Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 3 from 3 users
Re: Collection of 18.509 found and used Brainwallets
by
almightyruler
on 07/02/2019, 03:06:14 UTC
⭐ Merited by o_e_l_e_o (1) ,vapourminer (1) ,HeRetiK (1)
Quote from: HeRetiK on February 06, 2019, 10:30:58 PM
Quote from: almightyruler on February 06, 2019, 06:13:43 PM
I think your size calcs may be off a bit, too. I pre-calculated the RMD160 values for all ASCII 1 to 5 character words, and the output is about 0.9TB in size. To increase to 6 characters would result in a file size about 95 times that (about 80TB) and to go up to 7 characters would result in an output of over 7000TB. And consider the amount of time needed to check 135 trillion entries.

How long did it take you to generate a rainbow table of this size? I'm just curious about the timescale (so hardware specs for reference would also be nice).

It took something like 3 weeks, on a leased 4 core Xeon server. Sorting and removing duplicates from 1TB+ of raw data presented some challenges.

Note that this table is not indexed in any way, it's just a text file with hashes. I use a custom filter program to check which of those precomputed hashes appear in a given blockchain. To go further and build a database that can watch for known addresses in real time would be quite a bit more complex, and would need a lot more than 0.9TB of disk space.

Quote from: HeRetiK on February 06, 2019, 10:30:58 PM
Quote from: almightyruler on February 06, 2019, 06:13:43 PM
That's one of the interesting things about SHA256 brainwallets (so long as you're doing this for fun) : it can be easy to find them, but it's also very, very hard. Smiley

Stealing brainwallets is probably still profitable though, as I assume that the running costs are close to nil once you've set up the infrastructure.

I disagree, which is why I qualified my above statement with "so long as you're doing this for fun". Imagine how many things have to go right when someone sends funds to a weak SHA256 brainwallet:

- The thief needs a fast connection with multiple peers so that his bot (hopefully) sees the funding transaction first.
- The thief needs a fast database server that is able to check the outputs of each new transaction, and if any addresses are known, return a private key (or keys), within a very short period of time.
- The thief needs to decide how much of a fee to pay for the sweep transaction, bearing in mind that someone else's bot may choose a higher fee to override the transaction. (This could end up being a race to the bottom.)
- The thief then needs his sweep transaction to be the one that propagates out to the majority of nodes (and more specifically, mining nodes) first.

I've probably missed other factors. This is not the sort of thing you can run on a $5/mo VPS. I don't think it would be worth it, but as I've stated in this thread earlier, maybe it's an ego thing.