Pages:
Author

Topic: "Why I'm releasing a brainwallet cracker at DEFCON 23" (Read 6148 times)

legendary
Activity: 2268
Merit: 1092
I know this thread is 3 years old, but I'd like to post something I just found:

Bitcoin Address:
  1GjjGLYR7UhtM1n6z7QDpQskBicgmsHW9k

Text:
  how much wood could a woodchuck chuck if a woodchuck could chuck wood

Timestamp:
  2013-02-14 02:07:30 UTC


Listed on: https://bitsig.io/?addr=1GjjGLYR7UhtM1n6z7QDpQskBicgmsHW9k

Unless bitsig.io have retroactively listed well known brainwallet phrases, it seems that the original owner of woodchuck may have used bitsig.io to generate the wallet address. In full public view.


---

edit: Seems bitsig.io was registered only in 2015, well after this address was used, so I guess they did retroactively list brainwallet phrases. So nothing too amazing here.

Maybe they used brainflayer to crack them. Smiley
legendary
Activity: 1092
Merit: 1010
Passphrase length does not matter. Passphrase language does not matter. All that matters is predictability. There is no way to measure the predictability of human-generated passphrases, but we can measure the predictability of random passphrases. So use random passphrases.

I'd like to bold this for emphasis.

If you'd use the entire King James Bible as a passphrase, it would be easy to crack.
hero member
Activity: 994
Merit: 1000
PUGG.io
Can someone please tell me that how to use this software Huh
I'm currently running Windows, but know some backtrack too
member
Activity: 105
Merit: 59
it seems the best way to create a nxt brain wallet is by using a combination of data only you know. say phone numbers,  addresses, and chinese/japanese characters. Then mix it up with your own password. good luck trying to guess that and no way in hell would you forget it nor the need to write it down.

right now nxt has the ability to host bitcoin addresses via the multigateway, in effect giving nxt the ability to host your other coins with just one passphrase.

www.jnxt.org/nxt -- login with account to test it out: NXT-MRCC-2YLS-8M54-3CMAJ
Yeah indeed, it's also best to use some words that can't be found in dictionaries and add special characters in front of and in between words.
Plus you'd need to use a passphrase of at least 64 characters.

...just use diceware - you'll probably screw up picking one with meat. Some of the brainwallets I cracked were in chinese and russian. If I am reading that whitepaper right, NXT is actually weaker than normal brainwallets because curve25519 is substantially faster than secp256k1 for public key generation.

Passphrase length does not matter. Passphrase language does not matter. All that matters is predictability. There is no way to measure the predictability of human-generated passphrases, but we can measure the predictability of random passphrases. So use random passphrases.
legendary
Activity: 1792
Merit: 1283
it seems the best way to create a nxt brain wallet is by using a combination of data only you know. say phone numbers,  addresses, and chinese/japanese characters. Then mix it up with your own password. good luck trying to guess that and no way in hell would you forget it nor the need to write it down.

right now nxt has the ability to host bitcoin addresses via the multigateway, in effect giving nxt the ability to host your other coins with just one passphrase.

www.jnxt.org/nxt -- login with account to test it out: NXT-MRCC-2YLS-8M54-3CMAJ
Yeah indeed, it's also best to use some words that can't be found in dictionaries and add special characters in front of and in between words.
Plus you'd need to use a passphrase of at least 64 characters.
sr. member
Activity: 350
Merit: 252
it seems the best way to create a nxt brain wallet is by using a combination of data only you know. say phone numbers,  addresses, and chinese/japanese characters. Then mix it up with your own password. good luck trying to guess that and no way in hell would you forget it nor the need to write it down.

right now nxt has the ability to host bitcoin addresses via the multigateway, in effect giving nxt the ability to host your other coins with just one passphrase.

www.jnxt.org/nxt -- login with account to test it out: NXT-MRCC-2YLS-8M54-3CMAJ
sr. member
Activity: 348
Merit: 250
But my dog's name is still safe right?

Only if called 123abc


If it was a NXT brain wallet pass phrase his dog's name would need to be at least 30 characters long to be secure. There are servers constantly attempting to crack NXT wallet pass phrases using lists of passwords called rainbow tables.

No doubt all the quoted advice for creating strong NXT pass phrases also applies to creating strong Bitcoin pass phrases.

https://wiki.nxtcrypto.org/wiki/How-To:GenerateStrongPassword



Quote
30 characters??!? Isn't that too much?

For most applications, yeah. But Nxt works differently.

In most other applications, an attacker can only try to break into one account at a time. A smart attacker will not try passwords randomly. They will run through a prepared list of passwords and resulting hashes (that list is called a rainbow table), hoping to find the one password that can access your account.

As technology improves and processing power increases, attackers can prepare larger and larger rainbow tables. The key to creating a safe password is to stay ahead of the processing curve, to avoid being simple enough to be included in rainbow tables and so escape easy discovery.

Most applications are such that an attacker can go after only one account at a time. Your bank, e-mail, and online shopping accounts are like this. For such applications, a password of 15 varied characters that don't form readable words or patterns is currently very safe, well beyond what attackers can feasibly include in their rainbow tables.

Nxt works differently. In order to have the convenience of accessing your account through just a single passphrase, without a login name or wallet file, it also allows an attacker to try ALL accounts at the same time and greatly increases their chances of success. With everyone's account balance in the prize pot, the rewards become much higher, so there's compelling reason for them to focus a lot more resources on extending rainbow tables.
legendary
Activity: 1092
Merit: 1010
But my dog's name is still safe right?

Only if called 123abc
member
Activity: 114
Merit: 16
But my dog's name is still safe right?
legendary
Activity: 1092
Merit: 1010
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.

The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.

As shown by this thread, people aren't very good with random-ness.
You should let the computer do this for you.

People are terrible in choosing passwords for themselves, I know that. But I kind of got from this thread that all brainwallets are doomed since they can be cracked with this software which is just not true if you have a strong and random password.

Concept of brainwallets works for NXT pretty well, OK they did have some hacks in the beginning, just because the users used famous phrases which you can look for with these kind of softwares very quickly and successfully. Now, when the users know what the strong password is and when they have option for client to choose it for them, brainwallets work well.
I almost forgot that NXT is a brainwallet per se.

I did some research some time ago but couldn't find how NXT hashes the passphrase which locks/unlocks the account.

Does anyone here know about it?

Is it just sha256(passphrase)? It can't be that easy...

I am sure it's not that easy, otherwise all people's NXT would just be gone. I have forwarded this thread to my good friend who's deeper with NXT, I am sure somebody will reply and let us know.

Cheers!

From the Nxt Whitepaper: https://www.dropbox.com/s/cbuwrorf672c0yy/NxtWhitepaper_v122_rev4.pdf

Quote
2.4.2 Accounts
Nxt implements a brain wallet as part of its design: all accounts are stored on
the network, with private keys for each possible account address directly derived
from each account’s passphrase using a combination of SHA256 and Curve25519
operations.
Each account is represented by a 64-bit number, and this number is expressed
as an account address using a Reed-Solomon14 error-correcting notation that
allows for detection of up to four errors in an account address, or correction of
up to two errors. This format was implemented in response to concerns that
a mistyped account address could result in tokens, aliases, or assets being irreversibly
transferred to erroneous destination accounts. Account addresses are
always prefaced by “NXT-”, making Nxt account addresses easily recognizable
and distinguishable from address formats used by other cryptocurrencies.
The Reed-Solomon-encoded account address associated with a secret passphrase
is generated as follows:

1. The secret passphrase is hashed with SHA256 to derive the account’s
private key.
2. The private key is encrypted with Curve25519 to derive the account’s
public key.
3. The public key is hashed with SHA256 to derive the account ID.
4. The first 64 bits of the account ID are the visible account number.
5. Reed-Solomon encoding of the visible account number, prefixed with “NXT-
”, generates the account address.

When an account is accessed by a secret passphrase for the very first time, it
is not secured by a public key. When the first outgoing transaction from an
account is made, the 256-bit public key derived from the passphrase is stored
on the blockchain, and this secures the account. The address space for public
keys (2256) is larger than the address space for account numbers (264), so there
is no one-to-one mapping of passphrases to account numbers and collisions are
possible. These collisions are detected and prevented in the following way: once
a specific passphrase is used to access an account, and that account is secured
by a 256-bit public key, no other public-private key pair is permitted to access
that account number.
sr. member
Activity: 350
Merit: 252
NXT uses sha256() i believe. not sure, best to ask the nxt ppl.

regardless i think many people use simple passphrases and it gets cracked. especially if its all alphanumeric only. anyone know if this cracker that's been released that can crack 150+ passphrase if it was all alphabets? what if you used non-standard characters like chinese or russian???

i wonder how nxt is compared to ethereum? has anyone compared the two? aside from the price, nxt seems kinda cheap with all the development going on there.


hero member
Activity: 798
Merit: 1000
Move On !!!!!!
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.

The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.

As shown by this thread, people aren't very good with random-ness.
You should let the computer do this for you.

People are terrible in choosing passwords for themselves, I know that. But I kind of got from this thread that all brainwallets are doomed since they can be cracked with this software which is just not true if you have a strong and random password.

Concept of brainwallets works for NXT pretty well, OK they did have some hacks in the beginning, just because the users used famous phrases which you can look for with these kind of softwares very quickly and successfully. Now, when the users know what the strong password is and when they have option for client to choose it for them, brainwallets work well.
I almost forgot that NXT is a brainwallet per se.

I did some research some time ago but couldn't find how NXT hashes the passphrase which locks/unlocks the account.

Does anyone here know about it?

Is it just sha256(passphrase)? It can't be that easy...

I am sure it's not that easy, otherwise all people's NXT would just be gone. I have forwarded this thread to my good friend who's deeper with NXT, I am sure somebody will reply and let us know.

Cheers!
legendary
Activity: 966
Merit: 1001
As it seems, the Github source code of the brainwallet.org has also been taken down. Does anyone know about a copy of that repository ?

It is still there on Github. You just need to browse the repository before the final commit was made.
https://github.com/brainwallet/brainwallet.github.io/tree/f7679dd03f39a04edced641960a7c3df1116fea9
sr. member
Activity: 473
Merit: 250
I think a good way to beat this bad behaviour of some bitcoiners would be that a hacker (not cracker) would check out all possible combinations, create a huge wallet with it and everytime he finds someone is using such a stupid brainwallet then he might withdraw, let's say 0.00001337 Bitcoins. The user would be warned and can push his coins.

Of course there is the risk that a cracker finds the same coins and withdraws them. But there is no way for the hacker to withdraw all and give it back to the real owner of the address.
legendary
Activity: 1946
Merit: 1007
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.

The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.

As shown by this thread, people aren't very good with random-ness.
You should let the computer do this for you.

People are terrible in choosing passwords for themselves, I know that. But I kind of got from this thread that all brainwallets are doomed since they can be cracked with this software which is just not true if you have a strong and random password.

Concept of brainwallets works for NXT pretty well, OK they did have some hacks in the beginning, just because the users used famous phrases which you can look for with these kind of softwares very quickly and successfully. Now, when the users know what the strong password is and when they have option for client to choose it for them, brainwallets work well.
I almost forgot that NXT is a brainwallet per se.

I did some research some time ago but couldn't find how NXT hashes the passphrase which locks/unlocks the account.

Does anyone here know about it?

Is it just sha256(passphrase)? It can't be that easy...

I think it would be best to ask that in the NXT thread or on the NXT forums. You will probably get a prompt answer and may even change their hashing methods by asking Smiley
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.

The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.

As shown by this thread, people aren't very good with random-ness.
You should let the computer do this for you.

People are terrible in choosing passwords for themselves, I know that. But I kind of got from this thread that all brainwallets are doomed since they can be cracked with this software which is just not true if you have a strong and random password.

Concept of brainwallets works for NXT pretty well, OK they did have some hacks in the beginning, just because the users used famous phrases which you can look for with these kind of softwares very quickly and successfully. Now, when the users know what the strong password is and when they have option for client to choose it for them, brainwallets work well.
I almost forgot that NXT is a brainwallet per se.

I did some research some time ago but couldn't find how NXT hashes the passphrase which locks/unlocks the account.

Does anyone here know about it?

Is it just sha256(passphrase)? It can't be that easy...
member
Activity: 105
Merit: 59
That is interesting. But i don't understand yet why there is such a big difference in safety for having that passkey as a password for the wallet.dat or having it as the seed for a private key. Where does the difference come from? I mean bruteforcing should work at the same speed for both isn't it? Or are there iterations of the pass for the wallet.dat so that the time to bruteforce gets extended?

There are two functional differences:

1) For wallet.dat encryption, they need your wallet file, and can't attack your account without it.
2) Even if they have the wallet file, they have to expend their effort attacking your file.  In stark contrast, attacks against brainwallets attack ALL brainwallets simultaneously.  

There's also 3:

3) The wallet encryption uses a slow hash that takes a significant fraction to compute, whereas brainwallets can be attacked pretty much as fast as you an compute the public keys.
hero member
Activity: 798
Merit: 1000
Move On !!!!!!
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.

The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.

As shown by this thread, people aren't very good with random-ness.
You should let the computer do this for you.

People are terrible in choosing passwords for themselves, I know that. But I kind of got from this thread that all brainwallets are doomed since they can be cracked with this software which is just not true if you have a strong and random password.

Concept of brainwallets works for NXT pretty well, OK they did have some hacks in the beginning, just because the users used famous phrases which you can look for with these kind of softwares very quickly and successfully. Now, when the users know what the strong password is and when they have option for client to choose it for them, brainwallets work well.
hero member
Activity: 493
Merit: 500
That is interesting. But i don't understand yet why there is such a big difference in safety for having that passkey as a password for the wallet.dat or having it as the seed for a private key. Where does the difference come from? I mean bruteforcing should work at the same speed for both isn't it? Or are there iterations of the pass for the wallet.dat so that the time to bruteforce gets extended?

There are two functional differences:

1) For wallet.dat encryption, they need your wallet file, and can't attack your account without it.
2) Even if they have the wallet file, they have to expend their effort attacking your file.  In stark contrast, attacks against brainwallets attack ALL brainwallets simultaneously.  
hero member
Activity: 493
Merit: 500
As shown by this thread, people aren't very good with random-ness.
You should let the computer do this for you.

Ideally, you should NOT let the computer do this for you. Use diceware or something similar that uses real-world randomness.
Pages:
Jump to: