Damaged paper wallet - Help!!

[eranglr]

Back in 2012 I've used Bitaddress to create a brain wallet.
I've forgotten about it until yesterday when I organized my closet, and found the paper, only to find out that it due to my kid, most of the private key is torn, except of 4 characters in the middle (I know where they start).  And the first character is L.
I don't remember the words I've been using to create the key.

More information: Bitaddress V1.6 SHA1
I know my public BTC address.

Update - my wife just found another tiny piece.. we can identify one letter at the beginning (L), another one after X space and another ~6 after Y space.

Is there a way to use brute force algorithm (like Brainflayer) to find my key?

0.2 BTC to whoever will find a way to retrieve my key.

[mocacinno]

With 4 characters and no idear which sentence you used to create your brain wallet... I don't like your chances to be honest...

There might be some tools to help you brute force those brain wallets, but they're really slow... You'd need a pretty good idear about which sentence you might have used to have a shot at bruteforcing tbh...
The fact that you know the address might help a bit while bruteforcing, since the tool you use doesn't have to check for unspent outputs once it generated an address, it just has to match the generated address to the address you have on file... Still, i don't like your odds...

[eranglr]

First private key character is L, I have another 4 characters in the middle.

[bakasabo]

Have you tried to put together torn paper? Maybe try to investigate which side belongs to other? Maybe with the help of magnifying glass. You kid is not a shredder, he wont tore it into one millimeter dust. What is the amount of Bitcoin you are trying to get access to? You know 4/64 characters - with enough money, powers and time I'm sure you can brute force it. But are you sure it will be worth doing ?

[mocacinno]

First private key character is L, I have another 4 characters in the middle.

To be honest, that only reduces the searchspace from "super duper incredibly totally impossible" to "super incredibly totally impossible".
Scanning the keyspace is a big no-no... It simply cannot be done in finite time, at least not with only 4 characters that are known to you... If you'd be missing 4 characters it would be something completely different.

Your only option is to dig deep and write down whatever words you might have used as passphrases around that time... Think about passwords you haven't used in a long time, names or dates or addresses that might have mattered to you in that timeframe... Then find a tool that iterates over these words and maybe add some variation to them. The brain is a terrible source of entropy (source for that quote is unknow, but it's not mine), so it should be far easyer to remember the passphrase than it is to bruteforce the actual private key given the first letter and 4 characters in the middle... The first letter isn't that important anyways...

[eranglr]

Update - my wife just found another tiny piece.. we can identify one letter at the beginning (L), another one after X space and another ~6 after Y space.

[mocacinno]

Update - my wife just found another tiny piece.. we can identify one letter at the beginning (L), another one after X space and another ~6 after Y space.

Sorry to be the barer of bad news, but that's still not nearly enough to bruteforce your key in finite time... Really... Unless you suddenly find another 40 or so characters in the right sequence, i would just stop with the path of trying to bruteforce the actual private key, and concentrate on the phrase you used to generate your brain wallet.
I know you said you don't remember, but even if you don't remember your odds are better than the odds of bruteforcing a private key with so little of the key known to you.

Don't get your hopes up tough... Your odds are very small either way.

EDIT: since it doesn't seems to sink in, here are some numbers from https://en.bitcoin.it/wiki/Vanitygen
Vanitygen is a tool that iterates over private keys, derives the public key, hashes said key to form the address, then sees if the address matches a predefined regex.
It seems to max out on:
GeForce RTX 2080 SUPER (48x64 cores) Grid(384x256)   2002 Mkey/s

So, basically, if you run a super-optimised tool on a GPU you can create up to 2.002.000.000 private keys/address pairs PER SECOND.

Now, you're missing 52 - (1+1+6) = 44 characters.
So there are 58⁴⁴ combinations that can be made with 44 unknown characters out of a characterset of 58, and 8 known characters to form a compressed key in WIF

Divide those two, and you end up with billions of years needed to bruteforce the key...

The breaking point is somewhere around 9 unknown characters:
(58⁸ keys)/(2002000000 keys/second * 60 seconds/minute * 60 minutes/hour * 24 hours/day) =~ 1 day to bruteforce the complete keyspace
(58⁹ keys)/(2002000000 keys/second * 60 seconds/minute * 60 minutes/hour * 24 hours/day) =~ 43 days to bruteforce the complete keyspace
(58¹⁰ keys)/(2002000000 keys/second * 60 seconds/minute * 60 minutes/hour * 24 hours/day) =~ 7 YEARS to bruteforce the complete keyspace

So, even if you have 10 GPU's, and you find a tool that's twice as fast as the once i posted benchmarks for, and you only need to scan 50% of the keyspace, missing 10 characters will still take you more than 2 months to bruteforce... Now let it sink in you're missing 44 characters instead of 10, and you don't have 10 GPU's laying around, you don't have an optimised program, and you might have to scan allmost 100% of the keyspace...
Trying to remember what kind of phrase you might have used is your only option mate... Really... Even if you have no clue, it's still better than trying to bruteforce a private key...

[PawGo]

Update - my wife just found another tiny piece.. we can identify one letter at the beginning (L), another one after X space and another ~6 after Y space.

No QR code? Sometimes it could be more helpful.

[eranglr]

Thank you for explaining the math.
My next question - isn't the odds are (a little) better due to the known position of the 8 characters, the known public key, and that it was generated with SHA1 and probably dictionary phrase? 

Is there a tool out there that I can test possible phrases and position the known characters?

[cajancharles]

How much bitcoin is inside the wallet? Maybe it will not be financilly feasible to bruteforce the wallet key, if possible , if the funds inside the wallet is less than the money you have to spend in processing power.

and A tool works on an algorithm and algorithm is created by maths, that you saw above.

[MixMAx123]

https://github.com/MrMaxweII/repairPrivKey



The running time is displayed.

[mocacinno]

https://--snip--/MrMaxweII/repairPrivKey

Looks like it's a really nice tool... I wouldn't run it on an online machine without reading the actual code tough... Also, like i already said: this tool is perfect for when you're missing 4 or 5 characters... Running it with 44 missing characters won't do you any good...

[MixMAx123]

https://--snip--/MrMaxweII/repairPrivKey

Looks like it's a really nice tool... I wouldn't run it on an online machine without reading the actual code tough... Also, like i already said: this tool is perfect for when you're missing 4 or 5 characters... Running it with 44 missing characters won't do you any good...

Open Source

yes offline!

[cajancharles]

Thank you for explaining the math.
My next question - isn't the odds are (a little) better due to the known position of the 8 characters, the known public key, and that it was generated with SHA1 and probably dictionary phrase? 

Is there a tool out there that I can test possible phrases and position the known characters?

No , you have 44 characters missing. Like the maths shown above 58^10 takes 7 years approx. for 10 characters.

[ranochigo]

My next question - isn't the odds are (a little) better due to the known position of the 8 characters, the known public key, and that it was generated with SHA1 and probably dictionary phrase? 

Is there a tool out there that I can test possible phrases and position the known characters?

I don't think SHA1 was used for your brainwallet, that was the signature for the webpage itself and has nothing to do with your brainwallet. A small change in your brainwallet phrase will have an avalanche effect in your resultant WIF private key, having knowledge of that can possibly help you to verify if the key is correct but won't help you to reduce the time if you were to bruteforce using the phrase.

If it's a dictionary phrase, I would expect it to be wiped by now. I'm not exactly sure how Bitaddress used to generate them but I presume they are not salted.

[eranglr]

I thought that brain wallets are weaker than random keys, aren't they?

[mocacinno]

I thought that brain wallets are weaker than random keys, aren't they?

yes

[Coding Enthusiast]

I'm not exactly sure how Bitaddress used to generate them but I presume they are not salted.

Single SHA256 of the passphrase while enforcing a minimum 15 character length passphrase.
https://github.com/pointbiz/bitaddress.org/blob/72aefc03e0d150c52780294927d95262b711f602/src/ninja.detailwallet.js#L58-L62

It is insecure so if OP has some idea about the passphrase they used there could be a chance to brute force it rather easily.

[PawGo]

I thought that brain wallets are weaker than random keys, aren't they?

I does not matter really.
Or let's say differently - it depends on the vector of attack.
In your case there are 2 possibilities: you try to recover WIF or you try to recover seed phrase.
With WIF - usually if there is more than 7-8 characters missing (not counting the last 4-5, which are checksum and are not critical for the problem), it becomes difficult (it not really makes sense, or in other words - it would take a log time. Of course there is chance that you will hit the correct WIF after one second, but I would not have too much hope.
You may play with my simple program for that: https://github.com/PawelGorny/WifSolver
Maybe you should think about seed phrase you used? Or you definitely abandon that idea?

[mocacinno]

--snip--
Single SHA256 of the passphrase while enforcing a minimum 15 character length passphrase.
https://github.com/pointbiz/bitaddress.org/blob/72aefc03e0d150c52780294927d95262b711f602/src/ninja.detailwallet.js#L58-L62

It is insecure so if OP has some idea about the passphrase they used there could be a chance to brute force it rather easily.

Just to make sure the OP isn't getting any false hopes: Coding Enthusiast is using a different way of saying what i've said before: OP could brute force his passphrase if he has an idea what it might have been... If it was a completely random passphrase, it's still allmost impossible... Bruteforcing the actual private key is impossible (well, theoretically it's possible, but in reality it's not)