Pages:
Author

Topic: Collection of 18.509 found and used Brainwallets - page 7. (Read 31239 times)

legendary
Activity: 2268
Merit: 1092
A small amount sent by someone making a statement:

https://www.blockchain.com/btc/address/15h4F5yxeJHDgDJR5dnJwsNbETpktMnQzm

"Nick Szabo is Satoshi Nakamoto"
jr. member
Activity: 119
Merit: 1
-snip-
The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr
That is another great example showing how a brain wallet is not secure.

The most examples with brain wallets are related to small amounts. There were some large amounts, but only in the very past. All the recent disclosed and found wallets are just very small.
For example this one with "To the moon!!! ┗(°0°)┛ ..○" passphrase had only 0.000006 BTC in transactions.

I agree that a lot of recent brainwallet activity seems to be just for curiosity and fun, but I'm still finding the occasional large transaction.

- March 2019: 1 BTC sent to a 21 character passphrase that appears in cracked/leaked password lists. https://bitcointalksearch.org/topic/m.51813899

- June 2019: 0.25 BTC sent to weak key 0x7b7. https://bitcointalksearch.org/topic/m.51745655

- August 2019: 0.4495 BTC stayed for just over a week in a brainwallet which has a title for the passphrase. Subsequently another 0.01 was sent and it seems to have been swept immediately. https://bitcointalksearch.org/topic/m.52403221



Hi almightyruler  !

Can you send me PM ?
sr. member
Activity: 443
Merit: 350
-snip-
The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr
That is another great example showing how a brain wallet is not secure.

The most examples with brain wallets are related to small amounts. There were some large amounts, but only in the very past. All the recent disclosed and found wallets are just very small.
For example this one with "To the moon!!! ┗(°0°)┛ ..○" passphrase had only 0.000006 BTC in transactions.

I agree that a lot of recent brainwallet activity seems to be just for curiosity and fun, but I'm still finding the occasional large transaction.

- March 2019: 1 BTC sent to a 21 character passphrase that appears in cracked/leaked password lists. https://bitcointalksearch.org/topic/m.51813899

- June 2019: 0.25 BTC sent to weak key 0x7b7. https://bitcointalksearch.org/topic/m.51745655

- August 2019: 0.4495 BTC stayed for just over a week in a brainwallet which has a title for the passphrase. Subsequently another 0.01 was sent and it seems to have been swept immediately. https://bitcointalksearch.org/topic/m.52403221

Yes, this is noted and clear for me. I agree that 0.5-1BTC is a valuable amount. However people could play with different amounts. For example, ones will play with 100-1,000 satoshi, and others will play with 0.1-1BTC. Play money are different for different people.

And yes, 0.5-1BTC is real "digital riches" for ones and only play funds for others. I still do not beleive that somebody keeps real funds on brain wallet. Even that somebody put 0.5BTC to brain wallet, these fund are not real funds for him, but only play money.

Anyway, thank you for sharing your findings!
legendary
Activity: 2268
Merit: 1092
-snip-
The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr
That is another great example showing how a brain wallet is not secure.

The most examples with brain wallets are related to small amounts. There were some large amounts, but only in the very past. All the recent disclosed and found wallets are just very small.
For example this one with "To the moon!!! ┗(°0°)┛ ..○" passphrase had only 0.000006 BTC in transactions.

I agree that a lot of recent brainwallet activity seems to be just for curiosity and fun, but I'm still finding the occasional large transaction.

- March 2019: 1 BTC sent to a 21 character passphrase that appears in cracked/leaked password lists. https://bitcointalksearch.org/topic/m.51813899

- June 2019: 0.25 BTC sent to weak key 0x7b7. https://bitcointalksearch.org/topic/m.51745655

- August 2019: 0.4495 BTC stayed for just over a week in a brainwallet which has a title for the passphrase. Subsequently another 0.01 was sent and it seems to have been swept immediately. https://bitcointalksearch.org/topic/m.52403221

sr. member
Activity: 443
Merit: 350
-snip-
The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr
That is another great example showing how a brain wallet is not secure.

The most examples with brain wallets are related to small amounts. There were some large amounts, but only in the very past. All the recent disclosed and found wallets are just very small.
For example this one with "To the moon!!! ┗(°0°)┛ ..○" passphrase had only 0.000006 BTC in transactions.

