This is exactly why Armory uses a scrypt-like algorithm for its wallet encryption. It does the 100,000 hashes of the passphrase, but requires them to all be stored in RAM at once, so you can do 100,000 table-lookups on it to get the final result. This makes GPU-acceleration pretty useless for an attacker (GPU threads usually only have a tiny amount of fast memory, not megabytes). That's why the Armory website advertises "GPU-resistant wallet encryption". (for reference, it's called the ROMix algorithm -- found in the same paper as scrypt, it's just that ROMix is much simpler despite being much less flexible about compute-memory tradeoff)
On the other hand, if you forget your password, you likely remember enough of it that you may only require a few weeks of single-threaded processing to find it.
Topic: [Bounty 50BTC] Looking for a GPU implementation of this algorithm - page 2. (Read 5385 times)
March 19, 2013, 05:15:06 PM
March 17, 2013, 06:49:31 PM
So you have your 12 word master seed and you are missing your wallet password or?
February 03, 2013, 03:46:25 PM
Cool cool cool.
Thank you for the valuable info.
I will try to code something.
Thank you for the valuable info.
I will try to code something.
February 03, 2013, 03:33:50 PM
Sorry, what is the key derivation function? The 10000 sha256?
It stretches the key by performing 100,000 sha256 rounds.
A Radeon 7970 can do about a billion sha256 / second. With this it's reduced to 10k hashes/sec. At this rate you can do the ECDSA part on the CPU (in C of course, not python) since it's at least 40 times faster than that.
So you don't even need an ECDSA GPU implementation.
February 03, 2013, 03:14:35 PM
So you do know part of the password? What brute force scheme would you like to run? If you don't know anything about the password and it is more than 8 characters forget it.
ECDSA GPU code is here btw:
https://github.com/samr7/vanitygen/blob/master/oclengine.c
But that's only part of the equation. The key derivation function used will make it a lot slower.
I have several patterns I would like to try. The whole password could be even 10-12 characters. I want to try.ECDSA GPU code is here btw:
https://github.com/samr7/vanitygen/blob/master/oclengine.c
But that's only part of the equation. The key derivation function used will make it a lot slower.
Sorry, what is the key derivation function? The 10000 sha256?
February 03, 2013, 02:44:41 PM
So you do know part of the password? What brute force scheme would you like to run? If you don't know anything about the password and it is more than 8 characters forget it.
ECDSA GPU code is here btw:
https://github.com/samr7/vanitygen/blob/master/oclengine.c
But that's only part of the equation. The key derivation function used will make it a lot slower.
ECDSA GPU code is here btw:
https://github.com/samr7/vanitygen/blob/master/oclengine.c
But that's only part of the equation. The key derivation function used will make it a lot slower.
February 03, 2013, 10:12:07 AM
I lost the password of my Electrum wallet. In fact, i didn't tough the wallet to have a password when i sent the money to it. What a dumb move, creating a password for the wallet 1.5 months ago, deleting the software, redownload it and suppose that since that he didn't asked, there wasn't any password. (the encrypted file was saved in my home directory).
I think to have a chance to brute force the password, but i need some more test speed, Electrum is in Python and it's really slow. I need to try at least one billion passwords.
So, if someone helps me by providing a GPU implementation of the following algorithm and i successfully recover my founds, i will be more than happy to reward him with 50BTC.
I haven't found a john the ripper implementation for ECDSA, or it doesn't exist.
Here is a screenshoot of my wallet so that you can check whatever or not i successfully retrieve the founds.
(edit: removed).
If someone is willed to try, thank you.
I think to have a chance to brute force the password, but i need some more test speed, Electrum is in Python and it's really slow. I need to try at least one billion passwords.
So, if someone helps me by providing a GPU implementation of the following algorithm and i successfully recover my founds, i will be more than happy to reward him with 50BTC.
Code:
def decode_seed(self, password):
seed = self.pw_decode(self.seed, password)
# check decoded seed with master public key
curve = SECP256k1
secexp = self.stretch_key(seed)
master_private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 )
master_public_key = master_private_key.get_verifying_key().to_string().encode('hex')
if master_public_key != self.master_public_key:
print_error('invalid password (mpk)')
raise BaseException('Invalid password')
return seed
def stretch_key(self,seed):
oldseed = seed
for i in range(100000):
seed = hashlib.sha256(seed + oldseed).digest()
exit()
return string_to_number( seed )
seed = self.pw_decode(self.seed, password)
# check decoded seed with master public key
curve = SECP256k1
secexp = self.stretch_key(seed)
master_private_key = ecdsa.SigningKey.from_secret_exponent( secexp, curve = SECP256k1 )
master_public_key = master_private_key.get_verifying_key().to_string().encode('hex')
if master_public_key != self.master_public_key:
print_error('invalid password (mpk)')
raise BaseException('Invalid password')
return seed
def stretch_key(self,seed):
oldseed = seed
for i in range(100000):
seed = hashlib.sha256(seed + oldseed).digest()
exit()
return string_to_number( seed )
I haven't found a john the ripper implementation for ECDSA, or it doesn't exist.
Here is a screenshoot of my wallet so that you can check whatever or not i successfully retrieve the founds.
(edit: removed).
If someone is willed to try, thank you.
Jump to: