Author

Topic: Possibility of dictionary brute force attack on multibit seed (Read 835 times)

sr. member
Activity: 431
Merit: 250
Thank you for help, I will keep using my setup than, good to know!
sr. member
Activity: 317
Merit: 275
Quote
Here’s a scenario. Let’s pretend NSA has intercepted a message encrypted with a 128 bit key and they really want to crack it. Keep in mind: your phone easily encrypts messages with 128 bit keys in a couple milliseconds. This sort of crypto is nothing special, and your computers do crypto operations like this each time you use a web browser.

To do this, NSA needs to build a cluster of parallel processors trying to decrypt the message with different keys until they get it right. They’ll guess that the key is 0, then 1, then 2, then 3, then 4, then 5, and so on. By the time they get to 2^128, they will have completed an exhaustive search of the keyspace and definitely will have cracked it.

Now let’s pretend the NSA has a budget of $100 trillion (in reality, they don’t have nearly that much money). Let’s also say that they can buy $50 computers that can test 100,000 keys a second (try making your Raspberry Pi do that, I dare you). Spending the entire $100 trillion at $50 a pop, they can afford two trillion computers. At 100,000 guesses per second, the entire cluster of two trillion computers can make 200,000,000,000,000,000 guesses per second.

So how many seconds will it take to guess all 2^128 possible keys?

1,701,411,834,604,692,317,316 seconds.
Which is 28,356,863,910,078,205,288 minutes.
Which is 472,614,398,501,303,421 hours.
Which is 19,692,266,604,220,975 days.
Which is 53,951,415,354,030 years.
Which is 53,951,415,354 millennia.

Since the key could be any number between 0 and 2^128, chances are the key will be found in half that time. So 27 billion millennia then?

That’s a long time to wait to crack the crypto on a single message. And I greatly exaggerated the resources of the NSA. In reality, they’d be waiting a lot longer. Another way to put it is this: If all the combined computing power currently available to the human race were devoted to decrypting this one single message, the sun would die out before it was cracked.
https://micahflee.com/2013/01/no-really-the-nsa-cant-break-your-crypto/

https://i.imgur.com/ag3KQ0L.png

Quote
Here is an analogy I like.

The odds of winning the jackpot on the powerball lotto is 1 in 175,223,510.

Compare that to the odds of 2 people generating the same seed, 1 in 280,000,000,000,000,000,000,000,000,000,000,000,000, and the idea begins to come into focus.

You are more likely to win the jackpot on the powerball 4 times in a row than you are of generating the same seed.

To simply create and store every possible combination of Seeds, you'd need to fill our solar system with 1TB harddrives.
legendary
Activity: 1708
Merit: 1066
Each word is chosen randomly from a 2048 word dictionary. That is 11 bits of entropy.
By default we use 12 word seed phrases so that is a possible 12 * 11 = 132 bits of entropy.

It is actually slightly less as each 3 words has a 1 bit of checksum so the total entropy is 128 bits.

I normally translate 10 bits = 10^3 (not quite exact but close enough for rough work)
Thus 128 bits is > 10^36

The timestamp isn't actually a salt but is simply the days since the genesis block for the day you created the wallet. It saves us time when doing a restore as we sync from that date.
sr. member
Activity: 431
Merit: 250
How possible it is to guess the multibit auto generated seed when you import it from mycelium, so there is no timestamp salting.

I use multibit + mycelium because I want access on my phone too, but it seems like both use different algo of seeds, mycelium don't have a timestamp while multibit does.

I am afraid if someone launch a dictionary attack, dictionary is open source, so if someone is trying every single combo of 12 words with python or something and check the balances from blockchain.

Don't troll please I really don't know how secure is BIP or BIP+Timestamp, especially I can see many posts on this forum about funds gone from multibit and I doubt its malware.
Jump to: