1697 replies to this topic

[ry00000]

Beware the software developer... I'm coming! I'm going to get Krist by mining... and maybe, IF I finish my program, getting from inactive accounts.

[bauen1]

ry00000, on 24 January 2016 - 01:58 PM, said:

Beware the software developer... I'm coming! I'm going to get Krist by mining... and maybe, IF I finish my program, getting from inactive accounts.

Does your program run in cc?

[ry00000]

I'm making something called "KracKer", it cracks KST. It's NOT a miner. It's not stealing because KST doesn't have ANY monetary value so it's actually not stealing.

And yes, it requires cc.

[Luca_S]

ry00000, on 24 January 2016 - 02:12 PM, said:

I'm making something called "KracKer", it cracks KST. It's NOT a miner. It's not stealing because KST doesn't have ANY monetary value so it's actually not stealing.

And yes, it requires cc.

Tbh, if you mine KST you pay money in form from energy, so it is stealing. Also gl with cracking KST accounts from inside CC...

Edited by Luca_S, 24 January 2016 - 02:47 PM.

[ry00000]

Tbc, I actually don't have a way to convert the KST into money, so it isn't stealing.

I've ran out of CC options, so it's time for Visual Basic! I think there's an HTTP API for VB somewhere...

[Luca_S]

Just some little calculations: A 10 char password that consists of:
- Capital and non capital letters
- And numbers
would have (2*26+10)^10 possibilities(62^10≈8*10^17), thats an 8 followed by 17 0's. Assuming you can do like 1 GH/s which means 1 billion passwords per second, we have (8*10^17)/(1*10^9)=8*10^8, which are 800000000 Seconds, now divide that by 24*60*60 and you get the days you will need to check every combination. That is about 9259 days and then you would've only got every 10 char password.

But these calculations are for a strong GPU cracker, good luck while doing this in CC.

ry00000, on 24 January 2016 - 02:26 PM, said:

Tbc, I actually don't have a way to convert the KST into money, so it isn't stealing.

Just because there is no way to convert it to money that doesn't mean it isn't worth anything. So it is stealing, do you have dropbox or any other file sharing service? Imagine if I would break into your account, it is not stealing, because I can't convert it to money?

[Luca_S]

And just a little information to everyone who reads this. Put your money in double vaults, to do so:

- Open Krist wallet
- Log in
- Select Special TX
- Click "Double vault"
- Set a passcode(Not your KristWallet password ofc, also type slowly, there is no confirmation!)
- As amount put in all your KST
- Click Deposit

Now everytime you need to do a KST transaction:

-Open Krist wallet and log in
- Go to double vault
- Enter your passcode
- Enter the amount you need
- Click withdraw
- transfer the amount to the other krist address

With that technique you are save against a person like ry00000.

Edited by Luca_S, 24 January 2016 - 02:37 PM.

[bauen1]

Luca_S, on 24 January 2016 - 02:30 PM, said:

Just some little calculations: A 10 char password that consists of:
- Capital and non capital letters
- And numbers
would have (2*26+10)^10 possibilities(62^10≈8*10^17), thats an 8 followed by 17 0's. Assuming you can do like 1 GH/s which means 1 billion passwords per second, we have (8*10^17)/(1*10^9)=8*10^8, which are 800000000 Seconds, now divide that by 24*60*60 and you get the days you will need to check every combination. That is about 9259 days and then you would've only got every 10 char password.

But these calculations are for a strong GPU cracker, good luck while doing this in CC.

ry00000, on 24 January 2016 - 02:26 PM, said:

Tbc, I actually don't have a way to convert the KST into money, so it isn't stealing.

Just because there is no way to convert it to money that doesn't mean it isn't worth anything. So it is stealing, do you have dropbox or any other file sharing service? Imagine if I would break into your account, it is not stealing, because I can't convert it to money?

To generate v2 addresses from passwords you need to call sha256 quite often

[Luca_S]

bauen1, on 24 January 2016 - 03:06 PM, said:

Luca_S, on 24 January 2016 - 02:30 PM, said:

Just some little calculations: A 10 char password that consists of:
- Capital and non capital letters
- And numbers
would have (2*26+10)^10 possibilities(62^10≈8*10^17), thats an 8 followed by 17 0's. Assuming you can do like 1 GH/s which means 1 billion passwords per second, we have (8*10^17)/(1*10^9)=8*10^8, which are 800000000 Seconds, now divide that by 24*60*60 and you get the days you will need to check every combination. That is about 9259 days and then you would've only got every 10 char password.

But these calculations are for a strong GPU cracker, good luck while doing this in CC.

ry00000, on 24 January 2016 - 02:26 PM, said:

Tbc, I actually don't have a way to convert the KST into money, so it isn't stealing.

Just because there is no way to convert it to money that doesn't mean it isn't worth anything. So it is stealing, do you have dropbox or any other file sharing service? Imagine if I would break into your account, it is not stealing, because I can't convert it to money?

To generate v2 addresses from passwords you need to call sha256 quite often

Really, let me look at the source code, I thought it would be 1 times sha and then some fancy calculations.

[Yevano]

Luca_S, on 24 January 2016 - 02:30 PM, said:

Just some little calculations: A 10 char password that consists of:
- Capital and non capital letters
- And numbers
would have (2*26+10)^10 possibilities(62^10≈8*10^17), thats an 8 followed by 17 0's. Assuming you can do like 1 GH/s which means 1 billion passwords per second, we have (8*10^17)/(1*10^9)=8*10^8, which are 800000000 Seconds, now divide that by 24*60*60 and you get the days you will need to check every combination. That is about 9259 days and then you would've only got every 10 char password.

I'm not highly educated on the subject, however I'm aware that this only applies to a bruteforce cracker. If I understand correctly, you can crack such a password much faster using rainbow tables, especially if the password resembles actual words. I know this for a fact since my password of similar length was cracked before. Honestly, you don't even need to use a double vault. Just use a password made up of (seeded) randomly generated chars. Mine in particular is of length 32 and uses plaintext and non-plaintext characters, making it virtually impossible to crack.

[apemanzilla]

Yevano, on 24 January 2016 - 03:39 PM, said:

Luca_S, on 24 January 2016 - 02:30 PM, said:

Just some little calculations: A 10 char password that consists of:
- Capital and non capital letters
- And numbers
would have (2*26+10)^10 possibilities(62^10≈8*10^17), thats an 8 followed by 17 0's. Assuming you can do like 1 GH/s which means 1 billion passwords per second, we have (8*10^17)/(1*10^9)=8*10^8, which are 800000000 Seconds, now divide that by 24*60*60 and you get the days you will need to check every combination. That is about 9259 days and then you would've only got every 10 char password.

I'm not highly educated on the subject, however I'm aware that this only applies to a bruteforce cracker. If I understand correctly, you can crack such a password much faster using rainbow tables, especially if the password resembles actual words. I know this for a fact since my password of similar length was cracked before. Honestly, you don't even need to use a double vault. Just use a password made up of (seeded) randomly generated chars. Mine in particular is of length 32 and uses plaintext and non-plaintext characters, making it virtually impossible to crack.

When I wrote KSTealer, I used a dictionary of common passwords, and also bruteforced all passwords up to 6 characters long. It netted me over 200k krist in the end, after about 3 days of cracking.

Edited by apemanzilla, 24 January 2016 - 03:45 PM.

[Luca_S]

Ok it seems like you need to call it at least 6 times.
we still have the same calculation, but instead of 1 billion we have 1/6th of a billion passwords per second, which gives us (8*10^17)/(8*10^9/6) , which means at least 6 times as much, so again GL cracking and thanks to bauen1 for telling me this.

apemanzilla, on 24 January 2016 - 03:44 PM, said:

Yevano, on 24 January 2016 - 03:39 PM, said:

Luca_S, on 24 January 2016 - 02:30 PM, said:

Just some little calculations: A 10 char password that consists of:
- Capital and non capital letters
- And numbers
would have (2*26+10)^10 possibilities(62^10≈8*10^17), thats an 8 followed by 17 0's. Assuming you can do like 1 GH/s which means 1 billion passwords per second, we have (8*10^17)/(1*10^9)=8*10^8, which are 800000000 Seconds, now divide that by 24*60*60 and you get the days you will need to check every combination. That is about 9259 days and then you would've only got every 10 char password.

I'm not highly educated on the subject, however I'm aware that this only applies to a bruteforce cracker. If I understand correctly, you can crack such a password much faster using rainbow tables, especially if the password resembles actual words. I know this for a fact since my password of similar length was cracked before. Honestly, you don't even need to use a double vault. Just use a password made up of (seeded) randomly generated chars. Mine in particular is of length 32 and uses plaintext and non-plaintext characters, making it virtually impossible to crack.

When I wrote KSTealer, I used a dictionary of common passwords, and also bruteforced all passwords up to 6 characters long. It netted me over 200k krist in the end, after about 3 days of cracking.

200k KST? I wonder why people use 6 characters long passwords...

[apemanzilla]

Luca_S, on 24 January 2016 - 03:46 PM, said:

Ok it seems like you need to call it at least 6 times.
we still have the same calculation, but instead of 1 billion we have 1/6th of a billion passwords per second, which gives us (8*10^17)/(8*10^9/6) , which means at least 6 times as much, so again GL cracking and thanks to bauen1 for telling me this.

apemanzilla, on 24 January 2016 - 03:44 PM, said:

Yevano, on 24 January 2016 - 03:39 PM, said:

Luca_S, on 24 January 2016 - 02:30 PM, said:

Just some little calculations: A 10 char password that consists of:
- Capital and non capital letters
- And numbers
would have (2*26+10)^10 possibilities(62^10≈8*10^17), thats an 8 followed by 17 0's. Assuming you can do like 1 GH/s which means 1 billion passwords per second, we have (8*10^17)/(1*10^9)=8*10^8, which are 800000000 Seconds, now divide that by 24*60*60 and you get the days you will need to check every combination. That is about 9259 days and then you would've only got every 10 char password.

I'm not highly educated on the subject, however I'm aware that this only applies to a bruteforce cracker. If I understand correctly, you can crack such a password much faster using rainbow tables, especially if the password resembles actual words. I know this for a fact since my password of similar length was cracked before. Honestly, you don't even need to use a double vault. Just use a password made up of (seeded) randomly generated chars. Mine in particular is of length 32 and uses plaintext and non-plaintext characters, making it virtually impossible to crack.

When I wrote KSTealer, I used a dictionary of common passwords, and also bruteforced all passwords up to 6 characters long. It netted me over 200k krist in the end, after about 3 days of cracking.

200k KST? I wonder why people use 6 characters long passwords...

I didn't just bruteforce up to 6 characters, I also used a dictionary attack. The dictionary attack got the most.

[Luca_S]

apemanzilla, on 24 January 2016 - 03:48 PM, said:

-snip-
I didn't just bruteforce up to 6 characters, I also used a dictionary attack. The dictionary attack got the most.

Oh right, but it is still scary how many passwords can be cracked...

Edited by Luca_S, 24 January 2016 - 04:10 PM.

[3d6]

ry00000, on 24 January 2016 - 02:12 PM, said:

I'm making something called "KracKer", it cracks KST. It's NOT a miner. It's not stealing because KST doesn't have ANY monetary value so it's actually not stealing.

And yes, it requires cc.

Mining is likely more profitable than cracking right now. Most of the easy passwords are cleaned out. Unless you're cracking v1 addresses exclusively, I think you're wasting computer power.

ry00000, on 24 January 2016 - 02:26 PM, said:

Tbc, I actually don't have a way to convert the KST into money, so it isn't stealing.

I've ran out of CC options, so it's time for Visual Basic! I think there's an HTTP API for VB somewhere...

It is undeniably stealing.

Luca_S, on 24 January 2016 - 03:38 PM, said:

bauen1, on 24 January 2016 - 03:06 PM, said:

Luca_S, on 24 January 2016 - 02:30 PM, said:

Just some little calculations: A 10 char password that consists of:
- Capital and non capital letters
- And numbers
would have (2*26+10)^10 possibilities(62^10≈8*10^17), thats an 8 followed by 17 0's. Assuming you can do like 1 GH/s which means 1 billion passwords per second, we have (8*10^17)/(1*10^9)=8*10^8, which are 800000000 Seconds, now divide that by 24*60*60 and you get the days you will need to check every combination. That is about 9259 days and then you would've only got every 10 char password.

But these calculations are for a strong GPU cracker, good luck while doing this in CC.

ry00000, on 24 January 2016 - 02:26 PM, said:

Tbc, I actually don't have a way to convert the KST into money, so it isn't stealing.

Just because there is no way to convert it to money that doesn't mean it isn't worth anything. So it is stealing, do you have dropbox or any other file sharing service? Imagine if I would break into your account, it is not stealing, because I can't convert it to money?

To generate v2 addresses from passwords you need to call sha256 quite often

Really, let me look at the source code, I thought it would be 1 times sha and then some fancy calculations.

v1 addresses require a single sha hash. I designed v2 to require an uncertain number of hashes for each address, and also a lot such that bruteforcing would be fairly hard - without it taking too long for a CC computer to do it once.

[apemanzilla]

3d6, on 24 January 2016 - 04:14 PM, said:

ry00000, on 24 January 2016 - 02:12 PM, said:

I'm making something called "KracKer", it cracks KST. It's NOT a miner. It's not stealing because KST doesn't have ANY monetary value so it's actually not stealing.

And yes, it requires cc.

Mining is likely more profitable than cracking right now. Most of the easy passwords are cleaned out. Unless you're cracking v1 addresses exclusively, I think you're wasting computer power.

ry00000, on 24 January 2016 - 02:26 PM, said:

Tbc, I actually don't have a way to convert the KST into money, so it isn't stealing.

I've ran out of CC options, so it's time for Visual Basic! I think there's an HTTP API for VB somewhere...

It is undeniably stealing.

Luca_S, on 24 January 2016 - 03:38 PM, said:

bauen1, on 24 January 2016 - 03:06 PM, said:

Luca_S, on 24 January 2016 - 02:30 PM, said:

Just some little calculations: A 10 char password that consists of:
- Capital and non capital letters
- And numbers
would have (2*26+10)^10 possibilities(62^10≈8*10^17), thats an 8 followed by 17 0's. Assuming you can do like 1 GH/s which means 1 billion passwords per second, we have (8*10^17)/(1*10^9)=8*10^8, which are 800000000 Seconds, now divide that by 24*60*60 and you get the days you will need to check every combination. That is about 9259 days and then you would've only got every 10 char password.

But these calculations are for a strong GPU cracker, good luck while doing this in CC.

ry00000, on 24 January 2016 - 02:26 PM, said:

Tbc, I actually don't have a way to convert the KST into money, so it isn't stealing.

Just because there is no way to convert it to money that doesn't mean it isn't worth anything. So it is stealing, do you have dropbox or any other file sharing service? Imagine if I would break into your account, it is not stealing, because I can't convert it to money?

To generate v2 addresses from passwords you need to call sha256 quite often

Really, let me look at the source code, I thought it would be 1 times sha and then some fancy calculations.

v1 addresses require a single sha hash. I designed v2 to require an uncertain number of hashes for each address, and also a lot such that bruteforcing would be fairly hard - without it taking too long for a CC computer to do it once.

By making v2 use an indeterminate amount of hashes, you've also inadvertently made it very inefficient to crack them with GPU acceleration.

[bauen1]

3d6 can you actually see, calulate how much hashing power wrist currently has?

[apemanzilla]

bauen1, on 24 January 2016 - 04:34 PM, said:

3d6 can you actually see, calulate how much hashing power wrist currently has?

No, he can't. However, he can approximate it by solving for the hashrate with

time = 256^6 / work / hashrate

[3d6]

bauen1, on 24 January 2016 - 04:34 PM, said:

3d6 can you actually see, calulate how much hashing power wrist currently has?

We can only really estimate something like that since blocks are probabilistic, but we seem to be at about 1200-1500 Mh/s

[Luca_S]

3d6, on 24 January 2016 - 04:41 PM, said:

bauen1, on 24 January 2016 - 04:34 PM, said:

3d6 can you actually see, calulate how much hashing power wrist currently has?

We can only really estimate something like that since blocks are probabilistic, but we seem to be at about 1200-1500 Mh/s

Wow 1200-1500 Mh/s didn't expect that..... wiat 1000 come from apemanzilla