Topic: --- - page 2. (Read 10363 times)

I was thinking if the server cpu is loading to the maximum responding to the mass requests (if any)
Yes, i understand the point, maybe after a time you can help as i said before to find the salt
For me it is just impossible, good luck to others. Will keep time to time to check the address.

Unchi Which one did you choose? login info or personal info or generic salt?
If it is the last one at least tell us how many words are in total.
Still unbreakable, do you have any statistic in your server if anyone is bruteforcing it?

For the value of the prize, one should be able to make about eight to nine million guesses (~23 bits) using a bunch of spot instances. If I want to use all the CPU on my computers at home for the rest of the month I can probably manage about a hundred million guesses (~27 bits) for about $50 worth of electricity (my marginal cost of electricity is about $0.35/kWh  ).

I am not going to attempt this challenge - seems like a waste of electricity/money. If you want people play, increase the bounty substantially and/or offer more information about the salt.

i have tried many brain wallet puzzles and have had no luck

good luck to the competitors this one should be interesting to watch it get decoded

Yes, it's all about the idea what could the OP think what kind of words.
I tried some programming words as he was developing but none worked lol
unchi maybe should tell us more

Duh - that is the entire point.

Your post reminds me of when I used the algo for CIYAM Safe to safely lock away 10 BTC with a small password (was only 5 or 6 characters from memory).

I had a bunch of young idiots asking "how to work out the salt" not understanding that the "salt" was the very point of the exercise (i.e. you ain't going to get the coins by guessing).

Funnily enough with all their hashing power they were unable to crack such a small password without my help (I basically had to give them all but one of the password characters before they could crack it and that was after around a week of them trying having been given the first three characters of the small password).

Also - strictly speaking it is not "salt" as that would be known to you in plain text (the more correct term is perhaps "pepper").

There are 3 kinds of salt right? Which one did you choose?
login info - personal info - generic
I tried some but it's just impossible for me, too much room to guess the salt

I don't think most people - even people who think they're experts - really appreciate how good password cracking has gotten. I really didn't fully grasp what constitutes a good passphrase until I started attacking them. There is also a ton of bad advice in this space all over the internet, so we have lots of people who think they know what a good password/passphrase is, but don't really. I'm an expert and I don't even trust myself to come up with passwords or passphases any more. I use a password manager to randomly generate individual passwords, and diceware passphrases - generated with casino dice - for full disk encryption, master passwords, gpg, etc. Real entropy is way better than imaginary entropy. It just takes a little effort to memorize.

As to motorcycles - I have several friends who have gotten pretty badly hurt. One lost part of his small intestine, another had his hip destroyed and the last ended up with brain damage and was in intensive care for weeks, then in recovery for a few more months. This is all despite good motorcycle armor (a helmet is nowhere near sufficient protection). Being in the wrong place at the wrong time can still destroy you.

Anyway, the reason for the heroin analogy (which seems to have come across as a little more extreme than I had intended) is because the advice on heroin should always be "Don't do it.". Needle exchanges exist because some people will do it anyway, and there is value in making it somewhat safer.

I'm glad brainwallet.org is dead. Tools like WarpWallet and brainwallet.io are a lot better. Using them with randomly generated passphrases is safe against all plausible attacks, so long as they are sufficiently long. Some organically chosen passphrases may be safe against most attacks, but it is far more difficult to predict the effectiveness of attacks against those, so it's best to assume they are dangerously weak.

Very extreme indeed.

I see brainwallets with weak passwords/passphrases like a newcomer pilot that only had piloted tiny cessnas in his life and is gonna fly an airbus 380 for the first time without prior specific training. i.e. he doesn't know nothing about all the complexity surrounding that machine's operation.

@unchi

Is that "test_scrypt_browser" (js_scrypt_async) your project?

That's an interesting (in-browser) implementation!

The user should still not be coming up with a password or passphrase themselves. If they use an actually random passphrase they can ensure it has enough actual entropy to not be cracked.

Tools like brainwallet.io and warpwallet are like giving clean needles to heroin addicts. Harm reduction. Heroin (brainwallet-like tools with user-generated passwords/passphrases) is bad, but we can at least make it slightly less bad...

It could be even more interesting to have an always updated website with the stats about the current costs of some/many configurations, so the user can choose which one he prefers.

The issue is that a legitimate user has to spend the same amount of work as the cracker per passphrase, so there is a practical limit on how much work the KDF can do. With scrypt specifically, scrypt(N=2¹⁸, r=8, p=1) uses 256MiB of memory - scrypt(N=2²⁰, r=8, p=1) would be 1GiB. If you wanted scrypt to take longer than that, I'd probably suggest something like PBKDF2(iter=64, prf=scrypt(N=2²⁰, r=8, p=1)) which would take several minutes to run and is probably close to the upper bound of what anyone is willing to put up with.

You could also force some extra randomness into this by generating say, four hex digits as part of the salt and telling the user to write it down. Lose the digits and you have to brute force them - time consuming but possible. The cracker, though, doesn't have them and has to try them all in addition to whatever other salt there is... 

It would be interesting to change these settings to see which are enough to get near 1 passphrase per 1 dollar (or even lower)
N=218, r=8, p=1, dkLen=32

Congratulations for also researching and testing this tool.

That's a positive effort and all community should benefit from it.

"Better" as in you expected it to be more or less expensive? Cracking benchmarks are typically understood to imply the numbers are for a single salt, if salts are used.

I have read all of your slides and i was surprised,
We are thrilled to know the results at the end, i think it will be harder than brainwallet.org since brainwallet.io use salt???

For those of you complaining to people linking to my slides/blog posts about brainwallets - I'm currently testing support for brainwallet.io in brainflayer. My limited benchmarking gives an estimate of about 75k 750k passphrases guessed per dollar on Amazon EC2 spot instances.

Edit: I am bad at math.

I seriously never pid attention to brainwallet and never knew what it is ..
but why would someone use the wallet, any significance ?

With what? It seems like pretty much all tools have been supporting compressed keys for quite some time.