Pages:
Author

Topic: --- (Read 10372 times)

hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
---
November 03, 2016, 12:11:54 AM
#72
Seems he killed it around last month.... Actually, it seems he deleted all his posts, like he "banned" himself or something.
A very strange fact.

In fact his projects rock and they're still online.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
November 03, 2016, 12:09:13 AM
#71
Seems he killed it around last month.... Actually, it seems he deleted all his posts, like he "banned" himself or something. And his email changed recently.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
November 02, 2016, 09:12:19 PM
#70
What happened to the OP and thread's subject?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
August 27, 2016, 10:49:33 PM
#69
I would not recommend memorizing 40 alphanumeric characters.  Not only do I think it's overkill, but it's also dangerous because you could easily forget it.

You would be better off memorizing 12 random words, which is plenty secure and easier to remember.

Good idea.

Government Agent: "Please tell me your brain wallet password!!!"
Me: "I'm sorry, I forgot! It was 64 characters."

Actually, my use case for stuff like this is to have the characters printed out on paper. It's not a "brain" wallet anymore though.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
August 25, 2016, 10:08:04 PM
#68
Since someone bumped this thread, I just thought to mention, that if I can memorize 1 million characters, I might as well memorize the raw private key. Really, anything over a hundred characters is overkill. I'ma just randomly generate 40+ alpha numeric characters and memorize that. 60+ chars if case insensitive (or all one case).

Just don't use the first 60 digits of pi because everyone already has that memorized. I only memorize the first 17 digits because that's all any NASA scientist ever needs. (They use 15~16 for GPS calculations and everything within this solar system.)
legendary
Activity: 3038
Merit: 1032
RIP Mommy
May 23, 2016, 02:49:02 PM
#67
I want a version that spits out compressed keys. The private keys that begin with the letter K or L instead of the number 5.

This would be easy to implement, and I understand why this is a desired function.  However, I prefer not to add more options that add to the complexity.  It may seem minimal to seasoned bitcoiners, but I worry that newcomers may be scared away by any additional options that they have to choose from.  The truth is, I should have used compressed keys to begin with, and now it's too late to change.

Now, if you just want to be able to do it for yourself, you can easily make it spit out compressed keys by modifying line 1246 of the html file:

var gen_compressed = false;

Just change "false" to "true".

Forked with that 1 change: https://github.com/TheButterZone/brainwallet.io
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
May 17, 2016, 10:43:42 AM
#66
Oh, I emailed them twice. About a month apart. They replied to my second email. (I may have sent the first email to a wrong address or encrypted to wrong GPG.)
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
May 17, 2016, 01:28:41 AM
#65
Dabs, you're such a lucky guy!  Grin

When I last contacted those guys last year, they were supposed to be so busy that they didn't even bother replying my msg...  Undecided
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
May 16, 2016, 08:52:41 PM
#64
^^ That's a good request. +1
I made the same request from the WarpWallet guys in 2014 but they said they were too busy. Maybe someone else can follow them up. Compressed keys. (They don't have a thread here on bitcointalk.)
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
May 16, 2016, 03:46:37 AM
#63
^^ That's a good request. +1
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
May 15, 2016, 09:34:33 PM
#62
I want a version that spits out compressed keys. The private keys that begin with the letter K or L instead of the number 5.
newbie
Activity: 12
Merit: 0
January 04, 2016, 01:22:57 PM
#61
One thing I haven't mentioned yet is that the passphrase text field supports multi-line text.  This provides a small amount of additional entropy to your passphrase.

So, this passphrase:
Code:
hello world

results in a different bitcoin address than this:
Code:
hello
world


This could also help make it easier to memorize a 12 word mnemonic, by splitting it into 4 lines, for example:

Code:
children park tight
especially blade odd
goal spider everything
slightly unless collapse

Doesn't this introduce incompatibility problems due to the different Windows and UNIX/OSX end of line character(s) standards?
It looks like users are going to want an option to set the EOL standard used.
legendary
Activity: 3038
Merit: 1032
RIP Mommy
October 05, 2015, 01:12:10 PM
#60
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
October 02, 2015, 03:36:24 PM
#59
That was a real challenge...

I guess you need to take it easy next time...
hero member
Activity: 532
Merit: 500
September 10, 2015, 09:21:52 AM
#58
One thing I haven't mentioned yet is that the passphrase text field supports multi-line text.  This provides a small amount of additional entropy to your passphrase.

So, this passphrase:
Code:
hello world

results in a different bitcoin address than this:
Code:
hello
world


This could also help make it easier to memorize a 12 word mnemonic, by splitting it into 4 lines, for example:

Code:
children park tight
especially blade odd
goal spider everything
slightly unless collapse

Let's search for a music lyrics (Eminem Tongue) in youtube and paste it in the salt Smiley Isn't that a good idea Tongue, well protected.
legendary
Activity: 1470
Merit: 1002
September 10, 2015, 06:14:39 AM
#57
@unchi

How many characters are allowed at passphrase field? Is there a specific length limit?

I couldn't find that info while reading your code.

I tried with 1,755,952 characters and it worked fine.
I think it is just enough for a passphrase ~2million characters.
It just freeze my browser copying and pasting these characters lol Smiley
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
September 09, 2015, 11:40:44 PM
#56
@unchi

How many characters are allowed at passphrase field? Is there a specific length limit?

I couldn't find that info while reading your code.
member
Activity: 105
Merit: 59
September 03, 2015, 11:15:32 PM
#55
BTW here goes an interesting experiment: https://1209k.com/brainv2/

Wow, the construction that uses is convoluted. Also, a challenge is mentioned - it was spent after about 10 days.

Edit: Ah, I see why it got taken so fast. This algorithm is very GPU friendly - computing the meaty part of it can be done in parallel with up to GPU 16384 cores with 8MiB of memory each, and the first and last pass can go up to 64 cores with 2MiB memory each.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
September 03, 2015, 05:18:36 PM
#54
Congratulations for this bounty challenge initiative!

It's an important tool for future security improvements and a good way to get more code auditing.

I'd suggest that you put half the prize in the brainwallet and expect contact from the winner. After that you can show and publish the cracker's brute-force technique and then the other half should be sent to him privately.

*edited

BTW here goes an interesting experiment: https://1209k.com/brainv2/
member
Activity: 105
Merit: 59
September 03, 2015, 10:22:41 AM
#53
I could tell you which salt I'm using, but the fact is that it still wouldn't matter.  The point of the bounty is to get people to think about the sheer magnitude of attempts that would be required to brute force it.

Not really possible to estimate that until we see what the salt was.

To give you an idea, if I had used just two words out of the dictionary, there would be 29,404,018,576 different combinations to go through.

Very few people pick two random words out of the entire 171,476 word dictionary. An adult native English speaker with average vocabulary probably knows only 10% of those words. If they actually picked them at random (with dice or a computerized random number generator) as you suggest, out of 100 times (on average), in 81 instance they would not know either word, in 18 instance they would only know one word, and only in one instance would they know both. Tools for picking random words tend to have a list of only around 2,000 words, with the exception of diceware which has nearly 8,000 but is often criticized for having too many obscure words.

Crackers know this, and they will optimize by trying more likely (less complicated) things first.

Of course, it's still possible for it to be cracked, but you would have to be willing to spend an unreasonable amount of money, have a massive amount of CPU power available to you, or be incredibly lucky.  

Probably true, see my previous comment.

To some people, it's obvious that this is impractical, and they think it's pointless.  To some people, they think it's a malicious way to trick people into wasting their time and money attempting to brute force it.  And to some people it's a learning experience, allowing them to understand the purpose and effect of having multiple salt options to chose from.  The latter is what I'm after.

The thing is, if your tool became popular, it'd be unlikely for any particular person's wallet to be drained by thieves. What a thief will do is pre-build tables of salt and password/passphrase combinations and watch the network for transactions to the matching addresses. If they suspect someone in particular of having used brainwallet.io (which is different from classic brainwallets which are egregiously insecure - brainwallet.io is only kinda risky in comparsion) they'll gather as much information as they can about that person and spend some time running a targeted attack based on what they know about them.

If you choose to use this tool, and do not generate a passphrase randomly, you are gambling against unknown odds. There will be an unknown number of attackers with an unknown amount of computing power at their disposal, and they'd love to take your money.
Pages:
Jump to: