Topic: Collection of 18.509 found and used Brainwallets - page 4. (Read 30938 times)
A link posted by a newbie to a github rep that only has executables, and no source? That's a pass from me...
~
Some useless information, but hopefully it might kickstart the thread again.
Some useless information, but hopefully it might kickstart the thread again.
Not that useless
We have something that could kickstart the thread too:
https://github.com/phrutis/BrainWords
Search passphrases on the fastest program in the world
GPU RTX 3090: 180 Mkey/s
GPU RTX 3080: 150 Mkey/s
Hi,
...
I love to get some feedback ...
...
I love to get some feedback ...
Is it possible, that Satoshi used for his ''early mined coins'' precalculated SHA256 addresses like we do it here?
I don't know, but here: https://github.com/sCrypt-Inc/boilerplate you will find a script wich can check if he uses the same private key to create a new address
I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase.
https://en.bitcoin.it/wiki/Mini_private_key_format
Given that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash.
https://en.bitcoin.it/wiki/Mini_private_key_format
Given that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash.
I came across my simple mini key generator tonight, and I'm having another play with it.
The naive version uses random() and outputs about 8000 valid keys per second on a single core of an i7-3960X.
I updated it to use the xoshiro256** PRNG, and the speed increases to around 13000 valid keys per second.
Because the generation process requires that the first byte of the candidate hash be '00', on average only 1/256 candidates will be valid, so it's really testing about 3.3 million keys per second.
It's still a massive search space (58^30?), even for a SHA256 brainwallet, and prematurely discarding 255 out of 256 candidates does not reduce the search space... it just makes searching faster. Plus, how many Casascius coins were ever created, and how many would still be funded? So this is really just a curiosity.
Here's a small sample of randomly generated valid keys:
Code:
S8Q2r4p3HKtDGYXYgcoE6N
SAN7cS1MnFNps25QHt4pRk
SCG9csSvqn2kytKW1WdNd6
SCzCTefJ7J7iGsz4XbMhU6
SFHwkzYdQgDVdhHSdGmCxCZN8YQiNT
SFikz2eev6PMNhU9JNo1DAJ2bcdvSL
SKNzLVj4LHzG8C95ZpjFL5X8HDZNyx
SKgC6zF8opjFQqHhL2Nud1Qx5FpsBc
SN5FSGaCVahVDmM7ARQgijwTExfsWK
SP41nfQVpTpFqfaPUREfBu
SPHPyjWYQKzwrw4bW4ckwwhGNvkSo1
SPpof8XT1ZfrjFBqMaqqN9tuaJ6SyL
SQHv63Wu43viTu2CnbWasR
SQpKTKp1t1phNgg4Qt8piwGxsCxxp1
SQqX32iniiKPqhVbFsuK5RQWqnHUnu
SUZNCr2iXiA4B9qiLVAWJEmMC9LfUj
SWyMZq87mrvSqjiU3KRJ7CbXKtEW6A
SZLdpNMFDfnxMSLKXmaUckAgXMuLXL
Sai3S1jgnN5E2QoydQAVr7u4U3KYFU
Sc9wTknTRqXUTSkB8pFWbX
SdUecesqKtj77JhrQT4obAt5XnCScf
SdXNZMq45NZGdYGzb7UnCe
Sdc3fyobJE2AAKxSLvnYia
SAN7cS1MnFNps25QHt4pRk
SCG9csSvqn2kytKW1WdNd6
SCzCTefJ7J7iGsz4XbMhU6
SFHwkzYdQgDVdhHSdGmCxCZN8YQiNT
SFikz2eev6PMNhU9JNo1DAJ2bcdvSL
SKNzLVj4LHzG8C95ZpjFL5X8HDZNyx
SKgC6zF8opjFQqHhL2Nud1Qx5FpsBc
SN5FSGaCVahVDmM7ARQgijwTExfsWK
SP41nfQVpTpFqfaPUREfBu
SPHPyjWYQKzwrw4bW4ckwwhGNvkSo1
SPpof8XT1ZfrjFBqMaqqN9tuaJ6SyL
SQHv63Wu43viTu2CnbWasR
SQpKTKp1t1phNgg4Qt8piwGxsCxxp1
SQqX32iniiKPqhVbFsuK5RQWqnHUnu
SUZNCr2iXiA4B9qiLVAWJEmMC9LfUj
SWyMZq87mrvSqjiU3KRJ7CbXKtEW6A
SZLdpNMFDfnxMSLKXmaUckAgXMuLXL
Sai3S1jgnN5E2QoydQAVr7u4U3KYFU
Sc9wTknTRqXUTSkB8pFWbX
SdUecesqKtj77JhrQT4obAt5XnCScf
SdXNZMq45NZGdYGzb7UnCe
Sdc3fyobJE2AAKxSLvnYia
The private key is simply the SHA256 hash of the string, like a brainwallet.
Some useless information, but hopefully it might kickstart the thread again.
I wonder what was the oldest brainwallet ever found. Vasek reported this one in her paper: "This string contains 0.25 BTC hiding in plain sight." -> 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64
It has been used for the first time on 2011-07-14.
The story behind it here: https://bitcointalksearch.org/topic/claimed-bounty-025-btc-find-the-bitcoins-hidden-in-plain-sight-28877
So it does seem the "This string contains 0.25 BTC hiding in plain sight." was indeed the very first one.
It has been used for the first time on 2011-07-14.
The story behind it here: https://bitcointalksearch.org/topic/claimed-bounty-025-btc-find-the-bitcoins-hidden-in-plain-sight-28877
So it does seem the "This string contains 0.25 BTC hiding in plain sight." was indeed the very first one.
it would have had to have been because most of the people in that thread seeemed totally clueless about how. except the person that lifted the funds in the first 5 minutes. oh actually that person was clueless too!
I wonder what was the oldest brainwallet ever found. Vasek reported this one in her paper: "This string contains 0.25 BTC hiding in plain sight." -> 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64
It has been used for the first time on 2011-07-14.
The story behind it here: https://bitcointalksearch.org/topic/claimed-bounty-025-btc-find-the-bitcoins-hidden-in-plain-sight-28877
1. Was there anything older found by anyone?
2. What has been used before? Purely random generated numbers?
It has been used for the first time on 2011-07-14.
The story behind it here: https://bitcointalksearch.org/topic/claimed-bounty-025-btc-find-the-bitcoins-hidden-in-plain-sight-28877
1. Was there anything older found by anyone?
2. What has been used before? Purely random generated numbers?
Interesting question, I was curious myself so did some analysis into this. This is the top-5 of known brainwallets and when they first were used on the bitcoin blockchain:
Code:
Date first used Address Passphrase used
2011-07-14 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64 This string contains 0.25 BTC hiding in plain sight.
2011-09-05 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm 0000000000000000000000000000000000000000000000000000000000000001
2011-09-14 1ERczz9PRkdcbLmFRgGKKTU5BADthAcHdi one two three four five six seven
2011-10-14 1Km3PemDrwiwA1gEEgKLgizLgdsqwp4XZz testing 123
2011-12-03 1JryTePceSiWVpoNBU8SbwiT7J4ghzijzW Satoshi Nakamoto
So it does seem the "This string contains 0.25 BTC hiding in plain sight." was indeed the very first one. 2011-07-14 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64 This string contains 0.25 BTC hiding in plain sight.
2011-09-05 1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm 0000000000000000000000000000000000000000000000000000000000000001
2011-09-14 1ERczz9PRkdcbLmFRgGKKTU5BADthAcHdi one two three four five six seven
2011-10-14 1Km3PemDrwiwA1gEEgKLgizLgdsqwp4XZz testing 123
2011-12-03 1JryTePceSiWVpoNBU8SbwiT7J4ghzijzW Satoshi Nakamoto
Disclaimer: based on the brainwallets I have available. Could be older ones I simply am not aware of. If that's the case please let me know!
But if the algorithm itself is secret/closed-source, only the author and people who trust the author who would use it.
In another thread https://bitcointalksearch.org/topic/m.58401834 I posted the btc address and brainwallet phrase for a secret brainwallet algorithm i came up with I don't think its been cracked yet! That's right! I gave away the brainwallet phrase for free something one would traditionally want to keep secret and something an attacker would not have the pleasure of necessarily knowing under most circumstances. Of course, it's not going to do them any good...
I should really fund that address sometime to encourage people to "give it their best shot".
But first I need to commit that dang algorithm to memory. 
To be completly honest: it may not be invetned to steel peoples money, maybe the general idea was to remove any needed computer skills as an obstacle from going into BTC, but once it was there, the motivation for promoting this flawed concept may be exactly that.
Talking to people who claim brainwallets are secure enough is like talkin to cult members, no rational argument gets through.
Talking to people who claim brainwallets are secure enough is like talkin to cult members, no rational argument gets through.
Well I think it's like you said. the idea started out innocent enough. the idea kind of caught on and people were using brain wallets like crazy. that's kind of died down with hd wallets and things but in the early days, i guess brainwallets were all the rage. once the weaknesses were realized it was too late cat was out of the bag, default sha256 brainwallet was the de facto standard even though as i think you and the other person posted links to warpwallet and brainwallet.io which are way more secure. but they missed the boat. the train took off without them long ago so the story goes...
[moderator's note: consecutive posts merged]
now bring on the hate.
Why would we bring on the hate because you give your opinion/view on the matter? 
Talking to people who claim brainwallets are secure enough is like talkin to cult members, no rational argument gets through.
Of course it is possible, just not for most people (including me) 
I've never used it, but if you use for instance
Update:
I already mentioned it many times, but also check https://keybase.io/warp.
This is the one I was looking for, thanks. 
Let me pipe in here about brainwallets since I know a thing or two about them. I think the standard sha256 brainwallet was invented for one reason only: to steal peoples money. Anyone with half a brain would be very wary of using the standard sha256 brainwallet. Not that it can't be done it just probably shouldn't. The fact that people have huge databases of precomputed hashes lying around proves that. Now if the brainwallet algorithm was a secret then that would make you guys that store these large databases of hashes look like some one fumbling around in the dark wearing a pair of sunglasses. You wouldn't have the slightest clue how to begin your search even if you knew the brainwallet passphrase. without the algorithm, you might as well just start picking private keys at random and seeing if they match the address.
just think about it. some of you guys are like cavemen in the stone age when it comes to even testing simple alternatives to the sha256 brainwallet. to say nothing of someone that had a more sophisctocated method of producing their brainwallet addresses.
now bring on the hate.
just think about it. some of you guys are like cavemen in the stone age when it comes to even testing simple alternatives to the sha256 brainwallet. to say nothing of someone that had a more sophisctocated method of producing their brainwallet addresses.
now bring on the hate.
Amen!
I've being talking about this forewer. To be completly honest: it may not be invetned to steel peoples money, maybe the general idea was to remove any needed computer skills as an obstacle from going into BTC, but once it was there, the motivation for promoting this flawed concept may be exactly that.
Talking to people who claim brainwallets are secure enough is like talkin to cult members, no rational argument gets through.
Let me pipe in here about brainwallets since I know a thing or two about them. I think the standard sha256 brainwallet was invented for one reason only: to steal peoples money. Anyone with half a brain would be very wary of using the standard sha256 brainwallet. Not that it can't be done it just probably shouldn't. The fact that people have huge databases of precomputed hashes lying around proves that. Now if the brainwallet algorithm was a secret then that would make you guys that store these large databases of hashes look like some one fumbling around in the dark wearing a pair of sunglasses. You wouldn't have the slightest clue how to begin your search even if you knew the brainwallet passphrase. without the algorithm, you might as well just start picking private keys at random and seeing if they match the address.
just think about it. some of you guys are like cavemen in the stone age when it comes to even testing simple alternatives to the sha256 brainwallet. to say nothing of someone that had a more sophisctocated method of producing their brainwallet addresses.
now bring on the hate.
just think about it. some of you guys are like cavemen in the stone age when it comes to even testing simple alternatives to the sha256 brainwallet. to say nothing of someone that had a more sophisctocated method of producing their brainwallet addresses.
now bring on the hate.
