Topic: Brute-forceable puzzle - free crypto for whoever manages to crack it [SOLVED] (Read 1031 times)

I already read the part where you gave those hint, but i still think it's quite short.


Etherscan docs (https://info.etherscan.com/api-return-errors/) only mention the limit is 5 calls/sec/IP. Even so, that means his script only can check up to 100 address/sec.

Because I made it easy enough to be cracked, hence the puzzle.

It's not. It's not cryptographically secure, but it's still quite secure, depending on how you use it:

With 2 dates in 1900-2021 range there are about 1 billion possibilities. With 3 dates it's 14 trillion, with 4 dates it's 158 quadrillion. Good luck cracking that.

This indeed was way too easy.

If the probability of winning is larger than negligible (smaller than the inverse of any polynomial function), it is not cryptographically secure and therefore is a bad encryptio scheme.
So, even if this mechanisms wouldn't leak plaintext bits (which it does) and if it wouldn't be purely based on security through obscurity (which it does), it still would be a worthless scheme.

I'm kinda surprised the Etherscan API wasn't rate limiting him. From my experience with APIs, most of them autoban your IP address if you hit them too many times. Sure, they throttle you to a few requests per minute at any rate. That was my original deterrence from making a Blockchair API calling script that running overnight.

The bitcoins still haven't been found yet, apparently, only the ethereum.

Because I gave out hints it's only 2 dates and in 1900-2021 range, to make it easy.

Anyway, here's the write-up from the guy who cracked it and his code:

https://www.reddit.com/r/CryptoCurrency/comments/p2jkh3/how_i_solved_utoshiromiballzas_puzzle_in_just/
https://github.com/willhblackburn/brute-force-seedshift-puzzle-pub

The dates used to encrypt the seed words were:
1956-05-04
2014-08-28
(Hal Finney's birth & death)

Encrypted:Original:
Ethereum address: 0x9F316FAe2Bdb7cb6aa31B1776F0fe9041eFc2516

It's an easy way to store your wallet's seed; it doesn't leak anything because it is "the leak". I employ this same simple and easy way to store the seed words, not random 100-300 character Base64 encrypted gibberish. You still don't get it.

Yes they are, 128 in the example above by AES256 encrypting 12 mnemonic words with the password "blabla". Are you blind or intentionally obtuse?

Most wallets generate your 12-24 seed words for you, without the possibility of using a passphrase, so no. This is meant for those cases. So you've got 3 options: 1. write the seed words as is; 2. write them cryptographically securely encrypted as 100-300 character gibberish; 3. write them down not cryptographically securely encrypted but in easy human-readable BIP-39 words that are still realistically impossible to crack without knowing the method used, which still gives you plenty of time to recover your funds in case of theft. Do you get it now? (well there is the 4th option of buying a TREZOR/Ledger and moving all the funds there)

BIP39 is neither security by obscurity nor does it leak plaintext bits.




These are neither 100-300 chars, nor is it too difficult for an average person to decrypt it using a 3-5 step instruction.

It doesn't make any sense to create a shitty and insecure shift-cipher (which has to be taught how to use) instead for example just a BIP39 passphrase. Most proper wallets can handle this.
That would be way more easy to use than either AES or your shift shit cipher.

In the end it comes down to two pieces which have to be stored: the secret and the (encrypted) data.
Whether this is your plaintext-leaking-mnemonic [data] with the instruction and dates [the secret] or simply the securely (non-leaking) BIP39 passphrase protected mnemonic [data] and the passphrase [the secret] doesn't matter. The difference is, one is secure while the other one isn't.
I'd even argue that the passphrase protected mnemonic is easier to handle for non-techy people than your garbage.

LOL.

Yes it does. Windows does not come with it, so you have to download it or similar software. Stop pretending only Linux exists and that everyone uses or knows how to use Linux.

openssl enc -k blabla -aes256 -base64 -e -in seedwords.txt -out encrypted_seedwords.txt:
So BIP-39 is a stupid and bad idea, saving the wallet's key in an easy and human readable format?

Yes, after I provided the exact algorithm and hints to make it crackable. Once again:

Still not getting it and missing the point. Your alternative is to write down 100-300 random characters on a piece of paper (have fun with that) and then require your family to be above-average computer literate to be able to decrypt it. This is exactly why BIP-39 was made, to avoid having to do that, and to write down your wallet's key in an easy and human-readable format. But yes, a better and cryptographically secure (which mine isn't, and I never claimed it was) way would be if there was an accepted standard to convert AES encrypted text into BIP-39 words and write it down that way. But even this way would require extra computer knowledge to decrypt, not something your Average Joe would know how to do. Again, mine is simpler and can be done by hand. A trade-off for simplicity.

I don't to visit any website. I know how AES works behind the scenes. I don't care what a random website outputs on an arbitrary input.




No, it doesn't. Check openssl for example. It comes with literally every linux distro out there.




Not true.



As shown in my previous post, a 12 word mnemonic results in 48 byte which can be easily represented by 48 characters.




That is one reason why it is bad.
Another one is that it leaks bits of the plain text.

Any of these 2 reasons is enough to deem that as a bad design.




It's not.
Simply cryptanalysis and even bruteforcing is enough to break your "scheme".


It might work for you, you can feel safe as much as you want.
Trust me, no one here cares about you and your coins.

Just stop pretending your "mechanism" is good. It is not even close to being acceptable.

Most wallets do not offer that possibility, they generate a 12, 15, 24 word wallet for you. Of course using TREZOR/Ledger with a passphrase is safer, but you could even use that AND date-shift encrypt it for EXTRA security.

So when you realize you're talking bullshit and making things up on the fly "jUsT uSe yOuR oS tO eNcRyPt tHe SeEd WoRdS" you just resort to petty remarks and say how you couldn't care less. Hurr durr. Just be honest and admit you're talking out of your ass.


Go to https://aesencryption.net/ (something my or your mom would find on the internet), input the seed words, encrypt, count the number of characters.

But you actually still don't get it because you have your head so far up your rear end and you're entirely missing the point: the point is to write down the seed words on a piece of paper and also allow family members to easily access your wallet if anything happens to you. You can either write it down in plain-text, which is not a good idea because any thief finding the paper can steal your funds, or, encrypt the seed words in some way to prevent that from happening.

Your pRoPosEd method either involves a) external/online software to do, b) storing it digitally in a file for easier copy-paste into said external software, or c) writing down 100-300 random hard-to-read Base64 characters on a piece of paper, case-sensitive, and hoping for no human error when typing it into said external software (and on paper!). My method doesn't involve external software, you can encrypt/decrypt by hand, you can write it down in easy human-readable words, it can provide plausible deniability and yes, security through obscurity (you wouldn't know whether the seed words I wrote down are encrypted (or how), mistyped, or (as long as the last word is a valid checksum) if I send a small amount of decoy crypto to that wallet, that's all you'd think there is).

A wrench attack is the only thing my method is really vulnerable to, because it's obviously crypto seed words the paper holds (hence I also made this easy way to obfuscate the seed words by mapping them to their Traditional Chinese BIP-39 Unicode counterparts: https://github.com/mifunetoshiro/bip39_obfuscator), whereas AES encrypted gibberish gives you greater protection in this regard. A trade-off for easier and more human-friendly storing and recovering of crypto (the very reason why BIP-39 got made, lol.

And in any case, the only reason somebody was able to crack this puzzle was because I gave out the exact encryption algorithm and numerous hints to make it intentionally easier. If I just came here and said "crack this, it's encrypted, good luck lol", absolutely nobody would be able to do it, because the possibilities I could have used to encrypt it are endless. It'd be the same as trying to brute-force Satoshi's private keys.

To be honestly, i couldn't care less about your approach and whether your mom will understand anything.

My only concern here is that others might believe this is a gOoD iDeA. That's the only reason i am commenting here. I absolutely don't care about you and your BTC.




AES is a Block Cipher which works on 16 bytes blocks.
Assuming a 12 word mnemonic code, that's 132 bit (=16.5 byte) which results in a 32 byte output. If you want to store the IV together with the cipher text, that would be another 16 byte resulting in 48 byte in total.
That's nowhere close to "100-300 gibberish characters".

A 24 word mnemonic would result in 16 more bytes (a total of 64 bytes).

Now, instead of trying to call other people out on "not getting it" where "it" equals your shitty approach every sane person in the crypto scene wouldn't even touch with a stick, learn the fundamentals. Only then, we can start talking about encryption schemes and security in general.

Ok, encrypt with password "bla" on Windows 10 without downloading external tools, and then also decrypt it. Let me see the how-to so even my mom can understand.

You still don't get it. AES encrypting the seed words will produce 100-300 gibberish characters that you need to write down on a piece of paper, case-sensitive. Saving them in crypto.txt on my mother's computer is a bigger security risk, even though the encryption is better.

Who said anything about online services?

You do trust your Operating System, right? Then just use the built-in tools. As easy as that.




You don't need any external software. You can just use your OS.
And you also don't need 100-300 gibberish character, it seems you still didn't get it. Just read my last 2 posts again. You can use the same secret which in your case are a few dates. No additional characters.
The difference is that you don't use a worthless and non-secure mechanisms which leaks the plaintext (your mnemonic code), but a secure algorithm which is used all over the internet to secure messages.

If you don't trust AES, why don't you just use your stupid and insecure shift cipher to communicate with websites instead of TLS?

You have been warned. What you are doing is bad and insecure. And that is not an opinion, but a fact.
You gain almost zero usability but lose tons of security.

I understand that people who don't understand anything at all regarding security and cryptography believe to be able to create a secure mechanisms. Simply because they don't know better.
But the truth is, they can't. Believe it or not. We don't care whether you lose your money. The important part is that everyone else reading this knows that your mechanisms is insecure.

Waiting for a write-up from the guy who solved it.

I think it's you who didn't get it... With my method you don't have to rely on any external software or use online services (and risk theft) to decrypt anything, you can do it by hand. And with my method you can simply write down 12-24 BIP-39 words, not random gibberish 100-300 characters. The point is to write them down on a piece of paper, not store them on a computer in crypto.txt that my mother has access to and can simply copy-paste it. That's just extra risk right there.

So, what was the method used to solve the puzzle?

And risk using these online encryption/decryption services who may save the results and steal funds as well? With my method you can do it by hand, you don't need any script.

Well if someone is not capable of filling out 2 textboxes in a UI (one with the words and the other with the passphrase used) then they also won't be able to use any other method such as your shift cipher which requires the same 2 inputs (mnemonic and a date)!