odolvlobo
Legendary
Offline
Activity: 4312
Merit: 3214
|
|
September 17, 2019, 08:13:53 AM |
|
These help protect the hidden key:
1. You need access to the wallet file; an attack would need to be targeted. 2. You need the password to unlock the wallet; that's the brain part. 3. There is no external indication that the hidden key exists.
To create the hidden key:
1. Combine all unencrypted private keys in the wallet in some way (eg SHA256 hash of concatenated keys) 2. For additional bruteforce protection, stretch the new key.
But here's the cool part: the wallet can be completely cleared of all funds, either before or after you create the new key. This means that if anyone does gain access to the wallet file, all they see is a wallet with no balance (this can be seen without needing the wallet password). Even if they suspect you may be using a hidden key, they cannot regenerate it unless they know the password to decrypt the wallet.
tl;dr you can create a hidden key from a wallet with zero balance that anyone poking around your file system will probably ignore.
I feel like that is about equivalent to a password-protected wallet with a sprinkle of additional cleverness thrown in.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
|
|
|
|
|
Remember that Bitcoin is still beta software. Don't put all of your money into BTC!
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
September 19, 2019, 02:27:12 AM Last edit: September 19, 2019, 02:43:10 AM by almightyruler Merited by odolvlobo (1), ABCbits (1) |
|
This address is kind of related to brainwallets: https://www.blockchain.com/btc/address/1HT7xU2Ngenf7D4yocz2SAcnNLW7rK8d4ECurrent balance is 72.13442756 BTC. The classic brainwallet is created with ripemd160(sha256(pubkey(sha256("passphrase")))), but this address is the result of ripemd160(sha256("")) I don't know if it's a broken brainwallet generator, or just a broken wallet. Possibly the latter, with the wallet mistakenly hashing a zero length buffer, instead of hashing the pubkey. Any funds sent here are permanently lost, because there's no private key involved in the address generation process. Despite this, nearly $15k USD worth of Bitcoin has been sent there in the past 12 months! https://github.com/bitcoin/bitcoin/issues/445I think it would be a good idea if wallet software included a blacklist of such addresses, as well as known weak brainwallets, showing an additional dialog with a strong warning that funds may be permanently lost (or stolen) if the transaction proceeds. Checking any generated (inbound) addresses against the list would also help catch any glaring address generation bugs. (An assert that the result must not equal <hash of empty string> after each call to sha256 or ripemd160 would have caught this error.)
|
|
|
|
MrFreeDragon
|
|
October 14, 2019, 06:46:46 PM |
|
https://www.blockchain.com/btc/address/b09a09458fe9bb86b0d897b4c244b05432bad28dThis one is interesting for a number of reasons... - It seems to be a relatively early use of a SHA256 brainwallet (January 2012). - The transaction originally funding this brainwallet split 1 BTC into neat sets of 0.001 and 0.005 BTC. Could other outputs from this transaction - there are 101 in total - also be brainwallets, or some other kind of special address? Some are still unspent, 7.5 years later. - A second set of funds (6.08 BTC) was sent a couple of weeks later, then all funds were swept the following year. Over time, the value of 6.08 BTC appreciated from around $USD 35 in February 2012, to almost $USD 600 in July 2013. (The sweep output is still unspent; 6.08 BTC is now worth nearly $60,000. Hope the owner still has the privkey!) The passphrase is just let the lovin take ahold I think there are still many many more to be found out there my guess. Interesting find on the 6 words are those song lyrics by any chance? Yes, that was a song ) Have a look since 1:01 https://youtu.be/JBCJKbLhHwU?t=60By the way, interesting way to promote the singer Put some words of the song as the passphrase to the private key and make transactions with that wallet!
|
|
|
|
MrFreeDragon
|
|
October 14, 2019, 07:56:14 PM |
|
Can you clarify please? sha256("") is e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ripemd160(sha256("")) is ba084d3f143f2896809d3f1d7dffed472b39d8de And this is the hash160 of another address with the balance 0.000928 BTC: https://www.blockchain.com/btc/address/1HxedVkdFALLtLzqKFfDBzPyZRLq7QKbm5I don't know if it's a broken brainwallet generator, or just a broken wallet. Possibly the latter, with the wallet mistakenly hashing a zero length buffer, instead of hashing the pubkey.
Any funds sent here are permanently lost, because there's no private key involved in the address generation process. Despite this, nearly $15k USD worth of Bitcoin has been sent there in the past 12 months!
I guess that these funds lost like some other funds on the address with the lost private keys. As there are in average 2^96 possible private keys for every bitcoin hash160 address, so some "other" private key could fit the address you mentioned.
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
October 14, 2019, 10:16:48 PM Last edit: October 14, 2019, 10:33:35 PM by almightyruler Merited by suchmoon (4), MrFreeDragon (1) |
|
ba084d3f143f2896809d3f1d7dffed472b39d8de is the result when you provide e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 to the input of RIPEMD160 as a hex representation (in ASCII characters), but it should be raw bytes. In other words, you've calculated ripemd160(hex_display_string(sha256("")) Unsure how to do it with Linux (there's no RIPEMD160 application on my Ubuntu install) but under BSD this will convert the hex output of the SHA256 commandline application to raw bytes, so that the correct RMD160 value is calculated: $ cat /dev/null | sha256 | xxd -r -p | rmd160 b472a266d0bd89c13706a4132ccfb16f7c3b9fcb
|
|
|
|
MrFreeDragon
|
|
October 15, 2019, 12:03:25 AM |
|
ba084d3f143f2896809d3f1d7dffed472b39d8de is the result when you provide e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 to the input of RIPEMD160 as a hex representation (in ASCII characters), but it should be raw bytes. In other words, you've calculated ripemd160(hex_display_string(sha256("")) Unsure how to do it with Linux (there's no RIPEMD160 application on my Ubuntu install) but under BSD this will convert the hex output of the SHA256 commandline application to raw bytes, so that the correct RMD160 value is calculated: $ cat /dev/null | sha256 | xxd -r -p | rmd160 b472a266d0bd89c13706a4132ccfb16f7c3b9fcbYes, right, thank you. I made a quick check with the online tool, and of course it pushed ascii characters, not bytes. Made the test on python and receieved the same value ass yours: >>> import hashlib >>> sha = hashlib.sha256() >>> sha.update(bytearray.fromhex("")) >>> rip = hashlib.new('ripemd160') >>> rip.update (sha.digest()) >>> print (rip.hexdigest()) b472a266d0bd89c13706a4132ccfb16f7c3b9fcb >>>
However, making this "small mistake" I found another not empty brain wallet with the small balance
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
October 15, 2019, 04:01:23 AM |
|
However, making this "small mistake" I found another not empty brain wallet with the small balance Yes, at least one other person (or program) made the same mistake. Hopefully a bug which was quickly noticed, since those funds are also unspendable.
|
|
|
|
bartekjagoda
Jr. Member
Offline
Activity: 87
Merit: 5
|
|
October 15, 2019, 03:32:32 PM |
|
Hi, As been discussed many times before using a Brainwallet is a bad idea. I ran some test myself and found 18.509 BTC-addresses based on a brainwallet which also has been used in the blockchain before. I tried to compare my results with the results of other researchers but could not find any lists online at all. I found some examples but not a comprehensive list. So I published my own results over here: https://eli5.eu/brainwalletPlease note: all published addresses have a balance of 0 so this is not a list for robbers . There are also a lot of extra datasets I haven't used this far so I expect the numbers to go up once I use them as well (I'm in the middle of perfecting my own tooling and blockchain parser so this will take some more time first). I love to get some feedback and if you have results to share which I missed in this round I'm more than happy to hear from you and include them. TA Do you have a repo for the code??
|
Ich liebe Bitcoin
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
October 28, 2019, 04:40:22 PM |
|
I wrote a program to create a simple mapping for the brainwallet passphrases I've cracked. Here are the most common mappings.
A=capital letter a=lowercase letter d=digit p=punctuation ?=other
First field is the number of times this mapping appears in the passphrase list.
5327 > aaaaaaaaa 4145 > aaaaaaaaaa 2847 > aaaaaaaaaaa 1781 > aaaaaaaaaaaa 1081 > aaaaaaaaaaaaa 784 > Aaaaaaaaa 518 > aaaaaaaaaaaaaa 475 > Aaaaaaaaaa 280 > aaaaaaaaaaaaaaa 244 > Aaaaaaaaaaa 122 > Aaaaaaaaaaaa 113 > aaaaaaaaaaaaaaaa 89 > aaaaaa 87 > aaaaa 85 > aaaaaaaadd 75 > aaaaaaa 72 > aaaa 66 > Aaaaaaaaaaaaa 64 > aaaaaaaaaaaaaaaaa 56 > aaaaaaaa 43 > aaaaaaaaaaaaaaaaaa 41 > Aaaaaaaaaaadd 38 > aaaaaaaaddd 38 > Aaaaaaaaaaaaaa 34 > aaa 27 > Aaaaaaaaaaaaaaa 20 > dddddddddd 18 > aaaaaaaad 17 > aaaaaaaaaaaaaaaaaaaa 17 > aaaaaaaaaaaaaaaaaaa 16 > Aaaaaaaaaaaaaaaa 15 > Aaaa 13 > Aaaaaaa 13 > AaAaaaaaa 12 > dddddd 12 > Aaaaaaaa 12 > Aaaaa 11 > dddddddd 11 > dddd 11 > Aa Aaaaadd 10 > aaaaaaaaad 10 > aaaaaaaaaaaaaad 9 > aaaaa aaaaa 9 > Aaaaaaaaaaad 9 > Aa Aaaaad 9 > AAAAA Ad 8 > ddd 8 > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 8 > aaaaaaaaaaaaaaaaaaaaa 7 > aaaaadddd 7 > aaaaaaaaaaaaaaaaaaaaaaaa 7 > aaaaa aaaaaa 7 > Aaaaaa ...
The large majority (shown in the first several lines) would be the dust sent to several dictionary words, which isn't very interesting.
There's some more interesting ones further down, like aaaaaaaadd, Aaaaaaaaaaadd, AAAAA Ad, etc. At the bottom you see the long tail where passphrases are unique sentences:
1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa aaaaaaaa aaa aaaa 1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa aaaaaaaa aaa 1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa aaaaaaaa 1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa 1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa 1 > aaaa aa aaa aaaaaaaa aaaa aaa 1 > aaaa aa aaa aaaaaaaa aaaa 1 > aaaa aa aaa aaaaaaaa 1 > aaaa aa aaa aaaaaa 1 > aaaa aa aaa aaaa aaa aa aaa aaaaaaaaa 1 > aaaa aa aaa aaaa aaa aa aaa aaaaaaaa 1 > aaaa aa aaa aaaa aaa aa aaa aaaaaa 1 > aaaa aa aaa aaaa aaa aa aaa aaaa
Probably not much practical use - even if filtered using this mapping the brute force search space would still be impossibly large - but it's interesting...
|
|
|
|
LoyceV
Legendary
Online
Activity: 3304
Merit: 16635
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
October 28, 2019, 04:45:38 PM |
|
I wrote a program to create a simple mapping for the brainwallet passphrases I've cracked. Here are the most common mappings.
A=capital letter a=lowercase letter d=digit p=punctuation ?=other I assume this mapping is mainly based on the brute-force method used: I assume it didn't search for just random strings, so for example ??d?pa???A? doesn't show up becasue it was never found! Am I right?
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
October 29, 2019, 01:30:20 AM |
|
I wrote a program to create a simple mapping for the brainwallet passphrases I've cracked. Here are the most common mappings.
A=capital letter a=lowercase letter d=digit p=punctuation ?=other I assume this mapping is mainly based on the brute-force method used: I assume it didn't search for just random strings, so for example ??d?pa???A? doesn't show up becasue it was never found! Am I right? It's a mapping of passphrases that were already found (by other methods). Really just a visualization of what was previously discovered. The other mapping characters do appear lower in the list: ... 4 > AAAAAAAAAd 4 > ?????????? 4 > ????????? ... 2 > a aaaa ?? aaaaa aaaa ... 1 > pppAaaa aaaaa pppAaaaappp pa??a??a??a??a??p 1 > Aa aaa aaaappp ???p??d??p??? pp???
The latter mapping represents the passphrase " To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4312
Merit: 3214
|
|
October 29, 2019, 08:34:36 PM |
|
I assume this mapping is mainly based on the brute-force method used: I assume it didn't search for just random strings, so for example ??d?pa???A? doesn't show up becasue it was never found! Am I right?
It's a mapping of passphrases that were already found (by other methods). Really just a visualization of what was previously discovered. I think he is asserting that your results are filtered by the search algorithms because results that aren't found by the search algorithms won't be in the list, and changing the the algorithms will change the list. It would similar to the difference between lists based on cracked passwords and lists based on leaked passwords. That is another great example showing how a brain wallet is not secure.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
MrFreeDragon
|
|
October 30, 2019, 02:18:00 AM Last edit: October 30, 2019, 10:17:52 AM by MrFreeDragon |
|
-snip- That is another great example showing how a brain wallet is not secure. The most examples with brain wallets are related to small amounts. There were some large amounts, but only in the very past. All the recent disclosed and found wallets are just very small. For example this one with " To the moon!!! ┗(°0°)┛ ..○" passphrase had only 0.000006 BTC in transactions. So there is one explanation for this: the address was used just for test/education/presentation purposes. Nothing serious. The same is with all the majority of brain wallets. Morover, the funds on "to the moon" address (18vqVNQi9fobKZcJWCjZNoDzBxronENfZr) stored only for 9 hours, and after that were transferred togeter with other 60 addresses to new address. The majority were small amounts like 256 satoshi. So, somebody made experiments with the transactions, or these were the activities of a bot. I do not beleive that somebody keeps real funds on brain wallet. Interesting thing: the destination address of 600 satoshis released from " To the moon!!! ┗(°0°)┛ ..○" still has the balance 22.32BTC ( https://www.blockchain.com/btc/address/1AzRkXiGpHbXyWok4uXvCzmezDuW8FGa3m). Who knows, may be this was not just experiment but another puzzle? ) Like you need to find all the passphrases for small released wallets in order to understand the main key. PS. Look at this: https://www.youtube.com/watch?v=KBX89TY6uXI
|
|
|
|
|
MrFreeDragon
|
|
October 30, 2019, 11:39:22 PM |
|
Yes, this is noted and clear for me. I agree that 0.5-1BTC is a valuable amount. However people could play with different amounts. For example, ones will play with 100-1,000 satoshi, and others will play with 0.1-1BTC. Play money are different for different people. And yes, 0.5-1BTC is real "digital riches" for ones and only play funds for others. I still do not beleive that somebody keeps real funds on brain wallet. Even that somebody put 0.5BTC to brain wallet, these fund are not real funds for him, but only play money. Anyway, thank you for sharing your findings!
|
|
|
|
iparktur
Jr. Member
Offline
Activity: 119
Merit: 1
|
|
November 03, 2019, 08:49:29 PM |
|
Hi almightyruler ! Can you send me PM ?
|
|
|
|
|
Danydee
Legendary
Offline
Activity: 2590
Merit: 1250
#SWGT CERTIK Audited
|
|
December 04, 2019, 09:20:44 PM |
|
Using the bitaddress.org donations address ( 1 NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN ) on the passphrase field of the brainWallet generate the address ( 1Ns55SngRhshA8kEnyuQ9ELZZPN7ubYfQJ ) wich contain some small transactions !
|
|
|
|
naska21
|
|
December 07, 2019, 07:41:44 AM |
|
There are people who believe this stuff is real,and it is therefore not surprising that someone of them has incorporated that statement into his BTC transaction.
|
|
|
|
almightyruler
Legendary
Offline
Activity: 2268
Merit: 1092
|
|
December 13, 2019, 06:37:20 AM |
|
Using the bitaddress.org donations address ( 1 NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN ) on the passphrase field of the brainWallet generate the address ( 1Ns55SngRhshA8kEnyuQ9ELZZPN7ubYfQJ ) wich contain some small transactions ! There's also two similar passphrases I've found (original address in bold) : h 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBNz g 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBNy "Nick Szabo is Satoshi Nakamoto"
There are people who believe this stuff is real,and it is therefore not surprising that someone of them has incorporated that statement into his BTC transaction. No such entry for Craight Wright, though.
|
|
|
|
|