Pages:
Author

Topic: 10 BTC 4 U 2 STEAL - Protected by a weak 5-letter password - crack & it's yours! - page 3. (Read 20204 times)

legendary
Activity: 1484
Merit: 1005
if you're aiming for high security for the key, you should uses a high r value (4096, 8192) for salsa20/chacha20 and skein for the block cipher as they're both really slow and expensive.  there's only a tiny amount of data to be decrypted here, and even a 5 character password that is random should be a nightmare to solve.
hero member
Activity: 504
Merit: 500
WTF???
I'm picking one starting letter and trying my luck. 1 in 13 chance I picked the right first letter. If it's not claimed by the time I finish I'll guess another one.
legendary
Activity: 1400
Merit: 1005
Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
If you give me the code, I'll run it and share half the prize with you if I find it.

I'll agree to that deal if you are interested. Want the code or a compiled exe? (and we'll wait for the starting letter to be revealed right?
Compiled exe would be great - I've tried compiling things in C before and it just doesn't go well.  I'd rather not go through it again if I can avoid it.

And yes, to anyone who questions whether I would share the prize as I have said I would, I'm not selling out my reputation here (and a multitude of other online presences, since I use this screen name almost exclusively) ever, for any dollar amount.  Keeping my integrity intact and a clear conscience is worth far more than anything money could buy.

I'll start whenever I can (whenever you send me the exe), but certainly, having the starting letter would help expedite the process of finding it.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
I am persuaded that the key will be cracked soon (a few days at the most, but possibly much sooner) without me needing to divulge the first character.  If that's true, then me giving away a character would cut that to a guaranteed crack in hours at most.  There are skilled lurkers on this thread who aren't posting, but they're cracking away.

Pooling and agreeing to share the reward is totally a good idea I'd recommend, and totally acceptable to me (not that I have any say once the money gets taken).  It is no different than pooled mining, other than perhaps without the benefit of having any way to keep anybody honest.
hero member
Activity: 740
Merit: 500
Hello world!
I bet the ones that are most likely to win are not even posting in the thread, just waiting to break the code and claim the prize.
legendary
Activity: 2324
Merit: 1125
Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
If you give me the code, I'll run it and share half the prize with you if I find it.

I'll agree to that deal if you are interested. Want the code or a compiled exe? (and we'll wait for the starting letter to be revealed right?
newbie
Activity: 7
Merit: 0
According to my calculations, once the new info is released I should be able to get it within 5 hours Smiley
If I were you, I wouldn't trust anyone to share after. There are way too many scammers around
legendary
Activity: 905
Merit: 1012
If you give me the code, I'll run it and share half the prize with you if I find it.

Why should he believe you? What if I said that if I was given the code, and I found it, I'd give him 2/3 of the prize? Why should he believe me?

SgtSpike has a long-time presence here, 5452 posts to his name, and a reputation that is probably worth more than 5 btc. You do not.

If I google the password, I get no meaningful results, just websites dedicated to listing every possible 5-character combination.

If only I worked at Google search, I could look for 5-letter random sequences searched in the last few days. Easier if I knew your IP Wink
pc
sr. member
Activity: 253
Merit: 250
I have been wondering if there's some way to pool this in a verifiable manner, where work gets sent out kind of like a mining pool, and something like I assume P2Pool does where everybody's verifying that the payment transaction they're working on is "fair" and sending the reward to those participating. I'm not sure how it'd be possible to let somebody know when they'd decrypted the key without them having the key to be able to claim the whole amount themselves, though.
hero member
Activity: 504
Merit: 500
WTF???
What if I compile the exe and have it email me the result and I split it with you? Smiley
member
Activity: 67
Merit: 10
If you give me the code, I'll run it and share half the prize with you if I find it.

Why should he believe you? What if I said that if I was given the code, and I found it, I'd give him 2/3 of the prize? Why should he believe me?
legendary
Activity: 1400
Merit: 1005
Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
If you give me the code, I'll run it and share half the prize with you if I find it.
hero member
Activity: 504
Merit: 500
WTF???
Who would like the snippet code to run the loop? Let's break the key space up and share the prize haha. Or maybe I can sell the snippet. I'll let you chose which range in which spot and you can try luck of the draw and see if you can pick the right key space. First letter given should finish the race in a few hours. I'll take it if you're still handing it out at 20:00 UTC
legendary
Activity: 2324
Merit: 1125
I'll disclose the first character of the password at or shortly after 20:00 UTC.

Don't do that.  You've already given away too much information.  I'm genuinely interested in how long it would take someone to realisticly crack a 5 character brainwallet generated private key.  Start a new thread with less characters if you want more action.  That way we can all see how long it takes for different character lengths.  This is definitely a neat experiment to either strengthen or weaken people's piece of mind on using brainwallet.

Even with that info it will take my computer a fortnight to try all possibilities Smiley
sr. member
Activity: 272
Merit: 250
I just wrote a little console application that makes use of the classes, easier to debug that way no faffing with all the other code. Added a few statistics and output every 100 combinations so I have an idea of how its doing... its still too slow to consider actually running though.
hero member
Activity: 566
Merit: 500
I modified the code with 5 nested loops.

I place the current combo in the text box, then have it check the value. On the chance it comes back a match, I exit the loops and continue on with the code to display the private / public key.
legendary
Activity: 1400
Merit: 1005
So how are people automatically checking password combinations?  2 results per second and whatnot?  Have you each written/modified code on your own for this?
sr. member
Activity: 295
Merit: 250
So I guess the dictionary hackers should reverse their algos (i.e. do not try anything that is in a word dictionary).

Smiley


Or at least try all the dictionary entries last... pretty safe bet.  This might give a couple percent speedup.  The password isn't "maybe not a word": it's more like "totally not a word".  I am pretty sure it won't accidentally appear in a dictionary.

If I google the password, I get no meaningful results, just websites dedicated to listing every possible 5-character combination.

So all we need to do is hack your google account and check the search history? Sounds easier, anyway...

Also for reference, it's not "VfHkP".

Also less likely to be a string based on keyboard layout (such as ZaQwE. Which it's not.).

legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Point well taken - so let's say I wanted to do this (if this is getting too OT I'll leave it at this) - how much BTC would motivate someone to crack it if I

(a) just put an encrypted private key with no source code for the encryption
(b) pasted the encrypted private key along with the encryption source code

Would probably consider a private key that has around 100 BTC balance if there are any takers (for option (a) and maybe at least 10 BTC for option (b)).

Huh
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
Having the output of an encryptor be poorly compressible is a common property of pretty much all encryptors, good or bad.  It is not a useful indicator of strength (although the opposite is true: if the output is compressible by anything more than a token percentage point or two, due to compressibility of non-encrypted metadata or slack space in the file, it's pretty much a given that the encryption should be easy to crack, and probably isn't "encryption" in the first place).
Pages:
Jump to: