Bitcoin Forum
September 21, 2018, 11:13:31 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Is BIP38 encryption of private keys bruteforcable?  (Read 412 times)
lukaexpl
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
August 28, 2017, 07:30:22 AM
 #1

I watched the following video on Youtube and it is scary how weak any passphrase is as a seed for brainwallet:

https://www.youtube.com/watch?v=foil0hzl4Pg

That makes me wonder if by the creation of paperwallets and encryption of privatekeys with a "weak" passphrase (I have no idea what would constitute a strong passphrase) we run the risk of accidentally found paper wallets with encrypted private keys being brute forced by the knowledgable finder of such a paper wallet?
1537528411
Hero Member
*
Offline Offline

Posts: 1537528411

View Profile Personal Message (Offline)

Ignore
1537528411
Reply with quote  #2

1537528411
Report to moderator
1537528411
Hero Member
*
Offline Offline

Posts: 1537528411

View Profile Personal Message (Offline)

Ignore
1537528411
Reply with quote  #2

1537528411
Report to moderator
1537528411
Hero Member
*
Offline Offline

Posts: 1537528411

View Profile Personal Message (Offline)

Ignore
1537528411
Reply with quote  #2

1537528411
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537528411
Hero Member
*
Offline Offline

Posts: 1537528411

View Profile Personal Message (Offline)

Ignore
1537528411
Reply with quote  #2

1537528411
Report to moderator
ranochigo
Legendary
*
Offline Offline

Activity: 1540
Merit: 1086


View Profile WWW
August 28, 2017, 08:32:30 AM
 #2

I watched the following video on Youtube and it is scary how weak any passphrase is as a seed for brainwallet:

https://www.youtube.com/watch?v=foil0hzl4Pg
Brainwallet.org uses SHA256 to derive the keys and it is very easy to bruteforce at a decent speed.
That makes me wonder if by the creation of paperwallets and encryption of privatekeys with a "weak" passphrase (I have no idea what would constitute a strong passphrase) we run the risk of accidentally found paper wallets with encrypted private keys being brute forced by the knowledgable finder of such a paper wallet?
BIP38 uses AES to encrypt the BIP38 key. The key derivation is scrypt. Scrypt is very resource intensive and it takes a long time for someone to be able to decrypt the key for even once. For a normal desktop computer, it may be possible for a key to be bruteforced at a rate of 1 key per second. As long as you use a decent password that is not common or is not guessable by others, it is very safe.

Ultimately, the strength of your password is what that matters. Your password is not secure if you think it can be bruteforced.

lukaexpl
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
August 28, 2017, 09:03:24 AM
 #3

Thanks for the answer.

So if I use something like Diceware and generate a radnom list of say 7 words sucha a passphrase should be easy to memorise but impossible to bruteforce at a rate of 1 key/second.
ranochigo
Legendary
*
Offline Offline

Activity: 1540
Merit: 1086


View Profile WWW
August 28, 2017, 11:40:40 AM
 #4

Thanks for the answer.

So if I use something like Diceware and generate a radnom list of say 7 words sucha a passphrase should be easy to memorise but impossible to bruteforce at a rate of 1 key/second.
I'm not sure about diceware and I've never used it.
Is the password predictable? Is the password common? Is the password in a dictionary? Does the password only contain letters and/or numbers?

If you answer yes to anything above, it can be rather insecure. The point here is that the ability of guessing password at a slow rate does not matter if your password is weak. They can still employ botnets or large array of computers to bruteforce your password if its sufficiently weak. It is just so that it is not feasible for them to bruteforce it if your password is relatively strong.

mocacinno
Legendary
*
Online Online

Activity: 1344
Merit: 1196


http://www.mocacinno.com


View Profile WWW
August 28, 2017, 11:44:36 AM
 #5

I watched the following video on Youtube and it is scary how weak any passphrase is as a seed for brainwallet:

https://www.youtube.com/watch?v=foil0hzl4Pg

That makes me wonder if by the creation of paperwallets and encryption of privatekeys with a "weak" passphrase (I have no idea what would constitute a strong passphrase) we run the risk of accidentally found paper wallets with encrypted private keys being brute forced by the knowledgable finder of such a paper wallet?

This thread should satisfy your curiosity: https://bitcointalk.org/index.php?topic=1014202

If you found it TL;DR, here's the bottom line:
A member put 1 BTC onto an addres whose private key was bip38 encrypted, he posted the encrypted private key + the fact that the password was only 6 letters. Later on he even gave a couple of clues about the password.
Two years later, he closed the contest and disclosed the password to be "zLwMiR", the price remained unclaimed (nobody succesfully bruteforced the password in 2 years, even with the prior knowledge the password was only 6 letters long).

So, if you pick a reasonably strong, completely random password, you should be relatively secure... Offcourse, if you're going to load your paper wallet with 1000's of BTC, you're giving a brute forcer a very big incentive to crack your passphrase...


lukaexpl
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
August 28, 2017, 12:21:17 PM
 #6

Thanks a ton moccacino. Just the answer I was looking for.

Mod please feel free to delete the other thread started by me that asks exactly the question that was answered here.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!