Bitcoin Forum
November 18, 2024, 02:57:28 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: Brutforcing a wallet  (Read 8213 times)
flatfly
Legendary
*
Offline Offline

Activity: 1092
Merit: 1016

760930


View Profile
January 26, 2014, 12:08:13 PM
 #41

flatfly: I have reviewed NoBrainr and I thing you do not need any of these sophisticated tools to crack addresses created by it.
Actually, a simple programmable calculator is enough.

Let me grab all cold wallets ever created with NoBrainr, and come back to this thread ;-)

I'm not convinced about your uber hax0r skills but you sure are entertaining Wink

Of course, if you post a proof (other than a funny/shaky/blurry video), I'll review my statement Smiley

There is no proof needed:

Nobrainr:
Wordlist Length: 7776
Number of Random Words: 7
Size of Search Space: 7776^7 = 1.71 * 1027
Maximum Possible Search Space: 2256 = 1.15 * 1077
Result: Searchspace is Reduced to this percentage: 1.484618518476838608918817891513466139612896777*10-50
Analogon: This means like I can hide a 10 dollar bill anywhere in the universe, but by accident I have hidden it somewhere in your house.

I am starting right away, in the hope that anyone has a 1000 BTC cold wallet out there just waiting for me.

This is all well known. (Full discussion in the NoBrainr thread)

It must be a hell of a programmable calculator you have if it can crack that. I want the same one Smiley

Also I'd love to try out what you're smoking.

(No offense meant, I was also young and naive not so long ago)
odolvlobo
Legendary
*
Offline Offline

Activity: 4508
Merit: 3419



View Profile
January 26, 2014, 05:13:51 PM
 #42

You have demonstrated that random.randrange() can be an extremely poor entropy generator. I hope that no real bitcoin address generator uses that function to generate addresses, though I guess it is possible that someone might use it.
hmmm.... for starters, randrange() is not a generator.
also, many wallets and tools use that function. One simple example is NoBrainr:
https://bitcointalk.org/index.php?topic=308972.0
I would like to challenge you to "crack" any key generated by it...

You are right. I was being sloppy. The problem is not with random.randrange() specifically, but how it might be used. For example, this is an extremely poor way to generate addresses:


key <- SHA-256(random.randrange(0, 232-1, 1))

I'm guessing that this is similar to how the OP generated the addresses that he could easily crack.

Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
odolvlobo
Legendary
*
Offline Offline

Activity: 4508
Merit: 3419



View Profile
January 26, 2014, 05:23:03 PM
 #43

There is no proof needed:
Nobrainr:
Wordlist Length: 7776
Number of Random Words: 7
Size of Search Space: 7776^7 = 1.71 * 1027
Maximum Possible Search Space: 2256 = 1.15 * 1077
Result: Searchspace is Reduced to this percentage: 1.484618518476838608918817891513466139612896777*10-50
Analogon: This means like I can hide a 10 dollar bill anywhere in the universe, but by accident I have hidden it somewhere in your house.

I am starting right away, in the hope that anyone has a 1000 BTC cold wallet out there just waiting for me.

Before you start, at least try to figure out how successful you might be: If you can check 1 trillion addresses per second (1012), then it will take you only 1015 seconds (32 million years) to go through the entire space.

Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
prezbo
Sr. Member
****
Offline Offline

Activity: 430
Merit: 250


View Profile
January 26, 2014, 06:23:56 PM
 #44

Before you start, at least try to figure out how successful you might be: If you can check 1 trillion addresses per second (1012), then it will take you only 1015 seconds (32 million years) to go through the entire space.
No no no, don't you dare bring logic into this!
Remember remember the 5th of November
Legendary
*
Offline Offline

Activity: 1862
Merit: 1011

Reverse engineer from time to time


View Profile
January 26, 2014, 07:55:07 PM
 #45

Well, the "laws of the universe" know time dilletation right?
You could cause a computer, which is accellerated to near light speed, to bruteforce for 100.000.000.000 years (your picture states that power consumption is negligable)  while here on earth only a few seconds pass by. This is Einstein's "laws of the universe".  Grin

You'd have to do the math but even if 100 billion years pass in a few seconds how many seconds would it take to count to 2^256. Probably a incomprehensible amount of seconds.
Well, bruteforcing one address in 100 billion years might be possible, in fact you may even be able to bruteforce a few more than that.

Might want to rethink that...

115792089237316195423570985008687907853269984665640564039457584007913129639936 addresses

and

3155760000000000000ish seconds in 100000000000 years. I'll let you figure up the rest of the math.
You are thinking counting in terms of now, you don't know the technology we'd have in 100-200 years let alone 100 billion.

BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1138

All paid signature campaigns should be banned.


View Profile WWW
January 29, 2014, 09:13:22 AM
 #46

Dear Threadstarter...

Do not believe these disbelievers, nor believe all these eye catching "all addresses are safe" posters.
Just take a look at my video (http://www.youtube.com/watch?v=TC43aOdsf4g&hd=1) where I actually crack a private key live on camera.

All transactions in this video are performed on the real block chain, and can be verified on blockchain.info.

Have fun watching.

First off how do we know you entropy was not something like 1 and the cracker just generated that character first. This shows no flaw, it shows nothing. You took a public key from an unknown entropy and got the private key. You didn't brute force any private key. Until you brute force my private key, this video is invalid.

Lol, if the entropy was 1 we would have only two different addresses generated. But the random address generator was generating dozens of different addresses. More precisely, the entropy came from pythons "random.randrange()".
Actually, now I know that you are just trolling as you seem to ignore everything that I try to explain. You said it is not possible to crack any private_key ... but I have just cracked a private key in seconds. A private key of a legit bitcoin address verified on blockchain.info. So your statement is clearly not true.

You are not cracking anything stop saying it cause you are trolling, you trying to spread FUD, but what you did was just take advantage of poorly created addresses. "random.randrange()" isn't used in any wallet system that I know of it, so this isn't a problem.

What I am actually taking advantage of are "weak" addresses. They are not the same as poorly created addresses. Weak addresses may come from any entropy source - i could (if I had the time to) generate weak adresses using "/dev/urandom" and they would be still crackable easily.
It does not depend on the entropy, in fact it all depends on the distance to a rendezvous point.
See:

https://bitcointalk.org/index.php?topic=437220.msg4813821#msg4813821

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
jubalix
Legendary
*
Offline Offline

Activity: 2646
Merit: 1023


View Profile WWW
February 07, 2014, 01:06:39 PM
 #47

how do you locate Rendezvous addresses?

Admitted Practicing Lawyer::BTC/Crypto Specialist. B.Engineering/B.Laws

https://www.binance.com/?ref=10062065
BitEscrow
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
February 08, 2014, 04:48:34 AM
 #48

This whole concept is really, really, flawed. Every single key and wallet ever made can be found at directory.io If you know how to brute force theres your weakness.
itod
Legendary
*
Offline Offline

Activity: 1974
Merit: 1077


^ Will code for Bitcoins


View Profile
February 08, 2014, 09:18:07 AM
 #49

This whole concept is really, really, flawed. Every single key and wallet ever made can be found at directory.io If you know how to brute force theres your weakness.

Let me give you a hint how to avoid being laughed to in public: Think for a few seconds before you post. If you tried that before you posted this above you would notice there's 121 byte of data in every line on that page that looks like this:
Quote
5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAbuatmU 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a 1Q1pE5vPGEEMqRcVRMbtBK842Y6Pzo6nK9
Also you would notice that there are 128 lines per page. The site claims there are 904625697166532776746648320380374280100293470930272690489102837043110636675 such pages in their database. If you multiplied these three numbers you would get:
https://www.google.rs/search?q=121+*+128+*+904625697166532776746648320380374280100293470930272690489102837043110636675
That's the number starting with 1 and having 79 trailing digits after that. You would immediately realize that mankind would never have database that big and that something must be wrong with your thinking, and you would not post!

Alas, that would have the consequence we would not laugh, which is bad for us, but good for you.
Mivexil
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
February 08, 2014, 10:30:51 AM
 #50

This whole concept is really, really, flawed. Every single key and wallet ever made can be found at directory.io If you know how to brute force theres your weakness.

If you know how to launch the Earth away from your PC at near-light-speed velocity, then maybe, maybe. But let's just say, you'd need a very big catapult Cheesy

Also, @itod, I think this site generates the addresses per request. That would make it somewhat plausible.
itod
Legendary
*
Offline Offline

Activity: 1974
Merit: 1077


^ Will code for Bitcoins


View Profile
February 09, 2014, 01:28:46 AM
 #51

Also, @itod, I think this site generates the addresses per request. That would make it somewhat plausible.

Of course, serves the next 128 keys no matter what page number you type in URL, you can check. A joke.
fran2k
Hero Member
*****
Offline Offline

Activity: 784
Merit: 500


View Profile WWW
August 01, 2014, 12:29:10 AM
 #52

It is not hard to find a wallet(the bitcoin address) with enormous amount of money in it.

Its not hard to find a network with enormous amount of hashing power(any pool).

So my question is; How safe is it realy? How long time would it take for a big pool to break a singel address and can it be done?

Pretty much impossible. It would take many many lifetimes over. Don't believe me try it! https://en.bitcoin.it/wiki/Vanitygen

Here I tried to brute force this address https://blockchain.info/address/1FfmbHfnpaZjKFvyi1okTjJJusN455paPH better known as DPR's coins.


Epic. 7.2E23 years.
gweedo
Legendary
*
Offline Offline

Activity: 1498
Merit: 1000


View Profile
August 01, 2014, 12:32:46 AM
 #53

It is not hard to find a wallet(the bitcoin address) with enormous amount of money in it.

Its not hard to find a network with enormous amount of hashing power(any pool).

So my question is; How safe is it realy? How long time would it take for a big pool to break a singel address and can it be done?

Pretty much impossible. It would take many many lifetimes over. Don't believe me try it! https://en.bitcoin.it/wiki/Vanitygen

Here I tried to brute force this address https://blockchain.info/address/1FfmbHfnpaZjKFvyi1okTjJJusN455paPH better known as DPR's coins.


Epic. 7.2E23 years.

Yep it proving the that the laws of the universe are in line with bitcoin!
Razick
Legendary
*
Offline Offline

Activity: 1330
Merit: 1003


View Profile
August 07, 2014, 03:58:39 AM
 #54

It is not hard to find a wallet(the bitcoin address) with enormous amount of money in it.

Its not hard to find a network with enormous amount of hashing power(any pool).

So my question is; How safe is it realy? How long time would it take for a big pool to break a singel address and can it be done?

There are so many different possible addresses that for all practical purposes it would be impossible.

ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
Poker Tilt
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
August 07, 2014, 05:27:47 AM
 #55

It is not hard to find a wallet(the bitcoin address) with enormous amount of money in it.

Its not hard to find a network with enormous amount of hashing power(any pool).

So my question is; How safe is it realy? How long time would it take for a big pool to break a singel address and can it be done?

There are so many different possible addresses that for all practical purposes it would be impossible.
agreee anything will bee possible for hacker .
but nor for address wallet .
btcsup
Member
**
Offline Offline

Activity: 93
Merit: 10


View Profile
August 07, 2014, 05:32:07 AM
 #56

If it was that easy to hack a wallet private keys,
we would for sure heard this long before your post. Grin


Free SIGNs giving everyday. Be part, don't miss!. SrmjM2Q8BK8S92TmLP7V3j3YNVJSY3KZ6G
bigasic
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1000



View Profile
August 07, 2014, 09:52:16 PM
 #57

I was messing with the program where you put in a passphrase and it will make a bitcoin address. I actually found two that were used. one passphrase was satasi nakamoto and I cant remember the other one but it was an easy on too. Found that kind of interesting..
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1138

All paid signature campaigns should be banned.


View Profile WWW
August 07, 2014, 10:43:45 PM
 #58

I was messing with the program where you put in a passphrase and it will make a bitcoin address. I actually found two that were used. one passphrase was satasi nakamoto and I cant remember the other one but it was an easy on too. Found that kind of interesting..
Generally, creating a private key from a passphrase is a very bad idea.  Private keys should be created from a cryptographically secure random number generator.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
Razick
Legendary
*
Offline Offline

Activity: 1330
Merit: 1003


View Profile
August 08, 2014, 10:15:17 PM
 #59

You can't just access a wallet if you know it's address. You need to know the private keys, which are private.

Once you have even one single outgoing transaction, your public key is NOT private.

Right, the public key is never supposed to be private. The person you quoted is referring to private keys.

ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
Razick
Legendary
*
Offline Offline

Activity: 1330
Merit: 1003


View Profile
August 08, 2014, 10:18:03 PM
 #60

I was messing with the program where you put in a passphrase and it will make a bitcoin address. I actually found two that were used. one passphrase was satasi nakamoto and I cant remember the other one but it was an easy on too. Found that kind of interesting..
Generally, creating a private key from a passphrase is a very bad idea.  Private keys should be created from a cryptographically secure random number generator.

If you use a password that is either very long or created from a cryptographically secure source it should be fine, right? The chance of you brute forcing Ia*1a&5vR9NltU*$Ofl2 is extremely slim. If you can memorize it, the reduced risk of loss probably makes up for the reduction in security, which, while exponential, is still slight for practical purposes.

ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!