malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1722
|
|
June 06, 2019, 11:53:10 PM |
|
Sweep bots existed long before this thread was started...
Doesn't mean many people still bother running them.
|
Signature space available for rent.
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
June 07, 2019, 07:04:51 AM |
|
Sweep bots existed long before this thread was started...
Doesn't mean many people still bother running them. I posted in this thread a few months ago that even on testnet funds get swiped instantly.
|
|
|
|
DaCryptoRaccoon
|
The real issues is the weak PK values here and education on how to create secure keys. I tested lot's of the tools that are available out there even going as far as to parse the entire blockchain into MySQL table while running ABE and BF and a few other scanners I have there are still 100's of un-secure wallets out there waiting to be picked up by the sweepers (just for the record I don't sweep funds and never will.)
But it's quite a concern that many people seem to have funds laying out there which any competent person with python and a word list could find. I also ran some checking on the old style electrum seeds with a "modified" word list and have had some wallets return with funds highest was around 0.15 BTC.
I am unable to post the results as the wallets seems to be active.
|
┏━━━━━━━━━━━━━━━━━┓ ┃ 𝔱𝔥𝔬𝔲 𝔰𝔥𝔞𝔩𝔱 𝔴𝔬𝔯ⱪ 𝔣𝔬𝔯 𝔶𝔬𝔲𝔯 𝔟𝔞𝔤𝔰 ┃ ┃ ➤21/M ┃ ┃ ███▓▓ ███▓▓ ███▓▓ ███▓▓┃
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
https://www.blockchain.com/btc/address/b09a09458fe9bb86b0d897b4c244b05432bad28dThis one is interesting for a number of reasons... - It seems to be a relatively early use of a SHA256 brainwallet (January 2012). - The transaction originally funding this brainwallet split 1 BTC into neat sets of 0.001 and 0.005 BTC. Could other outputs from this transaction - there are 101 in total - also be brainwallets, or some other kind of special address? Some are still unspent, 7.5 years later. - A second set of funds (6.08 BTC) was sent a couple of weeks later, then all funds were swept the following year. Over time, the value of 6.08 BTC appreciated from around $USD 35 in February 2012, to almost $USD 600 in July 2013. (The sweep output is still unspent; 6.08 BTC is now worth nearly $60,000. Hope the owner still has the privkey!) The passphrase is just let the lovin take ahold
|
|
|
|
DaCryptoRaccoon
|
|
June 23, 2019, 03:19:53 PM |
|
https://www.blockchain.com/btc/address/b09a09458fe9bb86b0d897b4c244b05432bad28dThis one is interesting for a number of reasons... - It seems to be a relatively early use of a SHA256 brainwallet (January 2012). - The transaction originally funding this brainwallet split 1 BTC into neat sets of 0.001 and 0.005 BTC. Could other outputs from this transaction - there are 101 in total - also be brainwallets, or some other kind of special address? Some are still unspent, 7.5 years later. - A second set of funds (6.08 BTC) was sent a couple of weeks later, then all funds were swept the following year. Over time, the value of 6.08 BTC appreciated from around $USD 35 in February 2012, to almost $USD 600 in July 2013. (The sweep output is still unspent; 6.08 BTC is now worth nearly $60,000. Hope the owner still has the privkey!) The passphrase is just let the lovin take ahold I think there are still many many more to be found out there my guess. Interesting find on the 6 words are those song lyrics by any chance?
|
┏━━━━━━━━━━━━━━━━━┓ ┃ 𝔱𝔥𝔬𝔲 𝔰𝔥𝔞𝔩𝔱 𝔴𝔬𝔯ⱪ 𝔣𝔬𝔯 𝔶𝔬𝔲𝔯 𝔟𝔞𝔤𝔰 ┃ ┃ ➤21/M ┃ ┃ ███▓▓ ███▓▓ ███▓▓ ███▓▓┃
|
|
|
avw
Newbie
Offline
Activity: 12
Merit: 0
|
|
June 26, 2019, 10:15:51 AM |
|
- The transaction originally funding this brainwallet split 1 BTC into neat sets of 0.001 and 0.005 BTC. Could other outputs from this transaction - there are 101 in total - also be brainwallets, or some other kind of special address? Some are still unspent, 7.5 years later.
