Bitcoin Forum
November 18, 2024, 07:10:36 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: It took 10 seconds for the brainwallet "password1" to be taken  (Read 15326 times)
Patel (OP)
Legendary
*
Offline Offline

Activity: 1320
Merit: 1007



View Profile WWW
November 01, 2013, 09:05:37 PM
 #1

I have been experimenting in alot of different ways to store my bitcoins.

I have found a good way, but just for kicks I wanted to see how fast easy brainwallets would be taken

It took about 10 seconds from time of broadcast for the bitcoins to be transferred

Crazy
Dougie
Full Member
***
Offline Offline

Activity: 211
Merit: 100


You are not special.


View Profile
November 01, 2013, 09:08:19 PM
 #2

People have scripts set up to claim bitcoins sent using common public keys I think. That's how so many people had money stolen due to the android random number problem.

Lurking since 2011...
1J4DhU3q6RxxCTfAAcg5ExVK6FfxkmzkTH
theskillzdatklls
Hero Member
*****
Offline Offline

Activity: 1328
Merit: 563


MintDice.com | TG: t.me/MintDice


View Profile WWW
November 01, 2013, 09:26:33 PM
 #3

that is crazy




.




  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄████████▀▀▀▀███▄
███████▀     ████
███████   ███████
█████        ████
███████   ███████
▀██████   ██████▀
  ▀▀▀▀▀   ▀▀▀▀▀

  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄██▀▀▀▀▀▀▀▀▀▀▀██▄
██    ▄▄▄▄▄ ▀  ██
██   █▀   ▀█   ██
██   █▄   ▄█   ██
██    ▀▀▀▀▀    ██
▀██▄▄▄▄▄▄▄▄▄▄▄██▀
  ▀▀▀▀▀▀▀▀▀▀▀▀▀

            ▄▄▄
█▄▄      ████████▄
 █████▄▄████████▌
▀██████████████▌
  █████████████
  ▀██████████▀
   ▄▄██████▀
    ▀▀▀▀▀

    ██  ██
  ███████████▄
    ██      ▀█
    ██▄▄▄▄▄▄█▀
    ██▀▀▀▀▀▀█▄
    ██      ▄█
  ███████████▀
    ██  ██




               ▄
       ▄  ▄█▄ ▀█▀      ▄
      ▀█▀  ▀   ▄  ▄█▄ ▀█▀
███▄▄▄        ▀█▀  ▀     ▄▄▄███       ▐█▄    ▄█▌   ▐█▌   █▄    ▐█▌   ████████   █████▄     ██    ▄█████▄▄   ▐█████▌
████████▄▄           ▄▄████████       ▐███▄▄███▌   ▐█▌   ███▄  ▐█▌      ██      █▌  ▀██    ██   ▄██▀   ▀▀   ▐█
███████████▄       ▄███████████       ▐█▌▀██▀▐█▌   ▐█▌   ██▀██▄▐█▌      ██      █▌   ▐█▌   ██   ██          ▐█████▌
 ████████████     ████████████        ▐█▌    ▐█▌   ▐█▌   ██  ▀███▌      ██      █▌  ▄██    ██   ▀██▄   ▄▄   ▐█
  ████████████   ████████████         ▐█▌    ▐█▌   ▐█▌   ██    ▀█▌      ██      █████▀     ██    ▀█████▀▀   ▐█████▌
   ▀███████████ ███████████▀
     ▀███████████████████▀
        ▀▀▀█████████▀▀▀
FIND OUT MORE AT MINTDICE.COM
Unluckyduck
Sr. Member
****
Offline Offline

Activity: 359
Merit: 250



View Profile
November 02, 2013, 12:20:40 AM
 #4

Wow, didn't realise people camped out waiting for this.
balanghai
Sr. Member
****
Offline Offline

Activity: 364
Merit: 253


View Profile
November 02, 2013, 12:32:55 AM
 #5

so could there be a possible collision?  Huh
adamstgBit
Legendary
*
Offline Offline

Activity: 1904
Merit: 1037


Trusted Bitcoiner


View Profile WWW
November 02, 2013, 01:39:54 AM
 #6

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no?

cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
November 02, 2013, 01:45:27 AM
 #7

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

surely Electrum is working.  it seems 12 random words is enough to securely create a master key.
Phinnaeus Gage
Legendary
*
Offline Offline

Activity: 1918
Merit: 1570


Bitcoin: An Idea Worth Spending


View Profile WWW
November 02, 2013, 01:47:01 AM
 #8

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no?

Actually, I like that password. If nobody is using it, can I have it?
User705
Legendary
*
Offline Offline

Activity: 896
Merit: 1006


First 100% Liquid Stablecoin Backed by Gold


View Profile
November 02, 2013, 01:52:27 AM
 #9

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no?
I'm no expert but that seems woefully short.

joeyjoe
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
November 02, 2013, 02:08:38 AM
 #10

1000+ years to guess at 20,000,000 guesses per second

Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
Jabbatheslutt
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
November 02, 2013, 02:49:35 AM
 #11

Wow. Guess I will use a long phrase with my brainwallets if i ever make one.
luv2drnkbr
Hero Member
*****
Offline Offline

Activity: 793
Merit: 1026



View Profile
November 02, 2013, 06:23:33 AM
 #12

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no?

Actually, I like that password. If nobody is using it, can I have it?

16GsPwhmfrTLEqp9kVbtMXEuHztCsbYL19

Sure, there it is!

Also, KeePass has a nice plugin called "readable passphrase generator" that spits out things like

"that repentant bragger wondered the stunted one sorely will dignify amidst the cloaked tackle"

and

"Capetown announced her 241 softest emissions stackly might unhinge via the cruel intruder"

Now I don't know how much entropy those have, since they follow speakable format, but it's not nothing, and I think you can actually set it to just randomly spit out words from its dictionary in random non-phrase format.

https://readablepassphrase.codeplex.com/


LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1014


In Satoshi I Trust


View Profile WWW
November 02, 2013, 10:29:45 AM
 #13

so could there be a possible collision?  Huh

If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance.  You need to create the private keys randomly and not from a password.  In other words, no brain wallets.  people can run large supercomputers and check passwords all day long so don't even try it.

the best way to go is use a deterministic wallet like armory or electrum.  that was you have one long key you have to save and back up.  Then all your addresses are created from that.

surely Electrum is working.  it seems 12 random words is enough to securely create a master key.

12 words is a very long and good password in my opinion.

Nikinger
Full Member
***
Offline Offline

Activity: 141
Merit: 100



View Profile
November 02, 2013, 10:33:33 AM
 #14

Here are three examples of deep brain wallets:

PassphraseBitcoin addressTotal volumeComment
bitcoin is awesome14NWDXkQwcGN1Pd9fboL8npVynD5SfyJAE501 BTC500 BTC snatched within 36 seconds back in 2012
You don't win friends with salad!15gCfQVJ68vyUVdb6e3VDU4iTkTC3HtLQ2157.5 BTC3 BTC temporary lost, "How could this have happened...?" thread on Reddit - with happy end
896400912vGMScGWHVDKRBPTJn8i7E9GxYXq8zaz36.5 BTC6.5 BTC drained in 2 seconds one month ago

Conclusion: Don't use brain wallets if you don't know about how to choose really secure passwords.

1EwKrY5Bn3T47r4tYqSv6mMQkUyu7hZckV
flatfly
Legendary
*
Offline Offline

Activity: 1092
Merit: 1016

760930


View Profile
November 02, 2013, 12:47:15 PM
Last edit: November 02, 2013, 01:02:51 PM by flatfly
 #15

In practice, 7 words *randomly* (no cherrypicking) chosen from a 7,000 word dictionary is all you need to keep *everyone* (including government and russian hackers) away from your brainwallet. Anything longer is absolute overkill - despite anything you may hear on these forums. Many people are misinformed when it comes to choosing a proper passphrase. All you will get with longer passphrases, in practice, is a higher risk of forgetting them.

It takes literally billions (not just millions) of dollars to have a reasonable chance of cracking such a passphrase.

Please research and understand passphrase entropy if you don't agree with the above statements.

Also give the NoBrainr script a try for a bare-bones way of generating such passphrases securely.
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 4284
Merit: 8808



View Profile WWW
November 02, 2013, 02:08:33 PM
 #16

What electrum does is not "12 random words" in the way that you'd produce them.  It generates a cryptographically strong 128 bit random number, and using that number selects a unique string from the set of all possible 12 word sequences (using a particular dictionary), there is a 1:1 mapping so each value is equally possible an the value has 128 bits of entropy.  It then applies a moderately computationally expensive transformation to convert that 128 bit value into the 256 bit bitcoin keys, so even an attacker who knows part of your electrum seed must do a lot of computation to check it.

If you try to pick 12 "random" words on your own you will fail. Humans are terrible at randomness.

