Pages:
Author

Topic: Collection of 18.509 found and used Brainwallets - page 2. (Read 31239 times)

member
Activity: 174
Merit: 12
I guess it's always possible to use something like this for money laundering.
I.e.: (1) Send 1BTC to address whose private key is publicly known.
(2) See how your BTC was collected by someone else's bot.
(3) Cry because you are a loser  Grin
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Interesting update...
Address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN is derived from hashed empty string "". Two moths ago (!) someone sent almost 1BTC to this address. I guess by mistake. It took as mush as 10 minutes to drain this address.

https://www.blockchain.com/btc/tx/37e166a1e52e96bcfe535738082e328ef8db56aafd6945d9cad6f2afdb34b4a4

how would someone make a mistake like that? it doesn't seem probable.
I guess it's always possible to use something like this for money laundering.
I.e.: (1) Send 1BTC to address whose private key is publicly known.
(2) Sweep the funds a few minutes later (depending on the amount of plausible deniability vs. risk you're willing to take).
(3) Claim you mistakenly sent the funds and that they're gone, since it's an address whose private key is known.

Then mix and be happy. Just an idea.
sr. member
Activity: 1190
Merit: 469

Interesting update...
Address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN is derived from hashed empty string "". Two moths ago (!) someone sent almost 1BTC to this address. I guess by mistake. It took as mush as 10 minutes to drain this address.

https://www.blockchain.com/btc/tx/37e166a1e52e96bcfe535738082e328ef8db56aafd6945d9cad6f2afdb34b4a4

how would someone make a mistake like that? it doesn't seem probable.
member
Activity: 873
Merit: 22
$$P2P BTC BRUTE.JOIN NOW ! https://uclck.me/SQPJk
Interesting update...
Address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN is derived from hashed empty string "". Two moths ago (!) someone sent almost 1BTC to this address. I guess by mistake. It took as mush as 10 minutes to drain this address.

https://www.blockchain.com/btc/tx/37e166a1e52e96bcfe535738082e328ef8db56aafd6945d9cad6f2afdb34b4a4

adres privkey https://privatekeys.pw/address/bitcoin/1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN
member
Activity: 196
Merit: 67
Interesting update...
Address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN is derived from hashed empty string "". Two moths ago (!) someone sent almost 1BTC to this address. I guess by mistake. It took as mush as 10 minutes to drain this address.

https://www.blockchain.com/btc/tx/37e166a1e52e96bcfe535738082e328ef8db56aafd6945d9cad6f2afdb34b4a4

Maybe the miner inserted both transactions into the block and we never saw them in the mempool before being in the block.
newbie
Activity: 16
Merit: 8
Interesting update...
Address 1HZwkjkeaoZfTSaJxDw6aKkxp45agDiEzN is derived from hashed empty string "". Two moths ago (!) someone sent almost 1BTC to this address. I guess by mistake. It took as mush as 10 minutes to drain this address.

https://www.blockchain.com/btc/tx/37e166a1e52e96bcfe535738082e328ef8db56aafd6945d9cad6f2afdb34b4a4
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
--snip--
No vouch or idea whether legit or not, but there is one result on GitHub:

https://github.com/Yanmailde/Phrutis_MiniKeys2

No source code either, just binaries; so proceed with extreme caution. Maybe it's possible to contact the repo's owner to clarify.

After reading one of the FAQ and knowing the owner delete original repository, you could wasting your time.

If I find the private key can I take all the coins for myself?

No, you will find the encrypted key.
Only the organizers can decrypt this key and pay you a 50%.

I'd recommend people to use different tool such as https://github.com/Coding-Enthusiast/FinderOuter to brute force mini private key.
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
Here you have another toy to play with :

https://github.com/phrutis/MiniKeys2

This is the fastest public program to find old Serie1 minikeys (22 characters) in the world.


Link 404?

Other repositories under that account seem to be cracking based, with executables only... so yeah, nah.
No vouch or idea whether legit or not, but there is one result on GitHub:

https://github.com/Yanmailde/Phrutis_MiniKeys2

No source code either, just binaries; so proceed with extreme caution. Maybe it's possible to contact the repo's owner to clarify.
legendary
Activity: 2268
Merit: 1092
Here you have another toy to play with :

https://github.com/phrutis/MiniKeys2

This is the fastest public program to find old Serie1 minikeys (22 characters) in the world.


Link 404?

Other repositories under that account seem to be cracking based, with executables only... so yeah, nah.
newbie
Activity: 8
Merit: 0
https://en.bitcoin.it/wiki/Mini_private_key_format

I came across my simple mini key generator tonight, and I'm having another play with it.

Here you have another toy to play with :

https://github.com/phrutis/MiniKeys2

This is the fastest public program to find old Serie1 minikeys (22 characters) in the world.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
How is someone supposed to remember the exact number of hashing rounds? I think in both the WarpWallet and your proposed ~1.2 million rounds of hashing implementations, you will need to either document the rounds of hashing,  or rely on a third party to help calculate the private key, and I don't think this meets the definition of a brain wallet.
With WarpWallet you can (and should!) keep your own offline copy.
If you're going for a "weird" number of hashing rounds, I can think of many ways to remember the number. It could be your phone number or full date of birth. Or just something you remember. Worst-case, if you forget the exact number, you can still brute-force it yourself given that you know the pass phrase.
You can keep your own copy of the software used to generate the private key, but if you are relying on a specific, non-standardized software implementation, you must have access to a copy of that software implementation to access your coin. This creates another layer of risk because now, without the software, you will not have access to your money.
member
Activity: 406
Merit: 47

No, rehashaddress use user-chosen password/passphrase. It'll hash at least one time and perform additional rehash based on m parameter value. Here's snippet from the source code comment.


