Before Quantum Distributed GPU search for Bitcoin wallets created with weak entropy

4 replies 226 views
king_2009Member
Posts: 1 · Reputation: 98
#1Jul 26, 2017, 10:08 AM
Before Quantum GPU-Boosted Weak Key Recovery Website: https://b4q.io Technical Research: https://b4q.io/research What's this all about? Before Quantum is a distributed GPU project designed to hunt for Bitcoin private keys that came from weak entropy sources between 2009 and 2012. Back in the early days of Bitcoin, wallet software relied on some pretty predictable random number generators: - Timestamp-seeded LCGs using glibc and MSVC srand(time(NULL)) + rand(), leading to only around 62.8 million possible seeds. - Debian OpenSSL bug (CVE-2008-0166) this cut down the entropy to just the PID, making it only 65,536 possible keys. - Randstorm (V8 MWC1616) where BitcoinJS web wallets used Chrome’s weak Math.random(), resulting in about 4.1 trillion keys. - Brain wallets which are essentially SHA256 of sequential numbers, short ASCII strings, phone numbers, and timestamps. - Java LCG (BitcoinJ) these were the early Android wallets that used System.currentTimeMillis() as a seed. - PHP mt_rand() which was auto-seeded with time*pid and used in early PHP-based web wallets. We're testing 23 different weak key generation methods against roughly 2,845 known funded addresses that are thought to have been created with these faulty algorithms. How does it work? The whole thing runs in one CUDA C++ file with around 3,400 lines of code. Each GPU thread runs the full process independently: - We test both compressed and uncompressed public key formats. An RTX 3090 can run about 135 million keys per second against around 3,000 targets. As for distributed verification: - Workers never send private keys to the server only hash160 and the key offset. - The server regenerates the key from (mode, offset) and checks the entire crypto chain. - Canary targets (honeypot hashes) help spot workers that skip verification.
5 Reply Quote Share
hash_bossLegendary
Posts: 1166 · Reputation: 5261
#2Jul 26, 2017, 11:44 AM
I briefly checked your website, but it seems the software is closed source. So i have major skepticism about it and believe my old warning is relevant for this thread.
3 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#3Jul 26, 2017, 05:45 PM
check the website and joined had extra gpu power laying around but still spictical
4 Reply Quote Share
darkguruHero Member
Posts: 849 · Reputation: 4147
#4Jul 26, 2017, 10:56 PM
And the fact that the wallets belong to someone else does not  bother you? That is called THEFT. In many ways I do hope that the OP's software does clear out the wallets of folks using it. Would serve them right.
4 Reply Quote Share
ColdVaultMember
Posts: 19 · Reputation: 184
#5Jul 29, 2017, 05:35 AM
Makes no Sense your project. Some of the Wallets you are targeting are cold wallets of exchanges. Good Luck getting away with that loot
2 Reply Quote Share

Related topics