Topic: I'm BIP38 curious, please help me out! (Read 8510 times)

"Wallet Details" tab at https://bitaddress.org should do the trick : )

Hi, can anyone help me to find private keys using correct password?  Actually i tried these passwords on  https://brainwalletx.github.io  but it does not display correct btc address. For example: if i input grAce for secound wallet , the output btc address is shown different. Why?  
I checked in both compressed and uncompressed, output is not matching these btc addresses.


I have many unused passwords with some balances but i face similar issue with them!

Can anyone help where i have to put these passwords in order to see correct wallet and private keys?

Thanks for the challenge! I did some guessing and the left hand side characters "qwaszx" were used as the first character... Unfortunately I started with CAP for these and have not even completed... This prove that even with hints, it might still take too long (too much cost) to crack a BIP38 encrypted address.

After 2 years I've decided to stop the experiment.
The password to unlock 3rd wallet with 1BTC prize was "zLwMiR".

I'd like to thank everyone for  participating in this challenge.
I'd also like to thank BIP38 developers for creating a truly great PW system!

With the current difficulty and rewards, how much entropy is necessary to make cracking a wallet for 1BTC as rewarding as mining LiteCoin, Etherium or DOGE (they all use scrypt, or do they?)?
 On a slightly unrelated topic, how does scrypt differ from scrypt-jane and how do they differ from my scheme in:
https://bitcointalksearch.org/topic/m.16988889

The password should have more than that, but this is a good benchmark.

He give a hint divide the number of UPPERCASE letters by the number of lowercase letters you get an integer.so you can try with integer.someone mentioned how many integer have this password create a table of password with the hint.I wish you could find the password.I dont have much knowledge how to crack.

That would be true for brainwallet. The challenge is not brainwallet based, it is BIP38 encrypted paper wallet. 6-character brainwallet would be brute forced in few seconds.


Please read the first post for all the password related details.

I take it people are using an actual program for this project?

I tried to put six random digits into https://www.bitaddress.org/ and got the message:


Was also wondering if its just six upper and or lower case letters?  Are there any digits and or characters?  And any non standard symbols? eg umlauts or similar?  Cyrillic/Arabic/Asian ?

Nope, just 7 more months to go : )

You mean : Within 31.34 years the password will be cracked.

For example if the password is : aaaaab             2 tries to solve.
                                             kjxusl              12,640,320 tries to solve.
                                             ZZZZZZ           19,770,609,664 tries to solve.

It works like this if you use normal Brute-force dictionaries.

But, if you use Rainbow Tables, it may take less (If they work with AES-256 because I can't find one yet).

Note: a 6-letter word (a-Z) dictionary will be : ( 52 ˆ 6 )  ×  8  =  158,164,877,312 Bytes

        52 : the number of possible characters.
        6 : word length
        8 : the size each word will take in bytes, 6 bytes for the 6 letters and 2 bytes for CR (Carriage Return) and LF (Line Feed)

About 147.31GB in Table.

Also, you can split your table, or generate a part of it, then us it to brute-force, then generate another part...

And also, you can use multiple computers with different tables to brute-force.
So, if a computer (probably a VPS) is solving 10 Passwords/Sec. You can use 10 computers with 100 Passwords / Sec.
It will only take : 19,770,609,644 / 100 Passwords / 60 Secs / 60 Mins / 24 Hours / 365.24 Days =
6 Years 3 Months 5 Days 12 Hours 16 Minutes 24 Seconds 54,864.36 microseconds

Not that much time, right?

Yes you are right he might be misunderstand OP.He really give a nice hint.here should be possibility of password:
5 Uppercase  and 1 lowercase,
4 Uppercase  and 2 lowercase,
3 Uppercase  and 3 lowercase,
0 Uppercase  and 6 lowercase
Interesting but Dont have idea how crack down.

You honestly have no idea what this thread is about, and how the puzzle works. Youre just posting for money.

OP's saying that the amount of uppercase letters will be an integer * lowercase letter. That rules out 2 of 6 possibilities. It's a great help.

Here's a newbie question from yours truly -
Since ASICs are built for cryptography, would it be faster to crack the password with an ASIC (Because I can expect that the main thing that's taking this so long is the BIP38 encryption standard). Or are ASICs only built for hashing?

P.S. I also have a sweet $400 AWS credit. Should I use it on this? Don't know how to crack :-/

Hints is not enough to find the password.It would very hard to find the password.I divided the number of UPPERCASE letters by the number of lowercase letters I got some numbers.I think password will be  UPPERCASE letters and lowercase letters with integers.Well I will try.

When I said humans are horrible at generating random passwords, I've already took in considerations the definition of a password, which is a string that grant you access and which you suppose to be the only one (and the trusted second party and maybe a third party) to know.

No one asked you if you can generate a random string (even then, there is a question about your ability to generate great randomness) btw, hardware wallets are maybe the safest thing we have for now, and of course there is nothing 100% secure/safe, when you break things down there is always a point of failure, but your job is to make the possibility of that happening as low as possible. BTW, I wouldn't recommend brain wallet for anyone.

For a hardware wallet, you can write half of the words on one paper the other half on another paper and just keep them separated.

I can very easily create a very random password: r7z3gfJ$g)lf*?~3'
I just press the keyboard a few times without looking, to make it more random I used my left hand on my right hand's position too. No way anybody could guess this with a dictionary attack.
But once I create a decent password like this, I can't remember it. And if I can, I will for sure forget it if I don't use it every day.

I'm also "struggling" with the idea how to securely store Bitcoins. Even a hardware wallet ultimately comes down to storing a backup passphrase on a piece of paper. And that piece of paper can be stolen.

Bitcoin Brain Wallets are a special case, you don't need access to any files to be able to brute force it, and you can search for all wallets at the same time. Can you believe the brain wallet thequickbrownfoxjumpedoverthelazydog has received 106 BTC in total?

Thenextweb.com shows some of the brain wallets found by researchers:
I show these Just to show adding a few numbers to words is not enough to stop a brute force attack.

Timelord2067!
1234567890123

Coincidence? I think not...  

Humans are horrible when it comes to randomness thus are horrible with generating a safe and random password (if it make sense to you than it could be guessed), not to mention that if you use the same password multiple times for multiple things the risk of being "hacked" becomes really high, it would just take a key-logger or some site/service being hacked (assuming the hacker gets the hashing/salting keys) and they can have access to every place that has the same password.

Usually hackers do hack for the reason of:
   - There is a justified financial gain.
   - To send a statement.
   - Just prove it can be done.
   - Show off their skills (mostly young hackers).

Just try to do the best security practices, even then you are not 100% safe.

Interesting challenge. So I am assuming I am real safe since my password to all of my desktop wallets is the same , 2 words linked together who make sense only to me plus a few numbers who make sense only to me and some special characters who I always use . 13 letters password, upper and lower case plus special character should take 331 years to crack since one 6 random character password needs 31.34 year to get cracked.

I didn't read all posts in this thread, but I suggest that you use hashcat, it is the fastest and most developed open source tool for brute-forcing, you can download binaries and read more about it here, The great thing about hashcat is that you can set a cluster (brute forcing pool) of many rigs that have multiple GPUs to crack one password... I've used this software to crack Nokia SL3 Locks and this is the way how I've got into bitcoin in the first place (bought miners from a miner who was selling miners after the first halving).

Sadly, since the amount is only 1 BTC it is not worth my time to try to crack it, maybe in the future when a bitcoin is so valuable that it would justify wasting hash power on it.

Edit: OK you don't have a wallet.dat but you have an encrypted private key so I am not sure about hashcat, it was a couple of years since last time I've used it for Bitcoin so you need to verify this info.

Your pass in 3rd seems very difficult to cracked, lol. Altough you already gave more hint (35%) , im still no have any idea about the pass.