The Canary - Burst Early Warning System

Gibsalot

yes geting a Hit on a random wallet would be faster than targeting a single wallet, however you will need to get into the details with somone who knows more than i do on the specific's. i do know that most people that have been involved with Burst for any lenght of time do not infact use a generated wallet from the set dictionary simple because it is a known source that uses pure length of phrase for security witch yes puts a big damper on brute force but also provides a perfect starting place for somone wanting to run a lottery wallet cracker . for myself i generate a random pass phrase then i modify it by adding in Cap's, #s, and symbols in various places witch makes it even longer at the same time removing it from the known word list wile at the same time keeping the randomness from the generated phrase. even adding a single digit will get you out of that known list.

haitch

@ctt Bruteforcing will find insecure accounts - I've had one compromised and the funds stolen - but for a system generated 12 word passphrase - it'll take longer than the Universe has existed to brute force it. Substitute or add numerals or symbols into the pass phrase, even 1 digit will make it more than 10x harder to crack it.

The default passphrase generator will create a pass phrase that's probably secure for the next 20 generations of humanity.

Blago

@ctt said in The Canary - Burst Early Warning System:

Would they not be able to randomly hit wallets much faster than the predicted brute force time for one single wallet?

i tested 7 days randomly cracking (10 random + 2 bruteforce) = no one positive results

[23:09:01] fist blend pride eye hair destroy mist loud hollow group *** ***
[03:54:48] manage final lonely said chest twenty rip upset salt bit *** ***
[08:38:38] gay flow whatever candle painful came gone soft beaten both *** ***
[13:32:23] princess nothing sunset cookie weakness conversation plastic cigarette perfection matter *** ***
[18:28:20] stain key crime lady completely monkey salt consider huge first *** ***
[23:04:08] funny grand clean repeat free branch happen appreciate song air *** ***
[03:40:32] pull watch page fairy least class juice metal hey end *** ***
[08:17:57] softly ashamed worship death empty moment violence claim thigh grow *** ***
[13:18:38] music knee unseen hospital spiral fresh other tuck crime heaven *** ***
[18:00:03] came too foul acid jaw reach bang dull dread together *** ***
[22:56:27] shout remain mess written cheese hit talent click blank tumble *** ***
[03:29:13] commit began play brave bloom object catch floor weird salty *** ***
[08:00:04] admire bathroom frown respect shade walk beaten dust murder plate *** ***
[12:27:00] purple grief moon health comfort probably dumb random bottle brown *** ***
[16:50:58] exist paper princess draw stupid said warn mold accept drop *** ***
[18:45:27] rub yearn raw dull ocean cell piece pull some inner *** ***
[23:34:54] soft sink mirror bench draw special boyfriend past stare blame *** ***
[04:21:05] wonderful thorn write talent garden knock battle pull rich disguise *** ***
[09:02:12] chair branch deeply worst surround dwell footstep price volume prefer *** ***
[13:27:24] please ache glove beyond bought future anywhere bounce able sadness *** ***
[17:48:24] regret mine bloody swirl regret settle prefer idea kid deserve *** ***
[22:11:53] desperate duck great shame eternal slap dad bread illuminate new *** ***
[02:49:56] strong diamond slowly smooth melt save drive sane college grey *** ***
[07:24:54] alter probably example control rainbow difference sat again said offer *** ***
[12:06:07] regret husband tightly thigh precious among twenty dove candle piece *** ***
[16:33:46] accept explode blonde sea pity steel driver sob frown force *** ***
[21:08:13] swim purpose swirl blow gasp nearly object loud invite cry *** ***
[01:35:18] destination gift tongue prefer gaze once feed twenty scary danger *** ***
[05:57:14] bare smile rhyme ocean measure please honest rise deeply limb *** ***
[10:24:08] class meet angel glory class spill tuck remember dinner still *** ***
[14:56:52] sentence open truly quick run instead fill warm sting speed *** ***
[19:27:18] create nightmare capture everybody apart entire fan emotion forever innocent *** ***
[23:57:19] patience help rich buy princess silence yard after cheap best *** ***
[04:21:56] mostly rabbit queen shook carve never somebody peaceful scar table *** ***
[08:52:42] double crawl some myself soul forever explore close stomach surface *** ***
[13:17:58] driver middle puzzle heartbeat edge consider half trust slightly admit *** ***
[17:40:12] ask discover describe velvet confidence treat shy baby silly plain *** ***
[22:04:44] glove snap body orange enough lick born break frozen fold *** ***
[02:43:15] however bullet watch paradise deadly really pray grin birthday war *** ***
[07:15:37] time harsh machine matter dark yesterday existence pants check ripple *** ***
[11:53:45] exactly center moment alter ground tremble cause sting around voice *** ***
[16:29:11] mirror angel student save forgive taste boyfriend able waste spin *** ***
[07:01:29] compare separate pause battle smooth reflect confusion stun somebody circle *** ***
[11:28:28] choice win wound suit compare powerful trip focus better poetry *** ***
[15:53:49] sanctuary alive scatter pleasure planet struggle shadow after button whisper *** ***

daWallet

@ctt @Gibsalot Even if Burst would be used by 3 billion people / accounts this wouldn't mean a bruteforce attempt will be randomly successful at some point. The possible combination of the 12 words is a very large number (see wikipedia) which are difficult for us to imagine. On the other hand million and billion are not very large numbers (in math).

It's like comparing the distance to the moon (possible combinations) with length of a helping ladder (3 billion accounts). You won't reach it the moon suddenly with your hand. ;)

After crunching the numbers of my moon vs ladder example -> It is wrong by six magnitudes.

So your ladder (3 billion accounts) is not 10 meter high. It is 0,00001 m high.

haitch

@haitch Now at 615 CPU Hours ......

Blago

@daWallet
(2 words) after some optimizations - 53 sec.
[13:42:43] Start BURST-ADFP-EN99-24FD-44QA7
[13:43:36] precious fault

6 threads, avg speed - ~8011 combinations/sec

haitch

@haitch Now 736 CPU hours. My single threaded cracker ran for around 648 hours - so surprised the multithreaded approach take more hours, albeit in a lot less real time. My single threaded app ran for around 26 days to get to 648 CPU Hours. Blago's cracker has been running for less than 1 day, and has more hours.

haitch

@haitch Just passed 1,000 CPU hours ......

haitch

When @daWallet says the 12 word phrase is "a very large number:"; that number is 341,54,387,00,281,734,278,1797,097,590,636,000. Brute forcing that passphrase will, on average, take longer than the universe has existed - billions of billions of years. 5 Words is over 3,000 years, each additional word make it 1,626 time harder. Replacing or adding a numeral or symbol makes it virtually impossible.

haitch

@haitch just went past 1,780 CPU hours .....

haitch

@haitch just went past 2,500 CPU hours - going to give it another day to solve it, then will have to kill it, as it's impacting my plotting and mining.

Blago

3 words, 6 threads, 53 hrs gone, 32% complete (1'393'000'000 combinations done) of all combinations (1626^3)... still waiting

99 hrs gone, 50% complete (2'149'500'000 combinations). Combination not found.
Interrupted, need restart computer

damncourier

seems that a couple of days ago someone pulled the rest of the coins out of the 3 word phrase account

http://burstcoin.biz/address/13349019730708354187

did i miss some one (besides haitch) claiming to have found the pass phrase?

Blago

Interesting... some one got a prize!

little update:
(2 words) after huge optimizations (multithreads, AVX, fast libs) - 4 sec.
125744 combinations/sec

pass founded after 502975 combinations

[14:43:03] Start BURST-ADFP-EN99-24FD-44QA7
[14:43:07] precious fault
[14:43:07] END

damncourier

@Blago going from 53 sec to 4 sec is very impressive for optimizations. huge seems like an understatement.

the combinations/sec is impressive too but comparing to possibilities of 12 word phrase is not cause for concern about standard phrases.

Blago

3 words:

Expected time: 7.6 hrs

For 4 words expected time - 515 days - sorry, i'm out :)

damncourier

@Blago spoiler alert
.
.
.
.
ignore neither guy

dumb luck on that jsfiddle, couple days late and couple burst short

Blago

3 words - 5 hrs 41 min 8 sec

[06:04:45] Start BURST-UP6D-R28A-67XL-DYBJL
[11:45:53] ignore neither guy
[11:45:53] END

password found after 3211632924 combinations

gpedro

@Blago And you almost got 160k trys per second... Very impressive man?!