU miner.
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
|
December 27, 2012, 01:08:55 PM |
|
Well the next hint isn't due for a while so you probably still have time.
|
|
|
|
cedivad
Legendary
Offline
Activity: 1176
Merit: 1001
|
|
December 27, 2012, 01:15:25 PM |
|
Well the next hint isn't due for a while so you probably still have time.
Can we know the exact length of the string and how many times was the password repeated?
|
My anger against what is wrong in the Bitcoin community is productive: Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)Hashfast.org - Wiki for screwed customers
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
|
December 27, 2012, 01:20:29 PM |
|
Can we know the exact length of the string and how many times was the password repeated?
The next hint should definitely help with this (but please remember that the point is that it is a riddle/puzzle - I will only give out the information you have requested in the *last* hint as I think it should be cracked within minutes after that). Whist waiting for someone to solve this (IMO not so hard to solve) problem I have come up with an even better idea (more on this to come) and I have now added a "bcrypt" call to the script that I will be publishing in the distro I am creating for the purposes of doing the same thing I have done here (if starting with a 4 char password and a very simple math equation has proven so difficult the you can imagine how much harder the *real thing* will be).
|
|
|
|
phr33
|
|
December 27, 2012, 02:04:11 PM |
|
Whist waiting for someone to solve this (IMO not so hard to solve) problem I have come up with an even better idea (more on this to come) and I have now added a "bcrypt" call to the script that I will be publishing in the distro I am creating for the purposes of doing the same thing I have done here (if starting with a 4 char password and a very simple math equation has proven so difficult the you can imagine how much harder the *real thing* will be).
The security still relies on the secrecy of your script. The script that will add most entropy relative to the script size is one that just XOR the silly 4 char password with some true random number. This random number could be selected to be of any size, but there would of course not be any point in selecting longer than the strength of the crypto it will be used in later (e.g. 256 bits). You have just split the key in two. A small part that you choose to remember, and a longer part that you store on your computer. The drawback of your custom code is that it always will add less entropy than a simple true random number. The fact that you peraps easily can remember the "algorithm" is a sign that it does not add much entropy. I'm really trying to explain why this is not such a good idea as it might seem at first sight. But it's difficult
|
My BTC input: 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ My GPG ID: B0CCFD4A
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
|
December 27, 2012, 02:05:10 PM |
|
after reading 10 pages, I guess I'll keep on reading instead of trying to solve the "riddle"... :-"
Actually believe or not that is the only thing that has prevented such a weak password from being cracked already (am almost tempted to release the weak password but won't do that until after the last hint).
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
|
December 27, 2012, 02:07:40 PM Last edit: December 27, 2012, 03:18:34 PM by CIYAM Pty. Ltd. |
|
I'm really trying to explain why this is not such a good idea as it might seem at first sight. But it's difficult I really do *get* your point - but when you see how little I changed (and not randomly at all) I do think you might be forced to change your mind (after people have been hacking at it for days and have so far been unable to guess basically just a couple of minor changes to a very simple equation). BTW - I am up for at least a 50 BTC challenge (open ended with no clues but you will be giving the GPG encrypted private key and the message that contains the Bitcoin private key out) with a new bash script (which I will publish) based upon the same idea (but I will use a 6 character initial password for that challenge - it's my money after all). This is the Bitcoin way to build open source after all!
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
|
December 27, 2012, 03:29:22 PM Last edit: December 27, 2012, 09:19:47 PM by CIYAM Pty. Ltd. |
|
Just to check I didn't fuck up I have recovered the private key (using the exact script posted along with my changed line) and sent 10 BTC.
EDIT: Oops I thought that would add to the bounty but apparently it didn't (I guess Bitcoin sent the output to the input) - will look at that tomorrow (have to sleep now).
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1330
|
|
December 27, 2012, 09:31:17 PM |
|
EDIT: Oops I thought that would add to the bounty but apparently it didn't (I guess Bitcoin sent the output to the input)
Yes, the client chose the best-fitting output for your new payment and it just so happened that the same 10 BTC you sent the first time was the best fit for the second payment, so it re-sent the same 10 BTC output again.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
|
December 27, 2012, 09:49:20 PM |
|
Well - we are not far off 350 confirmations and so well before we get to 400 I will just check whether those competing would rather: 1) I give a hint that will finish this in the next 10 hours or, 2) I add another 10 BTC and make the hint a little more vague.
|
|
|
|
OpenYourEyes
|
|
December 27, 2012, 10:53:33 PM |
|
I've pretty much worked on this for 2 days straight since I've had a pretty lonely Christmas with a lot of time on my hands, but I think I'm going to throw in the towel as I think I must be doing something wrong. I'm very computer literate, but I think it's just a bit too much for me (I'm no crypto/gpg expert). Thanks for your posting guys, I've learnt a thing or two.
|
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
|
December 27, 2012, 10:58:55 PM |
|
Well it seems like option (1) is going to be what we'll go with so if you can hang in there for another few hours you could still get lucky!
|
|
|
|
OpenYourEyes
|
|
December 27, 2012, 11:08:22 PM |
|
Well it seems like option (1) is going to be what we'll go with so if you can hang in there for another few hours you could still get lucky!
Ok, I'll try. Unlike others, I've been trying each key manually as I've not been able to get any of the bruteforce programs working. (Arch Linux/CPU issue maybe) I think I've managed to solve your first clue though.
|
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 27, 2012, 11:36:06 PM |
|
Well it seems like option (1) is going to be what we'll go with so if you can hang in there for another few hours you could still get lucky!
Ok, I'll try. Unlike others, I've been trying each key manually as I've not been able to get any of the bruteforce programs working. (Arch Linux/CPU issue maybe) I think I've managed to solve your first clue though. JohnTheRipper works everywhere, i even explained how to use JohnTheRipper with ur GPU!
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
OpenYourEyes
|
|
December 27, 2012, 11:52:07 PM Last edit: December 28, 2012, 12:02:39 AM by OpenYourEyes |
|
Well it seems like option (1) is going to be what we'll go with so if you can hang in there for another few hours you could still get lucky!
Ok, I'll try. Unlike others, I've been trying each key manually as I've not been able to get any of the bruteforce programs working. (Arch Linux/CPU issue maybe) I think I've managed to solve your first clue though. JohnTheRipper works everywhere, i even explained how to use JohnTheRipper with ur GPU! I know I've read your post. I don't have a GPU, just a laptop. Everytime I try JTR, I just stays at: "Guesses 0" currently trying nasty on a budget server I'm renting out. EDIT: nasty fails also. Oh well. With your first clue "at least" I was taking a stab that it might be >= as in "greater than or equal to" "at least"
|
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 28, 2012, 12:29:26 AM |
|
Well it seems like option (1) is going to be what we'll go with so if you can hang in there for another few hours you could still get lucky!
Ok, I'll try. Unlike others, I've been trying each key manually as I've not been able to get any of the bruteforce programs working. (Arch Linux/CPU issue maybe) I think I've managed to solve your first clue though. JohnTheRipper works everywhere, i even explained how to use JohnTheRipper with ur GPU! I know I've read your post. I don't have a GPU, just a laptop. Everytime I try JTR, I just stays at: "Guesses 0" currently trying nasty on a budget server I'm renting out. EDIT: nasty fails also. Oh well. With your first clue "at least" I was taking a stab that it might be >= as in "greater than or equal to" "at least" Guesses 0 means 0 valid passwords found, as soon u see Guesses 1 u cracked it!
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
OpenYourEyes
|
|
December 28, 2012, 03:09:57 AM Last edit: December 28, 2012, 03:57:36 AM by OpenYourEyes |
|
Ah, ok. I thought guesses would be the amount of attempts it has made.
The fact the OP generated the bitcoin address with vanity gen seems a bit odd to me, so maybe the address has something to do with it. Seeing as generating address past the 6 character mark is rather time consuming, I've been looking at the first few characters. Why would he deliberately generate 1Cpu?
I've tried that with various salts but nothing yet.
|
|
|
|
|