Bitcoin Forum
December 15, 2017, 02:42:36 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Results of dictionary attack on SHA256 hashed keys  (Read 12258 times)
mobile4ever
Hero Member
*****
Offline Offline

Activity: 518


View Profile
August 07, 2012, 02:02:42 PM
 #21


I have generated the private keys for all of the 8 addresses listed, by taking the SHA256 hash of passwords from a password list. 


Is the SHA256 hash easier to break than MD5?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513348956
Hero Member
*
Offline Offline

Posts: 1513348956

View Profile Personal Message (Offline)

Ignore
1513348956
Reply with quote  #2

1513348956
Report to moderator
rjk
Sr. Member
****
Offline Offline

Activity: 448


1ngldh


View Profile
August 07, 2012, 02:07:28 PM
 #22


I have generated the private keys for all of the 8 addresses listed, by taking the SHA256 hash of passwords from a password list. 


Is the SHA256 hash easier to break than MD5?
No.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
mobile4ever
Hero Member
*****
Offline Offline

Activity: 518


View Profile
August 07, 2012, 07:29:46 PM
 #23


I have generated the private keys for all of the 8 addresses listed, by taking the SHA256 hash of passwords from a password list. 


Is the SHA256 hash easier to break than MD5?
No.

Thanks...
dooglus
Legendary
*
Online Online

Activity: 2366



View Profile
August 07, 2012, 10:44:20 PM
 #24

I'd been thinking about trying it out of curiosity for awhile, and last night that curiosity finally overcame laziness.  I hacked together a script to SHA256-hash every password in a large (14 million) password leak, compute the corresponding address, and scan the blockchain for transactions touching those addresses (using blockparser.)

I did something similar some months ago and found different addresses that you did:

http://bitcoin.stackexchange.com/a/3170/659

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
organofcorti
Donator
Legendary
*
Offline Offline

Activity: 2044


Poor impulse control.


View Profile WWW
August 07, 2012, 11:59:26 PM
 #25

So whats the chances of finding some private key? If an uberminer generated hashes non stop and comparing them with the whole block chain what are the chances of him getting a hit?

I once worked out how probable that was. I forget what the exact probability was but it was a number with about one hundred zeros after it.

Assume a 1 in 1e100 chance per hash. You can work out yourself how many billion years it would take to brute force every address, even if you had the hashrate of the entire bitcoin network at your disposal.


Bitcoin network and pool analysis 12QxPHEuxDrs7mCyGSx1iVSozTwtquDB3r
follow @oocBlog for new post notifications
scintill
Sr. Member
****
Offline Offline

Activity: 448


View Profile WWW
August 08, 2012, 07:15:45 AM
 #26

I'd been thinking about trying it out of curiosity for awhile, and last night that curiosity finally overcame laziness.  I hacked together a script to SHA256-hash every password in a large (14 million) password leak, compute the corresponding address, and scan the blockchain for transactions touching those addresses (using blockparser.)

I did something similar some months ago and found different addresses that you did:

http://bitcoin.stackexchange.com/a/3170/659

Ha, we both found SHA256("fuckyou") which TTBit says he funded as an experiment.  It looks like I found your other address too -- are you saying you found more that I didn't find, and that you didn't post there?  I wonder if I could find more with better dictionaries (especially curating entries that bitcoiners might be likely to use.)

BTW, I've since re-run the script searching for transactions using Casascius' deterministic passphrase wallet (something like KeyN = SHA256(String(N)+"/"+passphrase+"/BITCOIN"+String(N)) where N = 1 to infinity for the keys in the wallet) and found nothing, so it looks like anyone seriously using this type of "brainwallet" is picking non-stupid passwords.

So whats the chances of finding some private key? If an uberminer generated hashes non stop and comparing them with the whole block chain what are the chances of him getting a hit?

This answer is pretty thorough and probably correct.  The TL;DR is that you're highly unlikely to randomly generate the same private key that someone else has, and picking a rich address and guessing its private key is much much more unlikely.  Barring huge advances in computing power or in mathematically breaking the cryptography, everyone's coins are very safe.  And, anyone with remotely enough computing power to consider trying to steal coins would make more mining.

1SCiN5kqkAbxxwesKMsH9GvyWnWP5YK2W | donations
BkkCoins
Hero Member
*****
Offline Offline

Activity: 784


firstbits:1MinerQ


View Profile WWW
August 08, 2012, 07:33:56 AM
 #27

This answer is pretty thorough and probably correct.  The TL;DR is that you're highly unlikely to randomly generate the same private key that someone else has, and picking a rich address and guessing its private key is much much more unlikely.  Barring huge advances in computing power or in mathematically breaking the cryptography, everyone's coins are very safe.  And, anyone with remotely enough computing power to consider trying to steal coins would make more mining.
And even if you can generate hashes quickly you'd have a hard time querying the blockchain at anything close to that rate. I'm sure that is more a limit than the hashing. (But that's not the same as OP here as he didn't randomly generate hashes)

vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
August 08, 2012, 08:26:19 AM
 #28

I recently played around with this myself and found that SHA-256("test") has been used: http://blockchain.info/address/1HKqKTMpBTZZ8H5zcqYEWYBaaWELrDEXeE
Funny story behind this address. Two of those transactions were mine, one was not. Someone was obviously scanning that address for incoming transactions, and snatched the rest. The set of transactions was from testing the commitcoin protocol, and at the time I was scared someone actually calculated the private key (which can be calculated from the first two transactions and the third transaction, that is now marked as double spend, since the corresponding signatures use the same randomness). Later I found out I forgot to set the flag that included 80 bits of randomness to the message (which as stated was "test"). Smiley
Sukrim
Legendary
*
Offline Offline

Activity: 2212


View Profile
August 08, 2012, 08:59:06 AM
 #29

Maybe a bit related: How many private keys can a wallet hold in the satoshi client and/or Armory? Millions? Billions? Terabytes? Petabytes?

The reason would be that for serious bruteforcing, one would constantly (for every block on the network) check all your gazillions of addresses if they have been funded - if yes, quickly snatch the money and sign a transaction. To do this though, one would need to iterate over a LOT of data (at least address wise, the block's data could probably be broken down into "address that received money" parts).

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
dooglus
Legendary
*
Online Online

Activity: 2366



View Profile
August 08, 2012, 10:05:34 AM
 #30

Ha, we both found SHA256("fuckyou") which TTBit says he funded as an experiment.  It looks like I found your other address too -- are you saying you found more that I didn't find, and that you didn't post there?

I was saying that you didn't find any of the ones I found, but I was wrong.  I was comparing the transaction IDs you listed with the sha256 hashes I listed.  Duh.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
fivemileshigh
Full Member
***
Offline Offline

Activity: 136


View Profile
August 08, 2012, 08:38:25 PM
 #31

If I understand this correctly, these are all brain wallet addresses?



Mounting a more sophisticated attack could get interesting, but I'm afraid of what I'll find. Wink  Just remember to use strong passwords if you go the "brainwallet" way!


Hey, do go ahead. If you were to find something, it'd be better if we knew NOW rather than later.

PS: Are 25 characters enough for a strong passphrase?

dooglus
Legendary
*
Online Online

Activity: 2366



View Profile
August 09, 2012, 01:27:57 AM
 #32

PS: Are 25 characters enough for a strong passphrase?

25 random characters is plenty.  25 letter 'a's isn't.  There's a range between these two extremes.

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
fivemileshigh
Full Member
***
Offline Offline

Activity: 136


View Profile
August 12, 2012, 09:23:01 AM
 #33

PS: Are 25 characters enough for a strong passphrase?

25 random characters is plenty.  25 letter 'a's isn't.  There's a range between these two extremes.

Of course, you are correct. That does answer my question though, thanks.

Vod
Legendary
*
Offline Offline

Activity: 2226


Licking my boob since 1970


View Profile WWW
August 12, 2012, 07:22:47 PM
 #34

Probably a stupid question but how much space would be needed for a db of every hash and value?

Well "every value" is simply an infinite number.

However to store say every passphrase using printable symbol on a standard keyboard (95) up to a length of 20 would be

95^20 = 3.58 x 10^39 records

If we assume no overhead and an average of 10.5 bytes for the input and 32 bytes for the hash that would be:

1.52 x 10^41 bytes
~152,356,517,023,630,000,000,000,000,000 1 TB hard drives.

The earth has about 1.3x10^50 atoms so even storing 1 bit per atom it would take up roughly a planet sized body.  Of course if the user had salt their hash wouldn't exist in your database.  To account for every 32 bit salt would require ~4 billion earth sized planets.

So you're saying there's a chance...

LOL  +1  "Dumb and Dumber"  Smiley

I'm into creating universes, smiting people, writing holy books and listening to Prayer Messages (PMs).
I will ignore your Prayer Messages unless you donate to 1CDyx8AUTiYXS1ThcBU3vy4SJWQq6pdFMH
BitcoinTalk Public Information Project - Building Database!
Joric
Member
**
Offline Offline

Activity: 67


View Profile
August 13, 2012, 05:52:54 PM
 #35

I don't understand why everyone writes about billions of keys per second. It's really slower than you think, at least for now.
Calculating sha256 is really just a tiny fraction of calculating an ecdsa keypair.
While vanitygen only does 1 EC addition, calculating an ecdsa key from seed needs at least two full blown multiplications of big numbers.
Long story short, CPUs only can generate about 1,000 keys a second, modern GPUs can calculate 20,000 keys a second, tops.
Not billions, thousands. 6 orders of magnitude smaller than billions. 1,000 times slower than vanitygen.


1JoricCBkW8C5m7QUZMwoRz9rBCM6ZSy96
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!