Danydee
Legendary
 Offline
Activity: 2576
Merit: 1248
#SWGT CERTIK Audited
|
 |
November 08, 2021, 10:21:15 PM
Last edit: November 08, 2021, 10:56:39 PM by Danydee |
|
 It makes think to a puzzle ! ( ozono ) z <=> n (N) |
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
mynonce
|
|
November 11, 2021, 07:19:35 PM |
|
Hi,
...
I love to get some feedback ...
Is it possible, that Satoshi used for his ''early mined coins'' precalculated SHA256 addresses like we do it here? |
|
|
|
|
ABCbits
Legendary
Offline
Activity: 2856
Merit: 7407
Crypto Swap Exchange
|
|
November 12, 2021, 10:54:11 AM |
|
Hi,
...
I love to get some feedback ...
Is it possible, that Satoshi used for his ''early mined coins'' precalculated SHA256 addresses like we do it here? Possible? Yes, but IMO it's very unlikely since, 1. Satoshi also use SHA256 for Proof of Work, which means he know how fast SHA-256 speed on CPU/GPU. 2. Creating private key with such weak method allow people to steal Satoshi's Bitcoin and impersonate Satoshi easier, which could disrupt Bitcoin in many ways (e.g. crashing Bitcoin price, influence people to reduce strength of Bitcoin protocol, etc.). |
|
|
|
odolvlobo
Legendary
Offline
Activity: 4298
Merit: 3209
|
|
November 12, 2021, 09:01:18 PM |
|
~$ echo -n "odolvlobo ozono" | sha256sum
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4 - The associated uncompressed Bitcoin address is 1GRUEoTSW9MRcNooxFRt8h8eL9gsPgGxzu, which looks like a vanity address for grue, but it's unused so I guess that is a coincidence. Wow, what is the connection between odolvlobo and grue except for the fact they are both Legendary members? Interesting thing that the brainwallet from one's name signature leads to the the vanity address of another one. If it isn't a coincidence, then there is a serious problem. Also, there are 3.4 million Bitcointalk users, so the chances of a random address matching a user's name seems pretty high to me. |
Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1610
Merit: 1899
Amazon Prime Member #7
|
|
November 12, 2021, 11:03:22 PM |
|
~$ echo -n "odolvlobo ozono" | sha256sum
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4 - The associated uncompressed Bitcoin address is 1GRUEoTSW9MRcNooxFRt8h8eL9gsPgGxzu, which looks like a vanity address for grue, but it's unused so I guess that is a coincidence. Wow, what is the connection between odolvlobo and grue except for the fact they are both Legendary members? Interesting thing that the brainwallet from one's name signature leads to the the vanity address of another one. If it isn't a coincidence, then there is a serious problem. Also, there are 3.4 million Bitcointalk users, so the chances of a random address matching a user's name seems pretty high to me. The brain wallet for your name does not match that address. The brain wallet for your name with the string " ozono" appended at the end is associated with that address. The chances of that particular brain wallet being associated with an address with that particular "vanity" would be the same as any other vanity of that length. |
|
|
|
|
|
larry_vw_1955
|
Let me pipe in here about brainwallets since I know a thing or two about them. I think the standard sha256 brainwallet was invented for one reason only: to steal peoples money. Anyone with half a brain would be very wary of using the standard sha256 brainwallet. Not that it can't be done it just probably shouldn't. The fact that people have huge databases of precomputed hashes lying around proves that. Now if the brainwallet algorithm was a secret then that would make you guys that store these large databases of hashes look like some one fumbling around in the dark wearing a pair of sunglasses. You wouldn't have the slightest clue how to begin your search even if you knew the brainwallet passphrase. without the algorithm, you might as well just start picking private keys at random and seeing if they match the address.
just think about it. some of you guys are like cavemen in the stone age when it comes to even testing simple alternatives to the sha256 brainwallet. to say nothing of someone that had a more sophisctocated method of producing their brainwallet addresses.
now bring on the hate.
|
|
|
|
|
itod
Legendary
Offline
Activity: 1974
Merit: 1076
^ Will code for Bitcoins
|
|
November 14, 2021, 09:31:27 AM |
|
Let me pipe in here about brainwallets since I know a thing or two about them. I think the standard sha256 brainwallet was invented for one reason only: to steal peoples money. Anyone with half a brain would be very wary of using the standard sha256 brainwallet. Not that it can't be done it just probably shouldn't. The fact that people have huge databases of precomputed hashes lying around proves that. Now if the brainwallet algorithm was a secret then that would make you guys that store these large databases of hashes look like some one fumbling around in the dark wearing a pair of sunglasses. You wouldn't have the slightest clue how to begin your search even if you knew the brainwallet passphrase. without the algorithm, you might as well just start picking private keys at random and seeing if they match the address.
just think about it. some of you guys are like cavemen in the stone age when it comes to even testing simple alternatives to the sha256 brainwallet. to say nothing of someone that had a more sophisctocated method of producing their brainwallet addresses.
now bring on the hate.
