Author

Topic: A little story (Read 1023 times)

sr. member
Activity: 364
Merit: 250
April 20, 2014, 07:17:43 AM
#16


My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends Smiley).



Could you explain how the code worked with the password hash? thanks.
I made a simple one before but the basic explanation is that it guesses every combination given the variables and number of 'spaces' until the password cracks

Thanks for reply, heh it's helpful to have a code like this. I think you mentioned your password  had 12 letters? So how long it took to check all 2 Million permutations?
These codes do have their limits, that's why some applications and devices only allow a certain number of 'guesses'. Unless you can hack the limit the password can't be hashed. The SHA-256 coding runs in the same style, which is now used for mining. A hash is a guess, by reprogramming a miner you can have up to 1 TeraHash per second, roughly 1,099,511,627,776 guesses per second. So hashing the password should have been easy
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
April 19, 2014, 11:59:14 AM
#15
Lessons from this community:

1. Never trust exchanges, be the sole owner of your private keys.
2. Paper wallets are a great way of having a key that no one else in the universe can know.
3. Laminate your paper wallets.
4. Have more than one copy.
5. Never panic sell, if you are going to trade, have a plan. It's much easier to get unlucky than it is to get lucky.
6. Split your cold storage up.
7. Don't let your printed private key be seen by any electronic devices (with cameras). This is maybe a little "tin-foil hat-y" for many people, but it's possible that in a few years we will see that this is justified behaviour (in fact we already do, with regard to webcams being remotely activated - thank you Snowden.)
8. Drones are tiny now, and could be flying around outside your window, or inside your house without you knowing. Cover your private key as much as you can!
9. We've never had money this good before. Get as many as you can, don't lose them and don't let other scare you into selling them.
10. People are used to having mommy and daddy hodl their hands when it comes to money. With bitcoin there is no central authority. You are entirely responsible - can you handle the responsibility?

(Apologies for 7&8 sounding overly paranoid. It's not especially difficult to do what I say there, and not so unreasonable if you ask me. The only price you pay is seeming "over-the-top" to any observer, but to be honest, no one should be observing you do this in the first place! We all do strange things when we have the luxury of some privacy. Why can't this be one of them?)



i dont think its too paranoid.  better safe than sorry.  there's nothing to lose by being extra careful... there's your hard earned money to lose by not doing so.

legendary
Activity: 1680
Merit: 1045
April 19, 2014, 10:17:28 AM
#14


My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends Smiley).



Could you explain how the code worked with the password hash? thanks.
I made a simple one before but the basic explanation is that it guesses every combination given the variables and number of 'spaces' until the password cracks

Thanks for reply, heh it's helpful to have a code like this. I think you mentioned your password  had 12 letters? So how long it took to check all 2 Million permutations?

The password had a few digits in that we were unsure of. Obviously we weren't trying to guess all 22 digits, that would take the entire bitcoin network a few years I'm guessing?

The private key has never been near a webam or window (drones, government agencies), has been laminated (read about a guy on here accidentally spilling whiskey all over his paper wallet), kept in a safe place that only she has access to, TWICE.

You have stored them in locations that are separated physically by a reasonably large distance right? For example, don't have them all in your house - if there's a fire then you'll lose them completely. Unless you have a fireproof safe rated for temperatures to ensure your paper doesn't burn up, you might want to look into storing a encrypted version of your wallet on a USB key in a safe deposit box with your bank.

This is good, and I'm going to do this. At the moment they are relatively fire proof, but not enough to be completely at ease.

This is an exercise in caution. I want to never worry about these things.

Also, the person who mentioned stamping metal is on to something.
legendary
Activity: 938
Merit: 1000
April 19, 2014, 10:07:17 AM
#13


My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends Smiley).



Could you explain how the code worked with the password hash? thanks.
I made a simple one before but the basic explanation is that it guesses every combination given the variables and number of 'spaces' until the password cracks

Thanks for reply, heh it's helpful to have a code like this. I think you mentioned your password  had 12 letters? So how long it took to check all 2 Million permutations?
hero member
Activity: 798
Merit: 1000
April 19, 2014, 09:14:06 AM
#12
Glad it was a positive outcome. One way to make sure there are no mistakes like that is to stamp passwords or keys into a piece of metal that way there can be no problems reading them.
hero member
Activity: 686
Merit: 500
April 19, 2014, 07:06:54 AM
#11
OK so, drones so small they can be flying around inside your house that you don't notice it?! And that they would care to find your private keys? If I was controlling a drone that small I'd be a person who has no idea what bitcoin is, just sayin..  Isn't this just a little extreme?
hero member
Activity: 742
Merit: 502
Circa 2010
April 19, 2014, 06:14:08 AM
#10
The private key has never been near a webam or window (drones, government agencies), has been laminated (read about a guy on here accidentally spilling whiskey all over his paper wallet), kept in a safe place that only she has access to, TWICE.

You have stored them in locations that are separated physically by a reasonably large distance right? For example, don't have them all in your house - if there's a fire then you'll lose them completely. Unless you have a fireproof safe rated for temperatures to ensure your paper doesn't burn up, you might want to look into storing a encrypted version of your wallet on a USB key in a safe deposit box with your bank.
legendary
Activity: 3766
Merit: 1217
April 19, 2014, 06:04:56 AM
#9
Hmm.... so 2 million permutations. A 22 character password might need a quintillion guesses or permutations. But in this case it was easier, since some of the characters were known.  Grin
sr. member
Activity: 364
Merit: 250
April 19, 2014, 05:53:14 AM
#8


My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends Smiley).



Could you explain how the code worked with the password hash? thanks.
I made a simple one before but the basic explanation is that it guesses every combination given the variables and number of 'spaces' until the password cracks
legendary
Activity: 938
Merit: 1000
April 19, 2014, 05:34:13 AM
#7


My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends Smiley).



Could you explain how the code worked with the password hash? thanks.
sr. member
Activity: 402
Merit: 250
April 19, 2014, 05:31:28 AM
#6
How much was it worth?Huh Grin
legendary
Activity: 1680
Merit: 1045
April 19, 2014, 04:32:25 AM
#5
How much was it worth?

Enough that he might not want to say, but...
Not nearly enough for anyone to try to track down his IP address.  Cheesy

OP: Congrats on a successful recovery.

exactly Cheesy
legendary
Activity: 1680
Merit: 1045
April 19, 2014, 04:31:07 AM
#4
Lessons from this community:

1. Never trust exchanges, be the sole owner of your private keys.
2. Paper wallets are a great way of having a key that no one else in the universe can know.
3. Laminate your paper wallets.
4. Have more than one copy.
5. Never panic sell, if you are going to trade, have a plan. It's much easier to get unlucky than it is to get lucky.
6. Split your cold storage up.
7. Don't let your printed private key be seen by any electronic devices (with cameras). This is maybe a little "tin-foil hat-y" for many people, but it's possible that in a few years we will see that this is justified behaviour (in fact we already do, with regard to webcams being remotely activated - thank you Snowden.)
8. Drones are tiny now, and could be flying around outside your window, or inside your house without you knowing. Cover your private key as much as you can!
9. We've never had money this good before. Get as many as you can, don't lose them and don't let other scare you into selling them.
10. People are used to having mommy and daddy hodl their hands when it comes to money. With bitcoin there is no central authority. You are entirely responsible - can you handle the responsibility?

(Apologies for 7&8 sounding overly paranoid. It's not especially difficult to do what I say there, and not so unreasonable if you ask me. The only price you pay is seeming "over-the-top" to any observer, but to be honest, no one should be observing you do this in the first place! We all do strange things when we have the luxury of some privacy. Why can't this be one of them?)

legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
April 19, 2014, 04:19:49 AM
#3
How much was it worth?

Enough that he might not want to say, but...
Not nearly enough for anyone to try to track down his IP address.  Cheesy

OP: Congrats on a successful recovery.
member
Activity: 67
Merit: 10
April 19, 2014, 04:15:12 AM
#2
So I encouraged a friend of mine to buy some bitcoins quite a long time ago. They have since become worth a lot. She wrote a long password (22 characters!), and kept the coins in an encrypted wallet-qt.

As they appreciated and appreciated I got more and more nervous, and the time finally came to put them in cold storage.

This was when we discovered that she had written down her password wrong. I tried 128 different combinations. None worked. I asked help from a lot of people here. Some good advice, but all a little too technical for me.

I felt the coins were basically gone, because as we all know, if you don't have your private key (or the password to your wallet.dat!) you don't have any bitcoins.

My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends Smiley).

They have now been moved to cold storage, printed using an offline computer (with no hard drive in!) that ran the html for bitaddress.org.

The private key has never been near a webam or window (drones, government agencies), has been laminated (read about a guy on here accidentally spilling whiskey all over his paper wallet), kept in a safe place that only she has access to, TWICE.

I have learnt from everyone else here.

I hope to help everyone a little with my story. This new paradigm of having COMPLETE responsibility for ones own money is going to take some adjustment, but the more we help each other, the less horror stories we all have to hear about.

Good luck and happy bitcoining.
How much was it worth?
legendary
Activity: 1680
Merit: 1045
April 19, 2014, 04:12:52 AM
#1
So I encouraged a friend of mine to buy some bitcoins quite a long time ago. They have since become worth a lot. She wrote a long password (22 characters!), and kept the coins in an encrypted wallet-qt.

As they appreciated and appreciated I got more and more nervous, and the time finally came to put them in cold storage.

This was when we discovered that she had written down her password wrong. I tried 128 different combinations. None worked. I asked help from a lot of people here. Some good advice, but all a little too technical for me.

I felt the coins were basically gone, because as we all know, if you don't have your private key (or the password to your wallet.dat!) you don't have any bitcoins.

My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends Smiley).

They have now been moved to cold storage, printed using an offline computer (with no hard drive in!) that ran the html for bitaddress.org.

The private key has never been near a webam or window (drones, government agencies), has been laminated (read about a guy on here accidentally spilling whiskey all over his paper wallet), kept in a safe place that only she has access to, TWICE.

I have learnt from everyone else here.

I hope to help everyone a little with my story. This new paradigm of having COMPLETE responsibility for ones own money is going to take some adjustment, but the more we help each other, the less horror stories we all have to hear about.

Good luck and happy bitcoining.
Jump to: