
Contest: Hack my bitcoins and keep them - shared4you
http://linja-aho.blogspot.com/2013/03/small-contest-hack-my-bitcoins-and-keep.html
======
brownbat
It's like a nano X Prize, seemingly aimed against pass phrases.

Bitcoin wallet hacking is a really fun test case, because it begs people to
acknowledge the opportunity costs involved in cracking. Cracking a wallet
password can always be baselined against mining.

Cracks should happen whenever: operations_per_password / wallet_size <
operations_per_coin

(You can increase security either by growing your passwords or shrinking your
wallets. There's some ideal inflection point in there somewhere...)

There are opportunity costs to cracking passwords in all other scenarios too,
they're just harder to observe. ie, whenever it's cheaper to bribe one of your
employees than crack their password, then, congrats, your passwords are
officially "secure" (even if your business isn't).

~~~
linhares
this is not cracking, the guy has brainwallets and told all the clues to get
into to them.

------
moxie
For generating memorable passphrases with high entropy, I like the "diceware"
system:

<http://world.std.com/~reinhold/diceware.html>

Use it to generate the one password that you use for unlocking your password
manager, where all of your randomly generated passwords are kept.

Since most people don't do that, this post makes me think that my idle
CloudCracker cycles spent mining BTC would actually be better spent mining
brainwallets. =)

~~~
funkdobiest
I thought you meant Andrew "Dice" Clay so that it makes a phrase like Hickory
Dickory Dock...

------
gojomo
There are many ways such little cash bonuses can be left 'in the blockchain'
for people to discover. Imagine a video/podcast which offers various obscured
glimpses of a private key's QR code... the first viewer to freeze-frame and
stitch-together collects the prize.

Or imagine any other riddles/puzzles with a solution space resistant to brute-
force search. The prize for the first solver can be left in the blockchain,
with a private key derived from the solution.

After 'easter eggs' (in real life or software), these could be called
'eggcoins'. (I find a prior use of that term related to a geocached souvenir
coin.)

------
graemeism
Fantastic idea actually. Comments on this page are fascinating.

This too: "The fourth address was robbed in 7 hours"..."I did not tell anyone
about my test"! LOL, nuts.

~~~
arkitaip
Basically people scan brainwallets for weak passwords. Kinda obvious but still
food for thought.

~~~
smokeyj
I wonder what the best convention for generating secure brainwallets is. They
seem much more prone to dictionary attacks if you're not careful. Is inventing
words and nonsensical phrases the norm?

~~~
nwh
Using a brain wallet in any form is reckless. You're better off storing your
private key on paper or using SSSS[0].

[0]: <http://point-at-infinity.org/ssss/>

------
Xcelerate
Dang it, I was hoping this didn't make it on HN :) I've been working on this
for a few days!

Currently I'm porting SHA256, RIPEMD160, and ECDSA key pair generation to
CUDA. ECDSA is giving me some trouble though...

~~~
mrb
Why Nvidia (CUDA)? It it the only hardware you have access to?

If you have access to AMD graphics cards, you should have written your code in
OpenCL to target this hardware. Nvidia cards are a lot slower per $ and per
Watt than AMD ones when running SHA256/RIPEMD160/ECDSA. That is why vanitygen
was done in OpenCL.

~~~
Xcelerate
> Why Nvidia (CUDA)? It it the only hardware you have access to?

Yep. Also, learning CUDA would be a benefit for my graduate research, so it's
not a complete loss :)

------
wereHamster
If you follow best practice and generate a new address for each tranaction,
brainwallets don't scale. At least not until
<https://en.bitcoin.it/wiki/BIP_0032> is implemented.

One bitcoin is a lot of money (about $40). He created five wallets, so he's
giving away $200. That's not a trivial amount of money for such a test.

~~~
joelthelion
It's not a "best practice", it's only something you should to if you want to
remain as anonymous as possible.

It's perfectly acceptable to use only one address if you don't care much about
anonymity.

------
mrb
One more private address was just brute-forced, and coins were moved:
[https://blockchain.info/address/1ECM1W1ZWtWDvTm3yWYWJA9mKn4D...](https://blockchain.info/address/1ECM1W1ZWtWDvTm3yWYWJA9mKn4Dwaaz1o)

3 out of 5 remain to be found :)

------
w-ll
I actually modified a Bitcoin address tool to generate brain wallets in python
specifically for brute forcing week brains.

<https://github.com/willwharton/pybrainwallet>

------
jcoder
"Hack my bitcoins and keep them"

So, everyone with bitcoins is always running this contest?

------
eksith
If you'd like to use a mnemonic (a nice long sentence) but need some extra
gibberish to prevent it being easily guessed, you can try this :

<http://eksith.com/experiments/passwordencoder/>

Basically takes the first letter of every word in your sentence and adds its
position in the alphabet (plus rotate if you like).

If the sentence you choose is sufficiently unique, the password will also be
harder to crack.

~~~
beala
Since the last half of the password is partially determined by the first half,
this doesn't add much additional entropy (an attacker only has to guess your
phrase, and which options you've selected).

In practice this may help in a security through obscurity way, but now your
method is public.

~~~
eksith
It's been public since 2008 :)

This may work better for me since I've used phrases from out-of-print books
and some are latinized phrases in Sinhalese. I prefer to use random passwords
that I can add to a master file that's PGP encrypted, but in the absence of
that, I can tailor this to a site and add character rotation.

~~~
cbr

        phrases from out-of-print books
    

Less secure now that there's massive book scanning going on.

------
shared4you
FINAL ANSWER: [http://linja-aho.blogspot.fi/2013/03/bitcoin-brain-wallet-
cr...](http://linja-aho.blogspot.fi/2013/03/bitcoin-brain-wallet-cracking-
contest.html)

------
zobzu
openssl rand -base64 50 ;-)

