Topic: 10 BTC 4 U 2 STEAL - Protected by a weak 5-letter password - crack & it's yours! - page 3. (Read 20204 times)
December 03, 2012, 02:14:03 PM
if you're aiming for high security for the key, you should uses a high r value (4096, 8192) for salsa20/chacha20 and skein for the block cipher as they're both really slow and expensive. there's only a tiny amount of data to be decrypted here, and even a 5 character password that is random should be a nightmare to solve.
December 03, 2012, 02:10:03 PM
I'm picking one starting letter and trying my luck. 1 in 13 chance I picked the right first letter. If it's not claimed by the time I finish I'll guess another one.
December 03, 2012, 02:05:58 PM
Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
If you give me the code, I'll run it and share half the prize with you if I find it.I'll agree to that deal if you are interested. Want the code or a compiled exe? (and we'll wait for the starting letter to be revealed right?
And yes, to anyone who questions whether I would share the prize as I have said I would, I'm not selling out my reputation here (and a multitude of other online presences, since I use this screen name almost exclusively) ever, for any dollar amount. Keeping my integrity intact and a clear conscience is worth far more than anything money could buy.
I'll start whenever I can (whenever you send me the exe), but certainly, having the starting letter would help expedite the process of finding it.
December 03, 2012, 02:01:55 PM
I am persuaded that the key will be cracked soon (a few days at the most, but possibly much sooner) without me needing to divulge the first character. If that's true, then me giving away a character would cut that to a guaranteed crack in hours at most. There are skilled lurkers on this thread who aren't posting, but they're cracking away.
Pooling and agreeing to share the reward is totally a good idea I'd recommend, and totally acceptable to me (not that I have any say once the money gets taken). It is no different than pooled mining, other than perhaps without the benefit of having any way to keep anybody honest.
Pooling and agreeing to share the reward is totally a good idea I'd recommend, and totally acceptable to me (not that I have any say once the money gets taken). It is no different than pooled mining, other than perhaps without the benefit of having any way to keep anybody honest.
December 03, 2012, 01:59:30 PM
I bet the ones that are most likely to win are not even posting in the thread, just waiting to break the code and claim the prize.
December 03, 2012, 01:55:16 PM
Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
If you give me the code, I'll run it and share half the prize with you if I find it.I'll agree to that deal if you are interested. Want the code or a compiled exe? (and we'll wait for the starting letter to be revealed right?
December 03, 2012, 01:52:16 PM
According to my calculations, once the new info is released I should be able to get it within 5 hours 
If I were you, I wouldn't trust anyone to share after. There are way too many scammers around
If I were you, I wouldn't trust anyone to share after. There are way too many scammers around
December 03, 2012, 01:49:15 PM
If you give me the code, I'll run it and share half the prize with you if I find it.
Why should he believe you? What if I said that if I was given the code, and I found it, I'd give him 2/3 of the prize? Why should he believe me?
SgtSpike has a long-time presence here, 5452 posts to his name, and a reputation that is probably worth more than 5 btc. You do not.
If I google the password, I get no meaningful results, just websites dedicated to listing every possible 5-character combination.
If only I worked at Google search, I could look for 5-letter random sequences searched in the last few days. Easier if I knew your IP
December 03, 2012, 01:47:10 PM
I have been wondering if there's some way to pool this in a verifiable manner, where work gets sent out kind of like a mining pool, and something like I assume P2Pool does where everybody's verifying that the payment transaction they're working on is "fair" and sending the reward to those participating. I'm not sure how it'd be possible to let somebody know when they'd decrypted the key without them having the key to be able to claim the whole amount themselves, though.
December 03, 2012, 01:43:40 PM
What if I compile the exe and have it email me the result and I split it with you?
December 03, 2012, 01:38:31 PM
If you give me the code, I'll run it and share half the prize with you if I find it.
Why should he believe you? What if I said that if I was given the code, and I found it, I'd give him 2/3 of the prize? Why should he believe me?
December 03, 2012, 01:17:07 PM
Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
If you give me the code, I'll run it and share half the prize with you if I find it. December 03, 2012, 12:47:41 PM
Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
December 03, 2012, 12:28:54 PM
I'll disclose the first character of the password at or shortly after 20:00 UTC.
Don't do that. You've already given away too much information. I'm genuinely interested in how long it would take someone to realisticly crack a 5 character brainwallet generated private key. Start a new thread with less characters if you want more action. That way we can all see how long it takes for different character lengths. This is definitely a neat experiment to either strengthen or weaken people's piece of mind on using brainwallet.
Even with that info it will take my computer a fortnight to try all possibilities
December 03, 2012, 12:27:01 PM
I just wrote a little console application that makes use of the classes, easier to debug that way no faffing with all the other code. Added a few statistics and output every 100 combinations so I have an idea of how its doing... its still too slow to consider actually running though.
December 03, 2012, 12:11:02 PM
I modified the code with 5 nested loops.
I place the current combo in the text box, then have it check the value. On the chance it comes back a match, I exit the loops and continue on with the code to display the private / public key.
I place the current combo in the text box, then have it check the value. On the chance it comes back a match, I exit the loops and continue on with the code to display the private / public key.
December 03, 2012, 12:03:54 PM
So how are people automatically checking password combinations? 2 results per second and whatnot? Have you each written/modified code on your own for this?
December 03, 2012, 11:40:30 AM
So I guess the dictionary hackers should reverse their algos (i.e. do not try anything that is in a word dictionary).
Or at least try all the dictionary entries last... pretty safe bet. This might give a couple percent speedup. The password isn't "maybe not a word": it's more like "totally not a word". I am pretty sure it won't accidentally appear in a dictionary.
If I google the password, I get no meaningful results, just websites dedicated to listing every possible 5-character combination.
So all we need to do is hack your google account and check the search history? Sounds easier, anyway...
Also for reference, it's not "VfHkP".
Also less likely to be a string based on keyboard layout (such as ZaQwE. Which it's not.).
December 03, 2012, 11:28:19 AM
Point well taken - so let's say I wanted to do this (if this is getting too OT I'll leave it at this) - how much BTC would motivate someone to crack it if I
(a) just put an encrypted private key with no source code for the encryption
(b) pasted the encrypted private key along with the encryption source code
Would probably consider a private key that has around 100 BTC balance if there are any takers (for option (a) and maybe at least 10 BTC for option (b)).
(a) just put an encrypted private key with no source code for the encryption
(b) pasted the encrypted private key along with the encryption source code
Would probably consider a private key that has around 100 BTC balance if there are any takers (for option (a) and maybe at least 10 BTC for option (b)).
December 03, 2012, 11:21:24 AM
Having the output of an encryptor be poorly compressible is a common property of pretty much all encryptors, good or bad. It is not a useful indicator of strength (although the opposite is true: if the output is compressible by anything more than a token percentage point or two, due to compressibility of non-encrypted metadata or slack space in the file, it's pretty much a given that the encryption should be easy to crack, and probably isn't "encryption" in the first place).
Jump to: