Pages:
Author

Topic: I'm BIP38 curious, please help me out! (Read 8608 times)

donator
Activity: 674
Merit: 523
April 07, 2017, 02:06:25 AM
#72
Hi, can anyone help me to find private keys using correct password?  Actually i tried these passwords on https://brainwalletx.github.io  but it does not display correct btc address.

"Wallet Details" tab at https://bitaddress.org should do the trick : )
sr. member
Activity: 476
Merit: 250
April 06, 2017, 11:43:11 PM
#71
Hi, can anyone help me to find private keys using correct password?  Actually i tried these passwords on  https://brainwalletx.github.io  but it does not display correct btc address. For example: if i input grAce for secound wallet , the output btc address is shown different. Why?  
I checked in both compressed and uncompressed, output is not matching these btc addresses.


I have many unused passwords with some balances but i face similar issue with them!

Can anyone help where i have to put these passwords in order to see correct wallet and private keys?
legendary
Activity: 2282
Merit: 1023
April 06, 2017, 11:11:04 PM
#70
Thanks for the challenge! I did some guessing and the left hand side characters "qwaszx" were used as the first character... Unfortunately I started with CAP for these and have not even completed... This prove that even with hints, it might still take too long (too much cost) to crack a BIP38 encrypted address.
donator
Activity: 674
Merit: 523
April 06, 2017, 04:57:35 PM
#69
After 2 years I've decided to stop the experiment.
The password to unlock 3rd wallet with 1BTC prize was "zLwMiR".

I'd like to thank everyone for  participating in this challenge.
I'd also like to thank BIP38 developers for creating a truly great PW system!
full member
Activity: 224
Merit: 117
▲ Portable backup power source for mining.
December 01, 2016, 05:05:59 PM
#68
With the current difficulty and rewards, how much entropy is necessary to make cracking a wallet for 1BTC as rewarding as mining LiteCoin, Etherium or DOGE (they all use scrypt, or do they?)?
 On a slightly unrelated topic, how does scrypt differ from scrypt-jane and how do they differ from my scheme in:
https://bitcointalksearch.org/topic/m.16988889

The password should have more than that, but this is a good benchmark.
hero member
Activity: 821
Merit: 501
September 09, 2016, 04:00:15 PM
#67
I take it people are using an actual program for this project?

I tried to put six random digits into https://www.bitaddress.org/ and got the message:

Quote
The passphrase you entered is too short.

Warning: Choosing a strong passphrase is important to avoid brute force attempts to guess your passphrase and steal your bitcoins.

Was also wondering if its just six upper and or lower case letters?  Are there any digits and or characters?  And any non standard symbols? eg umlauts or similar?  Cyrillic/Arabic/Asian ?
He give a hint divide the number of UPPERCASE letters by the number of lowercase letters you get an integer.so you can try with integer.someone mentioned how many integer have this password create a table of password with the hint.I wish you could find the password.I dont have much knowledge how to crack.
Here is a small password hint: If you divide the number of UPPERCASE letters by the number of lowercase letters you get an integer.
donator
Activity: 674
Merit: 523
September 09, 2016, 03:22:32 PM
#66
The passphrase you entered is too short.

Warning: Choosing a strong passphrase is important to avoid brute force attempts to guess your passphrase and steal your bitcoins.

That would be true for brainwallet. The challenge is not brainwallet based, it is BIP38 encrypted paper wallet. 6-character brainwallet would be brute forced in few seconds.

Quote
Was also wondering if its just six upper and or lower case letters?  Are there any digits and or characters?  And any non standard symbols? eg umlauts or similar?  Cyrillic/Arabic/Asian ?

Please read the first post for all the password related details.
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
September 09, 2016, 02:39:55 AM
#65
I take it people are using an actual program for this project?

I tried to put six random digits into https://www.bitaddress.org/ and got the message:

Quote
The passphrase you entered is too short.

Warning: Choosing a strong passphrase is important to avoid brute force attempts to guess your passphrase and steal your bitcoins.

Was also wondering if its just six upper and or lower case letters?  Are there any digits and or characters?  And any non standard symbols? eg umlauts or similar?  Cyrillic/Arabic/Asian ?
donator
Activity: 674
Merit: 523
September 09, 2016, 02:18:01 AM
#64
Not that much time, right?

Nope, just 7 more months to go : )
full member
Activity: 159
Merit: 100
September 08, 2016, 10:11:32 AM
#63
...
The fastest cracker we have, Dirbaio, can do 20 tries/second. He will take about about 31.34 years to find! No one will commit this much energy and time to crack the wallet with only 0.1BTC, and therefore the puzzle will not be solved... unless minimalB is going to provide some hints.

You mean : Within 31.34 years the password will be cracked.

For example if the password is : aaaaab             2 tries to solve.
                                             kjxusl              12,640,320 tries to solve.
                                             ZZZZZZ           19,770,609,664 tries to solve.

It works like this if you use normal Brute-force dictionaries.

But, if you use Rainbow Tables, it may take less (If they work with AES-256 because I can't find one yet).

Note: a 6-letter word (a-Z) dictionary will be : ( 52 ˆ 6 )  ×  8  =  158,164,877,312 Bytes

        52 : the number of possible characters.
        6 : word length
        8 : the size each word will take in bytes, 6 bytes for the 6 letters and 2 bytes for CR (Carriage Return) and LF (Line Feed)

About 147.31GB in Table.

Also, you can split your table, or generate a part of it, then us it to brute-force, then generate another part...

And also, you can use multiple computers with different tables to brute-force.
So, if a computer (probably a VPS) is solving 10 Passwords/Sec. You can use 10 computers with 100 Passwords / Sec.
It will only take : 19,770,609,644 / 100 Passwords / 60 Secs / 60 Mins / 24 Hours / 365.24 Days =
6 Years 3 Months 5 Days 12 Hours 16 Minutes 24 Seconds 54,864.36 microseconds

Not that much time, right?
full member
Activity: 167
Merit: 100
September 08, 2016, 10:00:45 AM
#62
It took ~20 hours on three n1-highcpu-16 machines on Google Compute. Each one did ~50 passwords per second, 150 total.
It cost around $38 overall.
At this rate it would take up to 4 years to crack the Third password. At $38 for 20 hours it's clearly not worth it.

Here is a small password hint: If you divide the number of UPPERCASE letters by the number of lowercase letters you get an integer.
So that means:
0 UP 6 low: 0/6=0: integer
1 UP 5 low: 1/5: nope
2 UP 4 low: 2/4: nope
3 UP 3 low: 3/3=1: integer
4 UP 2 low: 4/2=2: integer
5 UP 1 low: 5/1=5: integer
Hints is not enough to find the password.It would very hard to find the password.I divided the number of UPPERCASE letters by the number of lowercase letters I got some numbers.I think password will be  UPPERCASE letters and lowercase letters with integers.Well I will try.

You honestly have no idea what this thread is about, and how the puzzle works. Youre just posting for money.

OP's saying that the amount of uppercase letters will be an integer * lowercase letter. That rules out 2 of 6 possibilities. It's a great help.

Here's a newbie question from yours truly -
Since ASICs are built for cryptography, would it be faster to crack the password with an ASIC (Because I can expect that the main thing that's taking this so long is the BIP38 encryption standard). Or are ASICs only built for hashing?

P.S. I also have a sweet $400 AWS credit. Should I use it on this? Don't know how to crack :-/
Yes you are right he might be misunderstand OP.He really give a nice hint.here should be possibility of password:
5 Uppercase  and 1 lowercase,
4 Uppercase  and 2 lowercase,
3 Uppercase  and 3 lowercase,
0 Uppercase  and 6 lowercase
Interesting but Dont have idea how crack down. Grin
legendary
Activity: 1232
Merit: 1030
give me your cryptos
September 08, 2016, 05:20:47 AM
#61
It took ~20 hours on three n1-highcpu-16 machines on Google Compute. Each one did ~50 passwords per second, 150 total.
It cost around $38 overall.
At this rate it would take up to 4 years to crack the Third password. At $38 for 20 hours it's clearly not worth it.

Here is a small password hint: If you divide the number of UPPERCASE letters by the number of lowercase letters you get an integer.
So that means:
0 UP 6 low: 0/6=0: integer
1 UP 5 low: 1/5: nope
2 UP 4 low: 2/4: nope
3 UP 3 low: 3/3=1: integer
4 UP 2 low: 4/2=2: integer
5 UP 1 low: 5/1=5: integer
Hints is not enough to find the password.It would very hard to find the password.I divided the number of UPPERCASE letters by the number of lowercase letters I got some numbers.I think password will be  UPPERCASE letters and lowercase letters with integers.Well I will try.

You honestly have no idea what this thread is about, and how the puzzle works. Youre just posting for money.

OP's saying that the amount of uppercase letters will be an integer * lowercase letter. That rules out 2 of 6 possibilities. It's a great help.

Here's a newbie question from yours truly -
Since ASICs are built for cryptography, would it be faster to crack the password with an ASIC (Because I can expect that the main thing that's taking this so long is the BIP38 encryption standard). Or are ASICs only built for hashing?

P.S. I also have a sweet $400 AWS credit. Should I use it on this? Don't know how to crack :-/
sr. member
Activity: 294
Merit: 250
September 08, 2016, 05:10:29 AM
#60
It took ~20 hours on three n1-highcpu-16 machines on Google Compute. Each one did ~50 passwords per second, 150 total.
It cost around $38 overall.
At this rate it would take up to 4 years to crack the Third password. At $38 for 20 hours it's clearly not worth it.

Here is a small password hint: If you divide the number of UPPERCASE letters by the number of lowercase letters you get an integer.
So that means:
0 UP 6 low: 0/6=0: integer
1 UP 5 low: 1/5: nope
2 UP 4 low: 2/4: nope
3 UP 3 low: 3/3=1: integer
4 UP 2 low: 4/2=2: integer
5 UP 1 low: 5/1=5: integer
Hints is not enough to find the password.It would very hard to find the password.I divided the number of UPPERCASE letters by the number of lowercase letters I got some numbers.I think password will be  UPPERCASE letters and lowercase letters with integers.Well I will try.
legendary
Activity: 1148
Merit: 1001
things you own end up owning you
September 08, 2016, 01:56:40 AM
#59
Humans are horrible when it comes to randomness thus are horrible with generating a safe and random password (if it make sense to you than it could be guessed)
I can very easily create a very random password: r7z3gfJ$g)lf*?~3'
I just press the keyboard a few times without looking, to make it more random I used my left hand on my right hand's position too. No way anybody could guess this with a dictionary attack.
But once I create a decent password like this, I can't remember it. And if I can, I will for sure forget it if I don't use it every day.

I'm also "struggling" with the idea how to securely store Bitcoins. Even a hardware wallet ultimately comes down to storing a backup passphrase on a piece of paper. And that piece of paper can be stolen.

Bitcoin Brain Wallets are a special case, you don't need access to any files to be able to brute force it, and you can search for all wallets at the same time. Can you believe the brain wallet thequickbrownfoxjumpedoverthelazydog has received 106 BTC in total?

Thenextweb.com shows some of the brain wallets found by researchers:
Quote
1. say hello to my little friend
4. party like it’s 1999
5. yohohoandabottleofrum
9. {1summer2leo3phoebe
13. blablablablablablabla
I show these Just to show adding a few numbers to words is not enough to stop a brute force attack.

When I said humans are horrible at generating random passwords, I've already took in considerations the definition of a password, which is a string that grant you access and which you suppose to be the only one (and the trusted second party and maybe a third party) to know.

No one asked you if you can generate a random string (even then, there is a question about your ability to generate great randomness) btw, hardware wallets are maybe the safest thing we have for now, and of course there is nothing 100% secure/safe, when you break things down there is always a point of failure, but your job is to make the possibility of that happening as low as possible. BTW, I wouldn't recommend brain wallet for anyone.

For a hardware wallet, you can write half of the words on one paper the other half on another paper and just keep them separated.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
September 08, 2016, 01:33:49 AM
#58
Humans are horrible when it comes to randomness thus are horrible with generating a safe and random password (if it make sense to you than it could be guessed)
I can very easily create a very random password: r7z3gfJ$g)lf*?~3'
I just press the keyboard a few times without looking, to make it more random I used my left hand on my right hand's position too. No way anybody could guess this with a dictionary attack.
But once I create a decent password like this, I can't remember it. And if I can, I will for sure forget it if I don't use it every day.

I'm also "struggling" with the idea how to securely store Bitcoins. Even a hardware wallet ultimately comes down to storing a backup passphrase on a piece of paper. And that piece of paper can be stolen.

Bitcoin Brain Wallets are a special case, you don't need access to any files to be able to brute force it, and you can search for all wallets at the same time. Can you believe the brain wallet thequickbrownfoxjumpedoverthelazydog has received 106 BTC in total?

Thenextweb.com shows some of the brain wallets found by researchers:
Quote
1. say hello to my little friend
4. party like it’s 1999
5. yohohoandabottleofrum
9. {1summer2leo3phoebe
13. blablablablablablabla
I show these Just to show adding a few numbers to words is not enough to stop a brute force attack.
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
September 08, 2016, 12:58:29 AM
#57
Interesting challenge. So I am assuming I am real safe since my password to all of my desktop wallets is the same , 2 words linked together who make sense only to me plus a few numbers who make sense only to me and some special characters who I always use Smiley . 13 letters password, upper and lower case plus special character should take 331 years to crack since one 6 random character password needs 31.34 year to get cracked.

Timelord2067!
1234567890123


Coincidence? I think not...  Kiss
legendary
Activity: 1148
Merit: 1001
things you own end up owning you
August 29, 2016, 10:42:27 AM
#56
Interesting challenge. So I am assuming I am real safe since my password to all of my desktop wallets is the same , 2 words linked together who make sense only to me plus a few numbers who make sense only to me and some special characters who I always use Smiley . 13 letters password, upper and lower case plus special character should take 331 years to crack since one 6 random character password needs 31.34 year to get cracked.

Humans are horrible when it comes to randomness thus are horrible with generating a safe and random password (if it make sense to you than it could be guessed), not to mention that if you use the same password multiple times for multiple things the risk of being "hacked" becomes really high, it would just take a key-logger or some site/service being hacked (assuming the hacker gets the hashing/salting keys) and they can have access to every place that has the same password.

Usually hackers do hack for the reason of:
   - There is a justified financial gain.
   - To send a statement.
   - Just prove it can be done.
   - Show off their skills (mostly young hackers).

Just try to do the best security practices, even then you are not 100% safe.
copper member
Activity: 1442
Merit: 529
August 29, 2016, 10:30:46 AM
#55
Interesting challenge. So I am assuming I am real safe since my password to all of my desktop wallets is the same , 2 words linked together who make sense only to me plus a few numbers who make sense only to me and some special characters who I always use Smiley . 13 letters password, upper and lower case plus special character should take 331 years to crack since one 6 random character password needs 31.34 year to get cracked.
legendary
Activity: 1148
Merit: 1001
things you own end up owning you
August 29, 2016, 09:46:33 AM
#54
I didn't read all posts in this thread, but I suggest that you use hashcat, it is the fastest and most developed open source tool for brute-forcing, you can download binaries and read more about it here, The great thing about hashcat is that you can set a cluster (brute forcing pool) of many rigs that have multiple GPUs to crack one password... I've used this software to crack Nokia SL3 Locks and this is the way how I've got into bitcoin in the first place (bought miners from a miner who was selling miners after the first halving).

Sadly, since the amount is only 1 BTC it is not worth my time to try to crack it, maybe in the future when a bitcoin is so valuable that it would justify wasting hash power on it.

Edit: OK you don't have a wallet.dat but you have an encrypted private key so I am not sure about hashcat, it was a couple of years since last time I've used it for Bitcoin so you need to verify this info.
legendary
Activity: 2366
Merit: 1130
June 13, 2016, 03:15:08 AM
#53
I am also surprised that 3rd wallet is still uncracked. I've got several PMs with "thanks for the money, man!" stating that they will cracked it in a week or two : )
Looks like they miscalculated something...

Anyways... with rising prices and another 10 months to go (2 years total) there is still plenty of time to crack it. Also my hint reduces the time for a brute force attack quite a lot (about 35%).

Your pass in 3rd seems very difficult to cracked, lol. Altough you already gave more hint (35%) , im still no have any idea about the pass.
Pages:
Jump to: