Cyber Raid Testing — How Hard Is It to Brute Force a Bitcoin Private Key?
CyberRaid (private software), HashcatV3 & HashcatV2 (https://hashcat.net/), MDXfind (https://hashes.org/mdxfind.php), hashtopussy (fork of the hashtopus project), TeamLogic (hash management platform), Unified List Manager (http://unifiedlm.com/)
Cyber Raid Block-Cracker Task
A constant combined compute power of 150 GH (measured on SHA1 bruteforce) was used throughout the contest. This figure peaked to about 190 GH which is the rough equivalent of 35 GTX 980Ti. Around 130 CPU cores were reserved solely for GPU unfriendly algorithms, this burst to maximum of 300 cores for a short period. An additional 100 CPU cores were used for all other algorithms which peaked to 250 cores.
- Free-for-all approach
- Have fun
- Utilize resources efficiently
- Surprise the other teams
Before the contest
We redeveloped our hash management system and ensured it was fully functional prior to the contest. In addition we had the pleasure of beta testing a personal project of one of our members. An improved distributed hashcat system dubbed Hashtopussy, (a fork of the hashtopus project) with numerous improvements including; a revamped interface, multi-user and user-rights-management support, optimized hash handling and of course support for Hashcat3. Keep an eye out for this project, as it will be released soon.
Hashtopussy instances were deployed and allowed the team to remotely manage, voluntarily donate compute cycles and deploy tasks across clusters of compute nodes and streamline the cracking process. As hashcat is now open source (big thanks to the hashcat developers), we were able to easily apply minor changes to ensure it played nicely in a distributed environment.
During the contest
We started off by probing all algorithms looking, for any signs of patterns and tackled the bcrypts immediately by running extremely simple checks against common passwords. We recovered about 20 bcrypts within the first hour on our CPU cluster and were able to feed it with enough test candidates allowing us yield hits consistently.
MDXfind was used to quickly test algorithms which hashcat couldn’t initially handle namely DCC, with Waffle quickly adding WBB support. Once we knew these hashes were valid, support for both these algorithms were swiftly added to hashcat.
As there is already a write-up regarding the patterns for the generated hashes we won’t go into them, other than saying we spotted some and missed others and discovered some too late into the contest. 11 hours into the contest and we had hits for every algorithm except phpbb3_gen which we didn’t waste too much time pursuing. This was a pretty good starting point and kept us busy through the remainder of the time.
To make it up to some individuals who have complained that our large submission towards the end of the contest would have skewed any pretty graphs, we have decided to provide analytics gathered by our hash management system. The graphs should reflect the actual crack progression for each individual hashlist throughout the contest. This should provide some insight on how we tackled each hashlist.
Graphs for real hashlists
As a portion of the hashes were from the real environment there is always the chance the hashes are mislabeled. We identified some DoubleMD5 labelled as MD5, these hashes tackled by cracking the initial MD5 list as DoubleMD5 then performing a single MD5 on the password prior to submission. We also identified vBulletin <3.8.5 hashes which were mislabeled MD5:pass with the salt being the plain for this MD5, there was no possible way to submit these since they were technically solved.
Once again since there were real world hashes, sometimes hashes become corrupted during extraction or transport. A feature of hashcat is that does not match every bit of the hash, allowing it to essentially detect a mistyped hash. We encountered a small portion of these which we assumed were most likely corrupted. As there wasn’t a large number of these, we simply ignored them.
While GPUs are extremely powerful in parallel hash cracking, it was surprising to see that the top scorer in our team predominately used CPUs.
For math geeks, key cracking is a question of statistical probability and for hopeless dreamers, a question of ambition. Long shots capture the imagination of simple mammalian minds, and for those who wish to rage against the odds, the lottery is a game for the faint of heart — the finest display of sheer dumb mathematical bravery is in trying to brute force Bitcoin.
On the Bitcointalk forum, a related thread from Jun 11, 2018, continues to garner replies to this day. In ‘BitCrack — A tool for brute-forcing private keys,’ board members disassemble the prospects of making a brute force breakthrough with software specially designed for that task, with the most sober minds strongly dismissing the quest as a wild goose chase.
An early response from user Coin-1 politely attempts to dissuade anyone from proceeding any further: “Let’s calculate how much time you need to crack one Bitcoin-address on your machine. You said that your performance is 9 million BTC-addresses per second, i.e. approximately 223 BTC-addresses per second. Thus the brute forcing will take 2160–23 = 2137seconds! I guess it is more than septillion (1024) years!”
On an ordinary computer, attempting to extract funds from a bitcoin wallet to which you didn’t have the key would be a fool’s errand. What if, however, you had a faster, better computer that could attempt many more keys per second — would the tough nut of Bitcoin be a little easier to crack?
The Scale of the Problem
The first step in overcoming a challenge is in quantifying it. To do that we must look at exactly how many potential keys exist. A private wallet key is simply a number between 1 and 2^256 and to brute force it all you need is to continue guessing until you hit the right number between 1 and 115 quattuorvigintillion.
That’s a hard number for the human brain to process, but to put it in perspective, it’s greater than the estimated number of atoms in the universe. At that scale, even the world’s fastest supercomputer — IBM’s Summit — if tasked with brute forcing Bitcoin would effectively take forever to break just one wallet, which would test the patience of even the most determined hacker.
This sheer uselessness of brute force will dash the hopes of anyone who has ever lost their password or seed phrase and cannot recover their bitcoin, but for those in that very situation, all may not be lost. If you remember at least part of the password, a service such as Wallet Recovery Services may be able to assist. For most cryptocurrencies, however, you’ll need to trust the company with your full wallet. In the case of bitcoin and bitcoin cash, it is apparently possible to engage the service without handing over the full wallet.
If successful in cracking the wallet, a fee equal to 20% of the wallet’s holdings will be incurred, but it’s a no win, no fee endeavor. As always, it’s worth examining how the process works and doing your own research before deciding whether to engage these types of services.
Blockchain Security is not longer reputed impassable, but still the most advanced cyber security system and technology for protect and store data transfers.