Bitcoin Forum
October 23, 2017, 10:15:32 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: It took 10 seconds for the brainwallet "password1" to be taken  (Read 14785 times)
Patel
Legendary
*
Offline Offline

Activity: 1278



View Profile WWW
November 01, 2013, 09:05:37 PM
 #1

I have been experimenting in alot of different ways to store my bitcoins.

I have found a good way, but just for kicks I wanted to see how fast easy brainwallets would be taken

It took about 10 seconds from time of broadcast for the bitcoins to be transferred

Crazy
1508753732
Hero Member
*
Offline Offline

Posts: 1508753732

View Profile Personal Message (Offline)

Ignore
1508753732
Reply with quote  #2

1508753732
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508753732
Hero Member
*
Offline Offline

Posts: 1508753732

View Profile Personal Message (Offline)

Ignore
1508753732
Reply with quote  #2

1508753732
Report to moderator
1508753732
Hero Member
*
Offline Offline

Posts: 1508753732

View Profile Personal Message (Offline)

Ignore
1508753732
Reply with quote  #2

1508753732
Report to moderator
1508753732
Hero Member
*
Offline Offline

Posts: 1508753732

View Profile Personal Message (Offline)

Ignore
1508753732
Reply with quote  #2

1508753732
Report to moderator
Dougie
Full Member
***
Offline Offline

Activity: 211


You are not special.


View Profile
November 01, 2013, 09:08:19 PM
 #2

People have scripts set up to claim bitcoins sent using common public keys I think. That's how so many people had money stolen due to the android random number problem.

Lurking since 2011...
1J4DhU3q6RxxCTfAAcg5ExVK6FfxkmzkTH
theskillzdatklls
Hero Member
*****
Offline Offline

Activity: 613

★ BitClave ICO: 08/11/17 ★


View Profile
November 01, 2013, 09:26:33 PM
 #3

that is crazy


                  ,'+██':                 
              ,█████████████;             
            .██████████████████           
            .████████████████████         
         █  .███;         ,███████.       
        ██  .█+              '█████'      
      `███  .█+    ,;'':       █████+     
      ████  .█+ ███████████,    ,████+    
     █████  .████████████████,    ████,   
    ██████  .██████████████████   `████   
   ;██████  .█████`      '██████  .█████  
   ████ ██  .███           :████████████. 
  +███  ██  .█.     `..      ████████████ 
  ████  ██  .    .███████'    ███████████`
 ,███   ██      ███████████    ███████████
 ████   ██     █████████████`  `██████████
 ███;  ███    ███████████████   ██████████`
 ███   ███   .████████████████  `█████████'
,███   ███   █████████████████   ██████████
'███  ,███   █████████████████:  ██████████
+███  ;███  `██████████████████  ██████████
████  '███  .██████████████████  +█████████
████  '███  .██████████████████  +█████████
'███  :███   █████████████████'  ██████████
:███   ███   █████████████████   ██████████
 ███   ███'  '████████████████   ██████████
 ███,  ████   ███████████████`  ██████████,
 ████  ,███:  `█████████████+   ██████████
 ;███   ████   `███████████+   ███████████
  ███'  .████    █████████`   +██████████;
  ████   █████     :███'     +███████████ 
   ████   █████`            ████████████+ 
   ████,   ██████`        +█████. +█████  
    ████    █████████++████████`   ████.  
    .████    ;████████████████    █████   
     '████`    +████████████     █████    
      +████+     `'█████+.     .█████     
       +█████.                ██████      
        ,██████;           .███████       
          █████████':,:;█████████.        
           ,███████████████████+          
             .███████████████;            
                `'████████,               
Unluckyduck
Sr. Member
****
Offline Offline

Activity: 359



View Profile
November 02, 2013, 12:20:40 AM
 #4

Wow, didn't realise people camped out waiting for this.
balanghai
Sr. Member
****
Offline Offline

Activity: 322


View Profile
November 02, 2013, 12:32:55 AM
 #5

so could there be a possible collision?  Huh

Ajinomoto
adamstgBit
Legendary
*
Offline Offline

Activity: 1904


Trusted Bitcoiner


View Profile WWW
November 02, 2013, 01:39:54 AM
 #6

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no?

cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
November 02, 2013, 01:45:27 AM
 #7

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

surely Electrum is working.  it seems 12 random words is enough to securely create a master key.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1358


Bitcoin: An Idea Worth Spending


View Profile
November 02, 2013, 01:47:01 AM
 #8

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no?

Actually, I like that password. If nobody is using it, can I have it?
User705
Hero Member
*****
Offline Offline

Activity: 728



View Profile
November 02, 2013, 01:52:27 AM
 #9

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no?
I'm no expert but that seems woefully short.
joeyjoe
Full Member
***
Offline Offline

Activity: 224


View Profile
November 02, 2013, 02:08:38 AM
 #10

1000+ years to guess at 20,000,000 guesses per second

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
Jabbatheslutt
Full Member
***
Offline Offline

Activity: 168


View Profile
November 02, 2013, 02:49:35 AM
 #11

Wow. Guess I will use a long phrase with my brainwallets if i ever make one.
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793



View Profile
November 02, 2013, 06:23:33 AM
 #12

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no?

Actually, I like that password. If nobody is using it, can I have it?

16GsPwhmfrTLEqp9kVbtMXEuHztCsbYL19

Sure, there it is!

Also, KeePass has a nice plugin called "readable passphrase generator" that spits out things like

"that repentant bragger wondered the stunted one sorely will dignify amidst the cloaked tackle"

and

"Capetown announced her 241 softest emissions stackly might unhinge via the cruel intruder"

Now I don't know how much entropy those have, since they follow speakable format, but it's not nothing, and I think you can actually set it to just randomly spit out words from its dictionary in random non-phrase format.

https://readablepassphrase.codeplex.com/


LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148


In Satoshi I Trust


View Profile WWW
November 02, 2013, 10:29:45 AM
 #13

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

surely Electrum is working.  it seems 12 random words is enough to securely create a master key.

12 words is a very long and good password in my opinion.

Nikinger
Full Member
***
Offline Offline

Activity: 137



View Profile
November 02, 2013, 10:33:33 AM
 #14

Here are three examples of deep brain wallets:

PassphraseBitcoin addressTotal volumeComment
bitcoin is awesome14NWDXkQwcGN1Pd9fboL8npVynD5SfyJAE501 BTC500 BTC snatched within 36 seconds back in 2012
You don't win friends with salad!15gCfQVJ68vyUVdb6e3VDU4iTkTC3HtLQ2157.5 BTC3 BTC temporary lost, "How could this have happened...?" thread on Reddit - with happy end
896400912vGMScGWHVDKRBPTJn8i7E9GxYXq8zaz36.5 BTC6.5 BTC drained in 2 seconds one month ago

Conclusion: Don't use brain wallets if you don't know about how to choose really secure passwords.

1EwKrY5Bn3T47r4tYqSv6mMQkUyu7hZckV
flatfly
Legendary
*
Offline Offline

Activity: 994


View Profile
November 02, 2013, 12:47:15 PM
 #15

In practice, 7 words *randomly* (no cherrypicking) chosen from a 7,000 word dictionary is all you need to keep *everyone* (including government and russian hackers) away from your brainwallet. Anything longer is absolute overkill - despite anything you may hear on these forums. Many people are misinformed when it comes to choosing a proper passphrase. All you will get with longer passphrases, in practice, is a higher risk of forgetting them.

It takes literally billions (not just millions) of dollars to have a reasonable chance of cracking such a passphrase.

Please research and understand passphrase entropy if you don't agree with the above statements.

Also give the NoBrainr script a try for a bare-bones way of generating such passphrases securely.

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 2324



View Profile
November 02, 2013, 02:08:33 PM
 #16

What electrum does is not "12 random words" in the way that you'd produce them.  It generates a cryptographically strong 128 bit random number, and using that number selects a unique string from the set of all possible 12 word sequences (using a particular dictionary), there is a 1:1 mapping so each value is equally possible an the value has 128 bits of entropy.  It then applies a moderately computationally expensive transformation to convert that 128 bit value into the 256 bit bitcoin keys, so even an attacker who knows part of your electrum seed must do a lot of computation to check it.

If you try to pick 12 "random" words on your own you will fail. Humans are terrible at randomness.

Even most people who think they know how to choose good passwords are incorrect. The common password advice people receive is applicable to security for centralized systems like login passwords, but not Bitcoin key security, as they have entirely different threat models. (e.g. Bitcoin key security for a brain wallet is inherently unsalted: you have to worry about attackers all over the world, over all time, potentially using high speed hardware crackers, and precomputing rainbow tables).

Bitcoin will not be compromised
Brandon Stuvick
Newbie
*
Offline Offline

Activity: 4


View Profile
November 02, 2013, 02:52:00 PM
 #17

Yea, I'm a bit surprised people use brain wallets in such ways.

If the private key is simply the digest of the brain wallet pass phrase, then it's susceptible to rainbow tables. Maybe if you used the number of rounds of sha256 as a sort of salt, but even then I'm not too keen on the idea. You'd have to remember quite a big number to make it reasonably harder on the attacker, which sort of defeats the purpose.

My PGP key: gpg --keyserver hkp://keys.gnupg.net --recv-keys 29FE7755
TooDumbForBitcoin
Legendary
*
Offline Offline

Activity: 1183


HERO: The Future of Banking in Southeast Asia


View Profile
November 02, 2013, 03:06:12 PM
 #18

Quote
If you try to pick 12 "random" words on your own you will fail. Humans are terrible at randomness.

Here are 12 "words" that I can remember that aren't in any dictionary

thingy
depribe
weenus
integrous
prollums
pompatous
dickfor
tigger
"xxxxxxxx" (my last name, shared by fewer than 100 people worldwide - okay, that's probably on some list)
sadistics
skullfuck
dickstain

Most people could come up with their own list - probably less twisted, immature, and pathological - but still their own list.

I could arrange my 12 "words" in several ways to make several passphrases, and I would bet all my BTC (I don't have any) on any of them.




▄████████████████████▄
██████████████████████
██████  ██████████████
██████  ██████████████
██████  ██████████████
██████  ██      ██████
██████  █  ████  █████
██████   ██████  █████
██████  ███████  █████
██████  ███████  █████
██████████████████████
██████████████████████
▀████████████████████▀
  HERO 
...                                                                                                   ...
                The Future of Banking in Southeast Asia                   
           ■ Website   ■ Whitepaper   ■ Bounties   ■ Join our Slack         
                                                                                                                                                                                                                         
      PRE-SALE       
      starting soon       
                                                                                                                                           
jackjack
Legendary
*
Offline Offline

Activity: 1120


May Bitcoin be touched by his Noodly Appendage


View Profile
November 02, 2013, 04:41:32 PM
 #19

In practice, 7 words *randomly* (no cherrypicking) chosen from a 7,000 word dictionary is all you need to keep *everyone* (including government and russian hackers) away from your brainwallet. Anything longer is absolute overkill - despite anything you may hear on these forums. Many people are misinformed when it comes to choosing a proper passphrase. All you will get with longer passphrases, in practice, is a higher risk of forgetting them.

It takes literally billions (not just millions) of dollars to have a reasonable chance of cracking such a passphrase.

Please research and understand passphrase entropy if you don't agree with the above statements.

Also give the NoBrainr script a try for a bare-bones way of generating such passphrases securely.


In practice many people will not choose words randomly.  User error or users not adhering to standards/procedures is the biggest problem in these sorts of things. 

If it is done correctly each word is about 2^^13 so 7 is about 2^^91 possibilities.  There are 2^^160 Bitcoin addresses but there is not a one-to-one relationship between private an public keys.  For each public address there is more than one private key that will unlock it once you go through the process at https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses.  I saw someone post that the number of private keys you would need is 2^^96 but I could not find that calculation. 
One address is "unlocked" by ~2^96 private keys

~2^256 possible private keys
~2^160 possible addresses
Hence ~2^96 private keys per address

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
FanEagle
Legendary
*
Offline Offline

Activity: 1064



View Profile
November 02, 2013, 05:09:01 PM
 #20

So if  would use a sentence like:
This passphrase is the most amazing of all times
that would be a safe "password" am I right?
Now that I said the password go get my money! I'm kidding, I never used that sentence for a brainwallet so I guess there are no bitcoins in it.

Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!