Brute Forcing in Binary Question \ stacker news ~security

247 sats \ 6 comments \ @OT 21 Sep security

It is generally understood that having a strong password is much more secure than a single sig. An attacker would need to have both the seed & passphrase which might be held in different jurisdictions.

My question is if instead the attack is one of using computing power to brute force in binary. Its guessing 1's and 0's and both the single sig wallet and the single Sig plus passphrase wallet have an equal number of ones and zeros, isn't brute forcing essentially the same?

view all related items

201 sats \ 0 replies \ @nullcount 21 Sep

Your thinking is correct.

Adding a passphrase is just adding a 13th or 25th word to your BIP39 seed phrase.

All the BIP39 seed phrase does is represent your private key using English words instead of binary, hexidecimal, WIF, or even decimal format.

Your private key is just a 256 bit number. So any private key is just as easy/difficult to crack as any other key generated with 256bits of entropy. It does not matter how the key is represented (be it in BIP39, binary, or hex) resistance to brute force is only achieved by increasing the bits of entropy.

Have a look at https://btcpuzzle.info for examples of keys that have been cracked-by-brute due to using low entropy.

101 sats \ 0 replies \ @bitalion 21 Sep

We are talking about obtaining a 128-bit or 256-bit seed which is then passed through an HMAC512 algorithm, the resulting hash is used to derive the private and public keys, it would not be easy or computationally feasible to perform this attack. Suffice it to say that bitcoin uses the sha256 algorithm, that is, it works with 256bit. Have you heard of bitcoin being hacked and its security broken? Surely not.

101 sats \ 3 replies \ @Satosora 21 Sep

From my understanding, brute forcing a secret key is almost impossible. And each binary character representation is eight ones or zeros. It would make it even more difficult to brute force it.

201 sats \ 0 replies \ @nullcount 21 Sep

Almost impossible (today).

Many people today remember when DES (circa 1975) was also almost impossible to crack. Today, you can crack DES with a low-tier smartphone in a couple seconds.

Assuming we continue to amass computation like we have from 1975-present, it could only be a matter of decades before SHA-256 is also trivial to crack.

Not saying anyone should worry about it now. But also, don't be surprised if you find yourself worrying about it in 50+ years either.

20 sats \ 1 reply \ @OT OP 21 Sep

So, so its impossible. If you tried this you also couldn't select any individual wallet. You would be guessing at ANY possible wallet.

0 sats \ 0 replies \ @Satosora 21 Sep

Its technically not impossible. If you had the public key and you were trying to brute force with the private key.... Its possible. It just might take an extremely long time. I think that is how puzzle 67 got solved. Or was it 66?