Code:
~$ echo -n "odolvlobo ozono" | sha256sum
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4 -
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4 -
Interesting thing that the brainwallet from one's name signature leads to the the vanity address of another one.
If it isn't a coincidence, then there is a serious problem. Also, there are 3.4 million Bitcointalk users, so the chances of a random address matching a user's name seems pretty high to me.
The chances of that particular brain wallet being associated with an address with that particular "vanity" would be the same as any other vanity of that length.
Code:
~$ echo -n "odolvlobo ozono" | sha256sum
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4 -
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4 -
Interesting thing that the brainwallet from one's name signature leads to the the vanity address of another one.
If it isn't a coincidence, then there is a serious problem. Also, there are 3.4 million Bitcointalk users, so the chances of a random address matching a user's name seems pretty high to me.
Hi,
...
I love to get some feedback ...
...
I love to get some feedback ...
Is it possible, that Satoshi used for his ''early mined coins'' precalculated SHA256 addresses like we do it here?
Possible? Yes, but IMO it's very unlikely since,
1. Satoshi also use SHA256 for Proof of Work, which means he know how fast SHA-256 speed on CPU/GPU.
2. Creating private key with such weak method allow people to steal Satoshi's Bitcoin and impersonate Satoshi easier, which could disrupt Bitcoin in many ways (e.g. crashing Bitcoin price, influence people to reduce strength of Bitcoin protocol, etc.).
Hi,
...
I love to get some feedback ...
...
I love to get some feedback ...
Is it possible, that Satoshi used for his ''early mined coins'' precalculated SHA256 addresses like we do it here?
It makes think to a puzzle !
( ozono ) z <=> n (N)
Brain wallets are used for fun purposes I believe:
The associated uncompressed Bitcoin address is 1GRUEoTSW9MRcNooxFRt8h8eL9gsPgGxzu, which looks like a vanity address for grue, but it's unused so I guess that is a coincidence.Code:
~$ echo -n "odolvlobo ozono" | sha256sum
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4 -
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4 -
-snip-
Wow, what is the connection between odolvlobo and grue except for the fact they are both Legendary members?
Interesting thing that the brainwallet from one's name signature leads to the the vanity address of another one.
FYI, I don't think that is my address (I don't remember creating it). I don't know why someone would use "odolvlobo ozono" for a brain wallet, except that they noticed the words in a post and thought they were obscure enough to use. Apparently not.
Brain wallets are used for fun purposes I believe:
The associated uncompressed Bitcoin address is 1GRUEoTSW9MRcNooxFRt8h8eL9gsPgGxzu, which looks like a vanity address for grue, but it's unused so I guess that is a coincidence.Code:
~$ echo -n "odolvlobo ozono" | sha256sum
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4 -
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4 -
Quote
So, brain wallet for odolvlobo ozono leads to the address 13u28uKzciwUpqCtVrCzk5d8KSbypjokck with the transactions dated 2 years ago
Let's say (conservatively) that a more modern quad core CPU can do 500,000 and use that as the reference. That means it can check 43.2 billion keys per day.
Brute forcing the "correct horse battery staple" space
Most "brain wallets" are not brute-forced. Hackers will use various literature as a starting point for passphraises, and will use permutations of said phrases to check for a brain wallet with coin unspent. Brute forcing the "correct horse battery staple" space
The reason for the above is that, although the English language is vast, and it would be difficult to brute force a random 4-word brain wallet, most people are not going to select words for a brain wallet at random.
Most people will select words that are easy to remember because they coincide with a meaningful event, or are otherwise meaningful to the person. This is not random, and as such can be easily be "guessed" by hackers.
If you were to create a brain wallet of 4 words randomly selected from 171k English words, it would be one possibility out of ~855 million trillion possible combinations. However, if the brain wallet is created from some set of words in a book or bible verse, the possible combinations is reduced by multiple magnitudes.
Jump to: