"Why I'm releasing a brainwallet cracker at DEFCON 23" - page 3.

jonald_fyookball

legendary

Activity: 1302

Merit: 1004

Core dev leaves me neg feedback #abuse #political

Quote from: Kazimir on August 08, 2015, 08:38:15 AM

I have a LOT of bitcoins stored in brainwallets, and I feel perfectly safe about it.

I think brainwallets are very secure, provided that you REALLY understand what makes strong input for a brainwallet, and what doesn't.

For example, I use Sha256²(master key + passphrase) where "master key" is a long, complex, impossible to guess password that I also use for e.g. Keepass. And the passphrase (it's actually a phrase, not a word) is something I can remember easily, but is still kinda hard to guess. Together, I feel very confident that nobody on earth is ever going to guess or brute force it.

With Sha256² I mean something similar to Sha256d (double Sha256) which Bitcoin uses, but instead of Sha256(Sha256(x)), I use Sha256(x+Sha256(x)).

Yes. However, it seems most people don't REALLY understand that. It seems simple and obvious to
an informed person, but it is not to the layperson, even when explained.

In another thread, we were discussing probabilities and someone remarked "I don't understand all this fancy math"
when there was no math involved except multiplication and perhaps exponentiation.

When you're smart/informed/talent, its easy to overestimate the abilities of others. So,
I get why brainwallets aren't recommended and even in your situation, the entropy can
only be estimated but not measured directly.

I just use electrum although I do believe in theory that you're right. If you truly know
what you're doing, you can create a strong brain wallet.

Kazimir

legendary

Activity: 1176

Merit: 1001

I have a LOT of bitcoins stored in brainwallets, and I feel perfectly safe about it.

I think brainwallets are very secure, provided that you REALLY understand what makes strong input for a brainwallet, and what doesn't.

For example, I use Sha256²(master key + passphrase) where "master key" is a long, complex, impossible to guess password that I also use for e.g. Keepass. And the passphrase (it's actually a phrase, not a word) is something I can remember easily, but is still kinda hard to guess. Together, I feel very confident that nobody on earth is ever going to guess or brute force it.

With Sha256² I mean something similar to Sha256d (double Sha256) which Bitcoin uses, but instead of Sha256(Sha256(x)), I use Sha256(x+Sha256(x)).

CelestialWalrus

newbie

Activity: 7

Merit: 0

Quote from: bitpump on August 08, 2015, 01:29:17 AM

The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"

I've tried guessing some of them, but this one is just... wow. I've never found anything actually.

cellard

legendary

Activity: 1372

Merit: 1252

Damn, how I didn't think about that one? there's probably a lot of money being held with simple ass phrases like that, people just don't take their security seriously enough. Hopefully with time they will learn.

findftp

legendary

Activity: 1022

Merit: 1006

Delusional crypto obsessionist

Quote from: electerium on August 08, 2015, 01:54:13 AM

people whove used brainwallet should sha256 their passphrase immediately and move the coins to something more secure.

Uhm, you're joking right?

LiteCoinGuy

legendary

Activity: 1148

Merit: 1011

In Satoshi I Trust

alot of smart people recommended that you should not use a brainwallet.

thanks to the reseacher. actually he is a whitehat

@AgentofCoin

that is truly a bad brainwallet Roll Eyes

electerium

full member

Activity: 179

Merit: 100

people whove used brainwallet should sha256 their passphrase immediately and move the coins to something more secure.

AgentofCoin

legendary

Activity: 1092

Merit: 1001

Quote from: bitpump on August 08, 2015, 01:29:17 AM

...
The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
https://twitter.com/ryancdotorg/status/629862282831511552
...

It is surprising to me that people who are knowledgeable enough about Bitcoin/bitcoin to know what a brainwallet is,
don't choose more complex phrases, especially when their bitcoins are at higher risk of theft, compared to a standard privatekey.
The "how much wood could a woodchuck..." saying or whatever it is considered could be chosen by tens of people, in theory.
With millions of users in the future, that one would pop up hundredths of times.

Good luck with your presentation.

electerium

full member

Activity: 179

Merit: 100

this is actually like unbelievably horrible, and troublesome.

I remember when i first read about brainwallet on reddit I thought: that's like really scary, but cute, a lot of people will fall for using it.

It never occurred to me that not only could people end up with the same passphrase, but that you could actively scan the entire blockchain and just start brute forcing for brain wallets with easily gussed passphrases.

What's most concerning are that there are people who are ALREADY running botnets on the blockchain, and today any 5 char passphrase gets auto extracted in seconds.

most poignant:

"Brainwallets make the Blockchain a
public password hash database"

bitpump

full member

Activity: 167

Merit: 101

"Why I'm releasing a brainwallet cracker at DEFCON 23"
https://rya.nc/defcon-brainwallets.html
https://twitter.com/ryancdotorg

The 250BTC Brainwallet passphrase was "how much wood could a woodchuck chuck if a woodchuck could chuck wood"
https://twitter.com/ryancdotorg/status/629862282831511552

Slideshow
https://rya.nc/cracking_cryptocurrency_brainwallets.pdf

Software
https://github.com/ryancdotorg/brainflayer

More details on this topic:
https://www.reddit.com/r/Bitcoin/comments/3g7bpa/brainwallet_shut_down_permanently_due_to/

Topic: "Why I'm releasing a brainwallet cracker at DEFCON 23" - page 3. (Read 6099 times)