Closed pk74 closed 4 years ago
toidv
commented
4 years ago @pk74 Could you explain more about the detail of the attack? How can you execute it and what is the result?. Currently, our wallet following BIP-39 so it means that the complexity of brute-force attack is the same as BIP-39 passphrase be cracked
pk74
commented
4 years ago The attack was very simple i generated few keys which were related to my key! It was a complex process.
But my start was simple I had my key i just changed a word and i was in another account. I knew how a key is created and the last word is checksum but some how it went right. So this was the base to create few more keys.
If you want to simulate the same Try creating keys with 1028 wordlist with a program to match the checksum. You will succeed very easily.
On Fri, Jun 5, 2020, 12:27 PM Steve Duong notifications@github.com wrote:
@pk74 https://github.com/pk74 Could you explain more about the detail of the attack? How can you execute it and what is the result?. Currently, our wallet following BIP-39 so it means that the complexity of brute-force attack is the same as BIP-39 passphrase be cracked
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/KyberSwap/android-app/issues/109#issuecomment-639295939, or unsubscribe https://github.com/notifications/unsubscribe-auth/AOLCFHGS3OZHQCNBAXMT6ZTRVCJNHANCNFSM4NAEDUKA .
toidv
commented
4 years ago @pk74 your process looks like creating a new wallet (it already built-in app), you have to try 2^128 times to generate a new key that collision with existing and the algorithm was proved safe. So the question is could you predict the mnemonics from wallet address?
I was successfully able to perform a brute force attack of seed.