Can ASIC miners easily be used to guess brainwallet passphrases?

1

What follows is an educated guess, not certain statements, and is based on Electrum's brainwallet phrases (just figured it'd be a good example), not other schemes or human-generated ones.

No, a miner can't easily be tricked into doing it (e.g. solely by a rogue pool), but can be programmed to try to crack brainwallet phrases. This is because ordinary hashing involves totally different inputs (a block header and nonce, hashed twice) than brainwallet cracking (a random 128 bit seed, hashed 100,000 times).

You'd do this by trying random 128-bit seeds, through Electrum's algorithm, which involves taking the seed and running 100,000 SHA256 hashes on it (maybe some other stuff I'm missing would make it more difficult). You can then do a few more calculations to come up with the addresses that the key generates, and check the blockchain to see if any of these match.

The current network hashrate is ~50,000,000 GH/s. If all of that were instead put towards breaking...

0 0
2
ryanc wrote:

SeenBeanAKAShawnBawn wrote:However, this doesn't sound quite right to me. Although there are more than one million words in the English language, and the Oxford dictionary has 600,000 words, let's be generous and say you use an easy-to-find list of only 300,000 words. If you had a computer guessing 4-word combinations at 150,000 guesses/second, it would take 1.7 billion years to guess every possible combination. Even a botnet of one million machines would take 1700 years. We can even upgrade your botnet to 1.5 million guesses per second and assume the majority of hits will be found within the first half of your guesses, and it will still take 85 years. That's pretty different from checking "every bitcoin address that has ever received funds in a single day."

(note - the article you reference is based on my research)

The English word list sizes you mention are unrealistic - the figures cited were assuming a 2,048 entry wordlist. The diceware list, which is...

0 0
3

When the SatoshiLite card came out for the game Spells of Genesis, I received a bunch of them for free.

I'm going to do a giveaway to give them away. They are worth about $70 right now! https://sogassets.com/dex/SATOSHILITE

But it's not going to be that easy. It's going to a brainwallet puzzle. If you can guess the brainwallet passphrase, you can figure out the key and be able to send the card to an address you control. Remember, this card is a Counterparty token. So you will need a Counterparty wallet. A good site to convert a brainwallet passphrase to a private key is Bitaddress.org. Sadly Counterparty is not on Litecoin yet! Once you have the private key, use Import Funds to add it to your counterwallet.

I will release them one at a time. And I sent enough BTC there for the fees required to send this card out. It cost me $3 for me to give this card away for free. Bitcoin fees! SMH

Puzzle #1:...

0 0
4

A white-hat hacker has released a new tool designed to illustrate the ease with which illicit actors can steal bitcoins from brainwallets, a type of bitcoin wallet iteration where passwords are not stored digitally – but in the memory of the user.

Originally conceived as a way to keep sensitive wallet data offline and make bitcoin addresses easier to remember, the brainwallet was partly undone due to how it interacts with the bitcoin blockchain. A brainwallet uses a single, long password or phrase, converts it to a private key, a public key and finally an address. Using an offline attack, it's possible to rapidly guess potential passwords to see if they're correct.

New research by Ryan Castellucci, a security researcher at digital fraud firm White Ops, indicates there is as major flaw in this method. He highlights that the final bitcoin address is recorded in the blockchain as a password hash. When used for website authentication, password hashes help determine...

0 0
5
...
0 0
6

Instant HTML5 cross-platform Groestlcoin wallet, only controlled by you.

Groestlcoin is excited to announce our new HTML5 instant wallet, JSWallet. We've listened to the community and have created a fast, easy, sexy wallet that is cross-browser and platform compatible.

Sticking to our core philosophy we neither hold nor have access to users' Groestlcoins as all keys and info are stored client-side. Moreover, should our site ever go offline your wallet can be easily imported into another wallet system.

Create a wallet in under 5 seconds by moving your mouse around the screen (or finger on touch devices) without having to provide any user information. The client-side input of the motions generate entropy (randomness) which is couple with a random generator to create a Groestlcoin wallet.

You can consider JSWallet a hot wallet where your secret URL is your key, a key that can be further secured with a password should you so choose. JSWallet generates...

0 0
7

Hackers have made about $103,000 cracking bitcoin wallets that were “secured” using BrainWallet.

Not too long after a group of researchers published a paper about efficiently cracking bitcoin BrainWallets, it was revealed in a paper that there are a group of hackers who have already taken advantage of these weaknesses and have drained every wallet they could.

“Surprisingly, after excluding activities by researchers, we identified just 884 brain wallets worth around $100K in use from September 2011 to August 2015. We find that all but 21 wallets were drained, usually within 24 hours but often within minutes. We find that around a dozen “drainers” are competing to liquidate brain wallets as soon as they are funded”

A brainwallet “refers to the concept of storing Bitcoins in one’s own mind by memorization of a passphrase. As long as the passphrase is not recorded anywhere, the Bitcoins can be thought of as existing nowhere except in the mind of the holder. If a...

0 0
8

An important and controversial topic in the area of personal wallet security is the concept of “brainwallets” – storing funds using a private key generated from a password memorized entirely in one’s head. Theoretically, brainwallets have the potential to provide almost utopian guarantee of security for long-term savings: for as long as they are kept unused, they are not vulnerable to physical theft or hacks of any kind, and there is no way to even prove that you still remember the wallet; they are as safe as your very own human mind. At the same time, however, many have argued against the use of brainwallets, claiming that the human mind is fragile and not well designed for producing, or remembering, long and fragile cryptographic secrets, and so they are too dangerous to work in reality. Which side is right? Is our memory sufficiently robust to protect our private keys, is it too weak, or is perhaps a third and more interesting possibility actually the case: that it all depends...

0 0
9

Bitcoin is the currency of the Internet: a distributed, worldwide, decentralized digital money. Unlike traditional currencies such as dollars, bitcoins are issued and managed without any central authority whatsoever: there is no government, company, or bank in charge of Bitcoin. As such, it is more resistant to wild inflation and corrupt banks. With Bitcoin, you can be your own bank.

If you are new to Bitcoin, check out We Use Coins and Bitcoin.org. You can also explore the Bitcoin Wiki:

How to buy bitcoins worldwide
Buying Reddit Gold with bitcoin

Will I earn money by mining bitcoin?

Security guide for beginners - (WIP)

Community guidelines

Do not use URL shortening services: always submit the real link. Begging/asking for bitcoins is absolutely not allowed, no matter how badly you need the bitcoins. Only requests for donations to large, recognized charities are allowed, and only if there is good reason to believe that the person...
0 0
10

One of the most complicated aspects of Bitcoin and cryptocurrency security is that of maintaining your wallet security. Sadly, there is a lot of conflicting and non-intuitive information out there and it can be difficult to find information about what to do and how to remain safe.

One way of handling wallet security is through a method called brainwallets. In short, these are wallets that use a memorized word, phrase, or sentence to generate a secure key for an address.

Unfortunately, it’s not as easy as just coming up with a good phrase. To understand why, you need to understand a bit about wallets, addresses, and keys. Don’t worry, it won’t be very complex, and I’ll write a more extensive article later on deeper details.

The first thing you need to know is that a wallet, in cryptocurrency terminology, is more like a collection of addresses than a store of money. It is the addresses that store the coins, not the wallet. The wallet is really little more than a...

0 0
11

Last week I wrote about the rock-solid security of the bitcoin protocol, and how the issue of transaction malleability we’ve heard so much about does not pose an existential (or even a serious) threat to bitcoin. Most exchanges got on top of the problem within just a few days – if they needed to fix anything at all. The problems over at Mt Gox may have been compounded by a hack that exploited this loophole in their implementation of the wallet software, but by all accounts they certainly don’t begin and end there. Whatever’s going on with the world’s first and once largest bitcoin exchange, transaction malleability is the least of their worries right now.

There are, however, more serious threats to bitcoin’s security – and they all come down to human error and human malice. In this article I want to take a look at ‘brain wallets’, and why the immense convenience they offer is very often a major security flaw.

Brainwallets
There is already plenty of bitcoin...

0 0
12

Sorry to necro this incredibly old post, but this is exactly the information I came here seeking.

gimer, or anybody else reading this, could you please elaborate on how to go about accomplishing step 2? it would really help me out a lot.

I realize the security concerns with brainwallets and am content with the system I've established, and am willing to take the risk.

For some reason the idea of just being able to go on the run in a worst case scenario, and have access to my savings anywhere I can download an ubuntu startup disk and generate my keys from memory (it took a REALLY REALLY long time and a lot of effort to memorize a secure phrase) just really, really appeals to me. It's one of the primary reasons I choose to save in crypto, and it's my excuse for not having bought into NEM yet as well, unreasonable as it may seem.

If I can figure out how to do this with monero and decred too, then I'll have all my crypto organized the way I like...

0 0
13

Brainwallets are essentially long, but memorable passwords for a bitcoin wallet. The idea is that the passphrase is not recorded anywhere else, except inside your mind. They were made this way because humans don't remember random strings of numbers and letters very well. So rather than remembering a 51-digit private key that looks like:

5JAHi8Tzy85idBhN2cnhGtHZtSkcE9XTjEKmfsq82ekVSegxKmW

You can instead make up your own passphrase and use a brainwallet generator to turn it into the corresponding 51-digit, 256-bit private key that bitcoin wallets can use.

In this way you are creating your own Bitcoin address by personally choosing your private key, which is the most secure method to generate a bitcoin address. Of course if you aren't careful with the generation process you could make a mistake and have an insecure key, so picking the safest generator is of utmost important.

There a range of choices for software that can generate a private key from...

0 0
14

The blockchain is the underlying technology that enables the bitcoin cryptocurrency to exist. A foundational component of this technology is its complex cryptosystem. The blockchain cryptosystem relies on public key algorithms based on Elliptic Curve and message digest functions like SHA-256 and RIPEMD-160. When you create a bitcoin wallet, under the hood you are creating an Elliptic Curve key pair based on Secp256k1 curves. The key pair has a private key and a public key. The private key is the one you keep secret and allows you to sign transactions. For example, when you send bitcoins to someone, you are signing this transaction with your private key and then you announce it to the network. The miners will pick up your transaction and verify that the transaction signature is valid and broadcast to the network until enough miners have validated the transaction and thus achieving consensus. The checks and balances of the Blockchain ledger are updated and when consensus is achieved,...

0 0
15

IT’S GETTING EASIER to secure your digital privacy. iPhones now encrypt a great deal of personal information; hard drives on Mac and Windows 8.1 computers are now automatically locked down; even Facebook, which made a fortune on open sharing, is providing end-to-end encryption in the chat tool WhatsApp. But none of this technology offers as much protection as you may think if you don’t know how to come up with a good passphrase.

A passphrase is like a password, but longer and more secure. In essence, it’s an encryption key that you memorize. Once you start caring more deeply about your privacy and improving your computer security habits, one of the first roadblocks you’ll run into is having to create a passphrase. You can’t secure much without one.

For example, when you encrypt your hard drive, a USB stick, or a document on your computer, the disk encryption is often only as strong as your passphrase. If you use a password database, or the password-saving feature in...

0 0
16

Forget using your first crush’s name with a few of the 'a's swapped for @ signs, if you really want to keep your information secure, the best way is to come up with a passphrase - a string of several words that are much harder for someone to hack than a simple password.

But the problem with passphrases is that, in order to be able to memorise them, we often end up making them from our favourite literature or TV quotes, which means hackers and their supercomputers can easily guess them. However, technology journalist Micah Lee over at The Intercept has now discovered a far better solution. And all you need is some dice.

The method Lee describes is called the “Diceware” technique, which is based on a 37-page list of words that each correspond to a five-digit number. To come up with your passphrase, all you need to do is roll your dice enough times (depending on how many you're using) to come up with five, completely random numbers. These will tell you the first word of...

0 0
17
Ask for a hint.

If the password has a "hint" option, then ask for a hint to guide you in guessing the password. The hint question can be something like, "What is your mother's maiden name?" or "What is the name of your first pet?" These questions can help narrow down your guessing; though you may not know the name of the person's first pet, you can guess from a number of pet names. Or, if you want to be extra sneaky, you can try to bring up first pets in a conversation with that person.

The hint can narrow down your search quite a bit if you know some personal information about that person. For example, if the question is, "Where were you born?" you may already know the person's birth state -- or even his birth...
0 0
18

It doesn't make sense to try to convert one to the other: the client must use the same encoding as was used when generating the address, or the address won't match. Let's generate a compressed public key: You can see that this matches up to http://brainwallet.org when is clicked. A person can have as many addresses as they'd like. A compressed key is how high up on the U the point is along with a single bit indicating whether it's on the left or right side. Answered by CodesInChaos Compressed keys are the preferred format now. You can also verify http://gobittest.appspot.com/PrivateKey. Using more than one address is said to increase anonymity.

Generating a Bitcoin Address with JavaScript - procbits

Once again, I'm going to defer to the internets and the peeps smarter than me: From: RIPEMD was used because it produces the shortest hashes whose uniqueness is still sufficiently assured. Please enable JavaScript to view the comments powered by Disqus Get...

0 0
19
...
0 0
20

Chapter 3. Protecting Your Bitcoins

Up to this point, we have explored various ways to buy and sell bitcoin using an online exchange and wallet. Online wallets offer an easy-to-use system for storing bitcoins. However, the real purpose of Bitcoin is to ensure an individual's ability to store and protect his/her own money.

In this chapter, we will explore ways to safely hold your own bitcoin. We will cover the following topics:

· Storing your bitcoins

· Working with brainwallet

· Understanding deterministic wallets

· Storing Bitcoins in cold storage

· Good housekeeping with Bitcoin

Storing your bitcoins

The banking system has a legacy of offering various financial services to its customers. They offer convenient ways to spend money, such as cheques and credit cards, but the storage of money is their base service.

For many centuries, banks have been a safe place to keep money. Customers rely on the...

0 0