Cricktor
Legendary
Offline
Activity: 966
Merit: 1619
Crypto Swap Exchange
|
|
June 25, 2023, 10:58:49 AM |
|
<snip>
Give me break! By the time Satoshi wrote and sent his email the concept of hierarchicaly deterministic wallets (BIP-32) was not yet invented, nor was BIP-39 a thing. It's ridiculous to try to dig something from Satoshi's public messages and think he used it to derive his keys. And it's proven that e.g. brainwallets based on publicly available data have been a recipe for desaster already. There's first random entropy which is encoded into mnemonic words. The opposite direction is only used for a recovery. Just don't pick the mnemonic words by any human influenced ways, period! As @o_e_l_e_o said, you never pick mnemonic words by any humanish schemes, as that's usually a recipe for desaster.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3654
Merit: 11103
Crypto Swap Exchange
|
|
June 26, 2023, 05:31:53 AM |
|
I did some research on hash collisions today and there are collisions in MD5 that have 2 inputs but the same output. In sha256 or even sha128 you will never have the same output. I am also aware that a seed of 12 words will surely be unbreakable for the next 50 to 100 years. I think I heard that it is possible to access coins in the wallet with different seeds, but probably with subaccounts.
To be clear hash collision (even with weak algorithms) has nothing to do with finding a mnemonic collision. The hash algorithms that are used under the hood of BIP39/BIP32 are there to give us a deterministic way of deriving child keys from an entropy and the security of this whole setup is determined by the size of that entropy not by the collision strength of the underlying hash algorithm. In other words in a 12-word seed you still have to face 2 128 possibilities even if the scheme was using a hash algorithm that is weak against collision attack like SHA1/MD5 (ignoring their small digest size). I'd say as long as the hash algorithm doesn't produce biased digests, any algorithm can be used but there is no reason to since SHA256/512 are both fast and efficient for the job.
|
|
|
|
MCUKing
Member
Offline
Activity: 115
Merit: 69
|
|
June 27, 2023, 02:30:18 PM |
|
Why would you want that? It's much less secure if you don't use a proper random.
Is proper randomization possible by proper randomization I mean true random phrase generation, I am asking this because, in most encryptions, we use pseudo randomization which is like randomization but cant generate real random phrases.
|
|
|
|
Synchronice
|
|
June 27, 2023, 08:14:08 PM |
|
Keep in mind that security of revealed 24 words out of order is still not as high as security of a private key because you are revealing your entropy and 620,448,401,733,239,439,360,000 is 6e+23 whereas security of a bitcoin private key is 2128=3e+38.
I think one can feel secure till death or even after. The normal user generates in his life maybe 10 addresses and not always the sum times the number of people who live in 100 years make it very unlikely. Let's say all 8 billion people on the planet all generate 1,000 new addresses every second for the next 5 billion years non stop. After 5 billion years we will only have generated 0.00000000000000009% of all possible addresses. This is so right! And I don't really understand why do some people think that because 2048 word list is public, it will be dangerous and unsafe, I just can't figure it out because they can mathematically prove that the probability of someone bruteforcing their wallet with positive result is so low that we can confidently say that it will never happen. At least one can create a new wallet and transfer coins every year but logically and mathematically, absolutely everyone is safe. I really pray that one day people will never look for alternative methods of generating bitcoin seeds.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18771
|
Is proper randomization possible by proper randomization I mean true random phrase generation Yes, it is possible to generate truly random numbers. Whether or not your seed phrase was generated using a truly random number or a pseudorandom number depends on the method in which you generated it. https://en.wikipedia.org/wiki/Hardware_random_number_generatorAt least one can create a new wallet and transfer coins every year but logically and mathematically, absolutely everyone is safe. You should certainly transfer everything to a new wallet if you have any concerns about your seed phrase being leaked or the security of your back ups, but such a transfer is meaningless when it comes to brute forcing, which does not need to be protected against in the first place.
|
|
|
|
unamic (OP)
Jr. Member
Offline
Activity: 35
Merit: 2
|
|
July 23, 2023, 12:33:11 PM |
|
Keep in mind that security of revealed 24 words out of order is still not as high as security of a private key because you are revealing your entropy and 620,448,401,733,239,439,360,000 is 6e+23 whereas security of a bitcoin private key is 2128=3e+38.
I think one can feel secure till death or even after. The normal user generates in his life maybe 10 addresses and not always the sum times the number of people who live in 100 years make it very unlikely. Let's say all 8 billion people on the planet all generate 1,000 new addresses every second for the next 5 billion years non stop. After 5 billion years we will only have generated 0.00000000000000009% of all possible addresses. This is so right! And I don't really understand why do some people think that because 2048 word list is public, it will be dangerous and unsafe, I just can't figure it out because they can mathematically prove that the probability of someone bruteforcing their wallet with positive result is so low that we can confidently say that it will never happen. At least one can create a new wallet and transfer coins every year but logically and mathematically, absolutely everyone is safe. I really pray that one day people will never look for alternative methods of generating bitcoin seeds. i also think you can do a new wallet from time to time but it also can be unsafe if you think there is a possibility, someone get the same phrase like you. there is a bigger possibility to get hacked if you use a hotwallet or a web3 wallet and infect it with ransomware. use a 24seed and make it as cold wallet. if you want to use the bitcoin for other stuff like collecting it, you can make a second wallet and use it as hot wallet.
|
|
|
|
Synchronice
|
|
July 25, 2023, 09:53:51 AM |
|
At least one can create a new wallet and transfer coins every year but logically and mathematically, absolutely everyone is safe. You should certainly transfer everything to a new wallet if you have any concerns about your seed phrase being leaked or the security of your back ups, but such a transfer is meaningless when it comes to brute forcing, which does not need to be protected against in the first place. Yes, that's what I meant in the first place, it's meaningless to be afraid of 12 or 24 word seed. But as I see, out of no reason, people are afraid that since the 2048 word list is publicly available, their wallets may be bruteforced. I know, there is just no way for that to happen but as you see, people even think about their own word list for 'safety' over publicly available one. So, these people aren't going to stop. In this case, I think it's better if meaninglessly super paranoid people create a new wallet from time to time and transfer coins compared to the idea of using your own word list or manually creating a seed phrase. i also think you can do a new wallet from time to time but it also can be unsafe if you think there is a possibility, someone get the same phrase like you.
What does it mean if someone get the same phrase like you? There is no way that someone will generate the same seed phrases in the same order as I generated becuase there are 2048 words in the list and there is simply no way for that accident to happen.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
Cricktor
Legendary
Offline
Activity: 966
Merit: 1619
Crypto Swap Exchange
|
i also think you can do a new wallet from time to time but it also can be unsafe if you think there is a possibility, someone get the same phrase like you. there is a bigger possibility to get hacked if you use a hotwallet or a web3 wallet and infect it with ransomware. use a 24seed and make it as cold wallet. if you want to use the bitcoin for other stuff like collecting it, you can make a second wallet and use it as hot wallet.
It won't happen during the lifetime of our solar system or even beyond (estimated), unless the RNG is severly flawed. Not for a 128-bit secret, beyond comprehension less for a 256-bit secret. The probability is in theory not equal to zero, but I'd say in practice it is basically zero. Unless you do something stupid (and there's a lot of that possible) there's no need to move funds on some regular schedule into new wallets. You ruin any pseudonymity of your UTXOs with such moves. Unnecessary dangers. You would burden yourself with a lot of unnecessary safekeeping (remember, you shouldn't completely delete old wallets as you might receive funds on old addresses by accident or from someone who got some old addresses in the past). Then always have to renew your redundant storage for every new wallet iteration? No, thanks. Simply use decent hardware wallets or a hot watch-only wallet with a proper cold wallet for the precious private keys. When a wallet is created, first there's a as random as possible secret, most commonly 128 bit long (represented by 12 recovery words) or 256 bit long integer (represented by 24 recovery words). The software doesn't pick somehow first the recovery words. The software (be it a software or hardware wallet) first generates a long random integer which is encoded in human readable and easy storable recovery words. Not the other way round.
|
|
|
|
DYING_S0UL
|
|
July 29, 2023, 05:26:36 PM |
|
Hello sir. I know all 12 seed words but i don't know their order. And I also have the address(ERC20). I tried the software you mentioned. But I have less knowledge in command line interface and etc. And his youtube guides are bit hard to understand for me as I am a newbie. So would you be kind enough to enlighten me. I have successfully installed the required software in a virtual machine. Now suppose my 12 seed are: one two three four five six seven eight nine ten eleven twelve Now what command do I have to input. Thanks in advance.
|
| | cryptomus. | | ▀ ▀ ▀ | . ▀ | | | lllllllllllllllllll CRYPTO PAYMENT GATEWAY | | | │ | ▄█▀▀██▄░░░▄█████▄░░░▄▀████▄ ██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█ ██░▀▄██░░░███▄███░░░███░░▄█ ░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░ ░▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄░ ███▀▄██░░░██▀░▀██░░░██▀▀▀▀█ ██▀▄███░░░██░░░██░░░█▄███░█ ▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀
▄█████▄░░░▄█▀▀██▄░░░▄█████▄ █▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██ █▄█▄█▄█░░░███░▀▄█░░░███▄███ ░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░ | │ | ACCEPT CRYPTO PAYMENTS | | | | ██████ ██ ██
██ ██ ██████ | GET STARTED | ██████ ██ ██
██ ██ ██████ |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18771
|
|
July 29, 2023, 05:31:06 PM |
|
Now what command do I have to input. Thanks in advance. I need some more information first. Please can you answer each of the following questions: Is the address you have a bitcoin address? Is it legacy (1), nested segwit (3), or native segwit (bc1)? Which wallet was used to generate the seed phrase? (Alternatively, is the seed phrase BIP39 or Electrum?) Do you know if you have used non-standard derivation paths or more than one account? (If you don't know what this means, then the answer is probably no.) Edit: I see you've edited to say the address you have is an ERC20 address. So again, which wallet was used to create this address? Do you know the derivation path of this address?
|
|
|
|
DYING_S0UL
|
|
July 29, 2023, 05:39:07 PM |
|
Now what command do I have to input. Thanks in advance. I see you've edited to say the address you have is an ERC20 address. So again, which wallet was used to create this address? Do you know the derivation path of this address? The seeds were part of a puzzle competition. I cracked it but I don't know how or what wallet was used. And I don't know the derivation path of this address because I am unfamiliar with this term "Derivation Path" .
|
| | cryptomus. | | ▀ ▀ ▀ | . ▀ | | | lllllllllllllllllll CRYPTO PAYMENT GATEWAY | | | │ | ▄█▀▀██▄░░░▄█████▄░░░▄▀████▄ ██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█ ██░▀▄██░░░███▄███░░░███░░▄█ ░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░ ░▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄░ ███▀▄██░░░██▀░▀██░░░██▀▀▀▀█ ██▀▄███░░░██░░░██░░░█▄███░█ ▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀
▄█████▄░░░▄█▀▀██▄░░░▄█████▄ █▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██ █▄█▄█▄█░░░███░▀▄█░░░███▄███ ░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░ | │ | ACCEPT CRYPTO PAYMENTS | | | | ██████ ██ ██
██ ██ ██████ | GET STARTED | ██████ ██ ██
██ ██ ██████ |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18771
|
|
July 29, 2023, 05:52:32 PM |
|
Well, let's assume it was generated using the standard Ethereum derivation path. First of all create a plain text .txt file with one of each of the twelve words per line. So, like this: one two three four five six seven eight nine ten eleven twelve Save the file somewhere easy to find. You'll then want to run the following command: python seedrecover.py --no-eta --no-dupchecks --mnemonic-length 12 --language EN --dsw --wallet-type ethereum --addr-limit 1 --addrs YOURADDRESSHERE --tokenlist ./PATH/TO/YOUR/FILE.txt --bip32-path "m/44'/60'/0'/0" You'll need to insert your address and the path to the file you just created above in the relevant places.
|
|
|
|
Cricktor
Legendary
Offline
Activity: 966
Merit: 1619
Crypto Swap Exchange
|
And I don't know the derivation path of this address because I am unfamiliar with this term "Derivation Path" .
Regarding the topic "derivation path" to get a better understanding, I recommend to take a look here: https://learnmeabitcoin.com/technical/derivation-paths (of course you can have a look into BIP-32 but that is a quite technical read) o_e_l_e_o's instructions are quite spot on but it will only work if the derivation path for ethereum is standard like what he put on the command line for it: m/44'/60'/0'/0 (the single tick marks ' are there for a purpose, don't mess this up). Coin type 60' indicates ETH, the following 0' indicates first/standard account, the next 0 indicates receiving addresses (ETH normally doesn't use internal change addresses as it's not UTXO based like BTC)
|
|
|
|
DYING_S0UL
|
|
July 30, 2023, 09:07:25 AM Last edit: July 30, 2023, 09:20:58 AM by DYING_S0UL |
|
You'll need to insert your address and the path to the file you just created above in the relevant places.
My seed.txt file is in desktop, then what will be the path? I know I am really stupid to ask this. Edit: I think I almost got it, I'll try to run the program now. Thank you for your valuable time.
|
| | cryptomus. | | ▀ ▀ ▀ | . ▀ | | | lllllllllllllllllll CRYPTO PAYMENT GATEWAY | | | │ | ▄█▀▀██▄░░░▄█████▄░░░▄▀████▄ ██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█ ██░▀▄██░░░███▄███░░░███░░▄█ ░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░ ░▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄░ ███▀▄██░░░██▀░▀██░░░██▀▀▀▀█ ██▀▄███░░░██░░░██░░░█▄███░█ ▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀
▄█████▄░░░▄█▀▀██▄░░░▄█████▄ █▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██ █▄█▄█▄█░░░███░▀▄█░░░███▄███ ░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░ | │ | ACCEPT CRYPTO PAYMENTS | | | | ██████ ██ ██
██ ██ ██████ | GET STARTED | ██████ ██ ██
██ ██ ██████ |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18771
|
|
July 30, 2023, 11:12:16 AM |
|
Coin type 60' indicates ETH, the following 0' indicates first/standard account, the next 0 indicates receiving addresses (ETH normally doesn't use internal change addresses as it's not UTXO based like BTC) That's not right. Ethereum does indeed use the change level of the derivation path, and for most wallets, the first Ethereum address will be at m/44'/60'/0'/0/0. The reason we don't specify the full derivation path here is because btcrecover will start deriving addresses on top of whatever we specify. So if we specify m/60'/44'/0'/0, and give it an address limit of 1 as I did, then it will check the address at m/44'/60'/0'/0/0. If we specify m/60'/44'/0'/0 and give it an address limit of 10, then it would check between m/44'/60'/0'/0/0 and m/44'/60'/0'/0/9.
|
|
|
|
Cricktor
Legendary
Offline
Activity: 966
Merit: 1619
Crypto Swap Exchange
|
Maybe I was not accurate enough: I'm aware that ETH wallets use derivation paths up to address index level, should be standard, including the receive_or_external/internal derivation level, ie. m/44'/60'/0'/0/0 (as you point out) for ETH, first account, receive or external address type, first (receive or external) address. Short legend: m/{purpose}'/{coin type}'/{account index}'/{external | internal}/{address index} I'm not so fluent with ETH, but it would surprise me to see an address derivation like m/44'/60'/0'/1/n (n being some address index between 0...2 31-1 (unhardened)) as to my limited knowledge about ETH I see no reason that an ETH wallet needs "internal" addresses like BTC wallets use them for the change coin return which is required due to the UTXO transaction model of BTC. The reason we don't specify the full derivation path here is because btcrecover will start deriving addresses on top of whatever we specify.
So if we specify m/60'/44'/0'/0, and give it an address limit of 1 as I did, then it will check the address at m/44'/60'/0'/0/0. If we specify m/60'/44'/0'/0 and give it an address limit of 10, then it would check between m/44'/60'/0'/0/0 and m/44'/60'/0'/0/9.
It's good to point this out for the less experienced users! As I have already worked with btcrecover, I know that.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18771
|
|
July 31, 2023, 07:22:47 AM |
|
-snip- Ahh, I misunderstood your previous post. I thought you were saying the first unhardened 0 referred to your first receiving address, rather than referring to the category of external/receiving addresses. I also do not use ETH, but you are right in saying it does not use change addresses, so I also wouldn't expect to see 1 at the change level unless someone did that manually or the wallet software was bugged or flawed.
|
|
|
|
nc50lc
Legendary
Offline
Activity: 2618
Merit: 6508
Self-proclaimed Genius
|
|
July 31, 2023, 08:20:23 AM |
|
Edit: I think I almost got it, I'll try to run the program now. Thank you for your valuable time.
If you came across some issue with specific requirements for ETH, try python 3.10. Then install the dependencies via requirements-full.txt file again. Also, the other possible derivation paths are listed inside btcrecover directory: ./derivationpath-lists/ETH.txtIf you exclude the --bip32-path arg, seedrecover.py will prompt you to select the correct derivation path and if you choose Ethereum, it'll automatically use the uncommented paths in that file.
|
|
|
|
DYING_S0UL
|
|
July 31, 2023, 09:40:24 AM |
|
If you came across some issue with specific requirements for ETH, try python 3.10. Then install the dependencies via requirements-full.txt file again. Also, the other possible derivation paths are listed inside btcrecover directory: ./derivationpath-lists/ETH.txtIf you exclude the --bip32-path arg, seedrecover.py will prompt you to select the correct derivation path and if you choose Ethereum, it'll automatically use the uncommented paths in that file. I think I correctly installed the required software but my problem was with the command as I didn't had enough knowledge in command line. Also I didn't knew what derivation path was or how the path works (suppose the seed.txt file is in desktop then what will be the path? [ ./PATH/TO/YOUR/FILE.txt ] < Confused with this ) Edit: All I know I Have the 12 seed words, but they were totally out of order, no seed word is missing and the wallet was ERC-20.
|
| | cryptomus. | | ▀ ▀ ▀ | . ▀ | | | lllllllllllllllllll CRYPTO PAYMENT GATEWAY | | | │ | ▄█▀▀██▄░░░▄█████▄░░░▄▀████▄ ██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█ ██░▀▄██░░░███▄███░░░███░░▄█ ░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░ ░▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄░ ███▀▄██░░░██▀░▀██░░░██▀▀▀▀█ ██▀▄███░░░██░░░██░░░█▄███░█ ▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀
▄█████▄░░░▄█▀▀██▄░░░▄█████▄ █▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██ █▄█▄█▄█░░░███░▀▄█░░░███▄███ ░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░ | │ | ACCEPT CRYPTO PAYMENTS | | | | ██████ ██ ██
██ ██ ██████ | GET STARTED | ██████ ██ ██
██ ██ ██████ |
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18771
|
|
July 31, 2023, 10:10:56 AM |
|
(suppose the seed.txt file is in desktop then what will be the path? [ ./PATH/TO/YOUR/FILE.txt ] < Confused with this ) Well, it depends on if you are talking about the desktop of your computer or the desktop of your virtual machine, what OS you are running, what your account name is, and so on. Try finding the file in a file explorer and your OS might tell you path somewhere near the top of that window. The easiest thing to do will be to put the file in the same directory as you extracted btcrecover to, then your path will simply be ./FILENAME.txt
|
|
|
|
|