So there is one explanation for this: the address was used just for test/education/presentation purposes. Nothing serious. The same is with all the majority of brain wallets. Morover, the funds on "to the moon" address (18vqVNQi9fobKZcJWCjZNoDzBxronENfZr) stored only for 9 hours, and after that were transferred togeter with other 60 addresses to new address. The majority were small amounts like 256 satoshi. So, somebody made experiments with the transactions, or these were the activities of a bot.

I do not beleive that somebody keeps real funds on brain wallet.

Interesting thing: the  destination address of 600 satoshis released from "To the moon!!! ┗(°0°)┛ ..○" still has the balance 22.32BTC (https://www.blockchain.com/btc/address/1AzRkXiGpHbXyWok4uXvCzmezDuW8FGa3m). Who knows, may be this was not just experiment but another puzzle? ) Like you need to find all the passphrases for small released wallets in order to understand the main key.

PS. Look at this: https://www.youtube.com/watch?v=KBX89TY6uXI
legendary
Activity: 4466
Merit: 3391
I assume this mapping is mainly based on the brute-force method used: I assume it didn't search for just random strings, so for example ??d?pa???A? doesn't show up becasue it was never found!
Am I right?

It's a mapping of passphrases that were already found (by other methods). Really just a visualization of what was previously discovered.

I think he is asserting that your results are filtered by the search algorithms because results that aren't found by the search algorithms won't be in the list, and changing the the algorithms will change the list. It would similar to the difference between lists based on cracked passwords and lists based on leaked passwords.

The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr

That is another great example showing how a brain wallet is not secure.
legendary
Activity: 2268
Merit: 1092
I wrote a program to create a simple mapping for the brainwallet passphrases I've cracked. Here are the most common mappings.

A=capital letter
a=lowercase letter
d=digit
p=punctuation
?=other
I assume this mapping is mainly based on the brute-force method used: I assume it didn't search for just random strings, so for example ??d?pa???A? doesn't show up becasue it was never found!
Am I right?

It's a mapping of passphrases that were already found (by other methods). Really just a visualization of what was previously discovered.

The other mapping characters do appear lower in the list:


...
   4 > AAAAAAAAAd
   4 > ??????????
   4 > ?????????
...
   2 > a aaaa ?? aaaaa aaaa
...
   1 > pppAaaa aaaaa pppAaaaappp pa??a??a??a??a??p
   1 > Aa aaa aaaappp ???p??d??p??? pp???


The latter mapping represents the passphrase "To the moon!!! ┗(°0°)┛ ..○" -> https://www.blockchain.com/btc/address/18vqVNQi9fobKZcJWCjZNoDzBxronENfZr
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I wrote a program to create a simple mapping for the brainwallet passphrases I've cracked. Here are the most common mappings.

A=capital letter
a=lowercase letter
d=digit
p=punctuation
?=other
I assume this mapping is mainly based on the brute-force method used: I assume it didn't search for just random strings, so for example ??d?pa???A? doesn't show up becasue it was never found!
Am I right?
legendary
Activity: 2268
Merit: 1092
I wrote a program to create a simple mapping for the brainwallet passphrases I've cracked. Here are the most common mappings.

A=capital letter
a=lowercase letter
d=digit
p=punctuation
?=other

First field is the number of times this mapping appears in the passphrase list.

5327 > aaaaaaaaa
4145 > aaaaaaaaaa
2847 > aaaaaaaaaaa
1781 > aaaaaaaaaaaa
1081 > aaaaaaaaaaaaa
 784 > Aaaaaaaaa
 518 > aaaaaaaaaaaaaa
 475 > Aaaaaaaaaa
 280 > aaaaaaaaaaaaaaa
 244 > Aaaaaaaaaaa
 122 > Aaaaaaaaaaaa
 113 > aaaaaaaaaaaaaaaa
  89 > aaaaaa
  87 > aaaaa
  85 > aaaaaaaadd
  75 > aaaaaaa
  72 > aaaa
  66 > Aaaaaaaaaaaaa
  64 > aaaaaaaaaaaaaaaaa
  56 > aaaaaaaa
  43 > aaaaaaaaaaaaaaaaaa
  41 > Aaaaaaaaaaadd
  38 > aaaaaaaaddd
  38 > Aaaaaaaaaaaaaa
  34 > aaa
  27 > Aaaaaaaaaaaaaaa
  20 > dddddddddd
  18 > aaaaaaaad
  17 > aaaaaaaaaaaaaaaaaaaa
  17 > aaaaaaaaaaaaaaaaaaa
  16 > Aaaaaaaaaaaaaaaa
  15 > Aaaa
  13 > Aaaaaaa
  13 > AaAaaaaaa
  12 > dddddd
  12 > Aaaaaaaa
  12 > Aaaaa
  11 > dddddddd
  11 > dddd
  11 > Aa Aaaaadd
  10 > aaaaaaaaad
  10 > aaaaaaaaaaaaaad
   9 > aaaaa aaaaa
   9 > Aaaaaaaaaaad
   9 > Aa Aaaaad
   9 > AAAAA Ad
   8 > ddd
   8 > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
   8 > aaaaaaaaaaaaaaaaaaaaa
   7 > aaaaadddd
   7 > aaaaaaaaaaaaaaaaaaaaaaaa
   7 > aaaaa aaaaaa
   7 > Aaaaaa
...


The large majority (shown in the first several lines) would be the dust sent to several dictionary words, which isn't very interesting.

There's some more interesting ones further down, like aaaaaaaadd, Aaaaaaaaaaadd, AAAAA Ad, etc. At the bottom you see the long tail where passphrases are unique sentences:

   1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa aaaaaaaa aaa aaaa
   1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa aaaaaaaa aaa
   1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa aaaaaaaa
   1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa aa
   1 > aaaa aa aaa aaaaaaaa aaaa aaa aaaaaaa
   1 > aaaa aa aaa aaaaaaaa aaaa aaa
   1 > aaaa aa aaa aaaaaaaa aaaa
   1 > aaaa aa aaa aaaaaaaa
   1 > aaaa aa aaa aaaaaa
   1 > aaaa aa aaa aaaa aaa aa aaa aaaaaaaaa
   1 > aaaa aa aaa aaaa aaa aa aaa aaaaaaaa
   1 > aaaa aa aaa aaaa aaa aa aaa aaaaaa
   1 > aaaa aa aaa aaaa aaa aa aaa aaaa


Probably not much practical use - even if filtered using this mapping the brute force search space would still be impossibly large - but it's interesting...
jr. member
Activity: 87
Merit: 5
Hi,

As been discussed many times before using a Brainwallet is a bad idea. I ran some test myself and found 18.509 BTC-addresses based on a brainwallet which also has been used in the blockchain before.

I tried to compare my results with the results of other researchers but could not find any lists online at all. I found some examples but not a comprehensive list. So I published my own results over here: https://eli5.eu/brainwallet

Please note: all published addresses have a balance of 0 so this is not a list for robbers Smiley. There are also a lot of extra datasets I haven't used this far so I expect the numbers to go up once I use them as well (I'm in the middle of perfecting my own tooling and blockchain parser so this will take some more time first).

I love to get some feedback and if you have results to share which I missed in this round I'm more than happy to hear from you and include them.

TA

Do you have a repo for the code??
legendary
Activity: 2268
Merit: 1092
However, making this "small mistake" I found another not empty brain wallet with the small balance  Wink

Yes, at least one other person (or program) made the same mistake. Smiley Hopefully a bug which was quickly noticed, since those funds are also unspendable.
sr. member
Activity: 443
Merit: 350
Can you clarify please?
sha256("") is e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ripemd160(sha256("")) is ba084d3f143f2896809d3f1d7dffed472b39d8de

And this is the hash160 of another address with the balance 0.000928 BTC: https://www.blockchain.com/btc/address/1HxedVkdFALLtLzqKFfDBzPyZRLq7QKbm5

ba084d3f143f2896809d3f1d7dffed472b39d8de is the result when you provide e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 to the input of RIPEMD160 as a hex representation (in ASCII characters), but it should be raw bytes.

In other words, you've calculated ripemd160(hex_display_string(sha256(""))

Unsure how to do it with Linux (there's no RIPEMD160 application on my Ubuntu install) but under BSD this will convert the hex output of the SHA256 commandline application to raw bytes, so that the correct RMD160 value is calculated:

$ cat /dev/null | sha256 | xxd -r -p | rmd160
b472a266d0bd89c13706a4132ccfb16f7c3b9fcb


Yes, right, thank you. I made a quick check with the online tool, and of course it pushed ascii characters, not bytes.
Made the test on python and receieved the same value ass yours:

Code:
>>> import hashlib
>>> sha = hashlib.sha256()
>>> sha.update(bytearray.fromhex(""))
>>> rip = hashlib.new('ripemd160')
>>> rip.update (sha.digest())
>>> print (rip.hexdigest())
b472a266d0bd89c13706a4132ccfb16f7c3b9fcb
>>>

However, making this "small mistake" I found another not empty brain wallet with the small balance  Wink
legendary
Activity: 2268
Merit: 1092
This address is kind of related to brainwallets:

https://www.blockchain.com/btc/address/1HT7xU2Ngenf7D4yocz2SAcnNLW7rK8d4E

Current balance is 72.13442756 BTC.

The classic brainwallet is created with ripemd160(sha256(pubkey(sha256("passphrase")))), but this address is the result of ripemd160(sha256(""))

Can you clarify please?
sha256("") is e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ripemd160(sha256("")) is ba084d3f143f2896809d3f1d7dffed472b39d8de

And this is the hash160 of another address with the balance 0.000928 BTC: https://www.blockchain.com/btc/address/1HxedVkdFALLtLzqKFfDBzPyZRLq7QKbm5

ba084d3f143f2896809d3f1d7dffed472b39d8de is the result when you provide e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 to the input of RIPEMD160 as a hex representation (in ASCII characters), but it should be raw bytes.

In other words, you've calculated ripemd160(hex_display_string(sha256(""))

Unsure how to do it with Linux (there's no RIPEMD160 application on my Ubuntu install) but under BSD this will convert the hex output of the SHA256 commandline application to raw bytes, so that the correct RMD160 value is calculated:

$ cat /dev/null | sha256 | xxd -r -p | rmd160
b472a266d0bd89c13706a4132ccfb16f7c3b9fcb

sr. member
Activity: 443
Merit: 350
This address is kind of related to brainwallets:

https://www.blockchain.com/btc/address/1HT7xU2Ngenf7D4yocz2SAcnNLW7rK8d4E

Current balance is 72.13442756 BTC.

The classic brainwallet is created with ripemd160(sha256(pubkey(sha256("passphrase")))), but this address is the result of ripemd160(sha256(""))

Can you clarify please?
sha256("") is e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ripemd160(sha256("")) is ba084d3f143f2896809d3f1d7dffed472b39d8de

And this is the hash160 of another address with the balance 0.000928 BTC: https://www.blockchain.com/btc/address/1HxedVkdFALLtLzqKFfDBzPyZRLq7QKbm5

I don't know if it's a broken brainwallet generator, or just a broken wallet. Possibly the latter, with the wallet mistakenly hashing a zero length buffer, instead of hashing the pubkey.

Any funds sent here are permanently lost, because there's no private key involved in the address generation process. Despite this, nearly $15k USD worth of Bitcoin has been sent there in the past 12 months!

I guess that these funds lost like some other funds on the address with the lost private keys. As there are in average 2^96 possible private keys for every bitcoin hash160 address, so some "other" private key could fit the address you mentioned.
sr. member
Activity: 443
Merit: 350
https://www.blockchain.com/btc/address/b09a09458fe9bb86b0d897b4c244b05432bad28d

This one is interesting for a number of reasons...

- It seems to be a relatively early use of a SHA256 brainwallet (January 2012).

- The transaction originally funding this brainwallet split 1 BTC into neat sets of 0.001 and 0.005 BTC. Could other outputs from this transaction - there are 101 in total - also be brainwallets, or some other kind of special address? Some are still unspent, 7.5 years later.

- A second set of funds (6.08 BTC) was sent a couple of weeks later, then all funds were swept the following year. Over time, the value of 6.08 BTC appreciated from around $USD 35 in February 2012, to almost $USD 600 in July 2013. (The sweep output is still unspent; 6.08 BTC is now worth nearly $60,000. Hope the owner still has the privkey!)

The passphrase is just let the lovin take ahold


I think there are still many many more to be found out there my guess.
Interesting find on the 6 words are those song lyrics by any chance?

Yes, that was a song ) Have a look since 1:01
https://youtu.be/JBCJKbLhHwU?t=60

By the way, interesting way to promote the singer  Grin Put some words of the song as the passphrase to the private key and make transactions with that wallet!
legendary
Activity: 2268
Merit: 1092
This address is kind of related to brainwallets:

https://www.blockchain.com/btc/address/1HT7xU2Ngenf7D4yocz2SAcnNLW7rK8d4E

Current balance is 72.13442756 BTC.

The classic brainwallet is created with ripemd160(sha256(pubkey(sha256("passphrase")))), but this address is the result of ripemd160(sha256(""))

I don't know if it's a broken brainwallet generator, or just a broken wallet. Possibly the latter, with the wallet mistakenly hashing a zero length buffer, instead of hashing the pubkey.

Any funds sent here are permanently lost, because there's no private key involved in the address generation process. Despite this, nearly $15k USD worth of Bitcoin has been sent there in the past 12 months!

https://github.com/bitcoin/bitcoin/issues/445

I think it would be a good idea if wallet software included a blacklist of such addresses, as well as known weak brainwallets, showing an additional dialog with a strong warning that funds may be permanently lost (or stolen) if the transaction proceeds. Checking any generated (inbound) addresses against the list would also help catch any glaring address generation bugs. (An assert that the result must not equal after each call to sha256 or ripemd160 would have caught this error.)
legendary
Activity: 4466
Merit: 3391
These help protect the hidden key:

1. You need access to the wallet file; an attack would need to be targeted.
2. You need the password to unlock the wallet; that's the brain part.
3. There is no external indication that the hidden key exists.

To create the hidden key:

1. Combine all unencrypted private keys in the wallet in some way (eg SHA256 hash of concatenated keys)
2. For additional bruteforce protection, stretch the new key.

But here's the cool part: the wallet can be completely cleared of all funds, either before or after you create the new key. This means that if anyone does gain access to the wallet file, all they see is a wallet with no balance (this can be seen without needing the wallet password). Even if they suspect you may be using a hidden key, they cannot regenerate it unless they know the password to decrypt the wallet.

tl;dr you can create a hidden key from a wallet with zero balance that anyone poking around your file system will probably ignore.

I feel like that is about equivalent to a password-protected wallet with a sprinkle of additional cleverness thrown in.
legendary
Activity: 2268
Merit: 1092
An idea I came up with today: using a standard wallet file (must be encrypted) to create a hidden "brainwallet" private key.

These help protect the hidden key:

1. You need access to the wallet file; an attack would need to be targeted.
2. You need the password to unlock the wallet; that's the brain part.
3. There is no external indication that the hidden key exists.

To create the hidden key:

1. Combine all unencrypted private keys in the wallet in some way (eg SHA256 hash of concatenated keys)
2. For additional bruteforce protection, stretch the new key.

But here's the cool part: the wallet can be completely cleared of all funds, either before or after you create the new key. This means that if anyone does gain access to the wallet file, all they see is a wallet with no balance (this can be seen without needing the wallet password). Even if they suspect you may be using a hidden key, they cannot regenerate it unless they know the password to decrypt the wallet.

tl;dr you can create a hidden key from a wallet with zero balance that anyone poking around your file system will probably ignore.

Thoughts?
legendary
Activity: 2268
Merit: 1092
This brain wallet hasn't been used for several years, but even back in 2013 it held a substantial amount of funds (USD $6k+), protected by a weak passphrase:

https://www.blockchain.com/btc/address/16jLdtAxgXVwcG93MyPcNALXMCv3D6dyDB

The passphrase is "arretonprimaryschool"
legendary
Activity: 2268
Merit: 1092
0.4995 BTC rested in this brainwallet for about a week:

https://www.blockchain.com/btc/address/1NibpGrUoUd9ywXm5Q2Zx5w12pZN3V3z8G

Since the transactions are so recent, I am not going to disclose the passphrase, but let's just say that it's the title of something. Not super weak, but not exactly secure, especially when you're sending half a Bitcoin to it. Don't know if the rightful owner took the funds, or they were stolen, but if I can find it, so can someone else.

The chain of transactions leading up to the one funding this address look interesting, can anyone better at exploring blockchains than I am offer an explanation?
Pages:
Jump to: