Researchers Discover a Cheap Method of Breaking Bitcoin Wallet Passwords

An anonymous reader writes: Three researchers have published a paper that details a new method of cracking Bitcoin "brain wallet passwords," which is 2.5 times speedier than previous techniques and incredibly cheap to perform. The researcher revealed that by using a run-of-the-mill Amazon EC2 account, an attacker would be able to check over 500,000 Bitcoin passwords per second. For each US dollar spent on renting the EC2 server, an attacker would be able to check 17.9 billion password strings. To check a trillion passwords, it would cost the attacker only $55.86 (€49.63). In the end, they managed to crack around 18,000 passwords used for real accounts.

Re:Wow what a surprise...

[Asgard]

This attack is different then the one you describe. You are describing someone attacking an encrypted wallet file. The attack in this article is based on generating wallets that are identical to someone else's without having access to their data.

  When you generate a 'standard' wallet, the computer generates a large random number and uses that as the basis for the wallet. In brainwallet, a human picks a phrase that is the basis for the wallet. Humans are monumentally poor at picking one that cannot be guessed. That is the target of this attack. If user Alice generates a brainwallet with the phrase 'i am a fish', attacker Dave can use EC2 to generate an identical wallet (and thus be able to transfer the coins elsewhere) with the base phrase 'i am a fish'.

The Bitcoin community has been aware that brainwallets are interesting-but-a-bad-idea for quite some time.