Texts/"passwords" as private keys source and transactions

pbies

full member

Activity: 297

Merit: 133

Quote from: PlutonowyPokrzycz on July 11, 2023, 03:38:08 PM

I know how it works and I've applied those steps. I am just saying that out of your 190 brainwallets only 3 (raspberry, grotesque, mischievousness) are really leading to an address with transaction history. Other 187 are leading nowhere.
Can you give me an example of one other from your list with the address you derived from this brainwallet, please?

I do not remember exactly why these bws has worked and given transactions. Because of that I have put them on this list. How it was exactly I don't remember.

I have no other lists.

adaseb

legendary

Activity: 3808

Merit: 1723

Yeah you never really hear the term brainwallet anymore but in the early days it got pretty popular. Because you could of chosen some phrase and instead of worrying about remembering seeds or passwords you just needed to remember that phrase.

People used names and poems and other texts and they were surprised that one day their crypto was gone. Turns out you can easily find any common phrases or names or lines from movies. So people just coded bots and were surprised how many people used these brain wallets which were extremely unsafe.

PlutonowyPokrzycz

newbie

Activity: 16

Merit: 8

Quote from: pbies on July 11, 2023, 12:35:44 PM

Addresses are derived from public keys. Public keys are derived from private keys. Private keys are "derived" from brainwallets (WIFs exactly).

brainwallet => private key / WIF => public key => address

You need script to convert private key to one of the addresses (mostly main one 0/0/0).

I know how it works and I've applied those steps. I am just saying that out of your 190 brainwallets only 3 (raspberry, grotesque, mischievousness) are really leading to an address with transaction history. Other 187 are leading nowhere.
Can you give me an example of one other from your list with the address you derived from this brainwallet, please?

pbies

full member

Activity: 297

Merit: 133

Quote from: PlutonowyPokrzycz on July 10, 2023, 10:45:29 AM

I love the topic! However, I was unable to derive addresses (with TX) from those phrases. Are you sure there were addresses? Can you check again please?

Addresses are derived from public keys. Public keys are derived from private keys. Private keys are "derived" from brainwallets (WIFs exactly).

brainwallet => private key / WIF => public key => address

You need script to convert private key to one of the addresses (mostly main one 0/0/0).

Here are the parts of the script:

Code:

from bitcoin import *
import base58
import hashlib

sha=hashlib.sha256(x).digest()
tmp=b'\x80'+sha
h=base58.b58encode_check(tmp)
pub=privtopub(tmp)
addr=pubtoaddr(pub)

PlutonowyPokrzycz

newbie

Activity: 16

Merit: 8

I love the topic! However, I was unable to derive addresses (with TX) from those phrases. Are you sure there were addresses? Can you check again please?

pbies

full member

Activity: 297

Merit: 133

Quote from: PlutonowyPokrzycz on July 10, 2023, 06:59:03 AM

Quote from: pbies on July 10, 2023, 06:12:52 AM

Yes, I got the same WIF from your phrase. Address also. That means there was no transactions for this address, no output, no input. Then the private key is completely empty.

Then I don't understand what's the point of your list (?). You can use any string, even random string of 8 lowercase characters, receive 209 billion WIFs, of which 99.999999999999999% will lead to an address without transactions. I was expecting your 200 strings list is actually leading to addresses with history of transactions...

Yes, it is hunt for this 0.000...001 with balances.

As I checked this long time ago these brainwallets, there were some txes on them. Don't remember.

If you don't like my topic - just not write in it.

PlutonowyPokrzycz

newbie

Activity: 16

Merit: 8

Quote from: pbies on July 10, 2023, 06:12:52 AM

Yes, I got the same WIF from your phrase. Address also. That means there was no transactions for this address, no output, no input. Then the private key is completely empty.

Then I don't understand what's the point of your list (?). You can use any string, even random string of 8 lowercase characters, receive 209 billion WIFs, of which 99.999999999999999% will lead to an address without transactions. I was expecting your 200 strings list is actually leading to addresses with history of transactions...

pbies

full member

Activity: 297

Merit: 133

Quote from: PlutonowyPokrzycz on July 10, 2023, 03:32:58 AM

I wanted to ask OP how to treat his list of strings.
I know that phrase "mischievousness" is a real brainwallet that leads to address 16t9GqUj2ocEipDEfkrteUTTCXbCK7kJ1q (one SHA256 applied).

I wonder what address has OP derrived from phrase "BoingBoing00" and how he got there. By looking at the code he provided it gives you WIF (5KfhTr87eouEJKS2YFPdHHkdYzUpRwXJYUU4kMe7Knk5vdzfFh4), but the address (16zxUKMDd6eiSb35UJqQbjUvmPTmfzx7km) had no transactions.

Well, you should take some brainwallets, list of passwords, or any other, and convert them to WIFs using my script.
The things here are:

1. You may use SHA256 once or twice on the input data (line of text), once give more hits, twice is the original way which should be used. Usually I use SHA256 once for brainwallets.
2. You may put readable ASCII characters to convert to WIFs or already use binary data in form of SHA256 (32 bytes of any value).

Yes, I got the same WIF from your phrase. Address also. That means there was no transactions for this address, no output, no input. Then the private key is completely empty.

PlutonowyPokrzycz

newbie

Activity: 16

Merit: 8

I wanted to ask OP how to treat his list of strings.
I know that phrase "mischievousness" is a real brainwallet that leads to address 16t9GqUj2ocEipDEfkrteUTTCXbCK7kJ1q (one SHA256 applied).

I wonder what address has OP derrived from phrase "BoingBoing00" and how he got there. By looking at the code he provided it gives you WIF (5KfhTr87eouEJKS2YFPdHHkdYzUpRwXJYUU4kMe7Knk5vdzfFh4), but the address (16zxUKMDd6eiSb35UJqQbjUvmPTmfzx7km) had no transactions.

PawGo

legendary

Activity: 952

Merit: 1385

Quote from: PlutonowyPokrzycz on July 10, 2023, 03:12:41 AM

Can you please try explaining again? For example this part:

Quote

export transactions, mess around with this export to get back commonly used words/texts

How do you mess with transactions? There is not much text within a bitcoin transaction.

That's not about a 'text' itself. You may use transaction or block hash as a private key (or as a text for sha256).
But of course do not expect anything.

PlutonowyPokrzycz

newbie

Activity: 16

Merit: 8

Quote from: pbies on May 20, 2022, 01:30:41 PM

I've checked your code and still don't understand how the list of 200 phrases gets you to addresses with history of transactions.
I've checked them with multiple hashing SHA256 and only three seem to be valid (with just single SHA256):
raspberry, grotesque, mischievousness

Can you please try explaining again? For example this part:

Quote

export transactions, mess around with this export to get back commonly used words/texts

How do you mess with transactions? There is not much text within a bitcoin transaction.

pbies

full member

Activity: 297

Merit: 133

Quote from: LoyceV on May 01, 2022, 07:32:20 AM

...

I tried a few, by entering the sha256 hash into Bitaddress, and the resulting addresses into Blockchair, but none of them show any past transactions. What did I do wrong? I like the challenge of doing the same for those 40 billion leaked passwords.

I was using SHA256 once and twice, so maybe that's why you don't see any transactions.

I double the passwords by using SHA256 once and twice (this makes the process two times longer).

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: PawGo on May 14, 2022, 02:58:34 AM

brainwallets are not popular anymore.

I'm pretty sure some people still use them. Example: me

There's only a smal amount in it, and I haven't checked it for years, but I dare to say my setup is complicated enough to never be brute-forced.

I guess the remaining brainwallets in use have decent passwords too. One way to stop "generic" brute-forcing is by adding something personal as a salt, for instance your licence plate. That easily makes it 8 orders of magnitude more difficult to brute-force, and an attacker would have to "multiply" his database of all existing passwords with all existing licence plates.
I'm not using my licence plate, and I'm not disclosing what I'm doing.

PawGo

legendary

Activity: 952

Merit: 1385

Quote from: kaggie on May 01, 2022, 02:59:07 PM

These are 200 addresses, where there were 18k in the github link. What's the difference? Time?

I think the difference is in pool of used phrases. OP wrote:

Quote from: pbies on April 30, 2022, 05:27:42 PM

From 500 000 passwords I've got

0.5mln is not so much, probably if database would be bigger, there results could be closer to 18k.
It is interesting exercise, but I think currently it has not so much sense, as brainwallets are not popular anymore. It could be good to see which phrases were used, but IMHO it is just a sociological experiment (to see how many people created a wallet using dog's name etc.).

hatshepsut93

legendary

Activity: 3024

Merit: 2148

This should be a reminder to anyone who wants to make their own brainwallet. There are people out there who have servers for monitoring huge numbers of potential brainwallets, and the moment such address receives coins, they get instantly swept by a bot. Don't think that the passphrase that you came up with is highly complex and unique, it's possible that someone's algorithm will come up with this phrase when they will build their list of potential brainwallets.

kaggie

sr. member

Activity: 333

Merit: 506

Quote from: BlackHatCoiner on May 01, 2022, 06:54:04 AM

What's a common password? You probably mean hacked passwords which were in sale? Some of these look completely random.

But, this isn't earning, but theft. Even if there was an idiot, who used a brainwallet whose password wasn't strong enough, it wouldn't mean you can take their money. For the same reason you won't steal them if they'd forgotten their wallet right next to you.

I would say those particular ones look completely not random. Many of those would be easily the same person based on the non-randomness of them with more ties possible based on the looking up the originating addresses. I'm thinking about the very not even distribution in it: certain numbers and letters are entirely skipped, some are in caps, there is also the inclusion of certain kinds of words.

These are 200 addresses, where there were 18k in the github link. What's the difference? Time?

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: pbies on May 01, 2022, 08:32:06 AM

Importing 40B of "passwords" into Bitcoin Core would take months, I think, that's why I do not go for that amount.

Doesn't Bitcoin Core fit the entire wallet into RAM? Importing billions of addresses will never work.
If you can help me reproduce the address belonging to any of the 200 "passwords", I'd like to use this to give the 40 billion passwords a try. I think "bitcoin-tool" can create addresses from hex private keys, and from there I can sort and compare them at about a billion at a time. It will take a while, but I'm curious enough to want to know how many of those passwords have been used to create a brainwallet.

pbies

full member

Activity: 297

Merit: 133

Quote from: LoyceV on May 01, 2022, 07:32:20 AM

...

I must have messed sth up with correlation between brainwallet texts and private keys.

Try yourself some solutions! It is fun!

Quote from: LoyceV on May 01, 2022, 07:32:20 AM

That means my solution could have been so much faster without using Bitcoin Core at all!

Yes, one grep is enough to test all addresses with brainwallets.

I do that in Bitcoin Core, I want to be sure. I place each private key with 0 date so BC scans each private key from the beginning of blockchain.
It takes 2h on my PC with 500k brainwallets.

Importing 40B of "passwords" into Bitcoin Core would take months, I think, that's why I do not go for that amount.

[moderator's note: consecutive posts merged]

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: nc50lc on April 30, 2022, 11:01:54 PM

Ah, so this is what this other thread of yours is all about: Export private keys that had movement - Bitcoin Core

That means my solution could have been so much faster without using Bitcoin Core at all!

Quote from: pbies on April 30, 2022, 05:27:42 PM

From 500 000 passwords I've got

Where did this list come from? In another topic a link to 40 billion passwords was posted, so why limit yourself to only half a million?

Quote

(SHA256 once and later twice which gives 1M passwords)

I tried a few, by entering the sha256 hash into Bitaddress, and the resulting addresses into Blockchair, but none of them show any past transactions. What did I do wrong? I like the challenge of doing the same for those 40 billion leaked passwords.

pbies

full member

Activity: 297

Merit: 133

Quote from: BlackHatCoiner on May 01, 2022, 06:54:04 AM

What's a common password? You probably mean hacked passwords which were in sale? Some of these look completely random.

For example:

https://github.com/dwyl/english-words/blob/master/words.zip

And well known passwords that were used in Linux systems by users over the years.

Topic: Texts/"passwords" as private keys source and transactions (Read 533 times)