The Canary - Burst Early Warning System
-
@gpedro just 6 threads
each thread make 271*1626 combinations
-
@Blago Oh then with your software and the @haitch 20 thread monster it would make bruteforce pretty fast...
0faucet.burstcoin.pt | burstcoin.pt | I just help for pleasure but if you want donate some coins: BURST-JYHR-SPXP-YT22-5F4KM
one_reply_to_this_post
-
@gpedro It's actually 20 cores/40 threads :) And yes it would be amazingly fast, makes the 4 and 5 accounts potentially crackable.
-
@haitch 40threads should make 2 words passphrase be cracked in around 22.5 seconds so i think it already makes more than 4 or 5 words crackable...
0faucet.burstcoin.pt | burstcoin.pt | I just help for pleasure but if you want donate some coins: BURST-JYHR-SPXP-YT22-5F4KM
one_reply_to_this_post
-
@gpedro Remember that on average each successive word adds 1626 times the difficulty of the previous phrase. 22.5 Seconds for 2 words implies around 10.2 hours for the 3 word, 688 days for the 4 word, and 3,067 years for the 5 word.
Edit: Blago sent me a 36 thread version of the 3 word pass cracker - running it on PennyWise now. CPU Usage is at 118% ;-)
-
@haitch 150 CPU Hours elapsed and still going ......
Edit: And then my damn server rebooted itself - restarting .... :(
-
@haitch Now at 220 CPU Hours ...... It's had the CPU's kicked into Turbo Mode for hours ,,,,, 118% Utilization.
-
This is great, I got into this exact debate with a friend of mine when I was concerned with the predictability of the cloud hosted wallets which leverage 12 word seed phrases like Electrum and Jaxx. I think the one issue everyone is missing with the dictionary concept. Yes, your wallets are "safe" when it's just your wallets, but what if the attacker(s) wait for 10 million users to leverage that dictionary and just randomly fire out combinations. Would they not be able to randomly hit wallets much faster than the predicted brute force time for one single wallet?
-
yes geting a Hit on a random wallet would be faster than targeting a single wallet, however you will need to get into the details with somone who knows more than i do on the specific's. i do know that most people that have been involved with Burst for any lenght of time do not infact use a generated wallet from the set dictionary simple because it is a known source that uses pure length of phrase for security witch yes puts a big damper on brute force but also provides a perfect starting place for somone wanting to run a lottery wallet cracker . for myself i generate a random pass phrase then i modify it by adding in Cap's, #s, and symbols in various places witch makes it even longer at the same time removing it from the known word list wile at the same time keeping the randomness from the generated phrase. even adding a single digit will get you out of that known list.
-
@ctt Bruteforcing will find insecure accounts - I've had one compromised and the funds stolen - but for a system generated 12 word passphrase - it'll take longer than the Universe has existed to brute force it. Substitute or add numerals or symbols into the pass phrase, even 1 digit will make it more than 10x harder to crack it.
The default passphrase generator will create a pass phrase that's probably secure for the next 20 generations of humanity.
-
@ctt said in The Canary - Burst Early Warning System:
Would they not be able to randomly hit wallets much faster than the predicted brute force time for one single wallet?
i tested 7 days randomly cracking (10 random + 2 bruteforce) = no one positive results
[23:09:01] fist blend pride eye hair destroy mist loud hollow group *** *** [03:54:48] manage final lonely said chest twenty rip upset salt bit *** *** [08:38:38] gay flow whatever candle painful came gone soft beaten both *** *** [13:32:23] princess nothing sunset cookie weakness conversation plastic cigarette perfection matter *** *** [18:28:20] stain key crime lady completely monkey salt consider huge first *** *** [23:04:08] funny grand clean repeat free branch happen appreciate song air *** *** [03:40:32] pull watch page fairy least class juice metal hey end *** *** [08:17:57] softly ashamed worship death empty moment violence claim thigh grow *** *** [13:18:38] music knee unseen hospital spiral fresh other tuck crime heaven *** *** [18:00:03] came too foul acid jaw reach bang dull dread together *** *** [22:56:27] shout remain mess written cheese hit talent click blank tumble *** *** [03:29:13] commit began play brave bloom object catch floor weird salty *** *** [08:00:04] admire bathroom frown respect shade walk beaten dust murder plate *** *** [12:27:00] purple grief moon health comfort probably dumb random bottle brown *** *** [16:50:58] exist paper princess draw stupid said warn mold accept drop *** *** [18:45:27] rub yearn raw dull ocean cell piece pull some inner *** *** [23:34:54] soft sink mirror bench draw special boyfriend past stare blame *** *** [04:21:05] wonderful thorn write talent garden knock battle pull rich disguise *** *** [09:02:12] chair branch deeply worst surround dwell footstep price volume prefer *** *** [13:27:24] please ache glove beyond bought future anywhere bounce able sadness *** *** [17:48:24] regret mine bloody swirl regret settle prefer idea kid deserve *** *** [22:11:53] desperate duck great shame eternal slap dad bread illuminate new *** *** [02:49:56] strong diamond slowly smooth melt save drive sane college grey *** *** [07:24:54] alter probably example control rainbow difference sat again said offer *** *** [12:06:07] regret husband tightly thigh precious among twenty dove candle piece *** *** [16:33:46] accept explode blonde sea pity steel driver sob frown force *** *** [21:08:13] swim purpose swirl blow gasp nearly object loud invite cry *** *** [01:35:18] destination gift tongue prefer gaze once feed twenty scary danger *** *** [05:57:14] bare smile rhyme ocean measure please honest rise deeply limb *** *** [10:24:08] class meet angel glory class spill tuck remember dinner still *** *** [14:56:52] sentence open truly quick run instead fill warm sting speed *** *** [19:27:18] create nightmare capture everybody apart entire fan emotion forever innocent *** *** [23:57:19] patience help rich buy princess silence yard after cheap best *** *** [04:21:56] mostly rabbit queen shook carve never somebody peaceful scar table *** *** [08:52:42] double crawl some myself soul forever explore close stomach surface *** *** [13:17:58] driver middle puzzle heartbeat edge consider half trust slightly admit *** *** [17:40:12] ask discover describe velvet confidence treat shy baby silly plain *** *** [22:04:44] glove snap body orange enough lick born break frozen fold *** *** [02:43:15] however bullet watch paradise deadly really pray grin birthday war *** *** [07:15:37] time harsh machine matter dark yesterday existence pants check ripple *** *** [11:53:45] exactly center moment alter ground tremble cause sting around voice *** *** [16:29:11] mirror angel student save forgive taste boyfriend able waste spin *** *** [07:01:29] compare separate pause battle smooth reflect confusion stun somebody circle *** *** [11:28:28] choice win wound suit compare powerful trip focus better poetry *** *** [15:53:49] sanctuary alive scatter pleasure planet struggle shadow after button whisper *** ***
-
@ctt @Gibsalot Even if Burst would be used by 3 billion people / accounts this wouldn't mean a bruteforce attempt will be randomly successful at some point. The possible combination of the 12 words is a very large number (see wikipedia) which are difficult for us to imagine. On the other hand million and billion are not very large numbers (in math).
It's like comparing the distance to the moon (possible combinations) with length of a helping ladder (3 billion accounts). You won't reach it the moon suddenly with your hand. ;)
After crunching the numbers of my moon vs ladder example -> It is wrong by six magnitudes.
So your ladder (3 billion accounts) is not 10 meter high. It is 0,00001 m high.
2"Now everybody can see that da wallet is empty, empty." ->
The Burst Foundation: BURST-7BXU-TTFG-Z2JF-8QUZP (Development Fund)
2 Replies
-
@haitch Now at 615 CPU Hours ......
-
@daWallet
(2 words) after some optimizations - 53 sec.
[13:42:43] Start BURST-ADFP-EN99-24FD-44QA7
[13:43:36] precious fault6 threads, avg speed - ~8011 combinations/sec
-
@haitch Now 736 CPU hours. My single threaded cracker ran for around 648 hours - so surprised the multithreaded approach take more hours, albeit in a lot less real time. My single threaded app ran for around 26 days to get to 648 CPU Hours. Blago's cracker has been running for less than 1 day, and has more hours.
-
@haitch Just passed 1,000 CPU hours ......
-
When @daWallet says the 12 word phrase is "a very large number:"; that number is 341,54,387,00,281,734,278,1797,097,590,636,000. Brute forcing that passphrase will, on average, take longer than the universe has existed - billions of billions of years. 5 Words is over 3,000 years, each additional word make it 1,626 time harder. Replacing or adding a numeral or symbol makes it virtually impossible.
-
@haitch just went past 1,780 CPU hours .....
-
@haitch just went past 2,500 CPU hours - going to give it another day to solve it, then will have to kill it, as it's impacting my plotting and mining.
-
3 words, 6 threads,
53 hrs gone, 32% complete (1'393'000'000 combinations done) of all combinations (1626^3)... still waiting99 hrs gone, 50% complete (2'149'500'000 combinations). Combination not found.
Interrupted, need restart computer
