Patel (OP)
Legendary
Offline
Activity: 1321
Merit: 1007
|
|
November 01, 2013, 09:05:37 PM |
|
I have been experimenting in alot of different ways to store my bitcoins.
I have found a good way, but just for kicks I wanted to see how fast easy brainwallets would be taken
It took about 10 seconds from time of broadcast for the bitcoins to be transferred
Crazy
|
|
|
|
Dougie
Full Member
Offline
Activity: 211
Merit: 100
You are not special.
|
|
November 01, 2013, 09:08:19 PM |
|
People have scripts set up to claim bitcoins sent using common public keys I think. That's how so many people had money stolen due to the android random number problem.
|
Lurking since 2011... 1J4DhU3q6RxxCTfAAcg5ExVK6FfxkmzkTH
|
|
|
|
Unluckyduck
|
|
November 02, 2013, 12:20:40 AM |
|
Wow, didn't realise people camped out waiting for this.
|
|
|
|
balanghai
|
|
November 02, 2013, 12:32:55 AM |
|
so could there be a possible collision?
|
|
|
|
adamstgBit
Legendary
Offline
Activity: 1904
Merit: 1037
Trusted Bitcoiner
|
|
November 02, 2013, 01:39:54 AM |
|
so could there be a possible collision? If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance. You need to create the private keys randomly and not from a password. In other words, no brain wallets. people can run large supercomputers and check passwords all day long so don't even try it. the best way to go is use a deterministic wallet like armory or electrum. that was you have one long key you have to save and back up. Then all your addresses are created from that. you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no?
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
November 02, 2013, 01:45:27 AM |
|
so could there be a possible collision? If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance. You need to create the private keys randomly and not from a password. In other words, no brain wallets. people can run large supercomputers and check passwords all day long so don't even try it. the best way to go is use a deterministic wallet like armory or electrum. that was you have one long key you have to save and back up. Then all your addresses are created from that. surely Electrum is working. it seems 12 random words is enough to securely create a master key.
|
|
|
|
Phinnaeus Gage
Legendary
Offline
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
|
|
November 02, 2013, 01:47:01 AM |
|
so could there be a possible collision? If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance. You need to create the private keys randomly and not from a password. In other words, no brain wallets. people can run large supercomputers and check passwords all day long so don't even try it. the best way to go is use a deterministic wallet like armory or electrum. that was you have one long key you have to save and back up. Then all your addresses are created from that. you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no? Actually, I like that password. If nobody is using it, can I have it?
|
|
|
|
User705
Legendary
Offline
Activity: 896
Merit: 1006
First 100% Liquid Stablecoin Backed by Gold
|
|
November 02, 2013, 01:52:27 AM |
|
so could there be a possible collision? If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance. You need to create the private keys randomly and not from a password. In other words, no brain wallets. people can run large supercomputers and check passwords all day long so don't even try it. the best way to go is use a deterministic wallet like armory or electrum. that was you have one long key you have to save and back up. Then all your addresses are created from that. you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no? I'm no expert but that seems woefully short.
|
|
|
|
joeyjoe
|
|
November 02, 2013, 02:08:38 AM |
|
1000+ years to guess at 20,000,000 guesses per second
|
Bitcoin PHP programmer for hire! (HTML / CSS / JQuery / AJAX / .NET).
|
|
|
Jabbatheslutt
|
|
November 02, 2013, 02:49:35 AM |
|
Wow. Guess I will use a long phrase with my brainwallets if i ever make one.
|
|
|
|
luv2drnkbr
|
|
November 02, 2013, 06:23:33 AM |
|
so could there be a possible collision? If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance. You need to create the private keys randomly and not from a password. In other words, no brain wallets. people can run large supercomputers and check passwords all day long so don't even try it. the best way to go is use a deterministic wallet like armory or electrum. that was you have one long key you have to save and back up. Then all your addresses are created from that. you really need a very strong password something like "1bH7Dt62Hu82" should be good enough no? Actually, I like that password. If nobody is using it, can I have it? 16GsPwhmfrTLEqp9kVbtMXEuHztCsbYL19 Sure, there it is! Also, KeePass has a nice plugin called "readable passphrase generator" that spits out things like "that repentant bragger wondered the stunted one sorely will dignify amidst the cloaked tackle" and "Capetown announced her 241 softest emissions stackly might unhinge via the cruel intruder" Now I don't know how much entropy those have, since they follow speakable format, but it's not nothing, and I think you can actually set it to just randomly spit out words from its dictionary in random non-phrase format. https://readablepassphrase.codeplex.com/
|
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1014
In Satoshi I Trust
|
|
November 02, 2013, 10:29:45 AM |
|
so could there be a possible collision? If you use a password to create a private key it is very easy for computers to generate the private keys and check the balance. You need to create the private keys randomly and not from a password. In other words, no brain wallets. people can run large supercomputers and check passwords all day long so don't even try it. the best way to go is use a deterministic wallet like armory or electrum. that was you have one long key you have to save and back up. Then all your addresses are created from that. surely Electrum is working. it seems 12 random words is enough to securely create a master key. 12 words is a very long and good password in my opinion.
|
|
|
|
Nikinger
|
|
November 02, 2013, 10:33:33 AM |
|
Here are three examples of deep brain wallets: Conclusion: Don't use brain wallets if you don't know about how to choose really secure passwords.
|
1EwKrY5Bn3T47r4tYqSv6mMQkUyu7hZckV
|
|
|
flatfly
Legendary
Offline
Activity: 1092
Merit: 1016
760930
|
|
November 02, 2013, 12:47:15 PM Last edit: November 02, 2013, 01:02:51 PM by flatfly |
|
In practice, 7 words *randomly* (no cherrypicking) chosen from a 7,000 word dictionary is all you need to keep *everyone* (including government and russian hackers) away from your brainwallet. Anything longer is absolute overkill - despite anything you may hear on these forums. Many people are misinformed when it comes to choosing a proper passphrase. All you will get with longer passphrases, in practice, is a higher risk of forgetting them.
It takes literally billions (not just millions) of dollars to have a reasonable chance of cracking such a passphrase.
Please research and understand passphrase entropy if you don't agree with the above statements.
Also give the NoBrainr script a try for a bare-bones way of generating such passphrases securely.
|
|
|
|
gmaxwell
Staff
Legendary
Offline
Activity: 4270
Merit: 8805
|
|
November 02, 2013, 02:08:33 PM |
|
What electrum does is not "12 random words" in the way that you'd produce them. It generates a cryptographically strong 128 bit random number, and using that number selects a unique string from the set of all possible 12 word sequences (using a particular dictionary), there is a 1:1 mapping so each value is equally possible an the value has 128 bits of entropy. It then applies a moderately computationally expensive transformation to convert that 128 bit value into the 256 bit bitcoin keys, so even an attacker who knows part of your electrum seed must do a lot of computation to check it.
If you try to pick 12 "random" words on your own you will fail. Humans are terrible at randomness.
Even most people who think they know how to choose good passwords are incorrect. The common password advice people receive is applicable to security for centralized systems like login passwords, but not Bitcoin key security, as they have entirely different threat models. (e.g. Bitcoin key security for a brain wallet is inherently unsalted: you have to worry about attackers all over the world, over all time, potentially using high speed hardware crackers, and precomputing rainbow tables).
|
|
|
|
Brandon Stuvick
Newbie
Offline
Activity: 4
Merit: 0
|
|
November 02, 2013, 02:52:00 PM Last edit: November 02, 2013, 03:03:18 PM by Brandon Stuvick |
|
Yea, I'm a bit surprised people use brain wallets in such ways.
If the private key is simply the digest of the brain wallet pass phrase, then it's susceptible to rainbow tables. Maybe if you used the number of rounds of sha256 as a sort of salt, but even then I'm not too keen on the idea. You'd have to remember quite a big number to make it reasonably harder on the attacker, which sort of defeats the purpose.
|
|
|
|
TooDumbForBitcoin
Legendary
Offline
Activity: 1638
Merit: 1001
|
|
November 02, 2013, 03:06:12 PM |
|
If you try to pick 12 "random" words on your own you will fail. Humans are terrible at randomness. Here are 12 "words" that I can remember that aren't in any dictionary thingy depribe weenus integrous prollums pompatous dickfor tigger "xxxxxxxx" (my last name, shared by fewer than 100 people worldwide - okay, that's probably on some list) sadistics skullfuck dickstain Most people could come up with their own list - probably less twisted, immature, and pathological - but still their own list. I could arrange my 12 "words" in several ways to make several passphrases, and I would bet all my BTC (I don't have any) on any of them.
|
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
November 02, 2013, 04:41:32 PM |
|
In practice, 7 words *randomly* (no cherrypicking) chosen from a 7,000 word dictionary is all you need to keep *everyone* (including government and russian hackers) away from your brainwallet. Anything longer is absolute overkill - despite anything you may hear on these forums. Many people are misinformed when it comes to choosing a proper passphrase. All you will get with longer passphrases, in practice, is a higher risk of forgetting them.
It takes literally billions (not just millions) of dollars to have a reasonable chance of cracking such a passphrase.
Please research and understand passphrase entropy if you don't agree with the above statements.
Also give the NoBrainr script a try for a bare-bones way of generating such passphrases securely.
In practice many people will not choose words randomly. User error or users not adhering to standards/procedures is the biggest problem in these sorts of things. If it is done correctly each word is about 2^^13 so 7 is about 2^^91 possibilities. There are 2^^160 Bitcoin addresses but there is not a one-to-one relationship between private an public keys. For each public address there is more than one private key that will unlock it once you go through the process at https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses. I saw someone post that the number of private keys you would need is 2^^96 but I could not find that calculation. One address is "unlocked" by ~2^96 private keys ~2^256 possible private keys ~2^160 possible addresses Hence ~2^96 private keys per address
|
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
|
|
|
FanEagle
Legendary
Offline
Activity: 3038
Merit: 1129
|
|
November 02, 2013, 05:09:01 PM |
|
So if would use a sentence like: This passphrase is the most amazing of all times that would be a safe "password" am I right? Now that I said the password go get my money! I'm kidding, I never used that sentence for a brainwallet so I guess there are no bitcoins in it.
|
|
|
|
|