Dash/Bitcoin-core, AWS p3.2xlarge mask attack
#1
Hi everyone,

First post, first crack project, although have already spent quite some time of this so should be able to skip to the chase:
  • Dash coin / bitcoin-core wallet.dat hash crack
  • Hash already extracted, so using mode 11300 with Hashcat
  • Most likely password form represented as mask 
    Code:
    ?u,?l,?d,?1?2?3?2?3?2?2?2?2
  • This is, unfortunately, 9 characters, so starts to enter the zone of unfeasibility...
  • Previous attack phase was based around typo options using btcrecover, no luck
  • Next phase is a Hashcat mask attack on AWS using p3.2xlarge (at first, at least)
  • This mask gives us a total combinations of 
    Code:
    803,181,017,600
  • p3.2xlarge gives us a hash rate of 
    Code:
    19,485 H/s
  • This works out at worst-case performance of 
    Code:
    803181017600 / 19485 / 60 / 60 = 11,450.132831 hours = 1.3 years
  • That also results in a worst-case cost of 
    Code:
    ~12,000 * $3.06 = ~$36,0000
    (on-demand instances)
  • As far as I can see with AWS, prices scales basically linearly with the P3 types, so it's only possible to buy time this way (total cost is equivalent)
  • The amount in the wallet is large, but not astronomical. It still justifies a fairly decent investment at this stage, although $36,000 is not justifiable
Reason for the post is to appeal to more experienced users who might be able to suggest something we might be missing here, or some glaring error in our calculations. 
  • Currently the only possible adjustment would be to bid for spot instances on AWS. The marketing claims we could save 90%, which would bring the brute-force down to a tolerable cost of ~$4,000
  • However, it seems like this would add a lot of complication, since we would need to script the cracking run to work on-demand (instead of running constantly). This is certainly do-able, just requires a fair bit of margin of error, unless I'm misunderstanding how spot instances work
  • We already tried to request a p3.16xlarge, but were denied it for the time being. p3.16xlarge on spot instance pricing seems like it might be worthwhile, although I haven't done the calculations
I hope that was enough detail and someone will be able to point out something obvious that we're missing. Fingers crossed and thanks in advance!
#2
Your next step should not be a brute force for this algorithm. It's simply too slow to be worth your time/money. You should be working with rules and other options first, based roughly on what you think the password may be. In my experience, rules and other attacks are almost always more efficient than brute force.
#3
(02-04-2018, 11:03 PM)Chick3nman Wrote: Your next step should not be a brute force for this algorithm. It's simply too slow to be worth your time/money. You should be working with rules and other options first, based roughly on what you think the password may be. In my experience, rules and other attacks are almost always more efficient than brute force.

Thanks for your input. Indeed, this seems to be the only way forward right now, except had we made some gross error with estimating this. btcrecover certainly does offer a lot of power here (and even GPU acceleration, which I successfully used today). The problem is the certainly amount of luck required to find that golden pattern