Collection of 18.509 found and used Brainwallets

[cr4zyd3v]

This video https://www.youtube.com/watch?v=Xml4Gx3huag has a very cool approach about how to find private keys in the open source repos from github.. I wonder if a smart enough sql query could be able to find brain wallets..

[PlutonowyPokrzycz]

I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase.

https://en.bitcoin.it/wiki/Mini_private_key_format

Given that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash.

By the way, funds have been sent to (and promptly swept from) the address associated with the sample mini private key on that page:

https://www.blockchain.com/btc/address/7f6ab65fa911f558ca2dde3e9d073acb02c0d5c6 (uncompressed: 1CciesT23BNionJeXrbxmjc7ywfiyM4oLW )
https://www.blockchain.com/btc/address/f78c1591f3f34fd1fe339dc371069b7b492bf370 (compressed: 1PZuicD1ACRfBuKEgp2XaJhVvnwpeETDyn )

Hi,
How do you manage to hash 300k passphrases per second? What do you use for that? My Pythons script with 'bictoin' library on 8 cores is doing only 800/s

[NotATether]

Hi,
How do you manage to hash 300k passphrases per second? What do you use for that? My Pythons script with 'bictoin' library on 8 cores is doing only 800/s

He definitely did not use Python because that's the reason your script is so slow!

Python executes all statements through an interpreter, it does not compile it down into assembly code so the extra overhead that the Python runtime is adding is killing the speed of your script. You should look into using brainflayer which is written in C, and is optimized with its own hashing functions instead of relying on a third-party library.

[szosti94]

Hi, I have a question about braiflayer, I launched it, found a hash and password, the problem is that I don't know how to get information about the wallet and key, how to get the address and private key with the hash sha265 and password?

[LoyceV]

2. One of those files contained the value of Pi to a billion decimal places.

I thought about this post when I found the private key to 111exFkjLXP5mXmEfVqGd2r7bXQhVhux3: it's the second set of pi's 64 hex characters: 9216D5D98979FB1BD1310BA698DFB5AC2FFD72DBD01ADFB7B8E1AFED6A267E96
Back then, it took half a day to be sweep 0.37149557 BTC (41.29 USD).

[NotATether]

Just for future reference:

Hi, I have a question about braiflayer, I launched it, found a hash and password, the problem is that I don't know how to get information about the wallet and key, how to get the address and private key with the hash sha265 and password?

You start with getting the private key. The double SHA256 hash of the password will give you that, and you can derive the public key from it as normal - Elliptic curve multiply, and then RIPEMD160 the public key, hash that through double SHA256 again and take the first four bytes of that and stick it at the end. Then stick a 0x00 byte at the beginning and encode the combined byte array through BASE58Check to get the address.

2. One of those files contained the value of Pi to a billion decimal places.

I thought about this post when I found the private key to 111exFkjLXP5mXmEfVqGd2r7bXQhVhux3: it's the second set of pi's 64 hex characters: 9216D5D98979FB1BD1310BA698DFB5AC2FFD72DBD01ADFB7B8E1AFED6A267E96
Back then, it took half a day to be sweep 0.37149557 BTC (41.29 USD).

I think it's just a coincidence that some brainwallets hash to Pi digits since Pi doesn't really have anything to do with number theory.

[fxsniper]

Brainwallets is keyword or message + sha256 = private key , right?

What if using  random 256 number (character) and + sha256 = private key it still safety?
or   random text 256 character and + sha256 = private key  still safety?

Brainwallets count only word and language human read only right?

[NotATether]

Brainwallets is keyword or message + sha256 = private key , right?

Yes.

What if using  random 256 number (character) and + sha256 = private key it still safety?
or   random text 256 character and + sha256 = private key  still safety?

Think of it this way - your brainwallet is just as secure as a password, so if you hash a 256-character text then the security will be equal to using a 256-character password (that is hashed with double SHA256 into a database by some server somewhere).

I would not view any kind of brainwallet safe. Even if you're using extremely long lengths, there is no probably secure brainwallet generator that doesn't leak the password in memory.

Brainwallets count only word and language human read only right?

Not quite. Anything that you'd use as a password can be considered a brainwallet, it's not limited to English words, or any language's words in particular.

[NotATether]

Think of it this way - your brainwallet is just as secure as a password, so if you hash a 256-character text then the security will be equal to using a 256-character password (that is hashed with double SHA256 into a database by some server somewhere).

Except the attacker can brute-force unlimited times, while on website/server you have very limited try. Additionally, single SHA-256 uses very few resource and good GPU can make few hundred MH/s.

I was actually referring to the case where a site's database with the password hashes is stolen. Then you'd be able to run as many tries as you want.

[ABCbits]

I was actually referring to the case where a site's database with the password hashes is stolen. Then you'd be able to run as many tries as you want.

I see, but AFAIK most website isn't that stupid. They usually would use salting, hash the password many times or just use algorithm focused on security (such as PBKDF2).
Meanwhile, most brainwallet only use single SHA-256 hash.

[LoyceV]

I was actually referring to the case where a site's database with the password hashes is stolen. Then you'd be able to run as many tries as you want.

Brainwallets are much worse: an attacker can try to brute-force all of them at the same time, while with a hacked password database you have to try them one by one (assuming the password hash uses something like hash("secretKey777" + username + password);).
So, if 100,000 brainwallets are in use, it's 100,000 times more likely to find one of them than cracking a password.
You can improve this by adding for instance your real name or email address as a salt to your brainwallet (but it's still not recommended to do).

[fxsniper]

I agree Brainwallets are much worse

Brainwallets use keywords + sha256

I see mini private key is using by 30 character and hash with sha256 still safety
 but mini privatekey have format

However random text and number or text only or number only 256 character (or 512 character ) hash with sha256  (64 character), I think it is safety not easy to butte force with random 256 key easy (just 64 bit key
but some duplicate some private key will duplicate with number 265 bit (77 character) convert to HEX  (64 character)

private key require HEX  in 64 character right
so, What method to can generate it to safety?

[NotATether]

...while with a hacked password database you have to try them one by one (assuming the password hash uses something like hash("secretKey777" + username + password);).

Just to point out, if you reverse the order in which you hash this stuff and make it hash(password + salt), and you leave the value of hash(password) somewhere, somebody can do a length extension attack, especially on SHA256, by using that value to compute the hash of the password plus anything appended to it without knowing the password itself.

And in a way, if your salt is constant and an attacker managers to find it elsewhere, the length extension attack negates the security of the salt.

[PlutonowyPokrzycz]

I wonder what was the oldest brainwallet ever found. Vasek reported this one in her paper: "This string contains 0.25 BTC hiding in plain sight." -> 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64
It has been used for the first time on 2011-07-14.
The story behind it here: https://bitcointalk.org/index.php?topic=28877.0

1. Was there anything older found by anyone?
2. What has been used before? Purely random generated numbers?

[PlutonowyPokrzycz]

And look how wrong your first impression can be...

I was good until Step 4.

Agreed. We urgently need a user-friendly import/export function in the client!

This is the most secure "wallet" there could possibly be. No no copies of wallet.dat, no encryption, no USB stick/paper/printing which can be lost, no malware which secretly steals my coins, no storage or bank vault, no life CD, no nothing! Just a simple passphrase I can remember. Since nothing is stored or written down anywhere this wallet concept is basically impossible to compromise.
The only flaw is that I might forget my passphrase, but I can still write hints/clues which can make my help remember while still being 100% secure. We need this.

.

[MrFreeDragon]

Brain wallets are used for fun purposes I believe:

Code:

~$ echo -n "odolvlobo ozono" | sha256sum
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4  -

So, brain wallet for odolvlobo ozono leads to the address 13u28uKzciwUpqCtVrCzk5d8KSbypjokck with the transactions dated 2 years ago 

[PrimeNumber7]

Let's say (conservatively) that a more modern quad core CPU can do 500,000 and use that as the reference. That means it can check 43.2 billion keys per day.

Brute forcing the "correct horse battery staple" space

Most "brain wallets" are not brute-forced. Hackers will use various literature as a starting point for passphraises, and will use permutations of said phrases to check for a brain wallet with coin unspent.

The reason for the above is that, although the English language is vast, and it would be difficult to brute force a random 4-word brain wallet, most people are not going to select words for a brain wallet at random.

Most people will select words that are easy to remember because they coincide with a meaningful event, or are otherwise meaningful to the person. This is not random, and as such can be easily be "guessed" by hackers.

If you were to create a brain wallet of 4 words randomly selected from 171k English words, it would be one possibility out of ~855 million trillion possible combinations. However, if the brain wallet is created from some set of words in a book or bible verse, the possible combinations is reduced by multiple magnitudes. 

[LoyceV]

Brain wallets are used for fun purposes I believe:

Code:

~$ echo -n "odolvlobo ozono" | sha256sum
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4  -

The associated uncompressed Bitcoin address is 1GRUEoTSW9MRcNooxFRt8h8eL9gsPgGxzu, which looks like a vanity address for grue, but it's unused so I guess that is a coincidence.

So, brain wallet for odolvlobo ozono leads to the address 13u28uKzciwUpqCtVrCzk5d8KSbypjokck with the transactions dated 2 years ago  

User odolvlobo Someone just got 555 sats burned donated to miners (it wasn't me).

[odolvlobo]

User odolvlobo just got 555 sats burned donated to miners (it wasn't me).

FYI, I don't think that is my address (I don't remember creating it). I don't know why someone would use "odolvlobo ozono" for a brain wallet, except that they noticed the words in a post and thought they were obscure enough to use. Apparently not.

[MrFreeDragon]

Brain wallets are used for fun purposes I believe:

Code:

~$ echo -n "odolvlobo ozono" | sha256sum
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4  -

The associated uncompressed Bitcoin address is 1GRUEoTSW9MRcNooxFRt8h8eL9gsPgGxzu, which looks like a vanity address for grue, but it's unused so I guess that is a coincidence.

-snip-

Wow, what is the connection between odolvlobo and grue except for the fact they are both Legendary members?
Interesting thing that the brainwallet from one's name signature leads to the the vanity address of another one.