Collection of 18.509 found and used Brainwallets - page 5.

PrimeNumber7

copper member

Activity: 1666

Merit: 1901

Amazon Prime Member #7

Quote from: almightyruler on October 15, 2018, 10:49:53 AM

Let's say (conservatively) that a more modern quad core CPU can do 500,000 and use that as the reference. That means it can check 43.2 billion keys per day.

Brute forcing the "correct horse battery staple" space

Most "brain wallets" are not brute-forced. Hackers will use various literature as a starting point for passphraises, and will use permutations of said phrases to check for a brain wallet with coin unspent.

The reason for the above is that, although the English language is vast, and it would be difficult to brute force a random 4-word brain wallet, most people are not going to select words for a brain wallet at random.

Most people will select words that are easy to remember because they coincide with a meaningful event, or are otherwise meaningful to the person. This is not random, and as such can be easily be "guessed" by hackers.

If you were to create a brain wallet of 4 words randomly selected from 171k English words, it would be one possibility out of ~855 million trillion possible combinations. However, if the brain wallet is created from some set of words in a book or bible verse, the possible combinations is reduced by multiple magnitudes.

MrFreeDragon

sr. member

Activity: 443

Merit: 350

Brain wallets are used for fun purposes I believe:

Code:

~$ echo -n "odolvlobo ozono" | sha256sum
f98ae1f0a6e25e76429800c26efec5c9938e267867e5b97ed7705b039829dad4 -

So, brain wallet for odolvlobo ozono leads to the address 13u28uKzciwUpqCtVrCzk5d8KSbypjokck with the transactions dated 2 years ago Wink

PlutonowyPokrzycz

newbie

Activity: 16

Merit: 8

And look how wrong your first impression can be...

Quote from: oOoOo on July 15, 2011, 05:38:56 AM

Quote from: BitcoinPorn on July 15, 2011, 03:48:46 AM

I was good until Step 4.

Agreed. We urgently need a user-friendly import/export function in the client!

This is the most secure "wallet" there could possibly be. No no copies of wallet.dat, no encryption, no USB stick/paper/printing which can be lost, no malware which secretly steals my coins, no storage or bank vault, no life CD, no nothing! Just a simple passphrase I can remember. Since nothing is stored or written down anywhere this wallet concept is basically impossible to compromise.
The only flaw is that I might forget my passphrase, but I can still write hints/clues which can make my help remember while still being 100% secure. We need this.

.

PlutonowyPokrzycz

newbie

Activity: 16

Merit: 8

I wonder what was the oldest brainwallet ever found. Vasek reported this one in her paper: "This string contains 0.25 BTC hiding in plain sight." -> 1AJ3vE2NNYW2Jzv3fLwyjKF1LYbZ65Ez64
It has been used for the first time on 2011-07-14.
The story behind it here: https://bitcointalksearch.org/topic/claimed-bounty-025-btc-find-the-bitcoins-hidden-in-plain-sight-28877

1. Was there anything older found by anyone?
2. What has been used before? Purely random generated numbers?

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: LoyceV on April 11, 2021, 04:25:20 AM

...while with a hacked password database you have to try them one by one (assuming the password hash uses something like hash("secretKey777" + username + password);).

Just to point out, if you reverse the order in which you hash this stuff and make it hash(password + salt), and you leave the value of hash(password) somewhere, somebody can do a length extension attack, especially on SHA256, by using that value to compute the hash of the password plus anything appended to it without knowing the password itself.

And in a way, if your salt is constant and an attacker managers to find it elsewhere, the length extension attack negates the security of the salt.

fxsniper

member

Activity: 406

Merit: 47

I agree Brainwallets are much worse

Brainwallets use keywords + sha256

I see mini private key is using by 30 character and hash with sha256 still safety
but mini privatekey have format

However random text and number or text only or number only 256 character (or 512 character ) hash with sha256 (64 character), I think it is safety not easy to butte force with random 256 key easy (just 64 bit key
but some duplicate some private key will duplicate with number 265 bit (77 character) convert to HEX (64 character)

private key require HEX in 64 character right
so, What method to can generate it to safety?

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: NotATether on April 11, 2021, 04:11:17 AM

I was actually referring to the case where a site's database with the password hashes is stolen. Then you'd be able to run as many tries as you want.

