Pages:
Author

Topic: This message was too old and has been purged - page 7. (Read 50756 times)

legendary
Activity: 2053
Merit: 1356
aka tonikt
Ok.
Do you want to take place in competition for a bounty on breaking any of the gmaxwell's addresses?
Maybe we should make like a fund to get it done faster.
Though I'd rather prefer to generate my public keys by myself
Anyway, feel free to steal all my money- let it be my part of the bounty Smiley
I do reuse addresses sometimes - just get them from the chain.
member
Activity: 84
Merit: 10
Not laughing. But I don't agree with piotr either.

Sure I may never ever hit. I'm well aware of the size of the namespace.

But I don't see that my efforts to reduce the search space are any less effective than EK's. And that's the whole point here.

I've reduced 31^58 to 29^58, and more, against a certain range of addresses.

He's trying rendezvous points on the curve with VERY NARROW nets on them.

It's exactly the same thing, although his hardware is better than mine.

To whoever asked: I go with 12* because any more than that takes longer to calculate (on my machine) than is worth it. i.e. it takes more than 58 times as long to calculate the third digit, and more than 58 times again the 4th one. I'm not likely to ever hit anyhow, but there you go. "Reasoning" Tongue hehe

Seriously, everything that I read about elliptic curves tells me that my approach is every bit as valid. It's a brute force against a narrow sliver of the namespace, as opposed to a rainbow table attack against the whole thing.

Anyone care to analyse? Rather than tell me to give up I mean Tongue

Ritual.
legendary
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
My missus mined BTC back in early 2010 on her laptop. She got 200 BTC and paid out 1 for something. She had the wallet on a defunct macbook, long since gone to the great landfill in the sky. But she has her address. So...we work from that. I've found her on the Blockchain, and am trying to crack the wallet to get the BTC back. I know 199 seems a small amount, but it's life-changing for us. She did remember about her wallet - she used a brainwallet system, picked a passphrase, and promptly forgot it. She's unsure, but she reckons it was about 8-12 words long, and one of the words was "2,4 Dynitrophenylhydrazone". In other words, she was being a smartarse and trying to show off her vocab and education.

I can guarantee you one thing: you can stop vanitygen efforts, there's no chance you'll ever get any results with it. As somebody pointed out, you may as well search for the whole address with it, just to see how improbable that method is.

On the other hand, you maybe have a chance to recover it because she used a brainwallet. If she once knew the phrase, she
may eventually remember it, so why doesn't she try (don't laugh) hypnosis? I've read that experts can make you recover any memories. It's sure worth a try if the reward is 150.000US$.
legendary
Activity: 2053
Merit: 1356
aka tonikt
I want is for one of the mathematicians on the forum to explain why EKs approach is any more efficient than mine.
Because he uses (some kind of) math to vastly increase a probability that a number he's trying would be the one he's looking for.
Your approach is just looking blind
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
As the designer of cryptographically secured disk drives I can assure you that if you properly configure a TCG or other FDE drive you can just pull it out of your system and toss it.  Your data is safe.

For sure your comment does apply to standard disk drives and even more imporantly devices such as copiers that have unsecured disk drives in them.  Get an old junked copier and pull the disk drive.  Wala!  Thousands of documents to look at.
sr. member
Activity: 378
Merit: 250
I feel for you Ritual. I would retire or at least move now if I had 199 BTC.  lol

It's bad policy to ever throw out a harddrive without at least opening it and destroying the platters.

Never thrown one out yet.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Not sure why you are not using vanitygen to filter your results even more for you.  Why only 3 characters?  Why are you not using an exact match on say the first 7 or 8 characters?

As you add more and more characters to your exact match criteria vanitygen will give you some idea of how long you are going to have to wait just to get something with those first characters - let alone a perfect match.  Just keep adding characters and that will give you a feel for how long it is going to be even get a match that is "close", and by "close" I mean a worthless partial match that is not really close and does not get you any closer to finding a match.

You probably know my opinion by now but just in case:  EK's approach will not work.  

I don't think you can generate and check addresses faster than vanitygen on a video card.

I can do some maths after my nap if someone else has not done it.
member
Activity: 84
Merit: 10
BurtW - you misunderstand me.

I am simply creating billions of addresses with their private keys using Vanitygen. Then checking them against a stored list. I am not trying to go backwards, or break any kind of encryption. I'm just hoping for a match at some point. In my lifetime, preferably.

Point is, I am "reducing" the name space I am searching by specifying:

1) The first 3 chars of the address: 12g
2) The range of addresses I want to match.

It's not much of a reduction, and I'll have to be lottery-winning lucky, but you know what? It runs on my machine 24/7, and it's fine. If it hits, it hits.

What I want is for one of the mathematicians on the forum to explain why EKs approach is any more efficient than mine. As far as I can see, he can only compare a few million keys from a rendezvous point. He can do it very quickly, I grant that, but give me better hardware and I can generate more keys in Vanitygen too Smiley

Anyhow, mine is the crudest possible type of attack.

But I still don't see much of a difference between this and EKs. And when you get into the numbers, I'll bet that the advantage he has is microscopically insignificant. Anyone care to calculate it?

Rit./
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
The only way you are going to get your BTC is to remember or reconstruct the brainwallet phrase and go this direction:

(phrase) -> (private key) -> (public key) -> (Bitcoin address)

By design it is impossible to go the other direction because every step in the reverse process is impossible:

(Bitcoin address) -> (public key) -> (private key) -> (phrase)

(Bitcoin address) -> (public key) have to break through three hashes using two different hashing algorithms

(public key) -> (private key) have to break eliptical curve cryptography

(private key) -> (phrase) would have to break SHA256 again, but this step is not really needed if you have the private key Wink

My suggestion is try to remember every single possible word or phrase she could have or would have maybe used and then go through all combinations of those words and phrases.
member
Activity: 84
Merit: 10
Can I ask one of you mathematical guys to tell me what is the difference in what EK is doing, as opposed to what I am doing atm.

A little background:

My missus mined BTC back in early 2010 on her laptop. She got 200 BTC and paid out 1 for something. She had the wallet on a defunct macbook, long since gone to the great landfill in the sky. But she has her address. So...we work from that. I've found her on the Blockchain, and am trying to crack the wallet to get the BTC back. I know 199 seems a small amount, but it's life-changing for us. She did remember about her wallet - she used a brainwallet system, picked a passphrase, and promptly forgot it. She's unsure, but she reckons it was about 8-12 words long, and one of the words was "2,4 Dynitrophenylhydrazone". In other words, she was being a smartarse and trying to show off her vocab and education.

So I've run a dictionary attack (cobbled together from many different sources) against it for about 6 months now, with no success.

Recently I've adopted a different approach, which I am running in parallel.

Her address starts with "12g". I have been using Vanitygen64 to generate keys at approx 25000 per sec with this pattern. This then compares against her (our) key to see if it fits. It's been running for several weeks now with no result (I won't lie, I've also picked a few other interesting, apparently dead addresses starting with 12g to attack in the meantime - the compare time is negligible). The range of "interesting" keys is approx 1500.

So, to multiply 1500 by 25000, we get 37500000. Every second.

Looking at the size of the name space, this is irrelevantly small. I can probably expect a result shortly after the sun puts on it's snowhat, but nevertheless, I want that damn wallet.

Can someone knowledgeable please answer this question:

Is what I am doing any less efficient than EKs method? I think not. I'm reducing the namespace (in theory) by a factor of 58^2. But this is not enough to make a difference. I might be here all yea, I might hit it tomorrow.

The man obviously has serious mathematical knowledge, but in the case of trying to crack an elliptic curve, is it actually any use? And I have about the same odds to hit I reckon?

Thanks,

Rit./
hero member
Activity: 686
Merit: 500
FUN > ROI

I think that's a teensie bit different in that that seems to scan pretty much the entire address space.. apparently at random ..whereas this takes a more narrow look, and I'm pretty sure doesn't claim it can crack random-public-key, only public-key-within-defined-parameters.  That's not to say that I think somebody should pay the 2BTC guy for the software (though if people have 10,000BTC laying around, what's 2BTC less, eh?), but the goals seem rather different.  That guy's really just in it for the sale, this guy seems to at least package it all up in a scientific wrapper.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Watching
What are you watching?  This thread?  Sorry.
full member
Activity: 181
Merit: 100
Better don't say if you don't know!
Watching
legendary
Activity: 2053
Merit: 1356
aka tonikt
You don't need him to offer a bounty; there's about 1 million BTC of unspent (Satoshi) 50BTC blocks, where the block reward is paid to public keys instead of Bitcoin addresses. Go get 'em!
That is only 20000 addresses - gmaxwell gave 10 times more...
It's BTW also a good input into the research - so if he loses I promise to refund him with 10BTC Smiley
legendary
Activity: 1512
Merit: 1036
You don't need him to offer a bounty; there's about 1 million BTC of unspent (Satoshi) 50BTC blocks, where the block reward is paid to public keys instead of Bitcoin addresses. Go get 'em!
legendary
Activity: 978
Merit: 1001
I'd like to see what happens with this. Just because it hasn't been done in a couple of hours doesn't mean it CAN'T be done.

As has been well established on this thread, this is a rainbow table attack, and one of those 200,000 keypairs could lie within reach. Remember that we have NO IDEA how keypairs are spread along the curve, so it's not possible to tell how "weak" an address is before it's tried.

gmaxwell has the massive advantage of the entire space to choose from, obviously, but there is a possibility (however vanishingly small) that he could get caught here.

Yeah. So if anyone wants to help ripping gmaxwell of 50 BTC, please make sure to start EK's tool before going to bed tonight Smiley

But much more important thing than Greg's 50 BTC is that we all would help to (dis)prove the actual security of secp256k1.
Losers or winners - we're all in this together and we all care to know the answer. Don't we?

Not necessarily. It would prove one of two things. It's either been broken or that he's lying that he can break it. Not the fact that it "could still" be broken Smiley.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
gweedo why dont u put there 1BTC o nthe wallet if you believe he cant crack it. 16$ doesnt sound like u really are not worried.
gmaxwell already put up 50 BTC if he can crack any one of 200,000 different keypairs. 

Now, everyone, including him, knows he cannot do it. 

He may never have claimed he could, that is another matter.

oih missed that post somehow.
https://bitcointalksearch.org/topic/m.4809012
legendary
Activity: 1526
Merit: 1000
the grandpa of cryptos
gweedo why dont u put there 1BTC o nthe wallet if you believe he cant crack it. 16$ doesnt sound like u really are not worried.
gmaxwell already put up 50 BTC if he can crack any one of 200,000 different keypairs. 

Now, everyone, including him, knows he cannot do it. 

He may never have claimed he could, that is another matter.

oih missed that post somehow.
Pages:
Jump to: