The Canary - Burst Early Warning System
-
ok, i'd make some software and test it:
bruteforce 1 of 12 words - 9 seconds
2 of 12 words - 4 hrs 27 mins
3 of 12 words ~ 301 days
4 of 12 words .....1341 yearsmax speed ~180 iterations/sec
accountID calculated by soft from passphrase
Edit: For more security, I suggest change the words in the list of wallet in every new release.
Please, change word "gay" )))
@luxe @haitch @dawallethmm... i saw this part of passphrase "lonely funny women ready bleed ......."
-
@Blago
Blago humor. XD
Gay also means весёлый or дово́льный and comes right after "football" in the word list.
-
@Blago How can something like burst client even be bruteforced because when you enter a password and it doesn't recognize it to an account, it makes a new account?
-
@mathew but that new account is only activated with an outgoing transaction... Also it's not needed to enter in an account to bruteforce, it can just use the API, what i am pretty sure that is what all this bruteforces system are doing... ;D
-
@haitch 827,704,384 3 words passphrases tested and still churning away .....
-
@haitch wow... I haven't seen this coming: the 3 words passphrase not being cracked in almost a month.
Seems like this little canary bird will be around for a long, looong time. The bounties getting more attractive as time passes.
-
@daWallet I just cracked it :) Took testing around 1.2 Billion passphrases.
Here's me sending 1 Burst to my account: http://burstcoin.biz/address/13349019730708354187
-
@haitch I'm going to re-write the cracking app to make it multi threaded, but don't expect it will find the phrase in any reasonable period. 3 words took over a month, 4 words would therefore be about 135 years. With the multithreaded approach, running it on Pennywise, I might be able to get it down to 4 years - at the cost of running 20 Cores @ 100% for all that time.
-
@haitch LOL that looks too much time xD
Maybe you can send the remaining 998 burst to the 4 words passphrase account, if you don't want them... Or maybe my account could also be a good suggestion hehehehe ;P
JK xD
-
@gpedro LOL. Nope, I'll leave them there as a reward for anyone else who can crack the phrase. Just wanted the 1 to prove I had access to the account.
-
@haitch said in The Canary - Burst Early Warning System:
@haitch I'm going to re-write the cracking app to make it multi threaded, but don't expect it will find the phrase in any reasonable period. 3 words took over a month, 4 words would therefore be about 135 years. With the multithreaded approach, running it on Pennywise, I might be able to get it down to 4 years - at the cost of running 20 Cores @ 100% for all that time.
Satoshi was fu#$ right from the beginning :) Its just better to use those resources and mint the coins by joining the network instead. Genius!
-
@haitch said in The Canary - Burst Early Warning System:
@haitch I'm going to re-write the cracking app to make it multi threaded, but don't expect it will find the phrase in any reasonable period. 3 words took over a month, 4 words would therefore be about 135 years. With the multithreaded approach, running it on Pennywise, I might be able to get it down to 4 years - at the cost of running 20 Cores @ 100% for all that time.
It seems the wallet can't keep up with the multiple threads - all but one of the threads was getting hung up. I put in a delay to each call to the wallet, fixes the overloading issue but turns out to be slower than the single threaded version.
Going to have to see if I can incorporate the passphrase -> address in my code and avoid the call to the wallet.
-
little update:
1 Word BURST-GMVF-Z5L4-LGWZ-8BW6W (entropy of 10.66 bits) time till cracked: 6 secondsi'm start to crack for 2 words :)
(used cracking app w/o any requests to the wallet)
-
@haitch just use code (alter it to whatever language your beat with as principle should be the same no matter language) from the part that converts passphrase into address ;)
-
@Blago hmm 6 seconds to find one word from word list? I thought it would take much less time to cycle throu the list o_O
-
@LithStud The wallet uses a library to encode it - byte[] s = Crypto.sha256().digest(Convert.toBytes(secretPhrase));
I'm trying to find an equivalent library for FreePascal.
And yes, the one word can be faster - mine doing calls to the wallet does it in 1 second, the two word has been running for 23 minutes, the three word took around 27 days.
Edit: Two word just completed: 1690 seconds.
for those wondering, the one word phrase is "princess", the two word is "precious fault". Not going to revel the three word one, there are still funds in there.
-
@LithStud
yes, but need also make SHA-256(curve25519(SHA-256(pass)))~1626 words / 8.5 sec
-
@haitch not familiar with freepascal so cant help there. Some languages have integrated crypto functions.
@Blago ahh that explains it.
-
@haitch said in The Canary - Burst Early Warning System:
Edit: Two word just completed: 1690 seconds.
how much words per seconds (speed) your CPU shows?
I'm waiting >1 hrs for end :)
-
@Blago 1,395,756 combinations to find it, so at 1690 seconds: 825 phrases/sec
Edit: I think that might be near the limit for the wallet - creating an 8 thread app doing the same brute forcing, but starting with the 1626 words divided into 8 different starting points for the first word for each thread, I had all sorts of problems. The app would crash, or all but one thread would get hung up.
Edit 2: LOL - I reformatted some of the code to make it more efficient, and then re-cracked the 2 word phrase. My more efficient code took 6 seconds LONGER than the original code.



