The Canary - Burst Early Warning System



  • @daWallet I created a new account with a rather long passphrasse (>2800 characters inclusing spaces). And I noticed that the encryption tool of the client doesn't handle it properly, so that when it gets loaded it changes the original passphrase. Is there a limit of characters that can be handled?



  • @vExact I have no idea but this may be this seedLimit: 512, Someone to confirm it



  • I am sure that any standard Wallet phase is secure. I think the "problem" is just a psychological one that people see that it is constructed from a known dictionary of words with spaces between, and because of that you can do what is being done here to crack it.

    I suspect that if the Passphrase generator inserted just a single random set of characters of a random length at a random place into the phase it would then be much stronger both in reality and in peoples minds?

    I wonder how long it would take to crack a two "word" Passphrase if the words were random characters and of a random length between 8 and 16 characters?

    @haitch what did you do with the Burst in the Wallets?

    Rich


  • admin

    @RichBC Nothing, the wallets had already been emptied by the Burst4All mining account


  • Mod

    @vExact

    1. JS no limit for the string length (as long as it fits into memory)
    2. How browsers handle request-string: Chrome 40 (Desktop), Chrome 40 (Android 5.1), Firefox 36, Opera 27, and IE9+ can deal with a property name of up to 2^27 characters
    3. JavaScriptSerializer.MaxJsonLength Property.
      The maximum length of JSON strings. The default is 2097152 characters, which is equivalent to 4 MB of Unicode string data.


  • @Blago that's cool. But for some reason it does not work for me. I don't know if it has to do with the lenght of the string (from what you say it doesn't seem to) or with the use of special characters :/


  • Mod

    @vExact special characters must be convert to string like %10%11%12
    also "space" = %20



  • https://jsfiddle.net/damncourier/4oxk66w4/12/

    in order to make this challenge more accessible, i wrote some javascript that can be run in browser (without network or local wallet) to generate passwords (with correct word count) and compare the public key for the above accounts.

    random passwords generated with code modified (for word count only) from wallet, public keys generated using javascript crypto libraries available on CDNs (same hash and key pair specs but not exact same libraries as the wallet). i have only brute forced the single word account but tested other public keys versus wallet.

    again no network calls or submissions only browser memory and local processor.

    code tested on chromium Version 56.0.2924.87 (64-bit)


  • Mod

    @damncourier :) ~2 days (176/sec if window active and 75 if not)

    0_1492663665673_11.JPG



  • @Blago glad to know it works for you and someone else is running it.

    thanks for the speed report.
    have you tried unchecking "show phrase" to avoid the overhead changing the text box value so often? it is less entertaining to watch but speeds things up a bit for me, which brings the rate on my (10 year old) laptop to a blazing 67/sec.



  • @damncourier testing it out, i get 174 sec .. but it seems to only use 1 CPU thread as i currently have 4 windows open with one working on each of the 3 , 4 , 5 , 6 word phrases and each is running at 174 sec no speed change with more or less



  • @Gibsalot yeah no attempt at multi-threading or asynchronous calls for key testing, was trying something simple to run in background that won't eat the machine. clever to use 4 windows though.

    interesting that 175/sec seems the max. beyond the show phrase, the delay can be set to 0, the extra millisecond doesn't help my rate though.



  • This post is deleted!

Log in to reply
 

Looks like your connection to Burst - Efficient HDD Mining was lost, please wait while we try to reconnect.