Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: Reasonable Brain Wallet Passphrases? (Read 2828 times)

DannyHamilton
legendary
Activity: 3472
Merit: 4794
Reasonable Brain Wallet Passphrases?
March 06, 2013, 07:27:16 PM
#3
Quote from: PrintCoins on March 06, 2013, 11:17:42 AM
- snip -
If a gigahash is 10^9 hashes per second, than 1 gigahash should be able to generate every possible hash of this in 1.4e4 seconds (or roughly 4 hours).
- snip -

Generating private/public key pairs involves Eliptic curve encryption.  I'm not not sure either, but I suspect that it takes longer than SHA-256 Hash.

More importantly, anyone who is not re-using bitcoin addresses is protected behind ECDSA, SHA-256, and RIPEMD-160.  This means that for each password that you try, you'll have to do the following steps:

Figure out what algorithm the user chose for converting a passphrase to a private key (typically just a SHA-256 hash of the passphrase).
Calculate the public key via ECDSA.
Calculate SHA-256 hash of the public key.
Calculate RIPEMD-160 of the resulting SHA-256 hash.
Compare the resulting RIPEMD-160 hash the a list of bitcoin addresses you are attempting to crack.

DannyHamilton
legendary
Activity: 3472
Merit: 4794
Re: Reasonable Brain Wallet Passphrases?
March 06, 2013, 07:09:39 PM
#2
Quote from: PrintCoins on March 06, 2013, 11:17:42 AM
Looking at this thread:
https://bitcointalksearch.org/topic/possible-bitcoin-addresses-68930
it is considered that the number of possible bitcoin addresses is 2^96 or 8e28 (8x10^28).

Looking at the thread you linked to, it appears there are 2160 or 1.46e48 (1.46x1048) addresses.  Considerably more than 296
PrintCoins
hero member
Activity: 533
Merit: 501
Re: Reasonable Brain Wallet Passphrases?
March 06, 2013, 11:17:42 AM
#1
So I am looking into what would be required for a simple brain wallet passphrase generator that produced simple to remember passphrases, but ones that would not be able to be feasibly cracked within one's lifetime.

This comic was the starting point for me:



and someone created a generator here:
http://preshing.com/20110811/xkcd-password-generator

Looking at this thread:
https://bitcointalksearch.org/topic/possible-bitcoin-addresses-68930
it is considered that the number of possible bitcoin addresses is 2^96 or 8e28 (8x10^28).

This passphrase generator does 1949^4 = 1.4e13.

If a gigahash is 10^9 hashes per second, than 1 gigahash should be able to generate every possible hash of this in 1.4e4 seconds (or roughly 4 hours).

If I use something like this:
http://www.infochimps.com/datasets/word-list-100000-official-crossword-words-excel-readable
it comes to about 3171 years for a machine producing 1 gigahash per second. (This would have 10^20 different 4 word combinations)

Assumptions made:
* Checking the blockchain for an address match takes no time (good indexing required to make this fast)
* The hashing hardware that is used to solve bitcoin blocks will generate priv/pub keypairs just as fast
(This second one I am very unsure of)

So to me it seems that using a really basic dictionary of about 2000 words does not produce the security required for this type of environment assuming a 4 word passphrase. A ~100000 word dictionary does produce the needed complexity using today's hardware.

Anyone with a better grasp of this stuff want to take a look and see if I am wildly off?
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: