Bitcoin Forum
November 01, 2024, 05:14:04 PM *
News: Bitcoin Pumpkin Carving Contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Brute forcing question.  (Read 477 times)
Decoded (OP)
Legendary
*
Offline Offline

Activity: 1232
Merit: 1030


give me your cryptos


View Profile
March 18, 2016, 04:46:04 AM
 #1

Hey guys.

So, if someone (a hacker) knew exactly how many bits of entropy your password was, could they crack it easier than without the knowledge of the password strength?

looking for a signature campaign, dm me for that
Straux
Sr. Member
****
Offline Offline

Activity: 412
Merit: 251



View Profile
March 18, 2016, 04:48:37 AM
 #2

Yes, it would be easier.

If they knew how many bits of entropy your password was, they could rule out passwords not under that entropy strength, and narrow down their search for your password.
NorrisK
Legendary
*
Offline Offline

Activity: 1946
Merit: 1007



View Profile
March 18, 2016, 07:20:19 AM
 #3

Why are you worried about this? Did you share this information with someone?

Even if the hacker knows the amount of bit of entropy your password has, if it is high enough it wouldn't matter because it would still take too much time.

Also, if I'm correct, entropy is not based solely on the amount of characters in your password, but rather the type of symbols you used in your password. The more symbols there are to choose from in your library of symbols (e.g. alphabet letters have higher entropy than numbers 0-9), the higher your entropy will be. So as long as nobody knows what types of characters you used, you should be fine.

Also, Brain wallets and their seeds often have a fixed amount of words to generate the private keys. If this would've been a problem, all electrum wallets would be hacked because the entropy is known.
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1540


No I dont escrow anymore.


View Profile
March 18, 2016, 07:27:30 AM
 #4

Yes, it would be easier.

If they knew how many bits of entropy your password was, they could rule out passwords not under that entropy strength, and narrow down their search for your password.

No it does not, because if the attacker does not know the set of symbols used, knowing the entropy does not help them. I can tell you have an 32 bit (which is weak) password. You are no closer to knowing my password which could be made off words, numbers, latin alphanumeric symbols, special characters, cyrillic symbols, utf-8 or any mix of them. There is a theoretical advantage that you only need to test a subset of all possible passwords for each set of symbols, but you might still need to test a possible infinity number of symbol sets.

Also in order to brute force something you need the file. So if the question is whether you can tell someone your password strength, you can. Keep in mind though that the entropy depends on the way you generate a password. Selecting a random word from a list of 8 words, only has 3 bits of entropy no matter how long and complex the words are. If your password is not generated randomly it might be impossible to determine its entropy.

Im not really here, its just your imagination.
Nybbas
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile
March 19, 2016, 09:47:27 PM
 #5

All that mining equipment one day will have only this purpose to brute force passwords,
 and this will become serious question i believe. So change your passwords periodically.
JasonXG
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500


View Profile
March 19, 2016, 09:56:21 PM
 #6

Brute forcing passwords is a very bad way to get a password. It takes alot of time to do that. Days , weeks, months, years even !
That's why it's never used, i wouldn't worry about it.
Nybbas
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile
March 19, 2016, 10:03:16 PM
 #7

Brute forcing passwords is a very bad way to get a password. It takes alot of time to do that. Days , weeks, months, years even !
That's why it's never used, i wouldn't worry about it.
But what if you have great amount of hash power like Chinese mining farms?
they could become rent services when mining becomes unprofitable.
achow101
Staff
Legendary
*
Offline Offline

Activity: 3542
Merit: 6884


Just writing some code


View Profile WWW
March 19, 2016, 10:07:35 PM
 #8

Brute forcing passwords is a very bad way to get a password. It takes alot of time to do that. Days , weeks, months, years even !
That's why it's never used, i wouldn't worry about it.
But what if you have great amount of hash power like Chinese mining farms?
they could become rent services when mining becomes unprofitable.
The hash used by Bitcoin is SHA256d, which is not used for anything else really. ASICs wouldn't be useful for breaking hashes because they can only do SHA256d.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!