I have pasted my wallet.dat base64-encoded, crack it and the contents are yours

[Gareth Nelson]

Oh, if you crack the correct one i'll send 1BTC to the address in the wallet

[1714963758]

1714963758

[1714963758]

1714963758

[1714963758]

1714963758

[sveetsnelda]

*That* looks better.  Now let's take a look... 

You have the plaintext, don't do the obvious to crack it

Oh.  For some reason I was thinking that he posted a 2nd one (like the first one was just a teaser).

[sveetsnelda]

Oh, if you crack the correct one i'll send 1BTC to the address in the wallet

Are they two separate wallets, then?

[Gareth Nelson]

Oh, if you crack the correct one i'll send 1BTC to the address in the wallet

Are they two separate wallets, then?

No, hence my request that you not do the obvious to crack it.
Tell me how to crack it without having the plaintext and i'll send you 1BTC.

[fcmatt]

I think I am a bit confused now.

The first was simply based64 encoded. The person who won decoded it and earned the btc.

Now you have a second file which when decoded is obviously not a wallet.dat file straight away.

Is this the same wallet.dat file but encrypted with a one time pad using urandom?

[sveetsnelda]

Well...  If urandom was used, it's certainly possible to crack (especially since the header of the file is the same between wallets).  That'd give you some possibilities of where the seed started.  However, it seems that different versions of Unix/Linux/BSD have different implementations of pseudo-random number generation.  We could go through them all, I guess...

[fcmatt]

Well...  If urandom was used, it's certainly possible to crack (especially since the header of the file is the same between wallets).  That'd give you some possibilities of where the seed started.  However, it seems that different versions of Unix/Linux/BSD have different implementations of pseudo-random number generation.  We could go through them all, I guess...

I was thinking that also. Freebsd does not even have urandom.. it just:

> ls -al /dev/ | grep ran
crw-rw-rw-   1 root     wheel       0,  11 Sep  8  2009 random
lrwxr-xr-x   1 root     wheel            6 Sep  8  2009 urandom -> random

[Gareth Nelson]

Well...  If urandom was used, it's certainly possible to crack (especially since the header of the file is the same between wallets).  That'd give you some possibilities of where the seed started.  However, it seems that different versions of Unix/Linux/BSD have different implementations of pseudo-random number generation.  We could go through them all, I guess...

To win the bounty you must present an algorithm.
The kernel version: 2.6.32-5

[Gareth Nelson]

By the way, after this one is cracked the next bounty will be 10BTC for one encrypted using the REAL entropy source.

[wolftaur]

Well...  If urandom was used, it's certainly possible to crack (especially since the header of the file is the same between wallets).  That'd give you some possibilities of where the seed started.  However, it seems that different versions of Unix/Linux/BSD have different implementations of pseudo-random number generation.  We could go through them all, I guess...

To win the bounty you must present an algorithm.
The kernel version: 2.6.32-5

And when someone earns the bounty, everyone with the base64-decoded version tries spending the bounty first.

[Gareth Nelson]

Well...  If urandom was used, it's certainly possible to crack (especially since the header of the file is the same between wallets).  That'd give you some possibilities of where the seed started.  However, it seems that different versions of Unix/Linux/BSD have different implementations of pseudo-random number generation.  We could go through them all, I guess...

To win the bounty you must present an algorithm.
The kernel version: 2.6.32-5

And when someone earns the bounty, everyone with the base64-decoded version tries spending the bounty first.

No, because the next bounty will be in a new wallet - only the one who cracks it will get it.
For this one, i'll send the 1BTC when the winner agrees - they can then pay it out themselves to ensure it doesn't get stolen - plus it'll be fun to watch that bit anyway

[fcmatt]

I am sitting here thinking what would he use for the seed value... his bitcoin address? his username?
There must be a clue I am not thinking of in his posts. To sit here and try to brute force it does not
seem like a valid plan of action.

[Gareth Nelson]

I am sitting here thinking what would he use for the seed value... his bitcoin address? his username?
There must be a clue I am not thinking of in his posts. To sit here and try to brute force it does not
seem like a valid plan of action.

What would I use?
I use whatever the hell last went into the kernel entropy pool - and trust me, it's cycled a lot

[Gareth Nelson]

I'll help you all out.
It was somewhere between 128 and 190 bits long.

[wolftaur]

I'll help you all out.
It was somewhere between 128 and 190 bits long.

That's about as useful as the United States Congress.

[Gareth Nelson]

I'll help you all out.
It was somewhere between 128 and 190 bits long.

That's about as useful as the United States Congress.

It's all I know based on how much entropy that box drains.