The Canary - Burst Early Warning System
I am sure that any standard Wallet phase is secure. I think the "problem" is just a psychological one that people see that it is constructed from a known dictionary of words with spaces between, and because of that you can do what is being done here to crack it.
I suspect that if the Passphrase generator inserted just a single random set of characters of a random length at a random place into the phase it would then be much stronger both in reality and in peoples minds?
I wonder how long it would take to crack a two "word" Passphrase if the words were random characters and of a random length between 8 and 16 characters?
@haitch what did you do with the Burst in the Wallets?
@RichBC Nothing, the wallets had already been emptied by the Burst4All mining account
- JS no limit for the string length (as long as it fits into memory)
- How browsers handle request-string: Chrome 40 (Desktop), Chrome 40 (Android 5.1), Firefox 36, Opera 27, and IE9+ can deal with a property name of up to 2^27 characters
The maximum length of JSON strings. The default is 2097152 characters, which is equivalent to 4 MB of Unicode string data.
@Blago that's cool. But for some reason it does not work for me. I don't know if it has to do with the lenght of the string (from what you say it doesn't seem to) or with the use of special characters :/
@vExact special characters must be convert to string like %10%11%12
also "space" = %20
again no network calls or submissions only browser memory and local processor.
code tested on chromium Version 56.0.2924.87 (64-bit)
@damncourier :) ~2 days (176/sec if window active and 75 if not)
@Blago glad to know it works for you and someone else is running it.
thanks for the speed report.
have you tried unchecking "show phrase" to avoid the overhead changing the text box value so often? it is less entertaining to watch but speeds things up a bit for me, which brings the rate on my (10 year old) laptop to a blazing 67/sec.
@damncourier testing it out, i get 174 sec .. but it seems to only use 1 CPU thread as i currently have 4 windows open with one working on each of the 3 , 4 , 5 , 6 word phrases and each is running at 174 sec no speed change with more or less
@Gibsalot yeah no attempt at multi-threading or asynchronous calls for key testing, was trying something simple to run in background that won't eat the machine. clever to use 4 windows though.
interesting that 175/sec seems the max. beyond the show phrase, the delay can be set to 0, the extra millisecond doesn't help my rate though.
This post is deleted!
ok, i'd make some software and test it:
bruteforce 1 of 12 words - 9 seconds
2 of 12 words - 4 hrs 27 mins
3 of 12 words ~ 301 days
4 of 12 words .....1341 years
max speed ~180 iterations/sec
accountID calculated by soft from passphrase
hmm... i saw this part of passphrase "lonely funny women ready bleed ......."
Blago humor. XD
Gay also means весёлый or дово́льный and comes right after "football" in the word list.
@Blago How can something like burst client even be bruteforced because when you enter a password and it doesn't recognize it to an account, it makes a new account?
@mathew but that new account is only activated with an outgoing transaction... Also it's not needed to enter in an account to bruteforce, it can just use the API, what i am pretty sure that is what all this bruteforces system are doing... ;D