Pages:
Author

Topic: --- - page 2. (Read 10372 times)

legendary
Activity: 1470
Merit: 1002
September 03, 2015, 09:52:07 AM
#52
Unchi Which one did you choose? login info or personal info or generic salt?
If it is the last one at least tell us how many words are in total.
Still unbreakable, do you have any statistic in your server if anyone is bruteforcing it?

lorylore, there is no way for me to see who is attempting to brute force it. When you generate a brainwallet, whether you are using the website or running a script/program to brute force, no data is ever sent to my server.  The database that you are checking against is the blockchain.

I could tell you which salt I'm using, but the fact is that it still wouldn't matter.  The point of the bounty is to get people to think about the sheer magnitude of attempts that would be required to brute force it.  To give you an idea, if I had used just two words out of the dictionary, there would be 29,404,018,576 different combinations to go through.

Of course, it's still possible for it to be cracked, but you would have to be willing to spend an unreasonable amount of money, have a massive amount of CPU power available to you, or be incredibly lucky. 

To some people, it's obvious that this is impractical, and they think it's pointless.  To some people, they think it's a malicious way to trick people into wasting their time and money attempting to brute force it.  And to some people it's a learning experience, allowing them to understand the purpose and effect of having multiple salt options to chose from.  The latter is what I'm after.

I was thinking if the server cpu is loading to the maximum responding to the mass requests (if any)
Yes, i understand the point, maybe after a time you can help as i said before to find the salt
For me it is just impossible, good luck to others. Will keep time to time to check the address.
legendary
Activity: 1470
Merit: 1002
September 03, 2015, 05:21:41 AM
#51
Unchi Which one did you choose? login info or personal info or generic salt?
If it is the last one at least tell us how many words are in total.
Still unbreakable, do you have any statistic in your server if anyone is bruteforcing it?
member
Activity: 105
Merit: 59
September 02, 2015, 01:12:36 PM
#50
A 0.5 BTC bounty has been created for brainwallet.io.

The passphrase is "hello world".

https://www.reddit.com/r/Bitcoin/comments/3jd5qe/05_btc_bounty_at_brainwalletio_the_passphrase_is/

For the value of the prize, one should be able to make about eight to nine million guesses (~23 bits) using a bunch of spot instances. If I want to use all the CPU on my computers at home for the rest of the month I can probably manage about a hundred million guesses (~27 bits) for about $50 worth of electricity (my marginal cost of electricity is about $0.35/kWh  Cry).

I am not going to attempt this challenge - seems like a waste of electricity/money. If you want people play, increase the bounty substantially and/or offer more information about the salt.
legendary
Activity: 966
Merit: 1000
September 02, 2015, 12:02:57 PM
#49
i have tried many brain wallet puzzles and have had no luck Sad

good luck to the competitors this one should be interesting to watch it get decoded
legendary
Activity: 1470
Merit: 1002
September 02, 2015, 11:00:31 AM
#48
I tried some but it's just impossible for me, too much room to guess the salt

Duh - that is the entire point.

Your post reminds me of when I used the algo for CIYAM Safe to safely lock away 10 BTC with a small password (was only 5 or 6 characters from memory).

I had a bunch of young idiots asking "how to work out the salt" not understanding that the "salt" was the very point of the exercise (i.e. you ain't going to get the coins by guessing).

Funnily enough with all their hashing power they were unable to crack such a small password without my help (I basically had to give them all but one of the password characters before they could crack it and that was after around a week of them trying having been given the first three characters of the small password).

Also - strictly speaking it is not "salt" as that would be known to you in plain text (the more correct term is perhaps "pepper").


Yes, it's all about the idea what could the OP think what kind of words.
I tried some programming words as he was developing but none worked lol
unchi maybe should tell us more Tongue
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 02, 2015, 10:20:35 AM
#47
I tried some but it's just impossible for me, too much room to guess the salt

Duh - that is the entire point.

Your post reminds me of when I used the algo for CIYAM Safe to safely lock away 10 BTC with a small password (was only 5 or 6 characters from memory).

I had a bunch of young idiots asking "how to work out the salt" not understanding that the "salt" was the very point of the exercise (i.e. you ain't going to get the coins by guessing).

Funnily enough with all their hashing power they were unable to crack such a small password without my help (I basically had to give them all but one of the password characters before they could crack it and that was after around a week of them trying having been given the first three characters of the small password).

Also - strictly speaking it is not "salt" as that would be known to you in plain text (the more correct term is perhaps "pepper").
legendary
Activity: 1470
Merit: 1002
September 02, 2015, 10:18:25 AM
#46
A 0.5 BTC bounty has been created for brainwallet.io.

The passphrase is "hello world".

https://www.reddit.com/r/Bitcoin/comments/3jd5qe/05_btc_bounty_at_brainwalletio_the_passphrase_is/

There are 3 kinds of salt right? Which one did you choose?
login info - personal info - generic
I tried some but it's just impossible for me, too much room to guess the salt
member
Activity: 105
Merit: 59
August 31, 2015, 02:19:40 AM
#45
Heorin, eh?  That's pretty extreme.  I'd say it's more like riding a motorcycle.  Most people take caution and pay attention to their surroundings.  But there's always those idiots who speed through traffic without wearing a helmet.

I don't think most people - even people who think they're experts - really appreciate how good password cracking has gotten. I really didn't fully grasp what constitutes a good passphrase until I started attacking them. There is also a ton of bad advice in this space all over the internet, so we have lots of people who think they know what a good password/passphrase is, but don't really. I'm an expert and I don't even trust myself to come up with passwords or passphases any more. I use a password manager to randomly generate individual passwords, and diceware passphrases - generated with casino dice - for full disk encryption, master passwords, gpg, etc. Real entropy is way better than imaginary entropy. It just takes a little effort to memorize.

As to motorcycles - I have several friends who have gotten pretty badly hurt. One lost part of his small intestine, another had his hip destroyed and the last ended up with brain damage and was in intensive care for weeks, then in recovery for a few more months. This is all despite good motorcycle armor (a helmet is nowhere near sufficient protection). Being in the wrong place at the wrong time can still destroy you.

Anyway, the reason for the heroin analogy (which seems to have come across as a little more extreme than I had intended) is because the advice on heroin should always be "Don't do it.". Needle exchanges exist because some people will do it anyway, and there is value in making it somewhat safer.

I'm glad brainwallet.org is dead. Tools like WarpWallet and brainwallet.io are a lot better. Using them with randomly generated passphrases is safe against all plausible attacks, so long as they are sufficiently long. Some organically chosen passphrases may be safe against most attacks, but it is far more difficult to predict the effectiveness of attacks against those, so it's best to assume they are dangerously weak.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 31, 2015, 12:53:29 AM
#44
Tools like brainwallet.io and warpwallet are like giving clean needles to heroin addicts. Harm reduction. Heroin (brainwallet-like tools with user-generated passwords/passphrases) is bad, but we can at least make it slightly less bad...

Heorin, eh?  That's pretty extreme.  I'd say it's more like riding a motorcycle.  Most people take caution and pay attention to their surroundings.  But there's always those idiots who speed through traffic without wearing a helmet.
Very extreme indeed.

I see brainwallets with weak passwords/passphrases like a newcomer pilot that only had piloted tiny cessnas in his life and is gonna fly an airbus 380 for the first time without prior specific training. i.e. he doesn't know nothing about all the complexity surrounding that machine's operation.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 31, 2015, 12:39:29 AM
#43

The same could be said about brainwallet.org.  It would be wise for anyone who is using a brainwallet to download a copy of the website that they can run on an offline computer, and to store the files in case the site goes down.  All of my source code can be found on GitHub, so even if brainwallet.io goes down, you can still access your funds.

Additionally, there is nothing I am doing that you couldn't do on your own.  Scrypt is a widely used key derivation function.  I am taking the output of the scrypt function and feeding it into the "classic" brainwallet algorithm. 

If you'd like to see for yourself, use this online scrypt generator:

http://kclnn.github.io/js-scrypt-async/test_scrypt_browser.html

And type in a passphrase and salt (where the salt is your name, email, phone, and DoB combined with no spaces), with parameters N=262144, r=8, p=1, and # of bytes = 32.

Then copy and paste the output into the brainwallet generator at https://bitaddress.org.

You will arrive at the same private key.
@unchi

Is that "test_scrypt_browser" (js_scrypt_async) your project?

That's an interesting (in-browser) implementation!
member
Activity: 105
Merit: 59
August 30, 2015, 11:44:16 PM
#42
It could be even more interesting to have an always updated website with the stats about the current costs of some/many configurations, so the user can choose which one he prefers.

The user should still not be coming up with a password or passphrase themselves. If they use an actually random passphrase they can ensure it has enough actual entropy to not be cracked.

Tools like brainwallet.io and warpwallet are like giving clean needles to heroin addicts. Harm reduction. Heroin (brainwallet-like tools with user-generated passwords/passphrases) is bad, but we can at least make it slightly less bad...
staff
Activity: 4270
Merit: 1209
I support freedom of choice
August 30, 2015, 11:09:32 PM
#41
It could be even more interesting to have an always updated website with the stats about the current costs of some/many configurations, so the user can choose which one he prefers.
member
Activity: 105
Merit: 59
August 30, 2015, 10:59:51 PM
#40
For those of you complaining to people linking to my slides/blog posts about brainwallets - I'm currently testing support for brainwallet.io in brainflayer. My limited benchmarking gives an estimate of about 75k passphrases guessed per dollar on Amazon EC2 spot instances.
It would be interesting to change these settings to see which are enough to get near 1 passphrase per 1 dollar Smiley (or even lower)
N=218, r=8, p=1, dkLen=32

The issue is that a legitimate user has to spend the same amount of work as the cracker per passphrase, so there is a practical limit on how much work the KDF can do. With scrypt specifically, scrypt(N=218, r=8, p=1) uses 256MiB of memory - scrypt(N=220, r=8, p=1) would be 1GiB. If you wanted scrypt to take longer than that, I'd probably suggest something like PBKDF2(iter=64, prf=scrypt(N=220, r=8, p=1)) which would take several minutes to run and is probably close to the upper bound of what anyone is willing to put up with.

You could also force some extra randomness into this by generating say, four hex digits as part of the salt and telling the user to write it down. Lose the digits and you have to brute force them - time consuming but possible. The cracker, though, doesn't have them and has to try them all in addition to whatever other salt there is... 
staff
Activity: 4270
Merit: 1209
I support freedom of choice
August 30, 2015, 09:16:04 PM
#39
For those of you complaining to people linking to my slides/blog posts about brainwallets - I'm currently testing support for brainwallet.io in brainflayer. My limited benchmarking gives an estimate of about 75k passphrases guessed per dollar on Amazon EC2 spot instances.
It would be interesting to change these settings to see which are enough to get near 1 passphrase per 1 dollar Smiley (or even lower)
N=218, r=8, p=1, dkLen=32
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
August 30, 2015, 08:46:23 PM
#38
For those of you complaining to people linking to my slides/blog posts about brainwallets - I'm currently testing support for brainwallet.io in brainflayer. My limited benchmarking gives an estimate of about 75k passphrases guessed per dollar on Amazon EC2 spot instances.
Congratulations for also researching and testing this tool.

That's a positive effort and all community should benefit from it.
member
Activity: 105
Merit: 59
August 30, 2015, 12:40:53 PM
#37
For those of you complaining to people linking to my slides/blog posts about brainwallets - I'm currently testing support for brainwallet.io in brainflayer. My limited benchmarking gives an estimate of about 75k passphrases guessed per dollar on Amazon EC2 spot instances.

Wow that's better than I thought it would be. Thanks for taking the time to do that. For comparison I'm curious to know the benchmark results for brainwallet.org. Could you provide that as well?  

Never mind, I saw in your presentation that the answer is 560 million passphrases per $1.

I would rephrase your benchmark statistic for brainwallet.io to say "75k passphrase-salt combinations per $1". You would spend a lot more than $1 trying to crack one passphrase because you would have to go through every possible salt.

"Better" as in you expected it to be more or less expensive? Cracking benchmarks are typically understood to imply the numbers are for a single salt, if salts are used.
legendary
Activity: 1470
Merit: 1002
August 30, 2015, 11:07:37 AM
#36
For those of you complaining to people linking to my slides/blog posts about brainwallets - I'm currently testing support for brainwallet.io in brainflayer. My limited benchmarking gives an estimate of about 75k passphrases guessed per dollar on Amazon EC2 spot instances.

I have read all of your slides and i was surprised,
We are thrilled to know the results at the end, i think it will be harder than brainwallet.org since brainwallet.io use salt???
member
Activity: 105
Merit: 59
August 30, 2015, 11:00:05 AM
#35
For those of you complaining to people linking to my slides/blog posts about brainwallets - I'm currently testing support for brainwallet.io in brainflayer. My limited benchmarking gives an estimate of about 75k 750k passphrases guessed per dollar on Amazon EC2 spot instances.

Edit: I am bad at math.
legendary
Activity: 1176
Merit: 1005
Decentralized Asset Management Platform
August 30, 2015, 02:40:35 AM
#34
I seriously never pid attention to brainwallet and never knew what it is ..
but why would someone use the wallet, any significance ?
member
Activity: 105
Merit: 59
August 29, 2015, 03:48:46 PM
#33
Why are you using uncompressed keys?

For compatibility.  

With what? It seems like pretty much all tools have been supporting compressed keys for quite some time.
Pages:
Jump to: