Author

Topic: Father lost his Electrum wallet, and remembers some of the words in the seed (Read 476 times)

legendary
Activity: 3808
Merit: 1723
Getting drunk and screaming out your private seeds at the top of a building is most likely not going to happen. People under the influence don't do things they normally wouldn't do, it just makes them do things they are normally scared to do, like walking up and talking to some girl.

But keep in mind that if someone is physically there with you, there are ways they can easily get the private keys out of you. I don't think most thieves would go thru the trouble of truth serum or try and get your drunk. This is why you should keep it to yourself if you are a bitcoin investor. Because if you drive around with a BTC sticker on your Ferrari then don't be surprised if one day you get jumped.
legendary
Activity: 2268
Merit: 18771
It may be cool, but I still wouldn’t want to keep my seed in my brain - because there’s also a physical assault vector where the attacker can use some drugs that can be used as a truth serum - so although we often see it in movies, in some countries it is still used when interrogation of suspects.

Truth serum doesn't actually exist - it is just hollywood nonsense, which is why "confessions" under the influence of it (whatever particular substance "it" is - several have been used) are not accepted in court. In reality all you are doing is sedating the subject and making them suggestible, and many will agree to whatever you tell them. I would imagine they are next to useless when it comes to extracting individual words. And regardless, if someone can perform a $5 wrench attack or similar to make you spill your seed phrase, then they can do exactly the same to make you spill your password for your software wallet, the location and PIN of your hardware wallet, the location of your back up, etc. Not remembering your seed phrase is not a protection against such an attack. You need to use plausible deniability instead, such as secondary wallets, passphrases, etc.

Some people even under the influence of alcohol or marijuana say a lot of things they would never say in a conscious state - and in my country we have a saying that says "a drunkard says what a sober man thinks".
All the more reason not to become so intoxicated that you lose your senses.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Yes, it is cool to be able to remember a seed phrase and have instant access to your bitcoin from anywhere in the world without having to carry a wallet with you. But you should always have that seed phrase physically backed up on paper somewhere safe as well.

It may be cool, but I still wouldn’t want to keep my seed in my brain - because there’s also a physical assault vector where the attacker can use some drugs that can be used as a truth serum - so although we often see it in movies, in some countries it is still used when interrogation of suspects. Some people even under the influence of alcohol or marijuana say a lot of things they would never say in a conscious state - and in my country we have a saying that says "a drunkard says what a sober man thinks".
legendary
Activity: 2268
Merit: 18771
Hence... don't use your brain as your only source of your seed unless you use this seed everyday.
I would go further and say don't use your brain as your only source of back up, full stop. Even if you are using the seed phrase every single day, there are literally thousands of things that can happen to you without any warning that can impact your memory. A simple fall or trip and a blow to your head. Road traffic accidents, work place accidents, accidents at home, etc. 70 million people suffer from a traumatic brain injury each year. 1 in 6 people will have a stroke at some point in their life. Severe infections (COVID included) can leave you with neurological and memory issues. There are brain aneurysms. And seizures. And dementia. And Alzheimer's. And the list goes on.

Yes, it is cool to be able to remember a seed phrase and have instant access to your bitcoin from anywhere in the world without having to carry a wallet with you. But you should always have that seed phrase physically backed up on paper somewhere safe as well.
legendary
Activity: 3808
Merit: 1723
I also had this issue in the past where instead of writing it down, I decided to "remember" the seed. At first I would recite it every day, then I made a story out of it using all the 12 words. And from time to time I would basically do a test signature and verify or do some small transaction to keep it in my memory. However...

Then Nov 2018 happened, BTC dropped to like $3K and decided to not sell my BTC in that wallet for like almost a year. Then when it went up in June 2019, I tried to access the wallet and could only remember 6 of the words, in the correct order. I figured I would just look at the dictionary and the words that I am missing would appear and I would be set. However you don't realise how many words there are and you will second guess yourself assuming you know the word when its not the correct word.

Basically in the end. Out of the blue for some reason months and months later, I "finally" remembed the missing 6 words. Tried it on Electrum and the wallet finally opened. Basically the word that I "thought" were correct weren't even close to being correct.

Hence... don't use your brain as your only source of your seed unless you use this seed everyday.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
benchmarking is a very complicated process that can easily be wrong if you take the wrong steps. i couldn't figure out the exact things they measure and there is no source code, but it appears that they are benchmarking basic things (playing a video, opening your browser, playing a game,...). these could be different from computing hashes. for instance some CPUs have phenomenal performance in computing SHA256 since they have intrinsics and the process could be easily parallelized which would take a lot faster on CPU and even though GPU speed is still faster but it will no longer be 60x faster.

Yeah, it would be more accurate if btcrecover had a parameter for running it's own hashing benchmark per combination. I know VanitySearch also has such an option, and it shouldn't be too hard to implement. Just use a throwaway seed with a missing word and make a result in combinations/second.
legendary
Activity: 3472
Merit: 10611
Quote
these could be different from computing hashes. for instance some CPUs have phenomenal performance in computing SHA256 since they have intrinsics and the process could be easily parallelized which would take a lot faster on CPU and even though GPU speed is still faster but it will no longer be 60x faster.

Correct me if i'm wrong please, but shouldn't the GPU still see a large speedup because this task is easily parallelized? Or am I missing something about the capabilities of the few thousand cuda cores
you are correct, GPU is a lot faster and i've already mentioned this in my comment. my point was that it may not be 60x faster that is reported by that site since what they are benchmarking is not the specialized hash computation required to brute force mnemonics.
newbie
Activity: 7
Merit: 4
Quote
these could be different from computing hashes. for instance some CPUs have phenomenal performance in computing SHA256 since they have intrinsics and the process could be easily parallelized which would take a lot faster on CPU and even though GPU speed is still faster but it will no longer be 60x faster.

Correct me if i'm wrong please, but shouldn't the GPU still see a large speedup because this task is easily parallelized? Or am I missing something about the capabilities of the few thousand cuda cores
legendary
Activity: 3472
Merit: 10611
OpenCL benchmarks show that a single 1080 Ti has a Geekbench score of 60898. (https://browser.geekbench.com/opencl-benchmarks) It says that a Core i3-8100 running the same tests would get a score of 1000, so however long the key searching operations take on that Core i3, are about 60.898x faster on a 1080 Ti.
benchmarking is a very complicated process that can easily be wrong if you take the wrong steps. i couldn't figure out the exact things they measure and there is no source code, but it appears that they are benchmarking basic things (playing a video, opening your browser, playing a game,...). these could be different from computing hashes. for instance some CPUs have phenomenal performance in computing SHA256 since they have intrinsics and the process could be easily parallelized which would take a lot faster on CPU and even though GPU speed is still faster but it will no longer be 60x faster.
HCP
legendary
Activity: 2086
Merit: 4363
if you have 7 out of 12 words, it will take approximately 1 year on a 10x 1080TI rig to find the missing five (from own experience)
Does that require that you know the correct order of those 7 words? Or does it not matter? Huh
newbie
Activity: 7
Merit: 4
Quote
So if the wallet is big enough its worth it. If you are missing 4 or 3 words or less, then its a piece of cake.
Yayy hope. I'll try getting something setup for those cases, and otherwise, this is sort of the safest to hodl I suppose.

Quote
Its a custom c code, no python github lib repo...
May I see some of you code? Or can you point me a direction to make something similar? I'm comfortable with programming in C and the math surrounding cryptography, but I've never taken a course in it, and wouldn't know where to start for deriving an electrum wallet as opposed to a standard BIP39 wallet
member
Activity: 378
Merit: 53
Telegram @keychainX
if you have 7 out of 12 words, it will take approximately 1 year on a 10x 1080TI rig to find the missing five (from own experience)
Genuine question: Are GTX 1080 Tis actually that fast? 5 missing words gives 2048^5 combinations, which would work out at checking 114 million possibilities per second per graphics card. I appreciate that many of those will have an invalid checksum and can immediately be discarded, but with even only 1/16th with a valid checksum, that's still 7.125 million seed phrases that it has to pass through PBKDF2 and derive an address for.

I suppose you could half all those numbers if you are looking at the 50% solved average benchmark, but even then, that seems a bit fast to me.

Still, that all rests on the fact that you know the order of the words. In OP's case, where he doesn't know the order of the words, then everything becomes significantly more difficult, to the point of impossibility.

Its a custom c code, no python github lib repo...
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
So, it wouldn't be unreasonable to expect a 1080 Ti to search that amount in 128/60.898 = 2.1 seconds.
When you say "search", do you mean simply generate 2 million combinations, do you mean generate 2 million combinations and derive the first address for the ones with a correct checksum, or do you mean generate millions more combinations and derive the first address for the 2 million or so with the correct checksum?

And even if you mean the last case (i.e. the most efficient case), that is still only deriving the first address for 1 million combinations per second, whereas when looking at keychainX's numbers you would need to be over 7 times faster than that.

My numbers are for when btcrecovery generates 2 million combinations and then derives the first address for the ones with the correct checksum (the first case).

I don't know how btcrevocery works internally but I assume for each "phase" with a progress bar, it only checks the checksum and derives the first address for the number of combinations listed at the left. My 2 million figure was pulled from one such phrase for a seed with two words omitted similar to the OP's.
legendary
Activity: 2268
Merit: 18771
So, it wouldn't be unreasonable to expect a 1080 Ti to search that amount in 128/60.898 = 2.1 seconds.
When you say "search", do you mean simply generate 2 million combinations, do you mean generate 2 million combinations and derive the first address for the ones with a correct checksum, or do you mean generate millions more combinations and derive the first address for the 2 million or so with the correct checksum?

And even if you mean the last case (i.e. the most efficient case), that is still only deriving the first address for 1 million combinations per second, whereas when looking at keychainX's numbers you would need to be over 7 times faster than that.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
if you have 7 out of 12 words, it will take approximately 1 year on a 10x 1080TI rig to find the missing five (from own experience)
Genuine question: Are GTX 1080 Tis actually that fast?

As btcrecover uses OpenCL for GPU acceleration, OpenCL benchmarks show that a single 1080 Ti has a Geekbench score of 60898. (https://browser.geekbench.com/opencl-benchmarks) It says that a Core i3-8100 running the same tests would get a score of 1000, so however long the key searching operations take on that Core i3, are about 60.898x faster on a 1080 Ti. So e.g. while slightly faster than an i3-8100, a single thread in my Xeon E31240 searches 2183867 combinations in 128 seconds. So, it wouldn't be unreasonable to expect a 1080 Ti to search that amount in 128/60.898 = 2.1 seconds.

By contrast, an RTX 3090 has a score of 203093. That makes it 3.335x faster than the 1080 Ti. For the same number of combinations it'll take about 0.63 seconds.

Clustering more GPUs together of course only speeds up the search linearly, and you can only cluster so many under a budget.
legendary
Activity: 2268
Merit: 18771
if you have 7 out of 12 words, it will take approximately 1 year on a 10x 1080TI rig to find the missing five (from own experience)
Genuine question: Are GTX 1080 Tis actually that fast? 5 missing words gives 2048^5 combinations, which would work out at checking 114 million possibilities per second per graphics card. I appreciate that many of those will have an invalid checksum and can immediately be discarded, but with even only 1/16th with a valid checksum, that's still 7.125 million seed phrases that it has to pass through PBKDF2 and derive an address for.

I suppose you could half all those numbers if you are looking at the 50% solved average benchmark, but even then, that seems a bit fast to me.

Still, that all rests on the fact that you know the order of the words. In OP's case, where he doesn't know the order of the words, then everything becomes significantly more difficult, to the point of impossibility.
member
Activity: 378
Merit: 53
Telegram @keychainX
Hello all, and thanks to any who are able to help, my father remembers most of the words (say m=10 for example), and I'm fairly certain it was a 12 word seed.

Correct me if i'm wrong, but a 12 word seed has 12 factorial (479001600) possibilities, and since i'm missing two of those words, that leaves the dictionary size squared as roughly 4 million times factor.

I'm familiar with python, and thankfully electrum uses a pretty capable python console. But just generating all permutations killed my program. I redid it in Haskell (NOT A PRO AT HASKELL tho I love what little I know) and was able to generate ~~50GB  list of all permutations in 33 minutes, but still need the 4 million substitutions of words in the dictionary so my plan of just having a text file containing all possible phrase ideas and having python run through that is seemingly less feasible.

I'm familiar with multithreading, tho in C, not python. and have access to a large computer cluster if need be (~~44 CPU cores in one node, 24 cores in the GPU node w/ 4xTesla, and another 48 cores on an AMD node)

Before I go any further, I wanted to check if there was a smarter way of doing this kind of dictionary recovery attack.

Please and thank you for any time spent helping

if you have 7 out of 12 words, it will take approximately 1 year on a 10x 1080TI rig to find the missing five (from own experience)

So if the wallet is big enough its worth it. If you are missing 4 or 3 words or less, then its a piece of cake.
/KX
HCP
legendary
Activity: 2086
Merit: 4363
Well.... shit haha. Guess i'm really counting on my father's memory here... never thought I'd be praying on his (probably our (and I mean this as a compliment)) autistic memory.
Best of luck to you, but unfortunately, I don't see this having a happy ending Undecided

This case is a prime example of why an offline, "physical" backup (ie. writing it down or using a "cryptosteel"-type solution) is the recommended method to backup a 12/24 word seed mnemonic. Hopefully, it might save someone else from the same fate by convincing them that relying on "memory" alone is a "Bad Idea"™
legendary
Activity: 2268
Merit: 18771
Well.... shit haha. Guess i'm really counting on my father's memory here... never thought I'd be praying on his (probably our (and I mean this as a compliment)) autistic memory.
He definitely did not write the words down or save them anywhere? He only committed them to memory? And he definitely doesn't have a back up of the wallet file somewhere? An external hard drive? A system image? Make sure you double check, as any of these possibilities are far more likely than recovering the seed from the information you currently have.

Who knows, maybe I'll get lucky.
There's always the possibility that you get lucky and hit the right combination near the start of your search, but similarly there's also the possibility that I pick 12 words at random and they happen to be your father's. I wish you luck, but unfortunately the odds are that you'll spend years looking unless you can narrow down the possibilities with some more info.
newbie
Activity: 7
Merit: 4
Quote
Even splitting this work up between all your available core, best case scenario you are still looking at several years of non-stop computing to crack the seed phrase. If there is any doubt as to the 5 "probable" words, then there is no point in even trying.

Well.... shit haha. Guess i'm really counting on my father's memory here... never thought I'd be praying on his (probably our (and I mean this as a compliment)) autistic memory.

I just ran seedrecovry.py, thanks for helping me get this far folks, even if it doesn't work. Who knows, maybe I'll get lucky. If it cracks the seed I'm buying everyone here a round, from my man to yall
legendary
Activity: 3472
Merit: 10611
You don't need to use PBKDF2 for this. A single SHA256 hash is all that is needed to calculate the checksum. PBKDF2 is only used on the whole seed phrase as the first step towards generating private keys.
correct but checksum for Electrum mnemonics are a bit different from BIP39.
the checksum requires computation of HMAC-SHA512 of the mnemonic, if it is using English and is 12 words and since the HMAC key is a small one then it is technically two SHA512 compressions (1x inner pad + mneminic, 1x outer pad + hash of previous round).
legendary
Activity: 2268
Merit: 18771
My dad gave 5 words with extreme certainty were part of the seed, he gave me 5 more words he said were probably in the seed. I made no assumptions as to which index those words should be placed in the seed. That leaves 2 wild cards still, up to 7 (scary case, haha)
This is probably an impossible task, then, if your father does not know the order of the words.

Unscrambling a 12 word seed phrase in which all the words are known has 12! possibilities = 479,001,600
However, at least two of your words are unknown, so there are 2,048 possibilities for each of those 2 words.
This would put the number of possibilities at 12!*2048*2048 = 2,009,078,326,886,400.

Even splitting this work up between all your available core, best case scenario you are still looking at several years of non-stop computing to crack the seed phrase. If there is any doubt as to the 5 "probable" words, then there is no point in even trying.

If the last word is known, you still have to pass the mnemonic through PBKDF2 and then get the first 32 bytes of the SHA256 hash of each BIP39 seed (entropy) of the 2048*2048*66 combinations I mentioned in my previous post, because there is no way to see if the checksum is correct without knowing the SHA256 hash.
You don't need to use PBKDF2 for this. A single SHA256 hash is all that is needed to calculate the checksum. PBKDF2 is only used on the whole seed phrase as the first step towards generating private keys.
legendary
Activity: 3472
Merit: 10611
My dad gave 5 words with extreme certainty were part of the seed, he gave me 5 more words he said were probably in the seed. I made no assumptions as to which index those words should be placed in the seed. That leaves 2 wild cards still, up to 7 (scary case, haha)
it sounds like the order and position of the 10 words you have is also unknown, which means the number of combinations to check is even larger than initially speculated and it makes it impossible to recover.
do you know how he is recovering these words? for example is it from memory or was it written down or is it a file? there could be other options to recover in different cases which may be easier to look into than trying to brute force what you have at this stage.
HCP
legendary
Activity: 2086
Merit: 4363
Obviously, the total number of possibilities with 2 missing words is a lot less than the total search space of 12 word seeds... I was simply pointing out that "12 factorial" was not the correct starting point.

Is it possible to reduce the dictionary attack range by  brute forcing only combinations that would pass the checksum requirements? Maybe someone already made a program to do that?
It would narrow a bit the possibilities.
Most of the utilities simply create the combinations dynamically, rather than generating a dictionary of every possible combination first... which is rather wasteful, given it might take only a relatively small number to find the correct one.

So basically, the idea is that you create a given combination, calculate if the checksum is valid and discard the seed mnemonic if it fails... otherwise move on to the more computationally intensive task of actually deriving keys/addresses etc.


At the end of the day... trying to find 2 missing words is actually relatively trivial, regardless of whether the position of the missing words is known, but only if the 10 you already have are in the correct order. A script should be able to find the correct combination of 12 words in a relatively short amount of time.

However, 7 words is going to be, for all intents and purposes, "impossible"... you'd be looking at a timeframe measured in centuries or thousands of years Undecided
newbie
Activity: 7
Merit: 4
Thanks so much for the help so far everyone!

Quote
Does your father know the location of the two missing words? That would cut down the search time massively.
Probably not, I asked a few hours ago but he still hasn't responded. I doubt it

Quote
Does your father know the master public key or some of the early addresses which were generated by the seed phrase?
I doubt it, what's the relation to a master public key to an address? Just finished cross referencing electrum statements with emails and texts, I found the address I believe he owns. It still has an unspent txo fortunately. I'll get started on that soon.

Quote
...so there are actually 276824064 ways to insert two missing words into a 10 word phrase.
Ahh, probability theory has humbled me again... Thanks!

My dad gave 5 words with extreme certainty were part of the seed, he gave me 5 more words he said were probably in the seed. I made no assumptions as to which index those words should be placed in the seed. That leaves 2 wild cards still, up to 7 (scary case, haha)

Again, thanks to everyone who has helped, I think I have enough information now to run the btcrecover tool. I'll update if it works
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Unfortunately, you are wrong... a 12 word seed has 2048^12 possibilities => 5444517870735015415413993718908291383296 total possibilities (the actual number of valid possibilities is a bit less due to the checksum requirements etc).

Is it possible to reduce the dictionary attack range by  brute forcing only combinations that would pass the checksum requirements? Maybe someone already made a program to do that?
It would narrow a bit the possibilities.

It's a 12 word phrase so there are 4 bits of checksum at the end, that means only 512 * 2048 * 66 valid combinations to search in if the last word is the one lost. The remaining 4 bits can be derived by constructing the checksum.

If the last word is known, you still have to pass the mnemonic through PBKDF2 and then get the first 32 bytes of the SHA256 hash of each BIP39 seed (entropy) of the 2048*2048*66 combinations I mentioned in my previous post, because there is no way to see if the checksum is correct without knowing the SHA256 hash. You can however skip the heavy computation that comes after it for invalid phrases, namely looking for its master public key or address given as input.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Before I go any further, I wanted to check if there was a smarter way of doing this kind of dictionary recovery attack.

Unfortunately, you are wrong... a 12 word seed has 2048^12 possibilities => 5444517870735015415413993718908291383296 total possibilities (the actual number of valid possibilities is a bit less due to the checksum requirements etc).

Is it possible to reduce the dictionary attack range by  brute forcing only combinations that would pass the checksum requirements? Maybe someone already made a program to do that?
It would narrow a bit the possibilities.
HCP
legendary
Activity: 2086
Merit: 4363
Correct me if i'm wrong, but a 12 word seed has 12 factorial (479001600) possibilities, and since i'm missing two of those words, that leaves the dictionary size squared as roughly 4 million times factor.
Unfortunately, you are wrong... a 12 word seed has 2048^12 possibilities => 5444517870735015415413993718908291383296 total possibilities (the actual number of valid possibilities is a bit less due to the checksum requirements etc).


It also has multi-device support, so you can split the work across all your available cores.
How is this activated? I couldn't find any command line option for specifying IP addresses or servers except for --worker, and that doesn't look like you can pass different server IPs to it.
The multiple devices don't talk to each other... you provide the --worker argument as "n/m" (ie. --worker 1/5) on each worker and it will divide the password search space up into "m" chunks and assign chunk "n" to that particular worker.

If you watch the demo of using Vast.ai with multiple instances here: https://www.youtube.com/watch?v=8Zqc-2Te3zQ&list=PL7rfJxwogDzmd1IanPrmlTg3ewAIq-BZJ&index=13&t=1220s

You can see him say "they don't communicate at all" and some of the other workers are still running, even when one had found the password.

The written instructions for this demo is here: https://github.com/3rdIteration/btcrecover/blob/master/docs/Usage_Examples/2020-10-06_Multi-GPU_with_vastai/Multi-GPU_with_vastai.md
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Specifically, you need the seedrecover.py script included in this repo. Follow the instructions at https://github.com/3rdIteration/btcrecover/blob/master/docs/Seedrecover_Quick_Start_Guide.md . Make sure you also pip install groestlcoin-hash, and apt install python3-pyopencl for GPU support. If the clusters are running Windows I think you can just install numpy and pyopencl from pip. Then pass --enable-opencl as an argument to seedrecover.py to use the GPUs.

Then give seedrecover.py an address (and how deep it was listed in the electrum window which they call "how many addresses were generated before it"). If you have the master public key use that instead because it's quicker.

Then insert all the words in the seed phrase you remember, in the correct order. You should probably run this on the Tesla node if it's the fastest one.

It also has multi-device support, so you can split the work across all your available cores.

How is this activated? I couldn't find any command line option for specifying IP addresses or servers except for --worker, and that doesn't look like you can pass different server IPs to it.



Correct me if i'm wrong, but a 12 word seed has 12 factorial (479001600) possibilities, and since i'm missing two of those words, that leaves the dictionary size squared as roughly 4 million times factor.
Unfortunately, you are wrong... a 12 word seed has 2048^12 possibilities => 5444517870735015415413993718908291383296 total possibilities (the actual number of valid possibilities is a bit less due to the checksum requirements etc).

But the number of combinations for a twelve word seed with two missing words is 2048**2 = 4194304, but depending on which words were forgotten (they could be in the middle of the phrase, not necessarily at the end, or next to each other), we have to multiply this by 12 nCr 2 = 66, so there are actually 276824064 ways to insert two missing words into a 10 word phrase.

Of course this number is less because of checksums, and even less if the last word is one of the words forgotten, maybe OP can clarify if this is the case.
legendary
Activity: 2268
Merit: 18771
Does your father know the location of the two missing words? That would cut down the search time massively.

Does your father know the master public key or some of the early addresses which were generated by the seed phrase? If he does, then the quickest way to do this is going to be to use this piece of software: https://github.com/3rdIteration/btcrecover/

It also has multi-device support, so you can split the work across all your available cores.
newbie
Activity: 7
Merit: 4
Hello all, and thanks to any who are able to help, my father remembers most of the words (say m=10 for example), and I'm fairly certain it was a 12 word seed.

Correct me if i'm wrong, but a 12 word seed has 12 factorial (479001600) possibilities, and since i'm missing two of those words, that leaves the dictionary size squared as roughly 4 million times factor.

I'm familiar with python, and thankfully electrum uses a pretty capable python console. But just generating all permutations killed my program. I redid it in Haskell (NOT A PRO AT HASKELL tho I love what little I know) and was able to generate ~~50GB  list of all permutations in 33 minutes, but still need the 4 million substitutions of words in the dictionary so my plan of just having a text file containing all possible phrase ideas and having python run through that is seemingly less feasible.

I'm familiar with multithreading, tho in C, not python. and have access to a large computer cluster if need be (~~44 CPU cores in one node, 24 cores in the GPU node w/ 4xTesla, and another 48 cores on an AMD node)

Before I go any further, I wanted to check if there was a smarter way of doing this kind of dictionary recovery attack.

Please and thank you for any time spent helping
Jump to: