+55 minutes in Generating Dictionary for 194GB
#24
The algorithm doesn't allow to recover the whole seed (if it was really generated in a cryptographically secure random way) by just knowing some bytes (let's say 80) of the encrypted seed (furthermore: if one could recover the seed, one could also generate the private key!). The algorithm also does not allow to 100% find the correct password without the whole encseed value, because you need to either have the whole raw seed to compare it with ... or the bkp hash value, which only could be compared with if you have the whole keccak-hash of the whole seed (decrypted encseed) .

Unfortunately, there are so many scammers out there that try to steal data from users and trick non-technical people, especially when it comes to cryptocurrency etc.

If I were in your position, I would at least request that s/he explains the technical details on how such an attack would be possible. We are speaking about hashing when it comes to the bkp value and therefore every single bit would be important, it's not enough to have an input truncated to just 80 bytes (you need each and every bit). Each and every bit does change the final hash value completely. There is no way that a shorter input reveals any data. You need the exact input.

Furthermore, I would request that s/he should proof for free (without *any* costs attached, because this is an easy step that doesn't cost much computation if the recovery which s/he claims to work does really work) that whenever you generate a new random pre-sale encrypted seed (encseed) for which you know the password, that s/he is able to recover the first 80 bytes of the raw seed (and the correct password) by just having 80 bytes of that encseed and the bkp, and a long list of password candidates (one of which is the correct one).

If s/he is able to do this (without additional information about the seed etc) for free and within a very short amount of time, you should come back here and explain what you provided and what s/he recovered and in which amount of time etc.

If s/he instead refuses to explain the technical details and refuses to perform such a test for free s/he is definitely a scammer.

I would not provide real data to anyone before s/he proofed that tests worked successfully... and even after somebody provided such a proof, you should ask several other people with technical and cryptographical background to attest that this "test" was conducted correctly and that the person who claims to have such an "unknown" technique is really able to do it without being able to come up with the private key. I wouldn't trust random/unknown people on the internet and always have somebody that you can 100% trust to re-think what is going on.

I'm almost 100% sure, that such a technique where somebody can always be able to tell what the correct password is by just having 80-bytes of the encrypted seed is currently infeasible.

Don't get tricked (even if it is worth a lot and you are eager to find the private key), do not pay a single cent for consultancy or a proof/test and do not provide any data before being 100% sure that such a technique is publicly proofen/known to work.


Messages In This Thread
RE: +55 minutes in Generating Dictionary for 194GB - by philsmd - 02-11-2018, 02:24 PM