The Canary - Burst Early Warning System


  • admin

    @RichBC Nothing, the wallets had already been emptied by the Burst4All mining account


  • Mod

    @vExact

    1. JS no limit for the string length (as long as it fits into memory)
    2. How browsers handle request-string: Chrome 40 (Desktop), Chrome 40 (Android 5.1), Firefox 36, Opera 27, and IE9+ can deal with a property name of up to 2^27 characters
    3. JavaScriptSerializer.MaxJsonLength Property.
      The maximum length of JSON strings. The default is 2097152 characters, which is equivalent to 4 MB of Unicode string data.


  • @Blago that's cool. But for some reason it does not work for me. I don't know if it has to do with the lenght of the string (from what you say it doesn't seem to) or with the use of special characters :/


  • Mod

    @vExact special characters must be convert to string like %10%11%12
    also "space" = %20



  • https://jsfiddle.net/damncourier/4oxk66w4/12/

    in order to make this challenge more accessible, i wrote some javascript that can be run in browser (without network or local wallet) to generate passwords (with correct word count) and compare the public key for the above accounts.

    random passwords generated with code modified (for word count only) from wallet, public keys generated using javascript crypto libraries available on CDNs (same hash and key pair specs but not exact same libraries as the wallet). i have only brute forced the single word account but tested other public keys versus wallet.

    again no network calls or submissions only browser memory and local processor.

    code tested on chromium Version 56.0.2924.87 (64-bit)


  • Mod

    @damncourier :) ~2 days (176/sec if window active and 75 if not)

    0_1492663665673_11.JPG



  • @Blago glad to know it works for you and someone else is running it.

    thanks for the speed report.
    have you tried unchecking "show phrase" to avoid the overhead changing the text box value so often? it is less entertaining to watch but speeds things up a bit for me, which brings the rate on my (10 year old) laptop to a blazing 67/sec.



  • @damncourier testing it out, i get 174 sec .. but it seems to only use 1 CPU thread as i currently have 4 windows open with one working on each of the 3 , 4 , 5 , 6 word phrases and each is running at 174 sec no speed change with more or less



  • @Gibsalot yeah no attempt at multi-threading or asynchronous calls for key testing, was trying something simple to run in background that won't eat the machine. clever to use 4 windows though.

    interesting that 175/sec seems the max. beyond the show phrase, the delay can be set to 0, the extra millisecond doesn't help my rate though.



  • This post is deleted!

  • Mod

    ok, i'd make some software and test it:
    bruteforce 1 of 12 words - 9 seconds
    2 of 12 words - 4 hrs 27 mins
    3 of 12 words ~ 301 days
    4 of 12 words .....1341 years

    max speed ~180 iterations/sec

    accountID calculated by soft from passphrase

    Edit: For more security, I suggest change the words in the list of wallet in every new release.
    Please, change word "gay" )))
    @luxe @haitch @dawallet

    hmm... i saw this part of passphrase "lonely funny women ready bleed ......."


  • admin

    @Blago
    Blago humor. XD
    Gay also means весёлый or дово́льный and comes right after "football" in the word list.



  • @Blago How can something like burst client even be bruteforced because when you enter a password and it doesn't recognize it to an account, it makes a new account?



  • @mathew but that new account is only activated with an outgoing transaction... Also it's not needed to enter in an account to bruteforce, it can just use the API, what i am pretty sure that is what all this bruteforces system are doing... ;D


Log in to reply
 

Looks like your connection to Burst - Efficient HDD Mining was lost, please wait while we try to reconnect.