Brainwallets are much worse: an attacker can try to brute-force all of them at the same time, while with a hacked password database you have to try them one by one (assuming the password hash uses something like hash("secretKey777" + username + password);).
So, if 100,000 brainwallets are in use, it's 100,000 times more likely to find one of them than cracking a password.
You can improve this by adding for instance your real name or email address as a salt to your brainwallet (but it's still not recommended to do).

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: NotATether on April 11, 2021, 04:11:17 AM

I was actually referring to the case where a site's database with the password hashes is stolen. Then you'd be able to run as many tries as you want.

I see, but AFAIK most website isn't that stupid. They usually would use salting, hash the password many times or just use algorithm focused on security (such as PBKDF2).
Meanwhile, most brainwallet only use single SHA-256 hash.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: ?? on ??

Quote from: NotATether on April 10, 2021, 06:24:00 AM

Think of it this way - your brainwallet is just as secure as a password, so if you hash a 256-character text then the security will be equal to using a 256-character password (that is hashed with double SHA256 into a database by some server somewhere).

Except the attacker can brute-force unlimited times, while on website/server you have very limited try. Additionally, single SHA-256 uses very few resource and good GPU can make few hundred MH/s.

I was actually referring to the case where a site's database with the password hashes is stolen. Then you'd be able to run as many tries as you want.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: fxsniper on April 10, 2021, 06:18:36 AM

Brainwallets is keyword or message + sha256 = private key , right?

Yes.

Quote from: fxsniper on April 10, 2021, 06:18:36 AM

What if using random 256 number (character) and + sha256 = private key it still safety?
or random text 256 character and + sha256 = private key still safety?

Think of it this way - your brainwallet is just as secure as a password, so if you hash a 256-character text then the security will be equal to using a 256-character password (that is hashed with double SHA256 into a database by some server somewhere).

I would not view any kind of brainwallet safe. Even if you're using extremely long lengths, there is no probably secure brainwallet generator that doesn't leak the password in memory.

Quote from: fxsniper on April 10, 2021, 06:18:36 AM

Brainwallets count only word and language human read only right?

Not quite. Anything that you'd use as a password can be considered a brainwallet, it's not limited to English words, or any language's words in particular.

fxsniper

member

Activity: 406

Merit: 47

Brainwallets is keyword or message + sha256 = private key , right?

What if using random 256 number (character) and + sha256 = private key it still safety?
or random text 256 character and + sha256 = private key still safety?

Brainwallets count only word and language human read only right?

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Just for future reference:

Quote from: szosti94 on January 23, 2021, 08:21:44 AM

Hi, I have a question about braiflayer, I launched it, found a hash and password, the problem is that I don't know how to get information about the wallet and key, how to get the address and private key with the hash sha265 and password?

You start with getting the private key. The double SHA256 hash of the password will give you that, and you can derive the public key from it as normal - Elliptic curve multiply, and then RIPEMD160 the public key, hash that through double SHA256 again and take the first four bytes of that and stick it at the end. Then stick a 0x00 byte at the beginning and encode the combined byte array through BASE58Check to get the address.

Quote from: LoyceV on April 09, 2021, 10:38:30 AM

Quote from: almightyruler on May 06, 2019, 05:10:07 AM

2. One of those files contained the value of Pi to a billion decimal places.

I thought about this post when I found the private key to 111exFkjLXP5mXmEfVqGd2r7bXQhVhux3: it's the second set of pi's 64 hex characters: 9216D5D98979FB1BD1310BA698DFB5AC2FFD72DBD01ADFB7B8E1AFED6A267E96
Back then, it took half a day to be sweep 0.37149557 BTC (41.29 USD).

I think it's just a coincidence that some brainwallets hash to Pi digits since Pi doesn't really have anything to do with number theory.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: almightyruler on May 06, 2019, 05:10:07 AM

2. One of those files contained the value of Pi to a billion decimal places.

I thought about this post when I found the private key to 111exFkjLXP5mXmEfVqGd2r7bXQhVhux3: it's the second set of pi's 64 hex characters: 9216D5D98979FB1BD1310BA698DFB5AC2FFD72DBD01ADFB7B8E1AFED6A267E96
Back then, it took half a day to be sweep 0.37149557 BTC (41.29 USD).

szosti94

newbie

Activity: 5

Merit: 0

Hi, I have a question about braiflayer, I launched it, found a hash and password, the problem is that I don't know how to get information about the wallet and key, how to get the address and private key with the hash sha265 and password?

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: PlutonowyPokrzycz on January 12, 2021, 10:19:29 AM

Hi,
How do you manage to hash 300k passphrases per second? What do you use for that? My Pythons script with 'bictoin' library on 8 cores is doing only 800/s Sad

He definitely did not use Python because that's the reason your script is so slow!

Python executes all statements through an interpreter, it does not compile it down into assembly code so the extra overhead that the Python runtime is adding is killing the speed of your script. You should look into using brainflayer which is written in C, and is optimized with its own hashing functions instead of relying on a third-party library.

PlutonowyPokrzycz

newbie

Activity: 16

Merit: 8

Quote from: almightyruler on May 07, 2019, 09:53:45 AM

I thought the mini private key format, used for Casascius physical bitcoins should rate a mention here, because it's basically a SHA256 brainwallet... but with a randomly generated passphrase.

https://en.bitcoin.it/wiki/Mini_private_key_format

Given that the random passphrase length is 22 characters (early version) or 30 characters, the chances of brute forcing it are still virtually nil, but technically, it is less secure than a standard key, in particular because 99%+ of the tries can be discarded after the first SHA256 hash.

By the way, funds have been sent to (and promptly swept from) the address associated with the sample mini private key on that page:

https://www.blockchain.com/btc/address/7f6ab65fa911f558ca2dde3e9d073acb02c0d5c6 (uncompressed: 1CciesT23BNionJeXrbxmjc7ywfiyM4oLW )
https://www.blockchain.com/btc/address/f78c1591f3f34fd1fe339dc371069b7b492bf370 (compressed: 1PZuicD1ACRfBuKEgp2XaJhVvnwpeETDyn )

Hi,
How do you manage to hash 300k passphrases per second? What do you use for that? My Pythons script with 'bictoin' library on 8 cores is doing only 800/s Sad

cr4zyd3v

newbie

Activity: 19

Merit: 13

This video https://www.youtube.com/watch?v=Xml4Gx3huag has a very cool approach about how to find private keys in the open source repos from github.. I wonder if a smart enough sql query could be able to find brain wallets..

DaCryptoRaccoon

hero member

Activity: 1220

Merit: 612

OGRaccoon

Quote from: almightyruler on July 20, 2020, 07:45:35 PM

Quote from: LoyceV on July 20, 2020, 03:51:23 AM

Quote from: almightyruler on July 20, 2020, 03:03:10 AM

This is nothing to do with scamming - it's about preventing mistakes. Like people sending to the brainwallet "password", or software having a brain fart and sending to the hash of a blank string.

Still, that's going to be a very long list. Brainwallets must be brute-forced by many different attackers who check billions of addresses.

Yeah, there's no way it could be a comprehensive list (and with user passphrases, no list could be near 100% complete anyway), so I could imagine it getting out of hand, however even a list with say 50k entries could still prevent some silly mistakes.

(I wonder if anyone has ever trolled a victim by convincing them to send funds to a provably unspendable address? The troll gains no financial benefit, but the victim still suffers a loss.)

This sounds horrible I sometimes wonder about funds that end up sent to these known addresses it would be nice if there was somewhere you could check this like you do with haveibeenpwnd password checker it would be nice to be able to throw a public key into something similar to see if it's known already on the network I know a simple check on explorer would do but if there were a way to collect all the known brainwallets or "weak" addressing i'm sure people would use it.

Anyone found anymore interesting ones recent?

naufragus

newbie

Activity: 29

Merit: 50

that is almost silly
we need to be sure the parametre space is large enough

almightyruler

legendary

Activity: 2268

Merit: 1092

Quote from: LoyceV on July 20, 2020, 03:51:23 AM

Quote from: almightyruler on July 20, 2020, 03:03:10 AM

This is nothing to do with scamming - it's about preventing mistakes. Like people sending to the brainwallet "password", or software having a brain fart and sending to the hash of a blank string.

Still, that's going to be a very long list. Brainwallets must be brute-forced by many different attackers who check billions of addresses.

Yeah, there's no way it could be a comprehensive list (and with user passphrases, no list could be near 100% complete anyway), so I could imagine it getting out of hand, however even a list with say 50k entries could still prevent some silly mistakes.

(I wonder if anyone has ever trolled a victim by convincing them to send funds to a provably unspendable address? The troll gains no financial benefit, but the victim still suffers a loss.)

Topic: Collection of 18.509 found and used Brainwallets - page 5. (Read 31239 times)