Getting drunk and screaming out your private seeds at the top of a building is most likely not going to happen. People under the influence don't do things they normally wouldn't do, it just makes them do things they are normally scared to do, like walking up and talking to some girl.
But keep in mind that if someone is physically there with you, there are ways they can easily get the private keys out of you. I don't think most thieves would go thru the trouble of truth serum or try and get your drunk. This is why you should keep it to yourself if you are a bitcoin investor. Because if you drive around with a BTC sticker on your Ferrari then don't be surprised if one day you get jumped.
Topic: Father lost his Electrum wallet, and remembers some of the words in the seed (Read 472 times)
December 10, 2020, 01:06:02 AM
December 05, 2020, 10:12:52 AM
It may be cool, but I still wouldn’t want to keep my seed in my brain - because there’s also a physical assault vector where the attacker can use some drugs that can be used as a truth serum - so although we often see it in movies, in some countries it is still used when interrogation of suspects.
Truth serum doesn't actually exist - it is just hollywood nonsense, which is why "confessions" under the influence of it (whatever particular substance "it" is - several have been used) are not accepted in court. In reality all you are doing is sedating the subject and making them suggestible, and many will agree to whatever you tell them. I would imagine they are next to useless when it comes to extracting individual words. And regardless, if someone can perform a $5 wrench attack or similar to make you spill your seed phrase, then they can do exactly the same to make you spill your password for your software wallet, the location and PIN of your hardware wallet, the location of your back up, etc. Not remembering your seed phrase is not a protection against such an attack. You need to use plausible deniability instead, such as secondary wallets, passphrases, etc.
Some people even under the influence of alcohol or marijuana say a lot of things they would never say in a conscious state - and in my country we have a saying that says "a drunkard says what a sober man thinks".
All the more reason not to become so intoxicated that you lose your senses. 
December 05, 2020, 08:38:21 AM
Yes, it is cool to be able to remember a seed phrase and have instant access to your bitcoin from anywhere in the world without having to carry a wallet with you. But you should always have that seed phrase physically backed up on paper somewhere safe as well.
It may be cool, but I still wouldn’t want to keep my seed in my brain - because there’s also a physical assault vector where the attacker can use some drugs that can be used as a truth serum - so although we often see it in movies, in some countries it is still used when interrogation of suspects. Some people even under the influence of alcohol or marijuana say a lot of things they would never say in a conscious state - and in my country we have a saying that says "a drunkard says what a sober man thinks".
December 05, 2020, 06:49:58 AM
Hence... don't use your brain as your only source of your seed unless you use this seed everyday.
I would go further and say don't use your brain as your only source of back up, full stop. Even if you are using the seed phrase every single day, there are literally thousands of things that can happen to you without any warning that can impact your memory. A simple fall or trip and a blow to your head. Road traffic accidents, work place accidents, accidents at home, etc. 70 million people suffer from a traumatic brain injury each year. 1 in 6 people will have a stroke at some point in their life. Severe infections (COVID included) can leave you with neurological and memory issues. There are brain aneurysms. And seizures. And dementia. And Alzheimer's. And the list goes on.Yes, it is cool to be able to remember a seed phrase and have instant access to your bitcoin from anywhere in the world without having to carry a wallet with you. But you should always have that seed phrase physically backed up on paper somewhere safe as well.
December 05, 2020, 12:29:08 AM
I also had this issue in the past where instead of writing it down, I decided to "remember" the seed. At first I would recite it every day, then I made a story out of it using all the 12 words. And from time to time I would basically do a test signature and verify or do some small transaction to keep it in my memory. However...
Then Nov 2018 happened, BTC dropped to like $3K and decided to not sell my BTC in that wallet for like almost a year. Then when it went up in June 2019, I tried to access the wallet and could only remember 6 of the words, in the correct order. I figured I would just look at the dictionary and the words that I am missing would appear and I would be set. However you don't realise how many words there are and you will second guess yourself assuming you know the word when its not the correct word.
Basically in the end. Out of the blue for some reason months and months later, I "finally" remembed the missing 6 words. Tried it on Electrum and the wallet finally opened. Basically the word that I "thought" were correct weren't even close to being correct.
Hence... don't use your brain as your only source of your seed unless you use this seed everyday.
Then Nov 2018 happened, BTC dropped to like $3K and decided to not sell my BTC in that wallet for like almost a year. Then when it went up in June 2019, I tried to access the wallet and could only remember 6 of the words, in the correct order. I figured I would just look at the dictionary and the words that I am missing would appear and I would be set. However you don't realise how many words there are and you will second guess yourself assuming you know the word when its not the correct word.
Basically in the end. Out of the blue for some reason months and months later, I "finally" remembed the missing 6 words. Tried it on Electrum and the wallet finally opened. Basically the word that I "thought" were correct weren't even close to being correct.
Hence... don't use your brain as your only source of your seed unless you use this seed everyday.
November 24, 2020, 05:20:49 AM
benchmarking is a very complicated process that can easily be wrong if you take the wrong steps. i couldn't figure out the exact things they measure and there is no source code, but it appears that they are benchmarking basic things (playing a video, opening your browser, playing a game,...). these could be different from computing hashes. for instance some CPUs have phenomenal performance in computing SHA256 since they have intrinsics and the process could be easily parallelized which would take a lot faster on CPU and even though GPU speed is still faster but it will no longer be 60x faster.
Yeah, it would be more accurate if btcrecover had a parameter for running it's own hashing benchmark per combination. I know VanitySearch also has such an option, and it shouldn't be too hard to implement. Just use a throwaway seed with a missing word and make a result in combinations/second.
November 24, 2020, 02:38:11 AM
Quote
these could be different from computing hashes. for instance some CPUs have phenomenal performance in computing SHA256 since they have intrinsics and the process could be easily parallelized which would take a lot faster on CPU and even though GPU speed is still faster but it will no longer be 60x faster.
Correct me if i'm wrong please, but shouldn't the GPU still see a large speedup because this task is easily parallelized? Or am I missing something about the capabilities of the few thousand cuda cores
November 24, 2020, 02:04:34 AM
Quote
these could be different from computing hashes. for instance some CPUs have phenomenal performance in computing SHA256 since they have intrinsics and the process could be easily parallelized which would take a lot faster on CPU and even though GPU speed is still faster but it will no longer be 60x faster.
Correct me if i'm wrong please, but shouldn't the GPU still see a large speedup because this task is easily parallelized? Or am I missing something about the capabilities of the few thousand cuda cores
November 23, 2020, 11:29:53 PM
OpenCL benchmarks show that a single 1080 Ti has a Geekbench score of 60898. (https://browser.geekbench.com/opencl-benchmarks) It says that a Core i3-8100 running the same tests would get a score of 1000, so however long the key searching operations take on that Core i3, are about 60.898x faster on a 1080 Ti.
benchmarking is a very complicated process that can easily be wrong if you take the wrong steps. i couldn't figure out the exact things they measure and there is no source code, but it appears that they are benchmarking basic things (playing a video, opening your browser, playing a game,...). these could be different from computing hashes. for instance some CPUs have phenomenal performance in computing SHA256 since they have intrinsics and the process could be easily parallelized which would take a lot faster on CPU and even though GPU speed is still faster but it will no longer be 60x faster. November 23, 2020, 09:53:52 PM
if you have 7 out of 12 words, it will take approximately 1 year on a 10x 1080TI rig to find the missing five (from own experience)
Does that require that you know the correct order of those 7 words? Or does it not matter? 
November 23, 2020, 07:44:34 PM
Quote
So if the wallet is big enough its worth it. If you are missing 4 or 3 words or less, then its a piece of cake.
Yayy hope. I'll try getting something setup for those cases, and otherwise, this is sort of the safest to hodl I suppose. Quote
Its a custom c code, no python github lib repo...
May I see some of you code? Or can you point me a direction to make something similar? I'm comfortable with programming in C and the math surrounding cryptography, but I've never taken a course in it, and wouldn't know where to start for deriving an electrum wallet as opposed to a standard BIP39 wallet November 23, 2020, 07:26:40 PM
if you have 7 out of 12 words, it will take approximately 1 year on a 10x 1080TI rig to find the missing five (from own experience)
Genuine question: Are GTX 1080 Tis actually that fast? 5 missing words gives 2048^5 combinations, which would work out at checking 114 million possibilities per second per graphics card. I appreciate that many of those will have an invalid checksum and can immediately be discarded, but with even only 1/16th with a valid checksum, that's still 7.125 million seed phrases that it has to pass through PBKDF2 and derive an address for.I suppose you could half all those numbers if you are looking at the 50% solved average benchmark, but even then, that seems a bit fast to me.
Still, that all rests on the fact that you know the order of the words. In OP's case, where he doesn't know the order of the words, then everything becomes significantly more difficult, to the point of impossibility.
Its a custom c code, no python github lib repo...
November 23, 2020, 05:10:24 PM
So, it wouldn't be unreasonable to expect a 1080 Ti to search that amount in 128/60.898 = 2.1 seconds.
When you say "search", do you mean simply generate 2 million combinations, do you mean generate 2 million combinations and derive the first address for the ones with a correct checksum, or do you mean generate millions more combinations and derive the first address for the 2 million or so with the correct checksum?And even if you mean the last case (i.e. the most efficient case), that is still only deriving the first address for 1 million combinations per second, whereas when looking at keychainX's numbers you would need to be over 7 times faster than that.
My numbers are for when btcrecovery generates 2 million combinations and then derives the first address for the ones with the correct checksum (the first case).
I don't know how btcrevocery works internally but I assume for each "phase" with a progress bar, it only checks the checksum and derives the first address for the number of combinations listed at the left. My 2 million figure was pulled from one such phrase for a seed with two words omitted similar to the OP's.
November 23, 2020, 04:41:02 PM
So, it wouldn't be unreasonable to expect a 1080 Ti to search that amount in 128/60.898 = 2.1 seconds.
When you say "search", do you mean simply generate 2 million combinations, do you mean generate 2 million combinations and derive the first address for the ones with a correct checksum, or do you mean generate millions more combinations and derive the first address for the 2 million or so with the correct checksum?And even if you mean the last case (i.e. the most efficient case), that is still only deriving the first address for 1 million combinations per second, whereas when looking at keychainX's numbers you would need to be over 7 times faster than that.
November 23, 2020, 04:23:06 PM
if you have 7 out of 12 words, it will take approximately 1 year on a 10x 1080TI rig to find the missing five (from own experience)
Genuine question: Are GTX 1080 Tis actually that fast?As btcrecover uses OpenCL for GPU acceleration, OpenCL benchmarks show that a single 1080 Ti has a Geekbench score of 60898. (https://browser.geekbench.com/opencl-benchmarks) It says that a Core i3-8100 running the same tests would get a score of 1000, so however long the key searching operations take on that Core i3, are about 60.898x faster on a 1080 Ti. So e.g. while slightly faster than an i3-8100, a single thread in my Xeon E31240 searches 2183867 combinations in 128 seconds. So, it wouldn't be unreasonable to expect a 1080 Ti to search that amount in 128/60.898 = 2.1 seconds.
By contrast, an RTX 3090 has a score of 203093. That makes it 3.335x faster than the 1080 Ti. For the same number of combinations it'll take about 0.63 seconds.
Clustering more GPUs together of course only speeds up the search linearly, and you can only cluster so many under a budget.
November 23, 2020, 03:04:01 PM
if you have 7 out of 12 words, it will take approximately 1 year on a 10x 1080TI rig to find the missing five (from own experience)
Genuine question: Are GTX 1080 Tis actually that fast? 5 missing words gives 2048^5 combinations, which would work out at checking 114 million possibilities per second per graphics card. I appreciate that many of those will have an invalid checksum and can immediately be discarded, but with even only 1/16th with a valid checksum, that's still 7.125 million seed phrases that it has to pass through PBKDF2 and derive an address for.I suppose you could half all those numbers if you are looking at the 50% solved average benchmark, but even then, that seems a bit fast to me.
Still, that all rests on the fact that you know the order of the words. In OP's case, where he doesn't know the order of the words, then everything becomes significantly more difficult, to the point of impossibility.
November 23, 2020, 02:31:30 PM
Hello all, and thanks to any who are able to help, my father remembers most of the words (say m=10 for example), and I'm fairly certain it was a 12 word seed.
Correct me if i'm wrong, but a 12 word seed has 12 factorial (479001600) possibilities, and since i'm missing two of those words, that leaves the dictionary size squared as roughly 4 million times factor.
I'm familiar with python, and thankfully electrum uses a pretty capable python console. But just generating all permutations killed my program. I redid it in Haskell (NOT A PRO AT HASKELL tho I love what little I know) and was able to generate ~~50GB list of all permutations in 33 minutes, but still need the 4 million substitutions of words in the dictionary so my plan of just having a text file containing all possible phrase ideas and having python run through that is seemingly less feasible.
I'm familiar with multithreading, tho in C, not python. and have access to a large computer cluster if need be (~~44 CPU cores in one node, 24 cores in the GPU node w/ 4xTesla, and another 48 cores on an AMD node)
Before I go any further, I wanted to check if there was a smarter way of doing this kind of dictionary recovery attack.
Please and thank you for any time spent helping
Correct me if i'm wrong, but a 12 word seed has 12 factorial (479001600) possibilities, and since i'm missing two of those words, that leaves the dictionary size squared as roughly 4 million times factor.
I'm familiar with python, and thankfully electrum uses a pretty capable python console. But just generating all permutations killed my program. I redid it in Haskell (NOT A PRO AT HASKELL tho I love what little I know) and was able to generate ~~50GB list of all permutations in 33 minutes, but still need the 4 million substitutions of words in the dictionary so my plan of just having a text file containing all possible phrase ideas and having python run through that is seemingly less feasible.
I'm familiar with multithreading, tho in C, not python. and have access to a large computer cluster if need be (~~44 CPU cores in one node, 24 cores in the GPU node w/ 4xTesla, and another 48 cores on an AMD node)
Before I go any further, I wanted to check if there was a smarter way of doing this kind of dictionary recovery attack.
Please and thank you for any time spent helping
if you have 7 out of 12 words, it will take approximately 1 year on a 10x 1080TI rig to find the missing five (from own experience)
So if the wallet is big enough its worth it. If you are missing 4 or 3 words or less, then its a piece of cake.
/KX
November 23, 2020, 02:20:32 PM
Well.... shit haha. Guess i'm really counting on my father's memory here... never thought I'd be praying on his (probably our (and I mean this as a compliment)) autistic memory.
Best of luck to you, but unfortunately, I don't see this having a happy ending 
This case is a prime example of why an offline, "physical" backup (ie. writing it down or using a "cryptosteel"-type solution) is the recommended method to backup a 12/24 word seed mnemonic. Hopefully, it might save someone else from the same fate by convincing them that relying on "memory" alone is a "Bad Idea"™
November 23, 2020, 08:04:28 AM
Well.... shit haha. Guess i'm really counting on my father's memory here... never thought I'd be praying on his (probably our (and I mean this as a compliment)) autistic memory.
He definitely did not write the words down or save them anywhere? He only committed them to memory? And he definitely doesn't have a back up of the wallet file somewhere? An external hard drive? A system image? Make sure you double check, as any of these possibilities are far more likely than recovering the seed from the information you currently have.Who knows, maybe I'll get lucky.
There's always the possibility that you get lucky and hit the right combination near the start of your search, but similarly there's also the possibility that I pick 12 words at random and they happen to be your father's. I wish you luck, but unfortunately the odds are that you'll spend years looking unless you can narrow down the possibilities with some more info. November 22, 2020, 05:24:03 PM
Quote
Even splitting this work up between all your available core, best case scenario you are still looking at several years of non-stop computing to crack the seed phrase. If there is any doubt as to the 5 "probable" words, then there is no point in even trying.
Well.... shit haha. Guess i'm really counting on my father's memory here... never thought I'd be praying on his (probably our (and I mean this as a compliment)) autistic memory.
I just ran seedrecovry.py, thanks for helping me get this far folks, even if it doesn't work. Who knows, maybe I'll get lucky. If it cracks the seed I'm buying everyone here a round, from my man to yall
Jump to: