Is BIP38 encryption of private keys bruteforcable?

Bitcoin Forum

April 24, 2024, 07:41:06 PM

Welcome, Guest. Please login or register.

News: Latest Bitcoin Core release: 27.0 [Torrent]

Home

Help

Search

Login

Register

More

Bitcoin Forum > Bitcoin > Development & Technical Discussion > Is BIP38 encryption of private keys bruteforcable?

Pages: [1]

« previous topic next topic »

Author

Topic: Is BIP38 encryption of private keys bruteforcable? (Read 539 times)

lukaexpl (OP)

Full Member

Offline

Offline

Activity: 148
Merit: 106

Is BIP38 encryption of private keys bruteforcable?

August 28, 2017, 07:30:22 AM

Merited by ABCbits (1)

#1

I watched the following video on Youtube and it is scary how weak any passphrase is as a seed for brainwallet:

https://www.youtube.com/watch?v=foil0hzl4Pg

That makes me wonder if by the creation of paperwallets and encryption of privatekeys with a "weak" passphrase (I have no idea what would constitute a strong passphrase) we run the risk of accidentally found paper wallets with encrypted private keys being brute forced by the knowledgable finder of such a paper wallet?

1713987666

Hero Member

Offline

Offline

Posts: 1713987666

Personal Message (Offline)

Ignore

1713987666

1713987666

Reply with quote

#2

1713987666


	Report to moderator

1713987666

Hero Member

Offline

Offline

Posts: 1713987666

Personal Message (Offline)

Ignore

1713987666

1713987666

Reply with quote

#2

1713987666


	Report to moderator

1713987666

Hero Member

Offline

Offline

Posts: 1713987666

Personal Message (Offline)

Ignore

1713987666

1713987666

Reply with quote

#2

1713987666


	Report to moderator

"In a nutshell, the network works like a distributed timestamp server, stamping the first transaction to spend a coin. It takes advantage of the nature of information being easy to spread but hard to stifle." -- Satoshi

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1713987666

Hero Member

Offline

Offline

Posts: 1713987666

Personal Message (Offline)

Ignore

1713987666

1713987666

Reply with quote

#2

1713987666


	Report to moderator

ranochigo

Legendary

Offline

Offline

Activity: 2954
Merit: 4163

Re: Is BIP38 encryption of private keys bruteforcable?

August 28, 2017, 08:32:30 AM

Merited by ABCbits (2)

#2

Quote from: lukaexpl on August 28, 2017, 07:30:22 AM

I watched the following video on Youtube and it is scary how weak any passphrase is as a seed for brainwallet:

https://www.youtube.com/watch?v=foil0hzl4Pg

Brainwallet.org uses SHA256 to derive the keys and it is very easy to bruteforce at a decent speed.

Quote from: lukaexpl on August 28, 2017, 07:30:22 AM

That makes me wonder if by the creation of paperwallets and encryption of privatekeys with a "weak" passphrase (I have no idea what would constitute a strong passphrase) we run the risk of accidentally found paper wallets with encrypted private keys being brute forced by the knowledgable finder of such a paper wallet?

BIP38 uses AES to encrypt the BIP38 key. The key derivation is scrypt. Scrypt is very resource intensive and it takes a long time for someone to be able to decrypt the key for even once. For a normal desktop computer, it may be possible for a key to be bruteforced at a rate of 1 key per second. As long as you use a decent password that is not common or is not guessable by others, it is very safe.

Ultimately, the strength of your password is what that matters. Your password is not secure if you think it can be bruteforced.

.
.^HUGE.

▄██████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄███████████████████████▄
▄█████████████████████████▄
███████▌███▌▐██▐██▐████▄███
████▐███▐█████▌██▌██▌███▌██
█████▀███▀███▀▐██▐███▐█████
▀█████████████████████████▀
▀███████████████████████▀
▀█████████████████████▀
▀█████████████████▀
▀██████████▀▀

█▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█

FAST PAYMENTS
....NO KYC....

lukaexpl (OP)

Full Member

Offline

Offline

Activity: 148
Merit: 106

Re: Is BIP38 encryption of private keys bruteforcable?

August 28, 2017, 09:03:24 AM

#3

Thanks for the answer.

So if I use something like Diceware and generate a radnom list of say 7 words sucha a passphrase should be easy to memorise but impossible to bruteforce at a rate of 1 key/second.

ranochigo

Legendary

Offline

Offline

Activity: 2954
Merit: 4163

Re: Is BIP38 encryption of private keys bruteforcable?

August 28, 2017, 11:40:40 AM

#4

Quote from: lukaexpl on August 28, 2017, 09:03:24 AM

Thanks for the answer.

So if I use something like Diceware and generate a radnom list of say 7 words sucha a passphrase should be easy to memorise but impossible to bruteforce at a rate of 1 key/second.

I'm not sure about diceware and I've never used it.
Is the password predictable? Is the password common? Is the password in a dictionary? Does the password only contain letters and/or numbers?

If you answer yes to anything above, it can be rather insecure. The point here is that the ability of guessing password at a slow rate does not matter if your password is weak. They can still employ botnets or large array of computers to bruteforce your password if its sufficiently weak. It is just so that it is not feasible for them to bruteforce it if your password is relatively strong.

.
.^HUGE.

▄██████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄███████████████████████▄
▄█████████████████████████▄
███████▌███▌▐██▐██▐████▄███
████▐███▐█████▌██▌██▌███▌██
█████▀███▀███▀▐██▐███▐█████
▀█████████████████████████▀
▀███████████████████████▀
▀█████████████████████▀
▀█████████████████▀
▀██████████▀▀

█▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█

FAST PAYMENTS
....NO KYC....

mocacinno

Legendary

Offline

Offline

Activity: 3374
Merit: 4917

https://merel.mobi => buy facemasks with BTC/LTC

WWW

Re: Is BIP38 encryption of private keys bruteforcable?

August 28, 2017, 11:44:36 AM

Merited by ABCbits (1)

#5

Quote from: lukaexpl on August 28, 2017, 07:30:22 AM

I watched the following video on Youtube and it is scary how weak any passphrase is as a seed for brainwallet:

https://www.youtube.com/watch?v=foil0hzl4Pg

That makes me wonder if by the creation of paperwallets and encryption of privatekeys with a "weak" passphrase (I have no idea what would constitute a strong passphrase) we run the risk of accidentally found paper wallets with encrypted private keys being brute forced by the knowledgable finder of such a paper wallet?

This thread should satisfy your curiosity: https://bitcointalk.org/index.php?topic=1014202

If you found it TL;DR, here's the bottom line:
A member put 1 BTC onto an addres whose private key was bip38 encrypted, he posted the encrypted private key + the fact that the password was only 6 letters. Later on he even gave a couple of clues about the password.
Two years later, he closed the contest and disclosed the password to be "zLwMiR", the price remained unclaimed (nobody succesfully bruteforced the password in 2 years, even with the prior knowledge the password was only 6 letters long).

So, if you pick a reasonably strong, completely random password, you should be relatively secure... Offcourse, if you're going to load your paper wallet with 1000's of BTC, you're giving a brute forcer a very big incentive to crack your passphrase...

█▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄

▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄

██████████████▄
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
████████████▀██▀
████▀█████████▀

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄█

▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
░▀▀██▀▀

^✔Instant ^✔Non KYC Crypto Swap Exchange
.............Bitcoin | Litecoin | Ethereum | Monero | Dash | ERC20 Tokens | more soon.............

▄███████████████████▄
█████████████████████
██▀▀▀▀▀██▀██▀▀███████
████████████████▀████
████████████▄████████
████████████▀████████
████████████████▀████
█████████████▄███████
█████████████▀███████
████████████████▄████
ANN THREAD

▄██████████████████▄
███████████▀▄▀██████
██████████▀█▄███████
████████▀▌█▄████████
████████▌▄██████████
███████▀▄███▀███████
████▀▄▄███████▀█████
███▀▄█▀▄████████████
███████▀▄█▌▐████▐███
████▌▐██▀▌▐█████▐███
ONION LINK

lukaexpl (OP)

Full Member

Offline

Offline

Activity: 148
Merit: 106

Re: Is BIP38 encryption of private keys bruteforcable?

August 28, 2017, 12:21:17 PM

#6

Thanks a ton moccacino. Just the answer I was looking for.

Mod please feel free to delete the other thread started by me that asks exactly the question that was answered here.

Pages: [1]

Bitcoin Forum > Bitcoin > Development & Technical Discussion > Is BIP38 encryption of private keys bruteforcable?

« previous topic next topic »

Jump to:

Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines