Brute force and the coins are yours \ stacker news ~bitcoin

pull down to refresh

12.6k sats \ 35 comments \ @q 6 Oct 2023 bitcoin

Some years ago I made a paper wallet with bip38 passphrase, which I don't remember today. I donate this to the one who can brute force it or to every bitcoiner if no one succeed. I suspect the passphrase is not more than 30 characters.

https://i.imgur.com/3RSb8MH.png

BIP38 Private key: 6PfQTphCYc1Fee19uPz2pmou5RVBDVgw8VcrPfGLos4ktUnARdiFLYhcNU Public key: 1J7BVeP8JK4op2X3GN3Hy7xkTnGnQTMpou Passphrase: <find out>

https://mempool.space/address/1J7BVeP8JK4op2X3GN3Hy7xkTnGnQTMpou Which i generated on this site https://www.bitaddress.org/

If you succeed with brute forcing, the coins are yours. I will never have time to do it my self I'm stuck in love life laugh.

This is a demonstration that phasphrase is not an extra security layer it is only extra step for donating the coins to every bitcoiner.

Have fun!

view all related items

917 sats \ 0 replies \ @DarthCoin 6 Oct 2023

hahaha cool challenge!

847 sats \ 0 replies \ @Gian 6 Oct 2023

The passphrase is not an additional layer of security, but it certainly slows down the movement of funds by an attacker. Thank you for the challenge you are issuing!

701 sats \ 5 replies \ @sagars209 6 Oct 2023

Good luck !! it might just take few qd years https://www.weston-tech.com/wp-content/uploads/2020/09/how-long-to-hack-password.jpg

10 sats \ 1 reply \ @0fje0 6 Oct 2023

The private key starts with '6Pf', though.

That gives you some indication of the encryption algorithm used: EC multiply, no compression, no lot/sequence numbers, according to BIP38.

Whether that makes it any easier to brute force, I don't know.

0 sats \ 0 replies \ @scottathan 6 Oct 2023

That does make it somewhat easier. I'd suspect the best method is really gonna be trying out combinations of words or something like that.

0 sats \ 0 replies \ @nerd2ninja 6 Oct 2023

This assumes the password is randomly generated, and they indicated they didn't use special characters.

0 sats \ 0 replies \ @scottathan 6 Oct 2023

Still worth a shot, right? lol

0 sats \ 0 replies \ @Ksjznxnxkxksn 6 Oct 2023

deleted by author

584 sats \ 0 replies \ @Monotone 6 Oct 2023

Sats so close, yet so far away...)

709 sats \ 0 replies \ @The_Daniel 6 Oct 2023

Wow, I remember using bitaddress. You had to download the source to your computer and run it with wifi turned off so you didn't accidentally leak your private key. I created a bunch of vanity addresses back in the day. I have no idea if I left any sats behind!

507 sats \ 0 replies \ @bisdak 6 Oct 2023

🤩 more than 500k sats

Not bad. The longer in takes to brute force the more it appreciate

507 sats \ 1 reply \ @Hypnagog 6 Oct 2023

Can you hint at the type of passphrase you used? Do you include 1736 $&# etc or is it pure words?

1 sat \ 0 replies \ @q OP 6 Oct 2023

I don't remember, I have tested my passwords I used during that time, so probably it is not with special characters

507 sats \ 1 reply \ @nerd2ninja 6 Oct 2023

Copy that. If I continue to fail after a month I'll try adjusting tactics.

0 sats \ 0 replies \ @Longtermwizard 25 Jan 2024

how that's going?

398 sats \ 1 reply \ @scottathan 6 Oct 2023

Any hints as to the passphrase beyond likely under 30 characters? Like, did you likely use words like an actual passphrase or design it more like a password?

0 sats \ 0 replies \ @q OP 6 Oct 2023

Most likely I did not use a passphrase of the length 30. But I remeber that I used to combine 3 different passwords to secure wallets which is about that length. I have withdrawn funds from the wallet once so it cannot be an imposible passpharse and most likely I did not used a password manager for it.

10 sats \ 1 reply \ @kevkevin 6 Oct 2023

I wonder if we have the same passphrase of 1234

I only opt for the highest of security on my bitcoins

0 sats \ 0 replies \ @1GLENCoop 18 May 2024

https://v.nostr.build/XVA9Z.mp4

30 sats \ 1 reply \ @sarah1 6 Oct 2023

It's an online treasure hunt

10 sats \ 0 replies \ @Billy_Dow 6 Oct 2023

Arg!

0 sats \ 0 replies \ @klk 14 Jun

Looking at this BIP38 encrypted wallet challenge, I can make some educated guesses about the passphrase characteristics and brute force feasibility:

Passphrase Analysis

Likely Characteristics:

Length: Probably 8-20 characters (user mentioned combining 3 passwords, but likely not the full 30 characters)
Character set: Likely alphanumeric only (a-z, A-Z, 0-9) based on user saying "probably not with special characters"
Dictionary words: Possibly - user mentioned not using a password manager and needing to remember it, suggesting human-memorable patterns

Estimated Character Set Sizes:

Lowercase only: 26 characters
Alphanumeric (mixed case): 62 characters
Alphanumeric + common symbols: ~95 characters

Brute Force Time Estimates (RTX 3090)

BIP38 uses scrypt with heavy parameters (N=16384, r=8, p=8), making it very slow to compute. An RTX 3090 can achieve roughly 1,000-5,000 BIP38 attempts per second.

Time estimates for different scenarios:

Length	Character Set	Combinations	Time (Average)
8 chars	Lowercase (26)	2.1×10¹¹	1-2 years
10 chars	Lowercase (26)	1.4×10¹⁴	900-4,500 years
8 chars	Alphanumeric (62)	2.2×10¹⁴	1,400-7,000 years
12 chars	Alphanumeric (62)	3.2×10²¹	20+ million years

Realistic Attack Strategies

Rather than pure brute force, more practical approaches would be:

Dictionary attacks - Common passwords, personal info
Hybrid attacks - Dictionary words + numbers/years
Pattern-based attacks - Since user mentioned combining 3 passwords
Wordlist attacks - Using leaked password databases

Verdict

Pure brute force is likely infeasible even with a 3090, unless the passphrase is very short (≤8 characters) and uses a limited character set. The BIP38 scrypt parameters were specifically designed to make brute forcing prohibitively expensive.

The 500k sats might not justify the electricity costs for extended brute forcing, especially given the astronomical time estimates for longer passphrases.

0 sats \ 0 replies \ @fred 8 Oct 2023

A supercomputer can solve this

0 sats \ 0 replies \ @ryu 8 Oct 2023

Challenge accepted. Have lots of sats in case someone manages to do it.

0 sats \ 3 replies \ @anon 7 Oct 2023

how can I brute force that? with what program?

21 sats \ 1 reply \ @Longtermwizard 7 Oct 2023

https://github.com/topics/bitcoin-bruteforce

Good luck

0 sats \ 0 replies \ @nemo 7 Oct 2023

deleted by author

0 sats \ 0 replies \ @nemo 7 Oct 2023

deleted by author

0 sats \ 0 replies \ @ladyluck 7 Oct 2023

Brute force might sound easy but it ain't when it comes to Bitcoin

0 sats \ 0 replies \ @Mag_Dumps 6 Oct 2023

OoooOoOO.......watching this 0.0

0 sats \ 0 replies \ @bzzzt 6 Oct 2023

Sorry friend 😔

398 sats \ 0 replies \ @Ksjznxnxkxksn 6 Oct 2023

deleted by author

0 sats \ 2 replies \ @nemo 6 Oct 2023

deleted by author

21 sats \ 1 reply \ @q OP 6 Oct 2023

No, It was when Stacker news was new and single letter nicknames was avaible, didn't put so much thought in it and q was the first random letter which was not in use.

0 sats \ 0 replies \ @nemo 7 Oct 2023

deleted by author