I wonder what the best convention for generating secure brainwallets is. They seem much more prone to dictionary attacks if you're not careful. Is inventing words and nonsensical phrases the norm?
Well, for one thing, don't use just one round of SHA-256. Or more generally: don't use the same algorithm as everyone else. Chain together different hash functions, and/or run them more than once.
Use it to generate the one password that you use for unlocking your password manager, where all of your randomly generated passwords are kept.
Since most people don't do that, this post makes me think that my idle CloudCracker cycles spent mining BTC would actually be better spent mining brainwallets. =)
It's like a nano X Prize, seemingly aimed against pass phrases.
Bitcoin wallet hacking is a really fun test case, because it begs people to acknowledge the opportunity costs involved in cracking. Cracking a wallet password can always be baselined against mining.
Cracks should happen whenever:
operations_per_password / wallet_size < operations_per_coin
(You can increase security either by growing your passwords or shrinking your wallets. There's some ideal inflection point in there somewhere...)
There are opportunity costs to cracking passwords in all other scenarios too, they're just harder to observe. ie, whenever it's cheaper to bribe one of your employees than crack their password, then, congrats, your passwords are officially "secure" (even if your business isn't).
Why Nvidia (CUDA)? It it the only hardware you have access to?
If you have access to AMD graphics cards, you should have written your code in OpenCL to target this hardware. Nvidia cards are a lot slower per $ and per Watt than AMD ones when running SHA256/RIPEMD160/ECDSA. That is why vanitygen was done in OpenCL.
Since the last half of the password is partially determined by the first half, this doesn't add much additional entropy (an attacker only has to guess your phrase, and which options you've selected).
In practice this may help in a security through obscurity way, but now your method is public.
This may work better for me since I've used phrases from out-of-print books and some are latinized phrases in Sinhalese. I prefer to use random passwords that I can add to a master file that's PGP encrypted, but in the absence of that, I can tailor this to a site and add character rotation.
If you follow best practice and generate a new address for each tranaction, brainwallets don't scale. At least not until https://en.bitcoin.it/wiki/BIP_0032 is implemented.
One bitcoin is a lot of money (about $40). He created five wallets, so he's giving away $200. That's not a trivial amount of money for such a test.
There are many ways such little cash bonuses can be left 'in the blockchain' for people to discover. Imagine a video/podcast which offers various obscured glimpses of a private key's QR code... the first viewer to freeze-frame and stitch-together collects the prize.
Or imagine any other riddles/puzzles with a solution space resistant to brute-force search. The prize for the first solver can be left in the blockchain, with a private key derived from the solution.
After 'easter eggs' (in real life or software), these could be called 'eggcoins'. (I find a prior use of that term related to a geocached souvenir coin.)
32 comments
[ 5.1 ms ] story [ 216 ms ] threadThis too: "The fourth address was robbed in 7 hours"..."I did not tell anyone about my test"! LOL, nuts.
[0]: http://point-at-infinity.org/ssss/
https://github.com/willwharton/pybrainwallet
Yep, I posted in the wrong thread, I apologize.
http://world.std.com/~reinhold/diceware.html
Use it to generate the one password that you use for unlocking your password manager, where all of your randomly generated passwords are kept.
Since most people don't do that, this post makes me think that my idle CloudCracker cycles spent mining BTC would actually be better spent mining brainwallets. =)
Bitcoin wallet hacking is a really fun test case, because it begs people to acknowledge the opportunity costs involved in cracking. Cracking a wallet password can always be baselined against mining.
Cracks should happen whenever: operations_per_password / wallet_size < operations_per_coin
(You can increase security either by growing your passwords or shrinking your wallets. There's some ideal inflection point in there somewhere...)
There are opportunity costs to cracking passwords in all other scenarios too, they're just harder to observe. ie, whenever it's cheaper to bribe one of your employees than crack their password, then, congrats, your passwords are officially "secure" (even if your business isn't).
Currently I'm porting SHA256, RIPEMD160, and ECDSA key pair generation to CUDA. ECDSA is giving me some trouble though...
If you have access to AMD graphics cards, you should have written your code in OpenCL to target this hardware. Nvidia cards are a lot slower per $ and per Watt than AMD ones when running SHA256/RIPEMD160/ECDSA. That is why vanitygen was done in OpenCL.
Yep. Also, learning CUDA would be a benefit for my graduate research, so it's not a complete loss :)
http://eksith.com/experiments/passwordencoder/
Basically takes the first letter of every word in your sentence and adds its position in the alphabet (plus rotate if you like).
If the sentence you choose is sufficiently unique, the password will also be harder to crack.
In practice this may help in a security through obscurity way, but now your method is public.
This may work better for me since I've used phrases from out-of-print books and some are latinized phrases in Sinhalese. I prefer to use random passwords that I can add to a master file that's PGP encrypted, but in the absence of that, I can tailor this to a site and add character rotation.
One bitcoin is a lot of money (about $40). He created five wallets, so he's giving away $200. That's not a trivial amount of money for such a test.
It's perfectly acceptable to use only one address if you don't care much about anonymity.
Or imagine any other riddles/puzzles with a solution space resistant to brute-force search. The prize for the first solver can be left in the blockchain, with a private key derived from the solution.
After 'easter eggs' (in real life or software), these could be called 'eggcoins'. (I find a prior use of that term related to a geocached souvenir coin.)
3 out of 5 remain to be found :)
So, everyone with bitcoins is always running this contest?