Pages:
Author

Topic: [Bounty 50BTC] Looking for a GPU implementation of this algorithm - page 2. (Read 5422 times)

legendary
Activity: 1428
Merit: 1093
Core Armory Developer
This is exactly why Armory uses a scrypt-like algorithm for its wallet encryption.  It does the 100,000 hashes of the passphrase, but requires them to all be stored in RAM at once, so you can do 100,000 table-lookups on it to get the final result.  This makes GPU-acceleration pretty useless for an attacker (GPU threads usually only have a tiny amount of fast memory, not megabytes).    That's why the Armory website advertises "GPU-resistant wallet encryption".  (for reference, it's called the ROMix algorithm -- found in the same paper as scrypt, it's just that ROMix is much simpler despite being much less flexible about compute-memory tradeoff)

On the other hand, if you forget your password, you likely remember enough of it that you may only require a few weeks of single-threaded processing to find it.  
sr. member
Activity: 441
Merit: 268
So you have your 12 word master seed and you are missing your wallet password or?
legendary
Activity: 1176
Merit: 1001
Cool cool cool.
Thank you for the valuable info.

I will try to code something.
sr. member
Activity: 293
Merit: 250
Sorry, what is the key derivation function? The 10000 sha256?

It stretches the key by performing 100,000 sha256 rounds.

A Radeon 7970 can do about a billion sha256 / second. With this it's reduced to 10k hashes/sec. At this rate you can do the ECDSA part on the CPU (in C of course, not python) since it's at least 40 times faster than that.

So you don't even need an ECDSA GPU implementation.
legendary
Activity: 1176
Merit: 1001
So you do know part of the password? What brute force scheme would you like to run? If you don't know anything about the password and it is more than 8 characters forget it.

ECDSA GPU code is here btw:
https://github.com/samr7/vanitygen/blob/master/oclengine.c

But that's only part of the equation. The key derivation function used will make it a lot slower.
I have several patterns I would like to try. The whole password could be even 10-12 characters. I want to try.

Sorry, what is the key derivation function? The 10000 sha256?
sr. member
Activity: 293
Merit: 250
So you do know part of the password? What brute force scheme would you like to run? If you don't know anything about the password and it is more than 8 characters forget it.

ECDSA GPU code is here btw:
https://github.com/samr7/vanitygen/blob/master/oclengine.c

But that's only part of the equation. The key derivation function used will make it a lot slower.
legendary
Activity: 1176
Merit: 1001
I lost the password of my Electrum wallet. In fact, i didn't tough the wallet to have a password when i sent the money to it. What a dumb move, creating a password for the wallet 1.5 months ago, deleting the software, redownload it and suppose that since that he didn't asked, there wasn't any password. (the encrypted file was saved in my home directory).
I think to have a chance to brute force the password, but i need some more test speed, Electrum is in Python and it's really slow. I need to try at least one billion passwords.
So, if someone helps me by providing a GPU implementation of the following algorithm and i successfully recover my founds, i will be more than happy to reward him with 50BTC.

Code:
 def decode_seed(self, password):
        seed = self.pw_decode(self.seed, password)

        # check decoded seed with master public key
        curve = SECP256k1
        secexp = self.stretch_key(seed)
        master_private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 )
        master_public_key = master_private_key.get_verifying_key().to_string().encode('hex')
        if master_public_key != self.master_public_key:
            print_error('invalid password (mpk)')
            raise BaseException('Invalid password')

        return seed

def stretch_key(self,seed):
        oldseed = seed
        for i in range(100000):
            seed = hashlib.sha256(seed + oldseed).digest()
            exit()
        return string_to_number( seed )

I haven't found a john the ripper implementation for ECDSA, or it doesn't exist.
Here is a screenshoot of my wallet so that you can check whatever or not i successfully retrieve the founds.

(edit: removed).

If someone is willed to try, thank you.
Pages:
Jump to: