Collection of 18.509 found and used Brainwallets - page 14.

vit05

hero member

Activity: 672

Merit: 526

Quote from: o_e_l_e_o on July 30, 2018, 07:07:02 AM

Quote from: TheArchaeologist on July 30, 2018, 06:59:35 AM

Let's just hope you want suffer from a dying brain instead of a dying hard drive!

The human brain is a very fragile thing. There are literally hundreds of completely unpredictable accidents and illnesses that can leave you with profound memory loss. Relying solely on your memory is a bad idea.

It would be very interesting if someone could find papers with statistical research proving what is safer for a period of time greater than 10 years. A human brain or an HD. Something like this would definitely be very useful for many future applications. The simplest way to think about this is that it is much riskier to store a password in the brain than in a hard drive.

But perhaps the big complicator is not exactly health issues or an accident. It may be that keeping sentences is not the best way to put something in the brain, it's too risky. And many times we look for something simple as in the case of this password that is just a title of a very famous song.

But overall, few people have kept some kind of hard drive for over 10 years.

almightyruler

legendary

Activity: 2268

Merit: 1092

Quote from: HeRetiK on September 26, 2018, 10:49:06 AM

Quote from: almightyruler on September 26, 2018, 10:27:43 AM

Turns out it's not such a mysterious password after all; checking further, it appears in the password lists I downloaded.

Alright, that's slightly less worrying then.

I was expecting something along the lines of "l0ve1s4lly0un33d" or a 1337 version of "Hey Jude" which would have implied a far vaster lookup table. (assuming it isn't already. well, probably now it will be.)

I can think of one method to vastly reduce the amount of storage required for a stealer-bot, and I'm sure that people much smarter than I am have come up with a similar idea. So it's not impossible for a setup to be able to include a wide variety of permutations, in the hope of catching something in the future. I'm using a modest 2TB array on my temporary cracking machine and I estimate that could store around 20 to 25 billion candidate addresses.

I had a quick look through the results, and my system has found at least one 8 character password that does not appear in any of the source input files, has zero Google results, and is not on haveibeenpwned. The password evolved by mixing two or more disparate source lines together, and applying some extra mangling (appending, truncating, etc). THAT'S what should scare people off using sha256 wallets: your cool 8 or 10 character "random" password, even one that has no words in it, is not unbreakable.

HeRetiK

legendary

Activity: 2912

Merit: 2066

Cashback 15%

Quote from: almightyruler on September 26, 2018, 10:27:43 AM

Quote from: HeRetiK on September 26, 2018, 09:45:47 AM

Have you checked whether this particular passphrase has been part of a prior leak? You can check here: https://haveibeenpwned.com/Passwords

It would be interesting to know whether our brainwallet sweepers are using publicly available password lists or have some pimped collections of their own.

Oh no — pwned!
This password has been seen 1,164 times before

Turns out it's not such a mysterious password after all; checking further, it appears in the password lists I downloaded. I thought my system had found it through mangling of lyrics (which it may have still done, independently). The password for 1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR is "loveisallyouneed"

Alright, that's slightly less worrying then.

I was expecting something along the lines of "l0ve1s4lly0un33d" or a 1337 version of "Hey Jude" which would have implied a far vaster lookup table. (assuming it isn't already. well, probably now it will be.)

almightyruler

legendary

Activity: 2268

Merit: 1092

Quote from: Thirdspace on September 26, 2018, 09:15:30 AM

Quote from: almightyruler on September 26, 2018, 12:33:25 AM

The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, with minor mangling.

receiver address 17WRjamo... and 1LdUHTEV... competing on utxo of 1GkGD48u... and 152DXcBq...
I think there is more to it than just some bots sweeping some addresses
did you also find private key for 152DXcBqGShpC7mBj4XZHQG9uGY9mUtZ8d ?

Not yet.

Quote from: HeRetiK on September 26, 2018, 09:45:47 AM

It not only suggests bots, it also suggests that these bots iterate through rather impressive lookup tables.

There would be some challenges with maintaining a database that has several billions (maybe even trillions) of records, but it wouldn't be impossible. You would need a BIG bloom filter (to minimise false positives), and a clean and fast key->value database with lots of storage.

Quote from: HeRetiK on September 26, 2018, 09:45:47 AM

Have you checked whether this particular passphrase has been part of a prior leak? You can check here: https://haveibeenpwned.com/Passwords

It would be interesting to know whether our brainwallet sweepers are using publicly available password lists or have some pimped collections of their own.