Amen! I've being talking about this forewer. To be completly honest: it may not be invetned to steel peoples money, maybe the general idea was to remove any needed computer skills as an obstacle from going into BTC, but once it was there, the motivation for promoting this flawed concept may be exactly that. Talking to people who claim brainwallets are secure enough is like talkin to cult members, no rational argument gets through. |
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3290
Merit: 16558
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
November 14, 2021, 09:49:25 AM |
|
Talking to people who claim brainwallets are secure enough is like talkin to cult members, no rational argument gets through. Of course it is possible, just not for most people (including me)  I've never used it, but if you use for instance brainwallet.io's implementation (offline of course) where a passphrase is salted with your personal details and much slower encryption, it's no longer possible to do a brute-force attack on all existing brainwallets at once. Update: This is the one I was looking for, thanks. |
|
|
|
|
TheArchaeologist (OP)
|
|
November 14, 2021, 10:02:23 AM |
|
now bring on the hate.
Why would we bring on the hate because you give your opinion/view on the matter? |
Sooner or later you're going to realize, just as I did, that there's a difference between knowing the path and walking the path |
|
|
|
larry_vw_1955
|
|
November 14, 2021, 10:27:16 AM
Last edit: November 14, 2021, 05:21:44 PM by mprep |
|
But if the algorithm itself is secret/closed-source, only the author and people who trust the author who would use it.
In another thread https://bitcointalk.org/index.php?topic=5369436.msg58401834#msg58401834 I posted the btc address and brainwallet phrase for a secret brainwallet algorithm i came up with I don't think its been cracked yet! That's right! I gave away the brainwallet phrase for free something one would traditionally want to keep secret and something an attacker would not have the pleasure of necessarily knowing under most circumstances. Of course, it's not going to do them any good... I should really fund that address sometime to encourage people to "give it their best shot". But first I need to commit that dang algorithm to memory.  Why would we bring on the hate because you give your opinion/view on the matter?
Assumed that people want other people using the simple sha256 brainwallet and dont want someone saying it's a bad idea?
To be completly honest: it may not be invetned to steel peoples money, maybe the general idea was to remove any needed computer skills as an obstacle from going into BTC, but once it was there, the motivation for promoting this flawed concept may be exactly that.
Talking to people who claim brainwallets are secure enough is like talkin to cult members, no rational argument gets through.
Well I think it's like you said. the idea started out innocent enough. the idea kind of caught on and people were using brain wallets like crazy. that's kind of died down with hd wallets and things but in the early days, i guess brainwallets were all the rage. once the weaknesses were realized it was too late cat was out of the bag, default sha256 brainwallet was the de facto standard even though as i think you and the other person posted links to warpwallet and brainwallet.io which are way more secure. but they missed the boat. the train took off without them long ago so the story goes... [moderator's note: consecutive posts merged] |
|
|
|
|
|
TheArchaeologist (OP)
|
|
November 17, 2021, 10:37:09 AM |
|
I wonder what was the oldest brainwallet ever found. Vasek reported this one in her paper: "This string contains 0.25 BTC hiding in plain sight." -> 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64 It has been used for the first time on 2011-07-14. The story behind it here: https://bitcointalk.org/index.php?topic=28877.01. Was there anything older found by anyone? 2. What has been used before? Purely random generated numbers? Interesting question, I was curious myself so did some analysis into this. This is the top-5 of known brainwallets and when they first were used on the bitcoin blockchain: Date first used Address Passphrase used
2011-07-14 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64 This string contains 0.25 BTC hiding in plain sight.
2011-09-05 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm 0000000000000000000000000000000000000000000000000000000000000001
2011-09-14 1ERczz9PRkdcbLmFRgGKKTU5BADthAcHdi one two three four five six seven
2011-10-14 1Km3PemDrwiwA1gEEgKLgizLgdsqwp4XZz testing 123
2011-12-03 1JryTePceSiWVpoNBU8SbwiT7J4ghzijzW Satoshi Nakamoto
So it does seem the "This string contains 0.25 BTC hiding in plain sight." was indeed the very first one. Disclaimer: based on the brainwallets I have available. Could be older ones I simply am not aware of. If that's the case please let me know! |
Sooner or later you're going to realize, just as I did, that there's a difference between knowing the path and walking the path |
|
|
|
larry_vw_1955
|
|
November 18, 2021, 02:37:27 AM |
|
I wonder what was the oldest brainwallet ever found. Vasek reported this one in her paper: "This string contains 0.25 BTC hiding in plain sight." -> 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64 It has been used for the first time on 2011-07-14. The story behind it here: https://bitcointalk.org/index.php?topic=28877.0So it does seem the "This string contains 0.25 BTC hiding in plain sight." was indeed the very first one. it would have had to have been because most of the people in that thread seeemed totally clueless about how. except the person that lifted the funds in the first 5 minutes. oh actually that person was clueless too! |
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase. https://en.bitcoin.it/wiki/Mini_private_key_formatGiven that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash. I came across my simple mini key generator tonight, and I'm having another play with it. The naive version uses random() and outputs about 8000 valid keys per second on a single core of an i7-3960X. I updated it to use the xoshiro256** PRNG, and the speed increases to around 13000 valid keys per second. Because the generation process requires that the first byte of the candidate hash be '00', on average only 1/256 candidates will be valid, so it's really testing about 3.3 million keys per second. It's still a massive search space (58^30?), even for a SHA256 brainwallet, and prematurely discarding 255 out of 256 candidates does not reduce the search space... it just makes searching faster. Plus, how many Casascius coins were ever created, and how many would still be funded? So this is really just a curiosity. Here's a small sample of randomly generated valid keys: S8Q2r4p3HKtDGYXYgcoE6N
SAN7cS1MnFNps25QHt4pRk
SCG9csSvqn2kytKW1WdNd6
SCzCTefJ7J7iGsz4XbMhU6
SFHwkzYdQgDVdhHSdGmCxCZN8YQiNT
SFikz2eev6PMNhU9JNo1DAJ2bcdvSL
SKNzLVj4LHzG8C95ZpjFL5X8HDZNyx
SKgC6zF8opjFQqHhL2Nud1Qx5FpsBc
SN5FSGaCVahVDmM7ARQgijwTExfsWK
SP41nfQVpTpFqfaPUREfBu
SPHPyjWYQKzwrw4bW4ckwwhGNvkSo1
SPpof8XT1ZfrjFBqMaqqN9tuaJ6SyL
SQHv63Wu43viTu2CnbWasR
SQpKTKp1t1phNgg4Qt8piwGxsCxxp1
SQqX32iniiKPqhVbFsuK5RQWqnHUnu
SUZNCr2iXiA4B9qiLVAWJEmMC9LfUj
SWyMZq87mrvSqjiU3KRJ7CbXKtEW6A
SZLdpNMFDfnxMSLKXmaUckAgXMuLXL
Sai3S1jgnN5E2QoydQAVr7u4U3KYFU
Sc9wTknTRqXUTSkB8pFWbX
SdUecesqKtj77JhrQT4obAt5XnCScf
SdXNZMq45NZGdYGzb7UnCe
Sdc3fyobJE2AAKxSLvnYia
The private key is simply the SHA256 hash of the string, like a brainwallet. Some useless information, but hopefully it might kickstart the thread again.  |
|
|
|
|
|
fubly
|
|
August 06, 2022, 08:54:57 PM |
|
Hi,
...
I love to get some feedback ...
Is it possible, that Satoshi used for his ''early mined coins'' precalculated SHA256 addresses like we do it here? I don't know, but here: https://github.com/sCrypt-Inc/boilerplate you will find a script wich can check if he uses the same private key to create a new address |
each time you send a transaction don't forget to use a new address, each time you receive one also!
|
|
|
phrutis
Newbie
Offline
Activity: 8
Merit: 0
|
|
August 06, 2022, 09:21:25 PM |
|
~ Some useless information, but hopefully it might kickstart the thread again. Not that useless We have something that could kickstart the thread too: https://github.com/phrutis/BrainWordsSearch passphrases on the fastest program in the world GPU RTX 3090: 180 Mkey/s GPU RTX 3080: 150 Mkey/s |
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
August 06, 2022, 09:31:43 PM |
|
A link posted by a newbie to a github rep that only has executables, and no source? That's a pass from me... |
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4298
Merit: 3209
|
|
August 07, 2022, 12:39:16 AM |
|
I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase.
...
... The private key is simply the SHA256 hash of the string, like a brainwallet. The fact that the private key is derived using SHA-256 does not make it a brain wallet. A HD wallet seed comes from the SHA-512 hash of the BIP-39 seed phrase. Does that make an HD wallet a brain wallet? A brain wallet is derived from something that can be memorized. That is why it is called a "brain" wallet. The mini-key is a random sequence and is not intended to be memorized so it is not basically a SHA-256 brain wallet. Because the generation process requires that the first byte of the candidate hash be '00', on average only 1/256 candidates will be valid, so it's really testing about 3.3 million keys per second.
Another minor correction: The hash of the string concatenated with a '?' must have a first byte of 0, and not the hash of the string itself. It does reduce the number of keys that must be checked as you noted, but the derived private key itself does not always begin with a 0-byte. |
Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1610
Merit: 1899
Amazon Prime Member #7
|
|
August 07, 2022, 07:39:19 AM |
|
I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase. https://en.bitcoin.it/wiki/Mini_private_key_formatGiven that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash. I came across my simple mini key generator tonight, and I'm having another play with it. The naive version uses random() and outputs about 8000 valid keys per second on a single core of an i7-3960X. I updated it to use the xoshiro256** PRNG, and the speed increases to around 13000 valid keys per second. Because the generation process requires that the first byte of the candidate hash be '00', on average only 1/256 candidates will be valid, so it's really testing about 3.3 million keys per second. It's still a massive search space (58^30?), even for a SHA256 brainwallet, and prematurely discarding 255 out of 256 candidates does not reduce the search space... it just makes searching faster. Plus, how many Casascius coins were ever created, and how many would still be funded? So this is really just a curiosity. The reason why brain wallets are insecure is that they are typically generated in ways that are not truly random. Generating a brain wallet using a random function will not have this problem. For example, if a brain wallet is a phrase that is found in literature, there are a very limited number of phrases in literature, and the number of candidate brain wallets are many orders of magnitude less than the number of potential private keys. |
|
|
|
|
PawGo
Legendary
Offline
Activity: 952
Merit: 1367
|
|
August 07, 2022, 07:44:09 AM |
|
The fact that the private key is derived using SHA-256 does not make it a brain wallet. A HD wallet seed comes from the SHA-512 hash of the BIP-39 seed phrase. Does that make an HD wallet a brain wallet? A brain wallet is derived from something that can be memorized. That is why it is called a "brain" wallet. The mini-key is a random sequence and is not intended to be memorized so it is not basically a SHA-256 brain wallet.
What about "my private key is generated from 111th block's hash in bitcoin blockchain"? You do not remember exact value which is used to produce private key, but you remember the way how to find it - exactly like "my phrase is second verse of song X". One thing is sure in my opinion - brain wallets belongs to past. |
|
|
|
|
PrimeNumber7
Copper Member
Legendary
Offline
Activity: 1610
Merit: 1899
Amazon Prime Member #7
|
|
August 07, 2022, 09:30:56 AM |
|
The fact that the private key is derived using SHA-256 does not make it a brain wallet. A HD wallet seed comes from the SHA-512 hash of the BIP-39 seed phrase. Does that make an HD wallet a brain wallet? A brain wallet is derived from something that can be memorized. That is why it is called a "brain" wallet. The mini-key is a random sequence and is not intended to be memorized so it is not basically a SHA-256 brain wallet.
What about "my private key is generated from 111th block's hash in bitcoin blockchain"? You do not remember exact value which is used to produce private key, but you remember the way how to find it - exactly like "my phrase is second verse of song X". One thing is sure in my opinion - brain wallets belongs to past. Using a private key that is derived from in a similar manner is very risky, and is very likely to result in tears. There are many people who are monitoring a large scope of potential addresses for transactions being sent to them, and some of these people look to bitcoin-related forums to increase the scope of these addresses. You can call it a brain wallet if you want, but my advice is to not do it. |
|
|
|
|
|
