This message was too old and has been purged

[BurtW]

The only way you are going to get your BTC is to remember or reconstruct the brainwallet phrase and go this direction:

(phrase) -> (private key) -> (public key) -> (Bitcoin address)

By design it is impossible to go the other direction because every step in the reverse process is impossible:

(Bitcoin address) -> (public key) -> (private key) -> (phrase)

(Bitcoin address) -> (public key) have to break through three hashes using two different hashing algorithms

(public key) -> (private key) have to break eliptical curve cryptography

(private key) -> (phrase) would have to break SHA256 again, but this step is not really needed if you have the private key

My suggestion is try to remember every single possible word or phrase she could have or would have maybe used and then go through all combinations of those words and phrases.

[Ritual]

BurtW - you misunderstand me.

I am simply creating billions of addresses with their private keys using Vanitygen. Then checking them against a stored list. I am not trying to go backwards, or break any kind of encryption. I'm just hoping for a match at some point. In my lifetime, preferably.

Point is, I am "reducing" the name space I am searching by specifying:

1) The first 3 chars of the address: 12g
2) The range of addresses I want to match.

It's not much of a reduction, and I'll have to be lottery-winning lucky, but you know what? It runs on my machine 24/7, and it's fine. If it hits, it hits.

What I want is for one of the mathematicians on the forum to explain why EKs approach is any more efficient than mine. As far as I can see, he can only compare a few million keys from a rendezvous point. He can do it very quickly, I grant that, but give me better hardware and I can generate more keys in Vanitygen too

Anyhow, mine is the crudest possible type of attack.

But I still don't see much of a difference between this and EKs. And when you get into the numbers, I'll bet that the advantage he has is microscopically insignificant. Anyone care to calculate it?

Rit./

[BurtW]

Not sure why you are not using vanitygen to filter your results even more for you.  Why only 3 characters?  Why are you not using an exact match on say the first 7 or 8 characters?

As you add more and more characters to your exact match criteria vanitygen will give you some idea of how long you are going to have to wait just to get something with those first characters - let alone a perfect match.  Just keep adding characters and that will give you a feel for how long it is going to be even get a match that is "close", and by "close" I mean a worthless partial match that is not really close and does not get you any closer to finding a match.

You probably know my opinion by now but just in case:  EK's approach will not work.  

I don't think you can generate and check addresses faster than vanitygen on a video card.

I can do some maths after my nap if someone else has not done it.

[FiatKiller]

I feel for you Ritual. I would retire or at least move now if I had 199 BTC.  lol

It's bad policy to ever throw out a harddrive without at least opening it and destroying the platters.

Never thrown one out yet.

[BurtW]

As the designer of cryptographically secured disk drives I can assure you that if you properly configure a TCG or other FDE drive you can just pull it out of your system and toss it.  Your data is safe.

For sure your comment does apply to standard disk drives and even more imporantly devices such as copiers that have unsecured disk drives in them.  Get an old junked copier and pull the disk drive.  Wala!  Thousands of documents to look at.

[piotr_n]

I want is for one of the mathematicians on the forum to explain why EKs approach is any more efficient than mine.

Because he uses (some kind of) math to vastly increase a probability that a number he's trying would be the one he's looking for.
Your approach is just looking blind

[itod]

My missus mined BTC back in early 2010 on her laptop. She got 200 BTC and paid out 1 for something. She had the wallet on a defunct macbook, long since gone to the great landfill in the sky. But she has her address. So...we work from that. I've found her on the Blockchain, and am trying to crack the wallet to get the BTC back. I know 199 seems a small amount, but it's life-changing for us. She did remember <something> about her wallet - she used a brainwallet system, picked a passphrase, and promptly forgot it. She's unsure, but she reckons it was about 8-12 words long, and one of the words was "2,4 Dynitrophenylhydrazone". In other words, she was being a smartarse and trying to show off her vocab and education.

I can guarantee you one thing: you can stop vanitygen efforts, there's no chance you'll ever get any results with it. As somebody pointed out, you may as well search for the whole address with it, just to see how improbable that method is.

On the other hand, you maybe have a chance to recover it because she used a brainwallet. If she once knew the phrase, she
may eventually remember it, so why doesn't she try (don't laugh) hypnosis? I've read that experts can make you recover any memories. It's sure worth a try if the reward is 150.000US$.

[Ritual]

Not laughing. But I don't agree with piotr either.

Sure I may never ever hit. I'm well aware of the size of the namespace.

But I don't see that my efforts to reduce the search space are any less effective than EK's. And that's the whole point here.

I've reduced 31^58 to 29^58, and more, against a certain range of addresses.

He's trying rendezvous points on the curve with VERY NARROW nets on them.

It's exactly the same thing, although his hardware is better than mine.

To whoever asked: I go with 12* because any more than that takes longer to calculate (on my machine) than is worth it. i.e. it takes more than 58 times as long to calculate the third digit, and more than 58 times again the 4th one. I'm not likely to ever hit anyhow, but there you go. "Reasoning" hehe

Seriously, everything that I read about elliptic curves tells me that my approach is every bit as valid. It's a brute force against a narrow sliver of the namespace, as opposed to a rainbow table attack against the whole thing.

Anyone care to analyse? Rather than tell me to give up I mean

Ritual.

[piotr_n]

Ok.
Do you want to take place in competition for a bounty on breaking any of the gmaxwell's addresses?
Maybe we should make like a fund to get it done faster.
Though I'd rather prefer to generate my public keys by myself
Anyway, feel free to steal all my money- let it be my part of the bounty
I do reuse addresses sometimes - just get them from the chain.

[Ritual]

Ok.
Do you want to take place in competition for a bounty on breaking any of the gmaxwell's addresses.
Maybe we should make like a fund to get it done faster.
Though I'd rather prefer to generate my public keys by myself
Anyway, feel free to steal all my money- let it be my part of the bounty
I do reuse addresses sometimes

With all the respect I can grant you for your comment, which is fuck all....

Don't be so fucking ridiculous.

I'm well aware of what I am doing, and I'd bet a banjo to a barndance that I understand the mathematics behind this better than you do.

I wasn't putting myself up for a challenge, you utter utter moron, I was pointing out that ANY attack on the elliptic curve is futile, as long as it centers on isolating a section of the namespace.

Do you understand now? Or should I draw this in fat crayons for you and then post a picture of it? Or is fingerpaint better?

Try READING sometimes. It helps immensely with comprehension. Really.

Rit./

[piotr_n]

Don't get so upset. I didn't mean to offend you.
I only mean that if you cannot show me how you crack actual keys, then don't waste my time.
Please

[Ritual]

If you're mistaking me for the OP, then I forgive you. That only means that you can't read. Not your fault.

If you're under the impression that I am laying down some sort of challenge, then you're stupid. And that is also not your fault. But it means I won't bother with you.

Which is it?

Now before you answer, I'd like you to consider the following: I HAVE NEVER EVER CLAIMED TO HAVE CRACKED A KEY OR FOUND ANY WEAKNESS IN THE CURVE. This is not my thread.

Rit.

[Chimsley]

I am not a math wiz on this but while we are comparing futile efforts to "win the lottery" with bitcoin I am curious if someone can work out this math.

Is it possible to calculate how many addresses in the keyspace will start with a certain prefix. For example the address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a has over 100k bitcoins on it.  If your using vanitygen or some other such tool and generating keys with a target of 1933 how big is that subset of addresses that will begin with that prefix?  Are we talking only 2 lifetimes of the universe instead of 10?

Just curious, this is interesting stuff.

[Phrenico]

BurtW - you misunderstand me.

I am simply creating billions of addresses with their private keys using Vanitygen. Then checking them against a stored list. I am not trying to go backwards, or break any kind of encryption. I'm just hoping for a match at some point. In my lifetime, preferably.

Point is, I am "reducing" the name space I am searching by specifying:

1) The first 3 chars of the address: 12g
2) The range of addresses I want to match.

It's not much of a reduction, and I'll have to be lottery-winning lucky, but you know what? It runs on my machine 24/7, and it's fine. If it hits, it hits.

What I want is for one of the mathematicians on the forum to explain why EKs approach is any more efficient than mine. As far as I can see, he can only compare a few million keys from a rendezvous point. He can do it very quickly, I grant that, but give me better hardware and I can generate more keys in Vanitygen too

Anyhow, mine is the crudest possible type of attack.

But I still don't see much of a difference between this and EKs. And when you get into the numbers, I'll bet that the advantage he has is microscopically insignificant. Anyone care to calculate it?

Rit./

Vanitygen just generates private keys randomly, which are converted deterministically to pub keys and addresses. Unless those hashes and ECC were broken, you're not reducing your search space by specifying that you want Vanitygen to store the addresses that start with 1xyzabc. In other words, there's no way to tell Vanitygen to "only make priv keys that get you addresses near 1xyzabc...".

Unfortunately for your wife, yours is just a brute-force method. Definitely ask her to tell you every possible number, phrase, and character that she may have used for her brain wallet. There's no other way about it.

I am not a math wiz on this but while we are comparing futile efforts to "win the lottery" with bitcoin I am curious if someone can work out this math.

Is it possible to calculate how many addresses in the keyspace will start with a certain prefix. For example the address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a has over 100k bitcoins on it.  If your using vanitygen or some other such tool and generating keys with a target of 1933 how big is that subset of addresses that will begin with that prefix?  Are we talking only 2 lifetimes of the universe instead of 10?

Just curious, this is interesting stuff.

You're misunderstanding Vanitygen in the same way that Rit is. There's no way of knowing which private key will get you address that starts with a preordained string of characters.

For example, observe how different the addresses are even of very closely related private keys in this list:

http://www.directory.io/

That's the point of the cryptography; you get no information about where to look for the private key if you're only given the address.

[Phrenico]

I am not a math wiz on this but while we are comparing futile efforts to "win the lottery" with bitcoin I am curious if someone can work out this math.

Is it possible to calculate how many addresses in the keyspace will start with a certain prefix.

To answer your question more directly, it is certainly possible to calculate how many addresses start with a certain prefix. That's just 2^(160-x) where x is the length of the prefix.

The problem is there's no way of knowing which private keys get you that prefix, so you're no better off.

[weedoge]

I think the connection stability could use some tweaking.

At the moment, if I go offline for 30 seconds I drop to 90%, and 20 minuten later i'm back up to 100%. It's more accurate if it is correctly balanced over the last 24 hours to get a nice 99.99% stability.

You talking about the server for the rendezvous point thing?

The new c++ script queues them instead of chucking them away when they can't be sent.

[BurtW]

Maybe understanding exactly how vanitygen works will clear up some confusion:

Use vanitygen to search for the Bitcoin address

1) Create a totally random private key over the entire private key space (random Key_private)
2) Calculate the public key from the private key (ECC Key_public = Key_private * G)
3) Calculate the Bitcoin address (Address = Encode(HASH(HASH(HASH(Key_public)))))
4) Compare the randomly generated Bitcoin address to the regular expression given to vanitygen when you started it
5) If this randomly generated Bitcoin address matches the pattern then print and quit (or continue, depending on flags)
6) Go to 1)

So now maybe you can understand why setting your search pattern to only two or three characters and then doing the rest of the comparison yourself is not better (and is probably slower) than just setting vanitygen to do more or all of the pattern match.

Vanitygen generates one key pair at a time, calculates the Bitcoin address, then compares it to the pattern.  It does not magically generate only the Bitcoin addresses that match your pattern.  That is why the longer your pattern the more time it takes to find one.

Sorry if you already knew this.  Others might not have.

[BurtW]

Ritual,  Now I have a question for you:

Please give me the transaction id of the transaction where you spent the 1 BTC from your long lost BTC stash.

[User705]

Can I ask one of you mathematical guys to tell me what is the difference in what EK is doing, as opposed to what I am doing atm.

A little background:

My missus mined BTC back in early 2010 on her laptop. She got 200 BTC and paid out 1 for something. She had the wallet on a defunct macbook, long since gone to the great landfill in the sky. But she has her address. So...we work from that. I've found her on the Blockchain, and am trying to crack the wallet to get the BTC back. I know 199 seems a small amount, but it's life-changing for us. She did remember <something> about her wallet - she used a brainwallet system, picked a passphrase, and promptly forgot it. She's unsure, but she reckons it was about 8-12 words long, and one of the words was "2,4 Dynitrophenylhydrazone". In other words, she was being a smartarse and trying to show off her vocab and education.

So I've run a dictionary attack (cobbled together from many different sources) against it for about 6 months now, with no success.

Recently I've adopted a different approach, which I am running in parallel.

Her address starts with "12g". I have been using Vanitygen64 to generate keys at approx 25000 per sec with this pattern. This then compares against her (our) key to see if it fits. It's been running for several weeks now with no result (I won't lie, I've also picked a few other interesting, apparently dead addresses starting with 12g to attack in the meantime - the compare time is negligible). The range of "interesting" keys is approx 1500.

So, to multiply 1500 by 25000, we get 37500000. Every second.

Looking at the size of the name space, this is irrelevantly small. I can probably expect a result shortly after the sun puts on it's snowhat, but nevertheless, I want that damn wallet.

Can someone knowledgeable please answer this question:

Is what I am doing any less efficient than EKs method? I think not. I'm reducing the namespace (in theory) by a factor of 58^2. But this is not enough to make a difference. I might be here all yea, I might hit it tomorrow.

The man obviously has serious mathematical knowledge, but in the case of trying to crack an elliptic curve, is it actually any use? And I have about the same odds to hit I reckon?

Thanks,

Rit./

Not sure why you felt it smart to post part of your brainwallet and now if you post your address there will be quite a few people trying to crack it although you won't see any of it.  Anyways if you search the forums there was a somewhat reliable guy that can help you crack your brainwallet.

[BurtW]

If you are worried about it do not post the transaction or address involved.