Thank you. I got it.
member
Activity: 406
Merit: 47

rehashaddress it work by using privatekey to hash with sha-256 and use it again for next privatekey and loop right?
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
For most cases, i would agree. But i'd like to quote a page from Bitcoin Wiki.

Brainwallets are not recommended to be used in general because of fallible human memory. But in special situations they could be very useful, for example when fleeing a country as a refugee with only the clothes on your back.
So for such case use https://brainwalletx.github.io/ ?

Tool you mentioned only use single SHA-256. Use WarpWallet[1] or rehashaddress (part of ecctools[2]) instead, which harder to brute force.

[1] https://keybase.io/warp
[2] https://github.com/albertobsd/ecctools#rehashaddress
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
These two are not comparable though and BIP39 wasn't a replacement.
It wasn't a replacement, but an even better proposal. Yes, you don't memorize seed phrases, but write them down. But: If you told me to choose between brain wallets and securing a wallet.dat file, which is how things worked before BIP39, I'd go with the former.

Since you mention wallet.dat which usually associated with Bitcoin Core, i'd like to mention Bitcoin Core doesn't use BIP39. You still have to backup your wallet.dat or alternatively master private key from dumpwallet command/output descriptor.


Backing up wallet.dat that is encrypted with decent passphrase is not a big issue, attacker first has to hack you to access your backup, and then has to attack the file's encryption passhprase. This is so complicated attack vector that all attackers rather choose to attack idiotic brainwallets.
jr. member
Activity: 51
Merit: 20
For most cases, i would agree. But i'd like to quote a page from Bitcoin Wiki.

Brainwallets are not recommended to be used in general because of fallible human memory. But in special situations they could be very useful, for example when fleeing a country as a refugee with only the clothes on your back.
So for such case use https://brainwalletx.github.io/ ?
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
These two are not comparable though and BIP39 wasn't a replacement.
It wasn't a replacement, but an even better proposal. Yes, you don't memorize seed phrases, but write them down. But: If you told me to choose between brain wallets and securing a wallet.dat file, which is how things worked before BIP39, I'd go with the former.

Since you mention wallet.dat which usually associated with Bitcoin Core, i'd like to mention Bitcoin Core doesn't use BIP39. You still have to backup your wallet.dat or alternatively master private key from dumpwallet command/output descriptor.

... Then it doesn't make much sense to me to memorize it anymore and I could skip the whole brainwallet thing alltogether.

For most cases, i would agree. But i'd like to quote a page from Bitcoin Wiki.

Brainwallets are not recommended to be used in general because of fallible human memory. But in special situations they could be very useful, for example when fleeing a country as a refugee with only the clothes on your back.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
An arbitrary number of SHA-256 rounds for your brainwallet secret is still security by obscurity for me. If your to be memorized secret is "bad" or publicly available anywhere you trust that no attacker tries to check multiple SHA-256 rounds. I wouldn't bet that no one is going to try this.

Brain wallets have in many cases proven to be a terrible idea, because those who failed and were cracked had initially bad or worse secrets. Your initial secret must already be complex and good enough to withstand even heavy possible cracking in the first place. If it isn't, don't use a brainwallet. Yes, a high number of hashing rounds do delay an attacker, I don't dismiss this. It still leaves the risk open to crack a brainwallet, especially with a poorly chosen initial secret.

And don't forget (haha, what a coincidence) that the human memory is a fragile thing. It's easy to forget something if you don't repeat it regularly. It's easy to become ill or injured and forget more than you can imagine. To verify you memorized something complex enough, you should have it properly written down. Then it doesn't make much sense to me to memorize it anymore and I could skip the whole brainwallet thing alltogether.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
These two are not comparable though and BIP39 wasn't a replacement.
It wasn't a replacement, but an even better proposal. Yes, you don't memorize seed phrases, but write them down. But: If you told me to choose between brain wallets and securing a wallet.dat file, which is how things worked before BIP39, I'd go with the former.

I'm pretty sure some people do that. And I'm pretty sure some others are searching for it too.
Hadn't found the choice from popular brain wallets such as: https://brainwalletx.github.io/.
legendary
Activity: 952
Merit: 1386
How is someone supposed to remember the exact number of hashing rounds? I think in both the WarpWallet and your proposed ~1.2 million rounds of hashing implementations, you will need to either document the rounds of hashing,  or rely on a third party to help calculate the private key, and I don't think this meets the definition of a brain wallet.

Talking about definition - there is no strict definition. The idea is that you "remember" how to produce private key. Somehow (I do not know why and how) single iteration of sha256 became "a standard". You may use other hash algorithm (eth & keccak), you may use other number of iterations, you may use any other way you want - as long as you remember what to do, it could be still a "brain wallet" (the question is if you remember your 12/24 words seed, is it brain wallet or not, theoretically yes).
The more additional steps you use or need to perform, it complicates thing and make it easier to forget. About number of iterations - you may use date, like I proposed few posts ago. Then you may know that number of possible iterations was for example between 20210101 and 20221231. But then we go to another point - are you able to restore your private key quickly? With single iteration of sha256 - probably yes. With more complicated scenarios - you will probably need your own dedicated program.
Of course we may think about many many possible ways to "remember" private key. Even the ways which allows you to restore that using just a piece of paper and pencil - for example, you take your name, dog's name, email address, phone number etc, take letters as a numbers (a=1, b=2, whatever) and then use modulo 16 to produce hex string. Is it possible? yes. The question is if it is safe - I would say it is probably safer than typical sha256 brainwallet from common phrase, because it is very custom method and there is no automated attack for that (yet).
Pages:
Jump to: