Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Nov 2016 23:18:29 +0100
From: Luis Rocha <luiscrocha@...il.com>
To: john-users@...ts.openwall.com
Subject: Brainwallets and cracking Blockchain hashes

Hi,


Lately I've been reading about bitcoin and come across a very interesting
project called brainflayer by Ryan Castelllucci that was presented on
Defcon last year - https://www.youtube.com/watch?v=foil0hzl4Pg- . It's
essentially cracking the password of bitcoin brainwallets. Braiwallets
generate bitcoin addresses but the keys are generated with low entropy.


So it’s possible to crack it just like JtR does for passwords. Was
wondering if JtR code would be faster on CPU than his implementation.  I
know JtR  already has support for raw-sha256 and ripmed-160 on Dynamic
formats. Maybe an interesting project would be to add the support for
secp256k1.


An artisanal way to generate a Bitcoin wallet address would be:

$openssl ecparam -genkey -name secp256k1 -out /tmp/data.pem
$openssl ec -in /tmp/data.pem -outform DER|tail -c +8|head -c 32|xxd -p -c
32
$openssl ec -in /tmp/data.pem -pubout -outform DER|tail -c 65| sha256sum
|xxd -r -p | openssl rmd160

read EC key
writing EC key
(stdin)= 374910ef9dbaf030c3fe59da7217d3b33d77cdfd


This is the hash160 for a bitcoin public key and available on the
Blockchain. It’s my understanding that brainflayer computes this hash using
passwords and compares it offline with the addresses stored on the
Blockchain.


For completeness, to finalize the generation of the wallet address, one
needs to add 00 in the beginning and then compute the checksum which are
the first 4 bytes of the following results:

$ echo -n "00374910ef9dbaf030c3fe59da7217d3b33d77cdfd" | xxd -r -p |
sha256sum | xxd -r -p | sha256sum

Final address string is: 00374910ef9dbaf030c3fe59da7217d3b33d77cdfd3ff15026
which then needs to be encoded in base58 which gives
163KhH2AySYNvCajqpPqb2GiexiyShEB1P -

https://blockchain.info/address/163KhH2AySYNvCajqpPqb2GiexiyShEB1P


Not sure how hard this would be and if it would be interesting for JtR, so
just planting the idea here.



References:

The Bitcoin Brain Drain: A Short Paper on the Use and Abuse of Bitcoin
Brain Wallets
http://fc16.ifca.ai/preproceedings/36_Vasek.pdf


Speed Optimizations in Bitcoin Key Recovery Attacks
https://eprint.iacr.org/2016/103.pdf


https://github.com/ryancdotorg/brainflayer


Best,

Luis

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.