You can see that addresses are arranged alphabetically, sorted by first two letters (first is always lowercase). Looks like addresses were generated by vanitygen.
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
- The transaction originally funding this brainwallet split 1 BTC into neat sets of 0.001 and 0.005 BTC. Could other outputs from this transaction - there are 101 in total - also be brainwallets, or some other kind of special address? Some are still unspent, 7.5 years later.
You can see that addresses are arranged alphabetically, sorted by first two letters (first is always lowercase). Looks like addresses were generated by vanitygen. I thought at first you were onto something, but when you look more closely, it is not cleanly sorted. For example, the address 1Ct2qiAXf6iYHQ3iUB3sfinR5SfzhYQf4u (output 86) is alphabetically lower than the address 1FuicRGD8kQoPmnsXTirEoeoVtVwrjQs7T (output 0) Here is the raw transaction: https://www.almightycoins.org/cc5e0d2d0f46b56ab57027e236ed3ebff4ed7157238947db2ae59cddca60e08b.txtAnd the output scripts only, which show the RIPEMD160 hex representation of the addresses: https://www.almightycoins.org/cc5e0d2d0f46b56ab57027e236ed3ebff4ed7157238947db2ae59cddca60e08b-outputscript.txtYou can see here the outputs are loosely but not perfectly sorted. There is still something unusual about this selection of addresses, because for 92 of the 101 outputs, the first byte of the RIPEMD160 hash is between a3 and cf. This includes the address which is generated from the passphrase "just let the lovin take ahold" (first byte is b0). If the addresses were truly random, you would expect a much wider distribution over 101 values, but only 9 values fall outside of that cluster. So there's some kind of filtering going on, for whatever reason.
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3458
Merit: 17496
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
June 27, 2019, 08:36:15 AM |
|
So there's some kind of filtering going on, for whatever reason. My guess: someone created a list of addresses, sorted it, and copied a part of it to be funded. I don't think there's much more behind it.
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
June 27, 2019, 09:24:09 AM Last edit: June 27, 2019, 11:41:45 AM by almightyruler Merited by DaCryptoRaccoon (1), BTCW (1) |
|
So there's some kind of filtering going on, for whatever reason. My guess: someone created a list of addresses, sorted it, and copied a part of it to be funded. I don't think there's much more behind it. Occam's razor? I guess so, although it would seem more likely if only a single address (say, for change) was the odd one out. Just for fun, I quickly hacked together something to generate four random words and filter the output so that the first bytes of the address are b0, 9a, 09 (which match the last passphrase I mentioned in this thread). The same could be done with real-world phrases if you had a sufficient number of them. A crude form of SHA256 brainwallet vanity address generation. 1H6nTM5TVQc31YqhVzVPrRUmNsL9pGJAwV b09a091fccb7e1f2f0a8120f3e17117a79759920 "captaining financial conservatism mayonnaise" 1H6nTPYd9sKto7bn7ptVqGWzD3mUdByNMy b09a0947f10d65c58ad6f7bc551b85d6d399b3b5 "gladiator playmates reduction disseminates" 1H6nTZUuqwmwKy6C64UK5jAdZATAMfpasK b09a09e9865339e6a5beabd64682380bd7862fd3 "physicists rottenness displaces processed" === ADDED LATER === Here's some real-world phrases which happen to match the simple vanity address requirements from above. I forgot about it and left things running for longer than I should have. 1H6nTagcotDzbyM3W3ymWRBRcwuJV1Cpvd b09a09fd11c309d6ae2321406c3cd8540cee9174 "scott and andrea" 1H6nTRxrjZ3PiiPvwLwegQFrtBURsKvjUo b09a096f42e5efd99614509be6625e7c1119b539 "colonel edward mandell house" 1H6nTUtXkLPgU36ufJeVEpTmPvbVGXLypV b09a099ed5ce28e7f241ce53893045ad88d48da3 "never gonna be as big as jesus" (Note: These are examples from my vanity generation experiment, not actual cracked passphrases.)
|
|
|
|
larks500
Full Member
Offline
Activity: 616
Merit: 114
Bountylord.com
|
|
June 27, 2019, 11:49:36 AM |
|
What if you add your own personal coding to the obvious phrase?
Lets say, replace all the letters A with B.
For example "cbptbining finbncial conservbtism mbyonnbise" instead of "captaining financial conservatism mayonnaise"
Will it more difficult to get the key?
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
June 27, 2019, 01:24:21 PM |
|
What if you add your own personal coding to the obvious phrase?
Lets say, replace all the letters A with B.
For example "cbptbining finbncial conservbtism mbyonnbise" instead of "captaining financial conservatism mayonnaise"
Will it more difficult to get the key?
I think the point of this entire thread can be summed up as follows: Give up and use a secure random number generator based on a qualified true random number source of entropy unless you want to lose your Bitcoins.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
ABCbits
Legendary
Offline
Activity: 3024
Merit: 7931
Crypto Swap Exchange
|
|
June 27, 2019, 06:07:26 PM |
|
Will it more difficult to get the key?
Most likely yes, but : 1. It's useless if attacker know you use brainwallet & know this method 2. Unless you write down passphrase for brain wallet, you will forget your passphrase or/and your clever method 3. It's still far less secure than simply use CSPRNG to generate your private key/seed
|
|
|
|
HeRetiK
Legendary
Offline
Activity: 3080
Merit: 2166
Playgram - The Telegram Casino
|
|
June 27, 2019, 08:55:05 PM |
|
What if you add your own personal coding to the obvious phrase?
Lets say, replace all the letters A with B.
For example "cbptbining finbncial conservbtism mbyonnbise" instead of "captaining financial conservatism mayonnaise"
Will it more difficult to get the key?
Maybe a bit, but not really. An attacker with the skills and resources to create and scan a precomputed list of brainwallets based on the most common words and phrases will likely also start scanning the most common permutations eventually. So it's safer in the sense that the coins will probably only be snatched after a couple of days instead of after a couple of seconds. Granted, given a long enough passphrase or a complex enough "cipher" your coins should be reasonably secure. However it's hard to guess at which point this is the case, which is why one should resort to more reliable methods. It's probably not at 4-word phrases with single-letter-replacements though.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
|
|
|
larks500
Full Member
Offline
Activity: 616
Merit: 114
Bountylord.com
|
|
June 28, 2019, 06:15:23 AM |
|
What if you add your own personal coding to the obvious phrase?
Lets say, replace all the letters A with B.
For example "cbptbining finbncial conservbtism mbyonnbise" instead of "captaining financial conservatism mayonnaise"
Will it more difficult to get the key?
I think the point of this entire thread can be summed up as follows: Give up and use a secure random number generator based on a qualified true random number source of entropy unless you want to lose your Bitcoins. Yes. Random key it is the best decision, but problem that it is easy forget this random key. You should keep this random key or feed in other place than your mind, so it is additional risk.
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
June 29, 2019, 01:49:12 AM |
|
Yes. Random key it is the best decision, but problem that it is easy forget this random key.
Forget? Normally human can't even remember number with length above 10, let alone private with 256-bit length (or 64 if you try to remember HEX format) I realised the other day that I still remember a few (randomly generated) 10 character passwords that I haven't used for years, and if I put them together, they could form a fairly strong 40 character brainwallet phrase. The difference with those passwords is that they were protecting access to a server, and if I forgot them, I could recover access in some other way (boot with rescue disk, phone call to data centre etc). Different matter if I forgot my brainwallet password. --------- I've seen someone (I think ryanc) mention before using a combination of a passphrase plus a random (weakish) seed. The seed needs to be printed out and stored somewhere safely. The beauty of this arrangement is that the seed is weak enough to be expendable, but strong enough to add some extra protection against casual hunting. If the seed is lost, you can use a program to brute force it until it finds a match for your brainwallet address. The strength of the seed is chosen so that some time (say one to two days) of brute forcing would be required. It won't stop an attacker who is focussed specifically on you, but it will add extra protection against people who are just hunting for any passphrase matches. You could also store some funds using the passphrase alone, using that brainwallet as a canary to alert you that someone has discovered your passphrase. For example: 10 BTC in the brainwallet-with-seed "MYPASSPHRASE_sVjH$4R" 0.1 BTC in the canary brainwallet "MYPASSPHRASE" Disclaimer: I mention this only out of interest and don't represent that it would necessarily be secure. I don't think SHA256 brainwallets are secure anyway, so...
|
|
|
|
larks500
Full Member
Offline
Activity: 616
Merit: 114
Bountylord.com
|
|
June 29, 2019, 08:56:18 AM |
|
Yes. Random key it is the best decision, but problem that it is easy forget this random key.
Forget? Normally human can't even remember number with length above 10, let alone private with 256-bit length (or 64 if you try to remember HEX format) You should keep this random key or feed in other place than your mind, so it is additional risk.
To be fair, any option have it's own pros and cons. But it's most common practice (except we randomly generate xprv/seed) & you probably use this method as well. Sure. It is absolutely right. But we are started talking about brain wallets and brain wallet feed could be generated randomly. I can keep in mind 16 random generated words, but problem that words are already existed and could be generated again. Good way to change 1 word from this 16 to your own created word.
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
I've seen someone (I think ryanc) mention before using a combination of a passphrase plus a random (weakish) seed. The seed needs to be printed out and stored somewhere safely. The beauty of this arrangement is that the seed is weak enough to be expendable, but strong enough to add some extra protection against casual hunting. If the seed is lost, you can use a program to brute force it until it finds a match for your brainwallet address. The strength of the seed is chosen so that some time (say one to two days) of brute forcing would be required.
Interesting idea, while it's far less secure than CSPRNG/PRNG, it's acceptable assuming no one know you use this method. No, that would be security through obscurity. It's fun to have some cool secret way to generate your key, but if it's too complex, you (or your benefactors, say if you suddenly die) could risk losing the funds. The point is that if you must use a brainwallet, the random seed will at least make it more secure against untargeted privkey hunters. Remember that each ATTEMPT at brute forcing the passphrase+seed takes 2 days, so in theory, even a reasonably common dictionary word as your passphrase could take years to crack. (In practice, a cracker is going to be using multiple cores and possibly optimised cracking methods, so it will take less time.) Multiple seeds can be used, for example: 1. Seed #0, which is an internal seed that is not disclosed or stored. This must be brute forced when re-generating the private key, so it is quite weak. It is intended as some extra protection against an attack. 2. Seed #1 (stored in one location) which takes ~1 day to brute force if lost. 3. Seed #2 (stored in another location) which takes ~1 day to brute force if lost. If the user has the passphrase, seed #1, and seed #2, all it takes is (say) 60 seconds to brute force the internal seed, and generate the correct privkey. If the user loses either of the seeds, it takes 60 seconds + 1 day. If the user loses both seeds, it takes 60 seconds + 1 day + 1 day.
|
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
July 14, 2019, 12:25:40 AM |
|
This one is unusual because: 1. It was sent around 3 months ago to a seemingly random passphrase (looks like a 21 letter keyboard bash), but that passphrase appears in a password list from 2012. 2. This time it was a whopping 1 BTC ($USD 4k at the time), swiped immediately. Why was 1 BTC sent, in 2019, to a brain wallet using a passphrase that's been known for 7+ years? Because of the large amount and recent transaction, I won't reveal the passphrase publicly, but I'm sure there's a few people reading this that who know it. And there's at least one bot that does... https://www.blockchain.com/btc/address/af867f1c5287676c97dfc402e3e642ac97652670
|
|
|
|
avw
Newbie
Offline
Activity: 12
Merit: 0
|
|
July 15, 2019, 04:23:28 PM |
|
also ran some checking on the old style electrum seeds with a "modified" word list...
What is "old style" different from the new?
|
|
|
|
|