Pages:
Author

Topic: "Why I'm releasing a brainwallet cracker at DEFCON 23" - page 2. (Read 6168 times)

full member
Activity: 196
Merit: 100
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.

The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.

As shown by this thread, people aren't very good with random-ness.
You should let the computer do this for you.
legendary
Activity: 1764
Merit: 1000
luckily, a white hat did it first. imagine you would wake up one day to check your paper wallet and it's emptied without any chance to get your coins back.
hero member
Activity: 798
Merit: 1000
Move On !!!!!!
Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.

This means nothing, if people are using brainwallets, they are not less safe automatically.

Yes, they absolutely are less safe automatically.  A person who wants to break your wallet.dat password must have your wallet.dat file.  Brainwallets have no file.

Brainwallet cracking tools can run extremely fast - the cracking can be run offline against an indexed version of the blockchain, and can be distributed among many bots.   A password of "m2wAHUnF91z" for instance (created from LastPass, and bearing approximately 51-57 bits of entropy, depending on how it's calculated) is absolutely reasonable for a wallet.dat password.  It is absolutely NOT fine as a brainwallet key.  Brainwallets should have no less than 128 bits of true entropy.

Creating a safe brainwallet is possible, but it is very difficult to do correctly.  You have to forget everything you've learned about how to pick a good password.  

Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.

The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.
sr. member
Activity: 462
Merit: 250

The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
https://twitter.com/ryancdotorg/status/629862282831511552


Next we'll hear about some moron using as a passphrase "peter piper picked a peck of picked peppers".

That would be secure, since Peter piper picked a peck of pickled peppers, not picked peppers. 


LOL!
That is actually very funny. Cheesy
sr. member
Activity: 473
Merit: 250
Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.

This means nothing, if people are using brainwallets, they are not less safe automatically.

Yes, they absolutely are less safe automatically.  A person who wants to break your wallet.dat password must have your wallet.dat file.  Brainwallets have no file.

Brainwallet cracking tools can run extremely fast - the cracking can be run offline against an indexed version of the blockchain, and can be distributed among many bots.   A password of "m2wAHUnF91z" for instance (created from LastPass, and bearing approximately 51-57 bits of entropy, depending on how it's calculated) is absolutely reasonable for a wallet.dat password.  It is absolutely NOT fine as a brainwallet key.  Brainwallets should have no less than 128 bits of true entropy.

Creating a safe brainwallet is possible, but it is very difficult to do correctly.  You have to forget everything you've learned about how to pick a good password.  

That is interesting. But i don't understand yet why there is such a big difference in safety for having that passkey as a password for the wallet.dat or having it as the seed for a private key. Where does the difference come from? I mean bruteforcing should work at the same speed for both isn't it? Or are there iterations of the pass for the wallet.dat so that the time to bruteforce gets extended?
sr. member
Activity: 504
Merit: 250
Earn with impressio.io

The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
https://twitter.com/ryancdotorg/status/629862282831511552


Next we'll hear about some moron using as a passphrase "peter piper picked a peck of picked peppers".

That would be secure, since Peter piper picked a peck of pickled peppers, not picked peppers. 
hero member
Activity: 493
Merit: 500
Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.

This means nothing, if people are using brainwallets, they are not less safe automatically.

Yes, they absolutely are less safe automatically.  A person who wants to break your wallet.dat password must have your wallet.dat file.  Brainwallets have no file.

Brainwallet cracking tools can run extremely fast - the cracking can be run offline against an indexed version of the blockchain, and can be distributed among many bots.   A password of "m2wAHUnF91z" for instance (created from LastPass, and bearing approximately 51-57 bits of entropy, depending on how it's calculated) is absolutely reasonable for a wallet.dat password.  It is absolutely NOT fine as a brainwallet key.  Brainwallets should have no less than 128 bits of true entropy.

Creating a safe brainwallet is possible, but it is very difficult to do correctly.  You have to forget everything you've learned about how to pick a good password.  
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
People should understand what makes brainwallets not safe/safe. It's possible for them to be safe, and that's where they can be beneficial, but it's also very easy to make them easily crackable.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
Unfortunately that brainwallet.org project seemed too malicious by leaving that "correct horse battery staple" phrase as standard without leaving any previous  (and visible) warning.
member
Activity: 105
Merit: 59
i don't mean to be harsh but honestly if the passphrase of the brain wallet was "how much wood..." the owner deserves to lose 250BTC and more.
the first thing that the brainwallet itself in the password field suggests is not to use popular phrases.
https://www.google.com/search?q=how+much+wood+could+a+woodchuck+chuck+if+a+woodchuck+could+chuck+wood

there is even a film with the same name for gods sake!
https://en.wikipedia.org/wiki/How_Much_Wood_Would_a_Woodchuck_Chuck_(film)

At the time that wallet was made, brainwallet.org had "correct horse battery staple" as the placeholder text. Nothing on the site said not to used phrases like that.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
The facts of this research are outstanding...

That's why I only rely on KDF (scrypt, bcrypt and PBKDF2), never fast hash functions (SHA family etc) for this purpose (Brainwallets).

Thanks for your educational work! The community just gets stronger with it!
legendary
Activity: 1148
Merit: 1006
...
The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
https://twitter.com/ryancdotorg/status/629862282831511552
...

It is surprising to me that people who are knowledgeable enough about Bitcoin/bitcoin to know what a brainwallet is,
don't choose more complex phrases, especially when their bitcoins are at higher risk of theft, compared to a standard privatekey.
The "how much wood could a woodchuck..." saying or whatever it is considered could be chosen by tens of people, in theory.
With millions of users in the future, that one would pop up hundredths of times.

Good luck with your presentation.

That is unbelieveably. With that amount of coins on it it must have been an experienced bitcoiner. That he made such an error makes it hard for me to feel pity for him.

Guess bitcoiners don't actually need to know about security.
legendary
Activity: 868
Merit: 1006
I think this is a good thing. We must be exposed to all of the possible Bitcoin and Bitcoin related stuff flaw's as early in the game as possible. Imagine if this happened 10 years from now. Now we can afford taking big losses and big mistakes because we can fix them without much impact, since we are still very early on.
legendary
Activity: 1946
Merit: 1137
The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"

i don't mean to be harsh but honestly if the passphrase of the brain wallet was "how much wood..." the owner deserves to lose 250BTC and more.
the first thing that the brainwallet itself in the password field suggests is not to use popular phrases.
https://www.google.com/search?q=how+much+wood+could+a+woodchuck+chuck+if+a+woodchuck+could+chuck+wood

there is even a film with the same name for gods sake!
https://en.wikipedia.org/wiki/How_Much_Wood_Would_a_Woodchuck_Chuck_(film)
hero member
Activity: 784
Merit: 501
As it seems, the Github source code of the brainwallet.org has also been taken down. Does anyone know about a copy of that repository ?
donator
Activity: 1617
Merit: 1012

The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
https://twitter.com/ryancdotorg/status/629862282831511552


Next we'll hear about some moron using as a passphrase "peter piper picked a peck of picked peppers".
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
the really sad part is that this nursey rhyme is maybe forever ruined for the victim.
legendary
Activity: 1442
Merit: 1186
I have no plans on ever using a brainwallet when there are much more secure ways to store my coins.
If I did decide to use one for some crazy reason I would include a salt and a separator symbol.

"Im@b34v3r^how^much^wood^could^a^woodchuck^chuck^if^a^woodchuck^could^chuck^wood"
hero member
Activity: 700
Merit: 500
With the issues of setting up an intelligent brainwallet, it makes sense that people would be better off not creating them unless aware and capable of securing them however if the wallet is unused and abandoned a few treasure troves are available for grabs.

The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
Someone didn't think that over.
hero member
Activity: 798
Merit: 1000
Move On !!!!!!
people whove used brainwallet should sha256 their passphrase immediately and move the coins to something more secure.

Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.

This means nothing, if people are using brainwallets, they are not less safe automatically.
Pages:
Jump to: