Comments:"Vesa Linja-ahon blogi: Small (con)test: hack my bitcoins and keep them"
URL:http://linja-aho.blogspot.com/2013/03/small-contest-hack-my-bitcoins-and-keep.html
EDIT (2013-03-08 11:35 UTC): Extra hint 2: all the passwords contain only Finnish or English (no mixing of two languages). And there is 3-4 words. Now, this is easy - maybe too easy :-). And the words are not very strange - I believe even every 14-year-old knows them.
On 20th of February 2013 I started a little test: I made five brain wallets with very stupid passwords. Their addresses are:
16XEzVyc34nYSQxsAjUmgY78qdAHBBKCy4
1ECM1W1ZWtWDvTm3yWYWJA9mKn4Dwaaz1o
14nRKoXJAUpKYYbzw6Yrqh9gW2p26zerpW
1KRGyNbq2yM1vAXscib74Snp6AUuUHVi2g
1Gu4VHM17SGHBN748k4ohNKy8BegySzyUF
Then, I deposited one bitcoin to each of them. My goal is to test, how fast the coins get robbed if the password is not strong. The fourth address was robbed in 7 hours - it's password was "lorem ipsum dolor sit amet". I did not tell anyone about my test - I wanted to know if there are people who scan brainwallets to steal the coins in them. Or: does it happen that some people just accidentally use same stupid password and find my coins and take them (I think this was the case with that lorem ipsum).
The rest of the addresses had not been hacked. Conclusion 1:
Passphrase that seems stupid to me is still hard to guess or bruteforce. I believe that if I waited for couple of weeks, all the coins would be gone. But because I'm impatient, here is a hint for passphrases:
- they only contain English and/or Finnish words
- only allowed characters are small letters (a-z) and spaces
- as I said earlier, the minimum length is 15 chars