Oh no — pwned!
This password has been seen 1,164 times before

Turns out it's not such a mysterious password after all; checking further, it appears in the password lists I downloaded. I thought my system had found it through mangling of lyrics (which it may have still done, independently). The password for 1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR is "loveisallyouneed"

HeRetiK

legendary

Activity: 2912

Merit: 2066

Cashback 15%

Quote from: almightyruler on September 26, 2018, 12:33:25 AM

[...]

This particular brainwallet concerns me, as the transactions are recent (March 2018), and for a large value (0.5 BTC): https://www.blockchain.com/btc/address/1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR

The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, with minor mangling.

It not only suggests bots, it also suggests that these bots iterate through rather impressive lookup tables.

Have you checked whether this particular passphrase has been part of a prior leak? You can check here: https://haveibeenpwned.com/Passwords

It would be interesting to know whether our brainwallet sweepers are using publicly available password lists or have some pimped collections of their own.

Quote from: Thirdspace on September 26, 2018, 09:15:30 AM

there were 4 transactions competing to sweep balance from 1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR [...]

There seem to be quite a handful of bots competing for the most common passphrases. This talk from 2015 estimates them at half a dozen [1], I wouldn't be surprised if matters have gone worse since then.

[1] https://www.youtube.com/watch?v=foil0hzl4Pg (around the 31:30 mark)

Thirdspace

hero member

Activity: 1232

Merit: 738

Mixing reinvented for your privacy | chipmixer.com

Quote from: almightyruler on September 26, 2018, 12:33:25 AM

This particular brainwallet concerns me, as the transactions are recent (March 2018), and for a large value (0.5 BTC): https://www.blockchain.com/btc/address/1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR

The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, with minor mangling.

there were 4 transactions competing to sweep balance from 1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR
I found two of them were trying on two different addresses with same balance of 0.5 BTC,
receiver address 17WRjamo... and 1LdUHTEV... competing on utxo of 1GkGD48u... and 152DXcBq...
I think there is more to it than just some bots sweeping some addresses
did you also find private key for 152DXcBqGShpC7mBj4XZHQG9uGY9mUtZ8d ?
btw, that receiver address 1LdUHTEV... has balance of 50 BTC Shocked

450+ tx ins without a single tx out

almightyruler

legendary

Activity: 2268

Merit: 1092

Bumping this thread as I am also doing something similar, and plan to publish my results to increase awareness of the risk of using sha256 brainwallets.

Like the OP, I'm interested in this only for research purposes, so I scanned all known addresses rather than just cherry picking those with a balance. I'm using brainflayer, but as previously noted, the large number of addresses in the blockchain as of 2018 result in a very high false positive rate (currently around 13%) which requires a lot of post processing.

So far I've found 20329 valid keys. The large majority of the keys are based on single English dictionary words, which seem to have been deliberately sent small amounts (for research? for fun?) back in 2013.

This particular brainwallet concerns me, as the transactions are recent (March 2018), and for a large value (0.5 BTC): https://www.blockchain.com/btc/address/1GkGD48ucUKCwPkwRyH1bDLJTAdeHVn2xR

The funds were swept out instantly, which strongly suggests it was a theft by a bot watching that privkey. The passphrase is a song title, with minor mangling.

TheArchaeologist

sr. member

Activity: 310

Merit: 727

---------> 1231006505

Quote from: rpstatic on July 30, 2018, 01:31:18 PM

Did you also find wallets with any balance on it? Would be interesting if people still use them.

No I didn't. It seemed to be a lucrative business once so I can imagine lots of time and computing power has been consumed to find private keys for addresses with non zero balances in the past.

Furthermore: I'm just interested in finding as much brainwallets as possible which have been used in the past. I'm not interested in stealing funds which aren't mine.

rpstatic

jr. member

Activity: 53

Merit: 7

Did you also find wallets with any balance on it? Would be interesting if people still use them.

TheArchaeologist

sr. member

Activity: 310

Merit: 727

---------> 1231006505

Forum member amaclin1 did a check and came up with 200 addresses/brainwallets he had which were missing from my list. I just added them to m database and updated the site. My own software indicated two of the entries as a duplicate so the total list now contains 18.767 entries. Thanks for helping/sharing!

To comment on the other request by adding the latest transaction date: This is something I currently do not have present in my database. I will mark is as a future request since I first have to complete/update my own blockchain parser for this. But as mentioned by HeRetiK all of the addresses were emptied a long time ago so way before any fork afaik.

HeRetiK

legendary

Activity: 2912

Merit: 2066

Cashback 15%

Quote from: Thirdspace on July 30, 2018, 09:26:45 AM

have you checked whether any of them have BCH or BTG balance? Cheesy

or are they old used addresses with no chance of having balance on recent forks?
can you sort the list by the latest date of transaction? might give more insight

Good thinking! All of these brainwallets seem to have been cleared up a long time ago though, presumably there are multiple people running regular scans on the most common brainwallet addresses as described by OP. At least that was the state of 2015 when Brainflayer was first introduced at Def Con 23.

I'd also love to see a feature for listing the addresses by the latest transaction date though.

Thirdspace

hero member

Activity: 1232

Merit: 738

Mixing reinvented for your privacy | chipmixer.com

have you checked whether any of them have BCH or BTG balance? Cheesy

or are they old used addresses with no chance of having balance on recent forks?
can you sort the list by the latest date of transaction? might give more insight

TheArchaeologist

sr. member

Activity: 310

Merit: 727

---------> 1231006505

Quote from: amaclin1 on July 30, 2018, 07:24:29 AM

I am too lazy to copy-paste 38 pages from https://eli5.eu/brainwallet/ Grin

Grab them from this text-file then: https://eli5.eu/brainwallet/btc_brainwallet_v18569.txt

Would be nice if you could share the ones I miss!

amaclin1

sr. member

Activity: 770

Merit: 305

Quote from: TheArchaeologist on July 30, 2018, 07:18:48 AM

There isn't one yet but I could build it easily. So you are looking for a text file containing 1 BTC address on each line?

Any format you prefer

I am too lazy to copy-paste 38 pages from https://eli5.eu/brainwallet/ Grin

TheArchaeologist

sr. member

Activity: 310

Merit: 727

---------> 1231006505

Quote from: amaclin1 on July 30, 2018, 06:54:30 AM

Is there there a list of addresses in plain text?
I want to compare your list with mine

There isn't one yet but I could build it easily. So you are looking for a text file containing 1 BTC address on each line?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Quote from: TheArchaeologist on July 30, 2018, 06:59:35 AM

Let's just hope you want suffer from a dying brain instead of a dying hard drive!

The human brain is a very fragile thing. There are literally hundreds of completely unpredictable accidents and illnesses that can leave you with profound memory loss. Relying solely on your memory is a bad idea.

TheArchaeologist

sr. member

Activity: 310

Merit: 727

---------> 1231006505

Quote from: Evil-Knievel on July 30, 2018, 06:50:08 AM

Quote from: TheArchaeologist on July 29, 2018, 04:32:57 AM

As been discussed many times before using a Brainwallet is a bad idea.

I disagree, I have never lost anything from a brain wallet but I have lost quite a few coins from failing hardware wallets and dying hard drives.

I get you stand on this and maybe the introduction was a bit too short on the subject. As always there are exceptions to the rule and if you manage to remember a brainwallet with high entropy and also using some personal knowledge (like a salt) it becomes a lot more secure. Let's just hope you want suffer from a dying brain instead of a dying hard drive!

amaclin1

sr. member

Activity: 770

Merit: 305

Is there there a list of addresses in plain text?
I want to compare your list with mine

Evil-Knievel

legendary

Activity: 1260

Merit: 1168

Quote from: TheArchaeologist on July 29, 2018, 04:32:57 AM

As been discussed many times before using a Brainwallet is a bad idea.

I disagree, I have never lost anything from a brain wallet but I have lost quite a few coins from failing hardware wallets and dying hard drives.

TheArchaeologist

sr. member

Activity: 310

Merit: 727

---------> 1231006505

Quote from: o_e_l_e_o on July 29, 2018, 03:38:57 PM

Very interesting data, and proof that we are inherently awful at privacy. I think my personal favorite is number 72, "how much wood could a woodchuck chuck if a woodchuck could chuck wood", which has held over 500 BTC.

You've missed a decimal point at entry 266 - it currently says it has held over 2 billion BTC. Cheesy

Fixed some nasty bugs which caused some addresses to stay blank on the overview-pages and fixed some wrong amounts_in and amounts_out which were not properly converted in some cases.

I also added another 60 new entries to the list based on a small sweep I just completed so the list currently contains 18.569 entries.

Finally: I'm always interested in new datasets to try and/or results from other people who conducted this kind of Research. I aim to let this list grow to the best source for compromised brainwallets.

Topic: Collection of 18.509 found and used Brainwallets - page 14. (Read 30938 times)