Pages:
Author

Topic: Bitmex conducted an experiment with brainwallets (Read 366 times)

full member
Activity: 1498
Merit: 146
Normally people uses quotes, famous saying or poetic lines as private key which is the reason why it is much easier to get brute force the brain wallets.People should really use the random words and should be completely irrelevant words to get better security to your funds.
legendary
Activity: 3024
Merit: 2148
Wait a minute...
Ok, as I said first I'm not really sure about the resources needed in the first place but when we start with a phrase and add a single spelling error, aren't the possibilities for it reaching the same results as in trying all combination of private keys? I had a pretty bad day and I'm tired so maybe I'm saying something stupid but taking a phrase like the one in the example:

When you're generating a random private key, you are guaranteed your 128-256 bits of security. But when you start messing with brainwallets, you'll never know how much bits of security you actually have, because the space of potential values is unknown, and humans also don't choose these values randomly, some words/phrases are much more common than others, even if they seem to be uncommon.

Potential attackers could try to make a lot of optimizations for hacking brainwallets, for example they can make a psychological profile of an average Bitcoin users, for example they might be more likely to be nerdy, so they will be looking for phrases from sci-fi books, videogames, cult classic movies, etc. The way people try to make passwords more complex can also be predictable, they often put numbers in the end, use l33tspeach, capitalize the first or the last letter, etc.

Also, this thing with misspelling a phrase can backfire if you'll forget where you made a mistake, in that case you'll have to do some trial and error or even write a script to bruteforce your brainwallet.
legendary
Activity: 2268
Merit: 18711
and only combining with a random variable like dice
If you are going to create true entropy, such as you would by rolling dice, and then commit it to memory, then why not just generate a seed phrase in the usual way and commit that to memory?

Memorising your wallet/seed phrase/brainwallet input/whatever is universally a bad idea due to how fragile human memory is, but at least if you memorize a seed phrase your coins won't be stolen almost immediately as they would be with the vast majority of human generated brainwallets.
newbie
Activity: 1
Merit: 0
 Smiley :)Yeah, that's what my minds suggest, and BitMEX acknowledges that it might be a really safe way to do it (mixing with stuff that other people can't realize and only combining with a random variable like dice), but then they didn't believe the brain wallet project would fail too spectacularly either, did they?

The concern is that our minds can't understand how difficult/easy problems are. And I'd like not to experiment with it all.
https://www.liamblogging101.com/
legendary
Activity: 2268
Merit: 18711
If you are going to replace one random character from 285 possibilities with a random character from a set of 36, then there are 36*285 = 10,260 possibilities.

If you then replace one more random character from 284 possibilities, then there are 10,260*36*284 = 104,898,240 possibilities.

A further character takes that to 1 trillion possibilities.

Sure, such a wallet is likely going to be secure enough for a fairly long time. However, the vast majority of brain wallets are not using long phrases such as this, and just like passwords, any substitutions are the common and predictable ones - O to 0, A to 4, E to 3, and so on.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
Doing that and/or intentionally adding in some errors and mistypes to the phrases would make them extremely strong I'd think.
It doesn't. If a server is checking for your phrase (and there are likely dozens which are) chances are at least one of them is also searching for your swaps or errors. It is trivial to program your database to also look for addresses with common substitutions, letter swaps, added symbols, etc.

Wait a minute...
Ok, as I said first I'm not really sure about the resources needed in the first place but when we start with a phrase and add a single spelling error, aren't the possibilities for it reaching the same results as in trying all combination of private keys? I had a pretty bad day and I'm tired so maybe I'm saying something stupid but taking a phrase like the one in the example:

Quote
It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair

It has 285 characters, of course replacing just one letter won't do much as you a considering just letters and numbers there as just 36x285 possibilities.
But once we do that with two or three the number grows exponentially so for a script to find out all the permutations like for example swapping the first b in the phase with 1 the second with 2 and the third with 3 and do that for the millions of phrases out there I think will start to not be viable anymore.

LE: I know I'm doing it wrong cause the results seem a bit more than weird so before saying again something stupid, how many combinations are in a 285 phase in which 3 of the characters have been replaced by 35 possible variants?
legendary
Activity: 2268
Merit: 18711
but the fact that the phrases are limited to lyrics or literature doesn't make it reassuring.
They aren't. You simply input any string of data you like, hash it, and use the result as a private key.

It's worth noting that Bitcoin wiki seems to define a brain wallet differently (focusing just on the fact that one memorizes the passphrase and does not store it anywhere), and while this can be troublesome due to fallible memory, it's not susceptible to hacks in any more way than other wallets, right?
It wouldn't be any more susceptible to hacks if the input was long enough and completely random. The trouble is that it never is. It is usually words or phrases, and if it is easily remembered then it is easily cracked. Even when humans think we are being random, we aren't, and any input that someone has come up with themselves will be inherently weak.
legendary
Activity: 3024
Merit: 2148
Btw there wasn't a need of new experiments, it's clear as day to understand why brainwallets are the terrible idea. Humans aren't a good source of entropy! And it was proven years ago that brainwallets are terrible, contains a high percentage of hack.

