Bitcoin Forum
December 09, 2016, 08:12:53 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bitcoin - how long does it take to change a wallet password?  (Read 1320 times)
gamebak
Member
**
Offline Offline

Activity: 103


View Profile
June 28, 2012, 04:24:29 AM
 #1

Well can anyone tell me how long it will take to change a password from code ?

I will do some math and see with what i can come thru Tongue
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
muqali
Full Member
***
Offline Offline

Activity: 182


View Profile
June 28, 2012, 04:59:43 AM
 #2

I'm not sure what you're asking. With the bitcoin-qt client it'd take as long as it does to type your old password and new password twice. Given that mine is quite long and I need to look at my "reminder" sheet in my wallet to remember it all, it takes a minute or two. If your password is 1234 like the password on planet Druidia, not long.

If you mean change it via C or C++ code, I've no idea. I'd imagine not long, the client is open source. Pull the relevant parts and have a look see.

edit - or do you mean to crack a password? You mention using math to figure it out.

donations BTC: 1CaCwo4xneTqTLEdomW76Cg5NteZyvXi1c
donations LTC: LTcasvjtLuN92ks1Pc1qtkvE9PswsXEbev
gamebak
Member
**
Offline Offline

Activity: 103


View Profile
June 28, 2012, 06:40:06 AM
 #3

yeah i was thinking about the math aspects of how long will take to crack some passwords. Because an attack could be given at any time, and if the password isn't well secured and long enough there's a big chance of getting into the account in no time, just by a bruteforece attack.
silentseawolf
Newbie
*
Offline Offline

Activity: 29


View Profile
June 28, 2012, 07:20:11 AM
 #4

there are password strength estimators and articles on how to make a strong password all over the web.  Google is your friend.
tjb0607
Newbie
*
Offline Offline

Activity: 26


i love jade harley


View Profile WWW
June 28, 2012, 06:29:15 PM
 #5

there are password strength estimators and articles on how to make a strong password all over the web.  Google is your friend.

Don't trust any random strong password test. I would make sure it's an https connection, and even then, try switching out a few letters and numbers just to make sure. I know Microsoft has a really simple one.

edit - or you could download software from a page like this http://www.passwordmeter.com/
if you really want to be extra cautious you can disconnect your Internet while using it.

Edit 2 - this one's cool. I'd make sure it's at least a few thousand years because the website looks pretty dated. http://lastbit.com/pswcalc.asp

1tjbo6o7SDHzpuxybYkx3ZDa7RqeUUmgw
gamebak
Member
**
Offline Offline

Activity: 103


View Profile
June 28, 2012, 07:03:30 PM
 #6

Guys maybe you didn't got my point, i know how to secure my password, but what i am interested in is how much it takes for a password to be changed from c/c++ for the wallet.

Because it's very possible that someone could break into your account if he's rig is powerfull enough, just by bruteforce.
Imagine a pool where all that imense power is gathered just for a bruteforce into 1 account, i doubt it will take so much time.

Just by using some simple math you could end up with few possible passwords:
This is just an example.
Let's say there are 54(a-zA-Z) + 12(!@#$%^&*?><_) [I know those aren't all of them] possible keywords in that password.
Then the password could contain any of those 64 possible keywords.

The math indicates that there are: n!/ (n-k)! total number of passwords.
n=64 (total ammount of keyowrds)
k=maximum length of the password

Let's take now the averege case, password length=6
we will have 64!/58! = 59 * 60 * 61 * 62 * 63 * 64 = 53.981.544.960 combinations

It seems big, but how much will take to crack ?
An averege a pool has over 500G/sec, wich is 500.000.000.000 per second (so it will crack that password in less than a second), the question remains how long does it take for a wallet to change that password?


This was just an example(i am sure not all the calculations were done right), but i hope you can see my point, and understand why there is such a big concern to the security of this thing.
RaTTuS
Hero Member
*****
Offline Offline

Activity: 792


Bite me


View Profile
June 29, 2012, 09:49:48 AM
 #7

your thinking wrong
if he can get onto your machine then he can install a keylogger and get the password as fast as you type it.


In the Beginning there was CPU , then GPU , then FPGA then ASIC, what next I hear to ask ....

1RaTTuSEN7jJUDiW1EGogHwtek7g9BiEn
Foxpup
Legendary
*
Offline Offline

Activity: 1708



View Profile
June 29, 2012, 10:27:31 AM
 #8

your thinking wrong
if he can get onto your machine then he can install a keylogger and get the password as fast as you type it.

That depends on what you mean by "get onto your machine". It's much harder to install a keylogger than it is to just read files. Installing a hardware keylogger requires physical access to the machine, and a software keylogger requires direct access to the keyboard driver, which requires administrator privileges on any sane operating system (though if you're in the habit of giving admin privileges to any random program that asks for it, you're screwed).

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
realnowhereman
Hero Member
*****
Offline Offline

Activity: 504



View Profile
June 29, 2012, 12:07:52 PM
 #9

and a software keylogger requires direct access to the keyboard driver, which requires administrator privileges on any sane operating system

No it doesn't.

To access the actual keyboard, maybe.  But you only want the key events for a key logger; and that certainly doesn't need admin access.  If it did then how would what you were typing ever make it to the application?

Have you ever seen virtual keyboard apps?  Or accessibility helpers?  Both of those get at the keyboard without any difficulty.

1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
Foxpup
Legendary
*
Offline Offline

Activity: 1708



View Profile
June 30, 2012, 12:18:23 AM
 #10

and a software keylogger requires direct access to the keyboard driver, which requires administrator privileges on any sane operating system

No it doesn't.

To access the actual keyboard, maybe.  But you only want the key events for a key logger; and that certainly doesn't need admin access.  If it did then how would what you were typing ever make it to the application?
Key events can only be received by whichever application has keyboard focus. They cannot be accessed by other programs without admin privileges.

Have you ever seen virtual keyboard apps?  Or accessibility helpers?  Both of those get at the keyboard without any difficulty.
Sending key events and receiving those sent to other programs are two different things. The latter is not normally possible under any sane operating system. If you're asking about the possibility that such programs might log their own input, then yes, this is possible, but entering passwords directly into another application is kinda dumb.

Will pretend to do unverifiable things (while actually eating an enchilada-style burrito) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4
memvola
Hero Member
*****
Offline Offline

Activity: 896


View Profile
June 30, 2012, 01:39:03 AM
 #11

The math indicates that there are: n!/ (n-k)! total number of passwords.
n=64 (total ammount of keyowrds)
k=maximum length of the password

Let's take now the averege case, password length=6

Nope, there are nk is the total number, since you can use the same symbol twice more than once. And a 6 letter passwords won't protect you.

If you have a casual 10 character password using a 64 symbol set, it would give you 1018 possibilities to be forced. It would be safer to pick out of 95 symbols though, and for instance, my password length is 16.

I think what you mean by "change the password from code" is the decryption of the master key and checking its validity. That's actually a good question. I think the dynamic number of rounds mentioned here is to address exactly that, but I don't know the actual trade-off values.
realnowhereman
Hero Member
*****
Offline Offline

Activity: 504



View Profile
June 30, 2012, 04:17:11 PM
 #12

and a software keylogger requires direct access to the keyboard driver, which requires administrator privileges on any sane operating system

No it doesn't.

To access the actual keyboard, maybe.  But you only want the key events for a key logger; and that certainly doesn't need admin access.  If it did then how would what you were typing ever make it to the application?
Key events can only be received by whichever application has keyboard focus. They cannot be accessed by other programs without admin privileges.

I'm sorry, but that just is not true.  In Linux, for example, the window manager, a separate app, can pick up key presses like "Alt-F4" before the app to close the window -- any it doesn't want it simply forwards.  At the extreme end on UNIX you could just catch every byte sent to the X window control socket (which is owned by the user, not root).  But you could also make one giant transparent window that receives everything and simply passes it through to whatever app underneath the keylogger wants.

Have you ever seen virtual keyboard apps?  Or accessibility helpers?  Both of those get at the keyboard without any difficulty.
Sending key events and receiving those sent to other programs are two different things. The latter is not normally possible under any sane operating system. If you're asking about the possibility that such programs might log their own input, then yes, this is possible, but entering passwords directly into another application is kinda dumb.

That's why I mentioned two classes of program.  Virtual keyboard apps can send; and accessibility helpers can capture keys (slow modifiers is a common one).  Combine those facilities in one application.

1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!