ryanatdistrust
No user record in our sample, but ryanatdistrust has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
No user record in our sample, but ryanatdistrust has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
[flagged]
Nanoseconds since epoch, which means eventually it does loop around, so at the very least it's not possible to generate a specific wallet by knowing when it was first used.
That is correct, time is the only entropy for the command, and the function they use to generate random numbers is also flawed in that it can only produce 2^32 possible outputs.
As discussed elsethread, it used the lower bits of the time value, so while there is is a fraction of the 2^32 space due to precision loss in the OS time calculations, it is not as simple as "between when this software…
2^32 is still incredibly small for crypto and is inexcusable.
As long as people can write code, bugs will exist.
My numbers are very rough estimates and not good enough to do work on. More accurate information may be made public later.
I was not involved in that specific aspect, so I can't provide accurate information. We may release more information later in the future.
It looks neat, I'll pass this along to the team and take a deeper look at it later.
That is correct, you still have 2^32 permutations of possible values.
We used the broken algorithm from `bx` in a custom Rust program to brute force this.
we had so much fun trying to figure out the icon!
It actually uses the most precise 32 bits of the date, so it's any, like, nanosecond between 0 and some other small amount of seconds. You can't brute force a wallet by knowing approximately when it was made, but you…
The difference between 32 bits and 64 bits is the amount of people on Earth compared to (EDIT) the amount of grains of sand on Earth. 32 bits is nothing when it comes to entropy, and it can take a security researcher…
To verify, this is something anyone can attack, as was proven by our brute force lookup service: https://lookup.milksad.info.