"Why I'm releasing a brainwallet cracker at DEFCON 23" - page 2.

mallard

full member

Activity: 196

Merit: 100

Quote from: Mickeyb on August 31, 2015, 07:54:43 AM

Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.

The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.

As shown by this thread, people aren't very good with random-ness.
You should let the computer do this for you.

favdesu

legendary

Activity: 1764

Merit: 1000

luckily, a white hat did it first. imagine you would wake up one day to check your paper wallet and it's emptied without any chance to get your coins back.

Mickeyb

hero member

Activity: 798

Merit: 1000

Move On !!!!!!

Quote from: Klestin on August 30, 2015, 10:12:19 PM

Quote from: Mickeyb on August 08, 2015, 05:35:48 PM

Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.

This means nothing, if people are using brainwallets, they are not less safe automatically.

Yes, they absolutely are less safe automatically. A person who wants to break your wallet.dat password must have your wallet.dat file. Brainwallets have no file.

Brainwallet cracking tools can run extremely fast - the cracking can be run offline against an indexed version of the blockchain, and can be distributed among many bots. A password of "m2wAHUnF91z" for instance (created from LastPass, and bearing approximately 51-57 bits of entropy, depending on how it's calculated) is absolutely reasonable for a wallet.dat password. It is absolutely NOT fine as a brainwallet key. Brainwallets should have no less than 128 bits of true entropy.

Creating a safe brainwallet is possible, but it is very difficult to do correctly. You have to forget everything you've learned about how to pick a good password.

Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.

The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.

louise123

sr. member

Activity: 462

Merit: 250

Quote from: erik777 on August 30, 2015, 10:35:07 PM

Quote from: Soros Shorts on August 08, 2015, 07:47:53 PM

Quote from: bitpump on August 08, 2015, 01:29:17 AM

The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
https://twitter.com/ryancdotorg/status/629862282831511552

Next we'll hear about some moron using as a passphrase "peter piper picked a peck of picked peppers".

That would be secure, since Peter piper picked a peck of pickled peppers, not picked peppers.

LOL!
That is actually very funny. Cheesy

Linuld

sr. member

Activity: 473

Merit: 250

Quote from: Klestin on August 30, 2015, 10:12:19 PM

Quote from: Mickeyb on August 08, 2015, 05:35:48 PM

Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.

This means nothing, if people are using brainwallets, they are not less safe automatically.

Yes, they absolutely are less safe automatically. A person who wants to break your wallet.dat password must have your wallet.dat file. Brainwallets have no file.

Brainwallet cracking tools can run extremely fast - the cracking can be run offline against an indexed version of the blockchain, and can be distributed among many bots. A password of "m2wAHUnF91z" for instance (created from LastPass, and bearing approximately 51-57 bits of entropy, depending on how it's calculated) is absolutely reasonable for a wallet.dat password. It is absolutely NOT fine as a brainwallet key. Brainwallets should have no less than 128 bits of true entropy.

Creating a safe brainwallet is possible, but it is very difficult to do correctly. You have to forget everything you've learned about how to pick a good password.

That is interesting. But i don't understand yet why there is such a big difference in safety for having that passkey as a password for the wallet.dat or having it as the seed for a private key. Where does the difference come from? I mean bruteforcing should work at the same speed for both isn't it? Or are there iterations of the pass for the wallet.dat so that the time to bruteforce gets extended?

erik777

sr. member

Activity: 504

Merit: 250

Earn with impressio.io

Quote from: Soros Shorts on August 08, 2015, 07:47:53 PM

Quote from: bitpump on August 08, 2015, 01:29:17 AM

The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
https://twitter.com/ryancdotorg/status/629862282831511552

Next we'll hear about some moron using as a passphrase "peter piper picked a peck of picked peppers".

That would be secure, since Peter piper picked a peck of pickled peppers, not picked peppers.

Klestin

hero member

Activity: 493

Merit: 500

Quote from: Mickeyb on August 08, 2015, 05:35:48 PM

Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.

This means nothing, if people are using brainwallets, they are not less safe automatically.

Yes, they absolutely are less safe automatically. A person who wants to break your wallet.dat password must have your wallet.dat file. Brainwallets have no file.

Brainwallet cracking tools can run extremely fast - the cracking can be run offline against an indexed version of the blockchain, and can be distributed among many bots. A password of "m2wAHUnF91z" for instance (created from LastPass, and bearing approximately 51-57 bits of entropy, depending on how it's calculated) is absolutely reasonable for a wallet.dat password. It is absolutely NOT fine as a brainwallet key. Brainwallets should have no less than 128 bits of true entropy.

Creating a safe brainwallet is possible, but it is very difficult to do correctly. You have to forget everything you've learned about how to pick a good password.

RGBKey

hero member

Activity: 854

Merit: 658

rgbkey.github.io/pgp.txt

People should understand what makes brainwallets not safe/safe. It's possible for them to be safe, and that's where they can be beneficial, but it's also very easy to make them easily crackable.

Financisto

hero member

Activity: 633

Merit: 768

BTC⇆⚡⇄BTC

Unfortunately that brainwallet.org project seemed too malicious by leaving that "correct horse battery staple" phrase as standard without leaving any previous (and visible) warning.

ryanc

member

Activity: 105

Merit: 59

Quote from: Herbert2020 on August 09, 2015, 08:47:00 AM

i don't mean to be harsh but honestly if the passphrase of the brain wallet was "how much wood..." the owner deserves to lose 250BTC and more.
the first thing that the brainwallet itself in the password field suggests is not to use popular phrases.
https://www.google.com/search?q=how+much+wood+could+a+woodchuck+chuck+if+a+woodchuck+could+chuck+wood

there is even a film with the same name for gods sake!
https://en.wikipedia.org/wiki/How_Much_Wood_Would_a_Woodchuck_Chuck_(film)

At the time that wallet was made, brainwallet.org had "correct horse battery staple" as the placeholder text. Nothing on the site said not to used phrases like that.

Financisto

hero member

Activity: 633

Merit: 768

BTC⇆⚡⇄BTC

The facts of this research are outstanding...

That's why I only rely on KDF (scrypt, bcrypt and PBKDF2), never fast hash functions (SHA family etc) for this purpose (Brainwallets).

Thanks for your educational work! The community just gets stronger with it!

bitcoinmasterlord

legendary

Activity: 1148

Merit: 1006

Quote from: AgentofCoin on August 08, 2015, 01:47:26 AM

Quote from: bitpump on August 08, 2015, 01:29:17 AM

...
The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
https://twitter.com/ryancdotorg/status/629862282831511552
...

It is surprising to me that people who are knowledgeable enough about Bitcoin/bitcoin to know what a brainwallet is,
don't choose more complex phrases, especially when their bitcoins are at higher risk of theft, compared to a standard privatekey.
The "how much wood could a woodchuck..." saying or whatever it is considered could be chosen by tens of people, in theory.
With millions of users in the future, that one would pop up hundredths of times.

Good luck with your presentation.

That is unbelieveably. With that amount of coins on it it must have been an experienced bitcoiner. That he made such an error makes it hard for me to feel pity for him.

Guess bitcoiners don't actually need to know about security.

manselr

legendary

Activity: 868

Merit: 1004

I think this is a good thing. We must be exposed to all of the possible Bitcoin and Bitcoin related stuff flaw's as early in the game as possible. Imagine if this happened 10 years from now. Now we can afford taking big losses and big mistakes because we can fix them without much impact, since we are still very early on.

Herbert2020

legendary

Activity: 1946

Merit: 1137

Quote from: bitpump on August 08, 2015, 01:29:17 AM

The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"

i don't mean to be harsh but honestly if the passphrase of the brain wallet was "how much wood..." the owner deserves to lose 250BTC and more.
the first thing that the brainwallet itself in the password field suggests is not to use popular phrases.
https://www.google.com/search?q=how+much+wood+could+a+woodchuck+chuck+if+a+woodchuck+could+chuck+wood

there is even a film with the same name for gods sake!
https://en.wikipedia.org/wiki/How_Much_Wood_Would_a_Woodchuck_Chuck_(film)

GermanGiant

hero member

Activity: 784

Merit: 500

As it seems, the Github source code of the brainwallet.org has also been taken down. Does anyone know about a copy of that repository ?

Soros Shorts

donator

Activity: 1616

Merit: 1003

Quote from: bitpump on August 08, 2015, 01:29:17 AM

The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
https://twitter.com/ryancdotorg/status/629862282831511552

Next we'll hear about some moron using as a passphrase "peter piper picked a peck of picked peppers".

jonald_fyookball

legendary

Activity: 1302

Merit: 1004

Core dev leaves me neg feedback #abuse #political

the really sad part is that this nursey rhyme is maybe forever ruined for the victim.

coinableS

legendary

Activity: 1442

Merit: 1179

I have no plans on ever using a brainwallet when there are much more secure ways to store my coins.
If I did decide to use one for some crazy reason I would include a salt and a separator symbol.

"Im@b34v3r^how^much^wood^could^a^woodchuck^chuck^if^a^woodchuck^could^chuck^wood"

EternalWingsofGod

hero member

Activity: 700

Merit: 500

With the issues of setting up an intelligent brainwallet, it makes sense that people would be better off not creating them unless aware and capable of securing them however if the wallet is unused and abandoned a few treasure troves are available for grabs.

The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
Someone didn't think that over.

Mickeyb

hero member

Activity: 798

Merit: 1000

Move On !!!!!!

Quote from: electerium on August 08, 2015, 01:54:13 AM

people whove used brainwallet should sha256 their passphrase immediately and move the coins to something more secure.

Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.

This means nothing, if people are using brainwallets, they are not less safe automatically.

Topic: "Why I'm releasing a brainwallet cracker at DEFCON 23" - page 2. (Read 6099 times)