Results of dictionary attack on SHA256 hashed keys

[mobile4ever]

I have generated the private keys for all of the 8 addresses listed, by taking the SHA256 hash of passwords from a password list. 

Is the SHA256 hash easier to break than MD5?

[rjk]

I have generated the private keys for all of the 8 addresses listed, by taking the SHA256 hash of passwords from a password list. 

Is the SHA256 hash easier to break than MD5?

No.

[mobile4ever]

I have generated the private keys for all of the 8 addresses listed, by taking the SHA256 hash of passwords from a password list. 

Is the SHA256 hash easier to break than MD5?

No.

Thanks...

[dooglus]

I'd been thinking about trying it out of curiosity for awhile, and last night that curiosity finally overcame laziness.  I hacked together a script to SHA256-hash every password in a large (14 million) password leak, compute the corresponding address, and scan the blockchain for transactions touching those addresses (using blockparser.)

I did something similar some months ago and found different addresses that you did:

http://bitcoin.stackexchange.com/a/3170/659

[organofcorti]

So whats the chances of finding some private key? If an uberminer generated hashes non stop and comparing them with the whole block chain what are the chances of him getting a hit?

I once worked out how probable that was. I forget what the exact probability was but it was a number with about one hundred zeros after it.

Assume a 1 in 1e100 chance per hash. You can work out yourself how many billion years it would take to brute force every address, even if you had the hashrate of the entire bitcoin network at your disposal.

[scintill]

I'd been thinking about trying it out of curiosity for awhile, and last night that curiosity finally overcame laziness.  I hacked together a script to SHA256-hash every password in a large (14 million) password leak, compute the corresponding address, and scan the blockchain for transactions touching those addresses (using blockparser.)

I did something similar some months ago and found different addresses that you did:

http://bitcoin.stackexchange.com/a/3170/659

Ha, we both found SHA256("fuckyou") which TTBit says he funded as an experiment.  It looks like I found your other address too -- are you saying you found more that I didn't find, and that you didn't post there?  I wonder if I could find more with better dictionaries (especially curating entries that bitcoiners might be likely to use.)

BTW, I've since re-run the script searching for transactions using Casascius' deterministic passphrase wallet (something like KeyN = SHA256(String(N)+"/"+passphrase+"/BITCOIN"+String(N)) where N = 1 to infinity for the keys in the wallet) and found nothing, so it looks like anyone seriously using this type of "brainwallet" is picking non-stupid passwords.

So whats the chances of finding some private key? If an uberminer generated hashes non stop and comparing them with the whole block chain what are the chances of him getting a hit?

This answer is pretty thorough and probably correct.  The TL;DR is that you're highly unlikely to randomly generate the same private key that someone else has, and picking a rich address and guessing its private key is much much more unlikely.  Barring huge advances in computing power or in mathematically breaking the cryptography, everyone's coins are very safe.  And, anyone with remotely enough computing power to consider trying to steal coins would make more mining.

[BkkCoins]

This answer is pretty thorough and probably correct.  The TL;DR is that you're highly unlikely to randomly generate the same private key that someone else has, and picking a rich address and guessing its private key is much much more unlikely.  Barring huge advances in computing power or in mathematically breaking the cryptography, everyone's coins are very safe.  And, anyone with remotely enough computing power to consider trying to steal coins would make more mining.

And even if you can generate hashes quickly you'd have a hard time querying the blockchain at anything close to that rate. I'm sure that is more a limit than the hashing. (But that's not the same as OP here as he didn't randomly generate hashes)

[vuce]

I recently played around with this myself and found that SHA-256("test") has been used: http://blockchain.info/address/1HKqKTMpBTZZ8H5zcqYEWYBaaWELrDEXeE

Funny story behind this address. Two of those transactions were mine, one was not. Someone was obviously scanning that address for incoming transactions, and snatched the rest. The set of transactions was from testing the commitcoin protocol, and at the time I was scared someone actually calculated the private key (which can be calculated from the first two transactions and the third transaction, that is now marked as double spend, since the corresponding signatures use the same randomness). Later I found out I forgot to set the flag that included 80 bits of randomness to the message (which as stated was "test").

[Sukrim]

Maybe a bit related: How many private keys can a wallet hold in the satoshi client and/or Armory? Millions? Billions? Terabytes? Petabytes?

The reason would be that for serious bruteforcing, one would constantly (for every block on the network) check all your gazillions of addresses if they have been funded - if yes, quickly snatch the money and sign a transaction. To do this though, one would need to iterate over a LOT of data (at least address wise, the block's data could probably be broken down into "address that received money" parts).

[dooglus]

Ha, we both found SHA256("fuckyou") which TTBit says he funded as an experiment.  It looks like I found your other address too -- are you saying you found more that I didn't find, and that you didn't post there?

I was saying that you didn't find any of the ones I found, but I was wrong.  I was comparing the transaction IDs you listed with the sha256 hashes I listed.  Duh.

[fivemileshigh]

If I understand this correctly, these are all brain wallet addresses?

Mounting a more sophisticated attack could get interesting, but I'm afraid of what I'll find.   Just remember to use strong passwords if you go the "brainwallet" way!

Hey, do go ahead. If you were to find something, it'd be better if we knew NOW rather than later.

PS: Are 25 characters enough for a strong passphrase?

[dooglus]

PS: Are 25 characters enough for a strong passphrase?

25 random characters is plenty.  25 letter 'a's isn't.  There's a range between these two extremes.

[fivemileshigh]

PS: Are 25 characters enough for a strong passphrase?

25 random characters is plenty.  25 letter 'a's isn't.  There's a range between these two extremes.

Of course, you are correct. That does answer my question though, thanks.

[Vod]

Probably a stupid question but how much space would be needed for a db of every hash and value?

Well "every value" is simply an infinite number.

However to store say every passphrase using printable symbol on a standard keyboard (95) up to a length of 20 would be

95^20 = 3.58 x 10^39 records

If we assume no overhead and an average of 10.5 bytes for the input and 32 bytes for the hash that would be:

1.52 x 10^41 bytes
~152,356,517,023,630,000,000,000,000,000 1 TB hard drives.

The earth has about 1.3x10^50 atoms so even storing 1 bit per atom it would take up roughly a planet sized body.  Of course if the user had salt their hash wouldn't exist in your database.  To account for every 32 bit salt would require ~4 billion earth sized planets.

So you're saying there's a chance...

LOL  +1  "Dumb and Dumber" 

[Joric]

I don't understand why everyone writes about billions of keys per second. It's really slower than you think, at least for now.
Calculating sha256 is really just a tiny fraction of calculating an ecdsa keypair.
While vanitygen only does 1 EC addition, calculating an ecdsa key from seed needs at least two full blown multiplications of big numbers.
Long story short, CPUs only can generate about 1,000 keys a second, modern GPUs can calculate 20,000 keys a second, tops.
Not billions, thousands. 6 orders of magnitude smaller than billions. 1,000 times slower than vanitygen.