Pages:
Author

Topic: Solve a riddle, guess a 4 char password and add 10 BTC to your xmas... SOLVED!! - page 5. (Read 13586 times)

legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
time is of the essence

If you are throwing in the towel then please post a BTC address here (or send me one in a PM) so I can at least throw 1 BTC your way for the time spent on this.

For those who dont have enough hashing power, u can send me patterns per PM and il test em, if they match u get a portion of the 10BTC (going to distribute it fair to all who helped, including me).

Doh - just as I posted - well glad to see you haven't given up!

Smiley
legendary
Activity: 1792
Merit: 1008
/dev/null
For those who dont have enough hashing power, u can send me patterns per PM and il test em, if they match u get a portion of the 10BTC (going to distribute it fair to all who helped, including me).
legendary
Activity: 1792
Merit: 1008
/dev/null
"Solve a riddle, guess a 4 char password and add 10 BTC to your xmas stocking!" <-- why not "Solve a riddle, bruteforce a 4 char password with an unknown salt and add 10 BTC to your xmas stocking! )"

All will be revealed in time but I will add now that the title of this topic was not inaccurate.

Smiley
time is of the essence
legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
"Solve a riddle, guess a 4 char password and add 10 BTC to your xmas stocking!" <-- why not "Solve a riddle, bruteforce a 4 char password with an unknown salt and add 10 BTC to your xmas stocking! )"

All will be revealed in time but I will add now that the title of this topic was not inaccurate.

Smiley
legendary
Activity: 1792
Merit: 1008
/dev/null
Next hint to be posted after 400 confirmations (unless there is consensus here for me to give it earlier).

"Solve a riddle, guess a 4 char password and add 10 BTC to your xmas stocking!" <-- why not "Solve a riddle, bruteforce a 4 char password with an unknown salt and add 10 BTC to your xmas stocking! )"
dunno what to test, tested somany pattern.
Did you change ${password} too? asking because of the 1p.
legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
Next hint to be posted after 400 confirmations (unless there is consensus here for me to give it earlier).
legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
BTW don't know if you guys have read this: https://bitcoinfoundation.org/blog/?p=58

but I think a case could be made for some "grant" coins towards creating a GUI that could assist with creating a secret such as that so far elusive changed equation in my bash script.
legendary
Activity: 1792
Merit: 1008
/dev/null
Just woke up again to find that we are at confirmation # 202 so here is the next hint:
Code:
1p+1p!=pp
and we still got tons of stuff to test Tongue this gonna be fun
legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
Just woke up again to find that we are at confirmation # 202 so here is the next hint:

Code:
1p+1p!=pp
legendary
Activity: 1792
Merit: 1008
/dev/null
Is anyone interested in an address that contains 230 satoshis? It's in an electrum wallet I'm about to delete and can't be bothered to try and salvage them without paying a fee, so if anyone wants them, they can have the wallet and get them!
sure Wink ty already.
Good opportunity to hack around with electrum.
legendary
Activity: 1078
Merit: 1002
Is anyone interested in an address that contains 230 satoshis? It's in an electrum wallet I'm about to delete and can't be bothered to try and salvage them without paying a fee, so if anyone wants them, they can have the wallet and get them!
legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
Well it's very early now in Beijing but woke up wondering whether the 10 BTC was still there - and amazingly it still is (and I see now only another 15 confirmations before the next hint).

Although I respect the skepticism of any "brainwallet" approach I do hope that this "putting my money where my mouth is" approach will at least convince some that the idea can work (although even my much improved script could itself be improved through the use of say scrypt).
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
just guessing here:

lets say the 4 character password is 1234
the changed line simply means multiple times the password, but at least 2.
so it could be

12341234 or 123412341234 or 1234123412341234 or ...

so the brute force must hash all aaaaaaaa to ZZZZZZZZ and try as password
then hash all aaaaaaaaaaaa to ZZZZZZZZZZZZ and try as password
then hash all aaaaaaaaaaaaaaaa ...
No. The line in that script is bash code and it forms a string to be hashed. So the brute force needs to scan ranges made up of any a-z, A-Z, and 0-9 but only 4 chars. Then it substitutes each pwd attempt into the pattern used in the script eg.  aaaa+aaaa=aaaaaaaa@L3AsT, except we know it's not that exact pattern. We have clues that likely it's the @L3AsT part that has changed but how is not known.

At least one person has tried over 200 variations on that line and still not found the right one. I've only tested about 10 variations but now that my pwd hashing code is working I can provide patterns in a file and it will run on them in sequence.

Just for interest these are the ones I've tried so far with no luck:

Code:
%s+%s=%s%s@L3AsT
%s+%s=%s%s(at least)
%s+%s=%s%s(atleast)
%s+%s=%s%s(@L3AsT)
%s+%s=%s%s(@L3asT)
%s+%s=%s%s(@Least)
%s+%s=%s%s(@LeasT)
%s+%s=%s%s(atL3AsT)
%s+%s=%s%s(at L3AsT)
%s+%s>%s%s
%s+%s>=%s%s

I guess I'll throw a bunch more in and let it spin. It's only running on one GPU as I couldn't get multiple to work. Not sure why but stops with some crash code.


legendary
Activity: 1792
Merit: 1008
/dev/null
For those wondering exactly where I am headed with this concept - it is to ideally present to an end user a list of questions that will be able to then be used to automatically modify the password hashing script to generate an algorithm in a manner that is very secure (on a secured computer of course - more to come on this in the CIYAM Open thread) without too much effort (but the end user's creativity is and will always be the *key* ingredient with this approach).

I never said that this would be a trivial matter (or that this is the best solution to the problem) but I hope that this challenge has at least shown that the idea has some merit.

Also using this method I am fairly sure that I've now managed to secure all of CIYAM Open's future BTC tx's for an outlay of under 100 USD (shitty old notebooks are cheap here in China - but you should have seen the look on the salesman's face when my wife asked for the WiFi card to be *removed* because "she hates the internet" Cheesy ).

I think you did read the "Security by Obscurity" wiki entry. At last ur bound to a 64 alpha numeric password which is long enough to not be crackable by a dictionary nowadays (and the future, unlike something drastically changes). Real Security comes by a good Design and not Obscurity, lets take scrypt as example -> scrypt takes compared to other hashing algos very long to complete. Now take a look at Armory for example where a scrypt hash (u define the scrypt parameters) of ur password is your deterministic wallet key. Now if scrypt is broken (there are collisions/attacks possible) then ur whole wallet gets insecure. A good way to take care of it is wrapping/nesting good (not a bad one, there are hashing algos that tell of what input they are generated which would be a major drawback!) hashing algos. Cascascius (Mike) was talking about this too i guess. If you do this the sheer amount of hashes you have to crack is so big that it isnt worth trying and it would be easier to search for a collision.

Pls let cryptograph specialist/programers/hackers decide if its safe or not, i see it so often that some dev thinks a hashing way is save and uses it everywhere (i had to fix a hacked system at my company, some stupid dev used base64 to "encrypt" the password) until u see its broken. Therefore picking a good way to Hash ur password and store it accordingly is the key to success.

PS: sry for typos, just woke up!
legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
For those wondering exactly where I am headed with this concept - it is to ideally present to an end user a list of questions that will be able to then be used to automatically modify the password hashing script to generate an algorithm in a manner that is very secure (on a secured computer of course - more to come on this in the CIYAM Open thread) without too much effort (but the end user's creativity is and will always be the *key* ingredient with this approach).

I never said that this would be a trivial matter (or that this is the best solution to the problem) but I hope that this challenge has at least shown that the idea has some merit.

Also using this method I am fairly sure that I've now managed to secure all of CIYAM Open's future BTC tx's for an outlay of under 100 USD (shitty old notebooks are cheap here in China - but you should have seen the look on the salesman's face when my wife asked for the WiFi card to be *removed* because "she hates the internet" Cheesy ).
legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
BTW - I'd like to pass on a special thank you to the mods for allowing this thread to stay in Bitcoin Discussion.

Bitcointalk is a pretty awesome place to be!

Smiley
legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
We will not crack this challenge ass long as you have your algorithm protected!

Precisely!

As the Electrum guys say "protect the seed"! Smiley
full member
Activity: 226
Merit: 100
The difference is that you can easily calculate the entropy of a brainwallet. Your function however not so much. So you won't know how secure it is.

Good point.

People are using their ow secret key obfuscating functions all the time. Here are some popular ones:
  • Repeat the password twice
  • Append 123 at the end
  • Replace o with 0, t with 7, e with 3 etc. A.k.a. 1337-language

Some ppl might think that these things make their passwords much much stronger. Little do they know that all these cases are covered in a modern dictionary attack and therefore only add a few bits extra security.

You are suggesting some more advanced modification that is unlikely to be guessed. It's basically a part of your key and must either be protected or remembered.

We will not crack this challenge ass long as you have your algorithm protected!
legendary
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
I think you have to allow more time. If someone could crack my Electrum wallet seed in 24 hours I'd call it useless.

Understood - that is why I am not giving the next hint until confirmation # 200 and that next hint may not be the last one either (really I just didn't want to drag this out too long in the same way that Mike Caldwell handled his similar challenge but if you guys think that it is worthwhile then we can keep at it - understand that in the *real* version the brute force cracking is going to be a hell of a lot tougher than for this trial - and we can have a challenge for that if people are interested in let's say 50 BTC).
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
I don't see how this is not a brainwallet too. It would be like creating an electrum 10 word passphrase, remembering only 4 of them and writing 6 of them down on a piece of paper.

You're just adding the entropy either way.

It is indeed a "brainwallet" of sorts but I think it is a much better one - if I am so wrong then I would have thought that the 10 BTC would have already been moved by now.

I think you have to allow more time. If someone could crack my Electrum wallet seed in 24 hours I'd call it useless.
Pages:
Jump to: