Bitcoin Forum
December 12, 2017, 07:13:23 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: It took 10 seconds for the brainwallet "password1" to be taken  (Read 14887 times)
niothor
Hero Member
*****
Offline Offline

Activity: 546


Niothor


View Profile WWW
November 02, 2013, 10:31:17 PM
 #21

1000+ years to guess at 20,000,000 guesses per second

The problem is that it might be guessed in 2 seconds , in 10 minutes or in 989 years.

It's "1000+years" to try them all.
Usual misconception about password security.

Your password is just a needle in a haystack,which the cracker attempts to find.If your add more characters the bigger the stack is , but it doesn't mean that you're 100% safer.

To make it clear:
It will take god knows how many billions years to get all the private keys right?
Well , a few thousands private keys will be generated in one hour , if you're one of the owners... it's just luck Smiley

1513062803
Hero Member
*
Offline Offline

Posts: 1513062803

View Profile Personal Message (Offline)

Ignore
1513062803
Reply with quote  #2

1513062803
Report to moderator
1513062803
Hero Member
*
Offline Offline

Posts: 1513062803

View Profile Personal Message (Offline)

Ignore
1513062803
Reply with quote  #2

1513062803
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513062803
Hero Member
*
Offline Offline

Posts: 1513062803

View Profile Personal Message (Offline)

Ignore
1513062803
Reply with quote  #2

1513062803
Report to moderator
1513062803
Hero Member
*
Offline Offline

Posts: 1513062803

View Profile Personal Message (Offline)

Ignore
1513062803
Reply with quote  #2

1513062803
Report to moderator
NewLiberty
Legendary
*
Offline Offline

Activity: 1190


Gresham's Lawyer


View Profile WWW
November 02, 2013, 11:22:44 PM
 #22

1000+ years to guess at 20,000,000 guesses per second

The problem is that it might be guessed in 2 seconds , in 10 minutes or in 989 years.

It's "1000+years" to try them all.
Usual misconception about password security.

Your password is just a needle in a haystack,which the cracker attempts to find.If your add more characters the bigger the stack is , but it doesn't mean that you're 100% safer.

To make it clear:
It will take god knows how many billions years to get all the private keys right?
Well , a few thousands private keys will be generated in one hour , if you're one of the owners... it's just luck Smiley

"It will take 1000 years"
Maybe there are 10.000 hackers so .1 year?
Maybe each have 10 computers so .01 year?
Maybe every 12 words found in any sequence on any publicly available web page get stuffed into a rainbow table...

Have fun securing your brain wallet.

FREE MONEY1 Bitcoin for Silver and Gold NewLibertyDollar.com and now BITCOIN SPECIE (silver 1 ozt) shows value by QR
Bulk premiums as low as .0012 BTC "BETTER, MORE COLLECTIBLE, AND CHEAPER THAN SILVER EAGLES" 1Free of Government
DobZombie
Hero Member
*****
Offline Offline

Activity: 756


TheBitcoinMuseum.com


View Profile
November 03, 2013, 04:03:03 AM
 #23

Want a good brain wallet?

-Pick your favourite book
-use the first 3 digits of your birthday to pick a page number ( or 2 digits if you read books with pictures, or graphic novels)
- use all the words down the left hand side.

The Bitcoin Museum is back under my control, but I still need to go through all the code. DO NOT PURCHASE ANYTHING FROM IT

The Biggest Collection of Bitcoin Memorabilia The Bitcoin Museum
Series 2 BitcoinNerd 1g Silver coin thread!
Discount Jewellery! Noella Jean Jewellery



Buy premium Champanges, Spirits & Wines in Australia! My Bitmit Items

Tip Me if you Hate Justin Bieber 1DobZomBiE2gngvy6zDFKY5b76yvDbqRra
TooDumbForBitcoin
Legendary
*
Offline Offline

Activity: 1246


HERO: The Future of Banking in Southeast Asia


View Profile
November 03, 2013, 04:25:23 AM
 #24

Quote
Want a good brain wallet?

-Pick your favourite book
-use the first 3 digits of your birthday to pick a page number ( or 2 digits if you read books with pictures, or graphic novels)
- use all the words down the left hand side.

But what if you get in a car accident 2 years and 2 months from now, and you're taking painkillers, and you leave the book in the car, and you use a false birthday at the hospital to get insurance, and you can no longer tell your left from your right, what then?

What organization will help you?

▄████████████████████▄
██████████████████████
██████  ██████████████
██████  ██████████████
██████  ██████████████
██████  ██      ██████
██████  █  ████  █████
██████   ██████  █████
██████  ███████  █████
██████  ███████  █████
██████████████████████
██████████████████████
▀████████████████████▀
  HERO 
...                                                                                                   ...
                The Future of Banking in Southeast Asia                   
           ■ Website   ■ Whitepaper   ■ Bounties   ■ Join Telegram         
                                                                                                                                                                                                                         
      PRE-SALE       
      starting 20 Nov       
                                                                                                                                           
Stormalong
Newbie
*
Offline Offline

Activity: 19


View Profile
November 03, 2013, 04:30:17 AM
 #25

Maybe any software that supports brain wallets should do a security check.

1. Generate brain wallet
2. Send a tiny amount of bitcoins to that address
3. If the bitcoins haven't been stolen in some period of time (1 hour? 12 hours?) then consider the wallet secure and you can transfer larger amounts to it

"I've stopped measuring Bitcoins value in dollars and just go by how many times I yell JESUS FUCKING CHRIST at my screen." - Tomatocage
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1442



View Profile
November 03, 2013, 12:42:08 PM
 #26

Maybe any software that supports brain wallets should do a security check.

1. Generate brain wallet
2. Send a tiny amount of bitcoins to that address
3. If the bitcoins haven't been stolen in some period of time (1 hour? 12 hours?) then consider the wallet secure and you can transfer larger amounts to it

Plot twist, some bots have a minimum wait time or transaction size before stealing the funds.
Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
November 03, 2013, 04:04:11 PM
 #27

If you try to pick 12 "random" words on your own you will fail. Humans are terrible at randomness.

This is silliness. If you are looking to pick X random words, take a book--for example, a dictionary--open it to any page and point your finger at any spot. Rinse repeat. Not everything has to be protected by a layer of high-tech gidgetry. Plus the process is simple and adds a physical connection where one might be apt to take it more seriously rather than some randomly generated gibberish on the screen. It also means it will be more memorable.

Plot twist, some bots have a minimum wait time or transaction size before stealing the funds.

Well if they didn't before, they do now. Tongue

dserrano5
Legendary
*
Offline Offline

Activity: 1848



View Profile
November 03, 2013, 04:25:44 PM
 #28

This is silliness. If you are looking to pick X random words, take a book--for example, a dictionary--open it to any page

You're specially unlikely to open it on page 1. The book's binding will make it more probable to open it on specific pages. All that reduces entropy.

Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
November 03, 2013, 05:10:26 PM
 #29

You're specially unlikely to open it on page 1. The book's binding will make it more probable to open it on specific pages. All that reduces entropy.

Yes, I could have made the corollary referencing this nonsense, but alas.

joeyjoe
Full Member
***
Offline Offline

Activity: 224


View Profile
November 03, 2013, 07:16:57 PM
 #30

Or.. you know, don't use brain wallets. Create one locally and encrypt it with true crypt.

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
p2pbucks
Hero Member
*****
Offline Offline

Activity: 650


Evolution is the only way to survive


View Profile WWW
November 04, 2013, 12:08:11 AM
 #31

i'v learned a lot ! Thanks for sharing this info  Grin
Korporal
Full Member
***
Offline Offline

Activity: 224



View Profile WWW
November 04, 2013, 12:24:03 AM
 #32

Or.. you know, don't use brain wallets. Create one locally and encrypt it with true crypt.

This ^^^
zumzero
Hero Member
*****
Offline Offline

Activity: 602


myBitcoin.Garden


View Profile WWW
November 23, 2013, 11:56:04 AM
 #33

So is it safe for me to create a wallet using the bitaddress.org brain wallet creator provided I use enough random numbers and letters?

I don't intend to remember the passphrase and I will not make a record of it.  I am only interested in the public address and corresponding private key using this method of generation.

I intend to boot a brand new laptop using Ubuntu from a new storage card/pen drive and then accessing the bitaddress'org zip files from a second storage card.

The laptop will never connect to the internet or bluetooth and the pen drive/storage cards will never connect to the internet after first loading them with the operating system and zip files.


https://mybitcoin.garden
Bitcoin game where you can earn up to 220% on each planted garden!
zumzero
Hero Member
*****
Offline Offline

Activity: 602


myBitcoin.Garden


View Profile WWW
November 23, 2013, 12:19:12 PM
 #34

So is it safe for me to create a wallet using the bitaddress.org brain wallet creator provided I use enough random numbers and letters?

I don't intend to remember the passphrase as I will not make a record of it.  I am only interested in the public address and corresponding private key using this method of generation.

I intend to boot a brand new laptop using Ubuntu from a new storage card/pen drive and then accessing the bitaddress'org zip files from a second storage card.

The laptop will never connect to the internet or bluetooth and the pen drive/storage cards will never connect to the internet after first loading them with the operating system and zip files.



I would use Armory to create a wallet on the offline computer and then back up the armory keys for the wallet.  then create a watch-only wallet for your live computer.  I always test out restoring the wallet from scratch before I put funds into it.  then you just need the offline computer to sign outgoing transactions.

Thanks.  I will start to look into Armory.  I understand a new version is due very soon and what your saying sounds similar to a discussion on Letstalkbitcoin! I heard recently.

My current plan is to create ten wallets and duplicate each three times using metal stamps onto brass strips.  Each strip of brass will hold a public address on one side and a private key on the other and will be cut into three pieces.

I will spread the pieces of brass across three locations to ensure that a visit to any two of the three locations will allow for retrieval of all ten wallets.

It was my intention to never use this new laptop again and possibly even destroy it and the pen drives/ storage cards after I have generated all the wallets I need.  Overkill?

The wallets are for long term storage and I was going to 'watch' them using a phone app.

 

https://mybitcoin.garden
Bitcoin game where you can earn up to 220% on each planted garden!
Topazan
Sr. Member
****
Offline Offline

Activity: 354


View Profile
November 23, 2013, 01:47:29 PM
 #35

A number of people mentioned recursive hashing.  I was wondering about that.  Is there really any point to it?  Sure, it adds entropy, but why not just add the entropy to the key directly?  Instead of hashing the key ten thousand times, why not why not add an extra random word or two?  In both cases, the attacker will have to do tons of extra hashing, but in the latter case you won't.

Save the last bitcoin for me!
Topazan
Sr. Member
****
Offline Offline

Activity: 354


View Profile
November 23, 2013, 02:07:39 PM
 #36

A number of people mentioned recursive hashing.  I was wondering about that.  Is there really any point to it?  Sure, it adds entropy, but why not just add the entropy to the key directly?  Instead of hashing the key ten thousand times, why not why not add an extra random word or two?  In both cases, the attacker will have to do tons of extra hashing, but in the latter case you won't.


You can also do multiple rounds.  You can make a brain wallet, hash it with sha512, then hash the result with sha256 (maybe multiple rounds).  If you know what you are doing and remember all that it should fine.  For new users just do the Armory thing and back up the wallet keys.
Yeah, but what's the point?  I get it that the idea is to increase the amount of information an attacker will have to guess in order to compromise the key, but adding more words to the key has the same effect, doesn't it?

It reminds me of that correct horse battery staple thing.  Adding a complicated hashing algorithm will make it more difficult for you to access your coins when you want to, and it won't necessarily be more secure than simply adding more to your key would be.

Save the last bitcoin for me!
flatfly
Legendary
*
Offline Offline

Activity: 1008


View Profile
November 23, 2013, 02:41:45 PM
 #37

A number of people mentioned recursive hashing.  I was wondering about that.  Is there really any point to it?  Sure, it adds entropy, but why not just add the entropy to the key directly?  Instead of hashing the key ten thousand times, why not why not add an extra random word or two?  In both cases, the attacker will have to do tons of extra hashing, but in the latter case you won't.


You can also do multiple rounds.  You can make a brain wallet, hash it with sha512, then hash the result with sha256 (maybe multiple rounds).  If you know what you are doing and remember all that it should fine.  For new users just do the Armory thing and back up the wallet keys.
Yeah, but what's the point?  I get it that the idea is to increase the amount of information an attacker will have to guess in order to compromise the key, but adding more words to the key has the same effect, doesn't it?

It reminds me of that correct horse battery staple thing.  Adding a complicated hashing algorithm will make it more difficult for you to access your coins when you want to, and it won't necessarily be more secure than simply adding more to your key would be.

Indeed. There's a nice thread about this exact topic on the Agilebits forum. I'll see if I can find the link again.  
As long as you have enough entropy in your passphrase (in a provable way), you will be just fine. Speaking about this, you may want to check out NoBrainr, which is our simple command-line tool based on this principle.

It generates bruteforce-resistant addresses perfect for cold storage and brainwallets, using an easy-to-remember xkcd/diceware-style passphrase. Example:

Code:
1MbmMGrtkahbjYNfLmsbKuGFByuKvAyxnC == gun thyme nose cubic almost relish fed

This has 90.47 bits of entropy, which is more than strong enough to protect against passphrase bruteforcing, if you do the math. It may look like a bold statement to the untrained eye, but I, for one, feel be perfectly safe and happy to store up to 5000 BTC with such a passphrase.

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
dserrano5
Legendary
*
Offline Offline

Activity: 1848



View Profile
November 23, 2013, 06:51:11 PM
 #38

verySTRONGpasswordWOULDbeLIKEthisONEwithYOURpetNAMEappendedTOit

That password just sucks.

vqp
Jr. Member
*
Offline Offline

Activity: 57


View Profile
November 23, 2013, 07:04:24 PM
 #39

I'm not a fan of brainwallets for myself (I have a lousy memory and also I could die at any moment )
I ended up using bitaddress random generation, BIT38 and print.
But returning to brainwallets:  What about using 12 words from dictionary and one word that makes sense for you (like DeathAndTaxesRules ) but is not any dictionary
vqp
Jr. Member
*
Offline Offline

Activity: 57


View Profile
November 23, 2013, 07:10:21 PM
 #40

Quote
Code:
1MbmMGrtkahbjYNfLmsbKuGFByuKvAyxnC == gun thyme nose cubic almost relish fed

This has 90.47 bits of entropy, which is more than strong enough to protect against passphrase bruteforcing, if you do the math. It may look like a bold statement to the untrained eye, but I, for one, feel be perfectly safe and happy to store up to 5000 BTC with such a passphrase.

What about adding a non-dictionary word like your your screen name in some forum, your email address, nospaced phrases like "tooyoungtodie", you can even remember them more easily than "thyme" and "relish"
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!