There's still a lot of people who think that they are smarter than everyone and think that no one will guess their secret phrase. They don't understand that algorithms, human psychology and predictability and raw processing power can make it possible, so having a brainwallet is like having a time bomb - you never know when it will blow up, but there's always a risk that it will happen.

Generating random values and using them as keys has always been a big part of cryptography, but these crypto noobs just throw all that experience out of the window, just because they like a tiny bit of convenience. This convenience is never worth the risk in the long run.
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
despite it can sound initially a suitable method.

the problem is exactly this. people sacrifice their security for convenience all the time but sometimes that sacrifice has severe negative consequences. unfortunately when they are not well versed in the topic they are sacrificing (cryptography in this case) the risk of zeroing their security is very high.
the worst part is that programmers who are like this and create tools for people to use like brainwallet sites.
legendary
Activity: 3276
Merit: 3537
Nec Recisa Recedit
https://bitcointalksearch.org/topic/thoughts-on-this-private-key-stealing-mystery-2488493
I remember this topic regarding "faults" of brainwallet as a secure way for generating private key... Even an address was used in the past to generate a private key.
I am surprised to see how many bitcoin were at risk due this weakness, despite it can sound initially a suitable method. Bitmex has proved it again!
legendary
Activity: 3248
Merit: 1402
Join the world-leading crypto sportsbook NOW!
Found this link on reddit - https://blog.bitmex.com/call-me-ishmael/

What the did was they created 8 brainwallets by doing sha256 of some phrase from a work of fiction or lyrics or some literature, and they have put 0.005 BTC into each address. Within a day, all wallets were emptied by hackers. Some wallets were emptied before the funding transaction was even confirmed.

This means that there are people out there who run servers that monitor millions if not billions of pre-generated brainwallets, and as soon as they see a transaction coming in, they immediately sweep it. Newbies often think that a brainwallet is safe because it will take a long time to bruteforce it, but this is wrong, because no one is trying to bruteforce one specific wallet. The cost of this attack is very-very low, you just generate a list of brainwallets as big as you can handle, and then setup a script that listens to new blocks and very quickly checks if tx have been made to addresses in your list. No need to spend any computational power, just a small server that runs 24/7.
Wow, that seems very dangerous. I've never considered using one of those wallets, but the fact that the phrases are limited to lyrics or literature doesn't make it reassuring. It's worth noting that Bitcoin wiki seems to define a brain wallet differently (focusing just on the fact that one memorizes the passphrase and does not store it anywhere), and while this can be troublesome due to fallible memory, it's not susceptible to hacks in any more way than other wallets, right? I guess this additional terminology confusion can contribute to newbies making the wrong choices (say, you hear someone using the term like Bitcoin wiki does and claiming that a brainwallet is safe, and then you get a brainwallet in the sense describes in the blog).
legendary
Activity: 2268
Merit: 18711
Doing that and/or intentionally adding in some errors and mistypes to the phrases would make them extremely strong I'd think.
It doesn't. If a server is checking for your phrase (and there are likely dozens which are) chances are at least one of them is also searching for your swaps or errors. It is trivial to program your database to also look for addresses with common substitutions, letter swaps, added symbols, etc.

I've also wondered, if Bitmex or anyone who would conduct such experiments, how if they've used those mumble raps or multi-language song/s or phrases? Would it still be risky?
Yes, it will still be risky. It might take a little longer for a multi language quote to be broken, but it will be broken at some point. Using a quote, phrase, song lyric, etc. which already exists and is plastered all over the internet is a recipe for disaster.
hero member
Activity: 2352
Merit: 905
Metawin.com - Truly the best casino ever
There was a challenge on this forum: A challenge to the idea that no-one can create a good brainwallet. There was one bitcoin as a reward on this wallet. Seems nothing have happened from 2012 until 2019 (wallet was created in 2012 but posted on btctalk in 2014). In 2019, there was one bitcoin finally moved but author of that thread has disappeared, so idk whether it was hacked or owner decided to just move that one bitcoin.

Btw there wasn't a need of new experiments, it's clear as day to understand why brainwallets are the terrible idea. Humans aren't a good source of entropy! And it was proven years ago that brainwallets are terrible, contains a high percentage of hack.
legendary
Activity: 2968
Merit: 3684
Join the world-leading crypto sportsbook NOW!
Doing that and/or intentionally adding in some errors and mistypes to the phrases would make them extremely strong I'd think. I think errors would be better than mix and matching languages but either is very safe as far as I'm concerned.

Yeah, that's what my brains says, and BitMEX agrees it could be a very secure way to do it (mix with things other people can't possible know and then add with a random variable like dice) but then they didn't think the brainwallet experiment would fail so spectacularly either, now did they?

Problem is our brains can't fathom how easy/difficult things are. So I'd rather not experiment with everything. So far so good for the ones that I do have but then the balances are probably too small, maybe these monitoring servers wait for a threshold too.
legendary
Activity: 3472
Merit: 10611
I would love some feedback on this, in my opinion you still need a pretty decent server to monitor a few tens if not a hundred million addresses.
not really. if you run a full node you are already doing this for all the addresses in your wallet. basically each time you receive a transaction in your mempool or in a new block you also check it versus your wallet file. what these thieves do is to simply add a new step after that check to spend the coins they receive in the addresses they have in their wallet right away.
i don't know how optimized the current full node implementations are but the lookup can also be optimized using hashtables and if it is always loaded in memory.
legendary
Activity: 3542
Merit: 1352
Cashback 15%
It should be noted that brainwallets are only as good as the people who generated it in their heads. They are crypto wallets just the same, but the level of security that they are offering is not really that effective and tight since people and entities are already running servers that the sole purpose is to monitor and sweep any and every balances that falls under the addresses and wallets they control.

The experiment's conclusion should already be considered greatly; there's nothing new that has been added to the table for this experiment IMO as the outcome is already expected.
hero member
Activity: 2184
Merit: 891
Leading Crypto Sports Betting and Casino Platform
This experiment from BitMex confirms what we already know - brain wallets are for the brainless.

Haha LOL.. Brainwallets aren't that different from normal crypto wallet, yet key phrases are things that you know you can remember (or should I say key phrases that is common and not lives to your brain alone). Sometimes I just wondered, where are the vulnerabilities of this wallet really reside? Also, why would someone use popular words and phrases to use in brainwallet?

I've also wondered, if Bitmex or anyone who would conduct such experiments, how if they've used those mumble raps or multi-language song/s or phrases? Would it still be risky? If that so, then wouldn't it simply indicate that there would be a vulnerability in the server side right?
legendary
Activity: 3024
Merit: 2148
Doing that and/or intentionally adding in some errors and mistypes to the phrases would make them extremely strong I'd think. I think errors would be better than mix and matching languages but either is very safe as far as I'm concerned.

Wrong. The article mentions that they have some brainwallets with by picking words from books with some easy pattern and that the funds are still there after a long period of time, but this doesn't mean that this is a secure way to store Bitcoins. Eventually someone will come up with the same pattern and will build a database for potential brainwallets, and because computational power and storage only gets cheaper with years, and as Bitcoin gets more popular, more hackers will be doing this, it means that the security of brainwallets, which is already horrible, will only decrease.
hero member
Activity: 1328
Merit: 563
MintDice.com | TG: t.me/MintDice
Looking at the speed seems like there is at least one server that looking at addresses that have been created using known quotes from literature and another that, and this is quite scary has a lot bigger database, including a simple phrase from Satoshi's whitepaper which is hidden somewhat in the conclusion.

It would have been interesting if he had chosen also two quotes from foreign literature and not translated into English, I somehow doubt they are monitoring really all the possible brain wallets that can be made with all the books in the world. I'm not eager to throw 0.005, especially since I know someone with not so good intention will get that money for that but maybe I'll try with 0.0005 during the weekend.

The cost of this attack is very-very low, you just generate a list of brainwallets as big as you can handle, and then setup a script that listens to new blocks and very quickly checks if tx have been made to addresses in your list.

I would love some feedback on this, in my opinion you still need a pretty decent server to monitor a few tens if not a hundred million addresses.

I often thought about this too, I speak two languages very well, and about 4 in various degrees, have wondered just how secure it would be if I mixed up some phrases, swapping between English and others. The bonus is that two of those 4 I know don't even have to my knowledge dictionaries so the attacker would have to come from my population of roughly 200,000 people;)

I still do like the brainwallet concept done up like this, but still, I somehow think it's not as secure as my brain believes.

Also agree you would probbaly need SOME kind of cost to run such servers, probably not an individual monitoring what must at least be hundreds of millions of addresses.


Doing that and/or intentionally adding in some errors and mistypes to the phrases would make them extremely strong I'd think. I think errors would be better than mix and matching languages but either is very safe as far as I'm concerned.
legendary
Activity: 2268
Merit: 18711
Have a read of this thread, particularly the posts by the OP TheArchaeologist and almightyruler - Collection of 18.509 found and used Brainwallets

You can also see the database he created here - https://eli5.eu/brainwallet/

There are some really interesting results discussed in that thread. For example, the address 15jG7moSaWgQADbG45cbvc79sHjKBBnxBk, which is generated from the phrase "letthegoodtimesroll" was used back in 2017. Within 2 seconds (!) of a deposit being broadcast (note simply broadcast, not confirmed), three other transactions had been broadcast trying to sweep the funds to different addresses. If there were 3 servers which were watching that specific address and generating transactions that quickly 3 years ago, then you can bet that in total there are dozens of servers actively monitoring brain wallets and attempting to steal funds today.

This experiment from BitMex confirms what we already know - brain wallets are for the brainless.
Pages:
Jump to: