Bitcoin wallet password Cracker

Bitcoin Brain Wallet Cracking

Executive summary: brain wallets are generally safe, because even with idiotic passwords and a bunch of hints it took days to crack them.
A wish: if you have written a fast program for cracking brainwallets (C/C++, CUDA etc.), I'm glad if you share them. I deposited one bitcoin to each of the addresses at 2013-02-20 about 14:00 UTC. My original idea was just to put the bitcoins in, tell nobody and take the coins out (if they are lefy) after one month and then write a blog post about it. As you can see from the list, that lorem ipsum one was robbed after 7 hours from deposit.

To test a little the ease of guessing/hacking the passwords, I annnounced in the Finnish bitcoin forum, in Bitcointalk and in ), they can contain only small chars (a-z) and spaces and the words are in Finnish and/or in English.

I thought the addresses would be hacked very fast, but I was wrong. I had to give a number of hints on the way:

  • there are no spaces, just words after words
  • English and Finnish are not mixed
  • the phrases only have 3-4 words
  • the words are very common

After publishing these hints, it still took over 48 hours to crack them. The reasons, in my opinion are:

  • There was no ready fast program for cracking brainwallet passwords. People were running slow Python scripts. With a well-written program in C/C++ and using a GPU, the cracking would take only hours or less.
  • And: because the prizes were small, no superguru programmer/hacker wasted his/her time to write and run this kind of program.
  • No one guessed that the password repeated many times. I tried to mimic a common "stupid" behavior, which people use if there is a minimum character limit for password: repeat the initial password given.

    • Some interesting notices:

    • People reported that they had found some other wallets with small amount of bitcoins accidentally (claims only, no proof, but I can believe it).
    • With a quick-and-dirty Python script you can test 1500 passphrases in one second per core. That means that to crack a four-word passphrase with 10000 words vocabulary and 10-core CPU will take ((10000^4)/1500/10)/(60*60*24*365)=21140 years. If you use C/C++, speed optimize your code and use GPU and get a 100000-times speedup [1], it's two months. Now, if you either:
    • add fifth word
    • use punctuation characters between words and maybe add one or two capital letters
    • mix two languages
    • preferably do all of the above
      you have a virtually bulletproof passphrase.
    Source: linja-aho.blogspot.com June 3, 2014 – 05:57

    Related Posts

    Bitcoin wallet password brute force

    Bitcoin wallet portable

    Bitcoin wallet Tracker

    Bitcoin wallet password lost

    Bitcoin Wallet Password Recovery