Even most people who think they know how to choose good passwords are incorrect. The common password advice people receive is applicable to security for centralized systems like login passwords, but not Bitcoin key security, as they have entirely different threat models. (e.g. Bitcoin key security for a brain wallet is inherently unsalted: you have to worry about attackers all over the world, over all time, potentially using high speed hardware crackers, and precomputing rainbow tables).
Brandon Stuvick
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
November 02, 2013, 02:52:00 PM
Last edit: November 02, 2013, 03:03:18 PM by Brandon Stuvick
 #17

Yea, I'm a bit surprised people use brain wallets in such ways.

If the private key is simply the digest of the brain wallet pass phrase, then it's susceptible to rainbow tables. Maybe if you used the number of rounds of sha256 as a sort of salt, but even then I'm not too keen on the idea. You'd have to remember quite a big number to make it reasonably harder on the attacker, which sort of defeats the purpose.
TooDumbForBitcoin
Legendary
*
Offline Offline

Activity: 1638
Merit: 1001



View Profile
November 02, 2013, 03:06:12 PM
 #18

Quote
If you try to pick 12 "random" words on your own you will fail. Humans are terrible at randomness.

Here are 12 "words" that I can remember that aren't in any dictionary

thingy
depribe
weenus
integrous
prollums
pompatous
dickfor
tigger
"xxxxxxxx" (my last name, shared by fewer than 100 people worldwide - okay, that's probably on some list)
sadistics
skullfuck
dickstain

Most people could come up with their own list - probably less twisted, immature, and pathological - but still their own list.

I could arrange my 12 "words" in several ways to make several passphrases, and I would bet all my BTC (I don't have any) on any of them.






▄▄                                  ▄▄
 ███▄                            ▄███
  ██████                      ██████
   ███████                  ███████
    ███████                ███████
     ███████              ███████
      ███████            ███████
       ███████▄▄      ▄▄███████
        ██████████████████████
         ████████████████████
          ██████████████████
           ████████████████
            ██████████████
             ███████████
              █████████
               ███████
                █████
                 ██
                  █
veil|     PRIVACY    
     WITHOUT COMPROMISE.      
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂
|   NO ICO. NO PREMINE. 
   X16RT GPU Mining. Fair distribution.  
|      The first Zerocoin-based Cryptocurrency      
   WITH ALWAYS-ON PRIVACY.  
|



                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌




   ▄███████
   ████████
   ███▀
   ███
██████████
██████████
   ███
   ███
   ███
   ███
   ███
   ███




     ▄▄█▀▀ ▄▄▄▄▄▄▄▄ ▀▀█▄▄
   ▐██▄▄██████████████▄▄██▌
   ████████████████████████
  ▐████████████████████████▌
  ███████▀▀▀██████▀▀▀███████
 ▐██████     ████     ██████▌
 ███████     ████     ███████
▐████████▄▄▄██████▄▄▄████████▌
▐████████████████████████████▌
 █████▄▄▀▀▀▀██████▀▀▀▀▄▄█████
  ▀▀██████          ██████▀▀
      ▀▀▀            ▀▀▀
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1280


May Bitcoin be touched by his Noodly Appendage


View Profile
November 02, 2013, 04:41:32 PM
 #19

In practice, 7 words *randomly* (no cherrypicking) chosen from a 7,000 word dictionary is all you need to keep *everyone* (including government and russian hackers) away from your brainwallet. Anything longer is absolute overkill - despite anything you may hear on these forums. Many people are misinformed when it comes to choosing a proper passphrase. All you will get with longer passphrases, in practice, is a higher risk of forgetting them.

It takes literally billions (not just millions) of dollars to have a reasonable chance of cracking such a passphrase.

Please research and understand passphrase entropy if you don't agree with the above statements.

Also give the NoBrainr script a try for a bare-bones way of generating such passphrases securely.


In practice many people will not choose words randomly.  User error or users not adhering to standards/procedures is the biggest problem in these sorts of things. 

If it is done correctly each word is about 2^^13 so 7 is about 2^^91 possibilities.  There are 2^^160 Bitcoin addresses but there is not a one-to-one relationship between private an public keys.  For each public address there is more than one private key that will unlock it once you go through the process at https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses.  I saw someone post that the number of private keys you would need is 2^^96 but I could not find that calculation. 
One address is "unlocked" by ~2^96 private keys

~2^256 possible private keys
~2^160 possible addresses
Hence ~2^96 private keys per address

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
FanEagle
Legendary
*
Offline Offline

Activity: 3052
Merit: 1129


View Profile
November 02, 2013, 05:09:01 PM
 #20

So if  would use a sentence like:
This passphrase is the most amazing of all times
that would be a safe "password" am I right?
Now that I said the password go get my money! I'm kidding, I never used that sentence for a brainwallet so I guess there are no bitcoins in it.
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!