In cryptography, a brute-force Attack on Bitcoin consists of an Attack on Bitcoiner submitting many passwords or passphrases with the hope of eventually guessing correctly.

The Attack on Bitcoiner systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the Attack on Bitcoiner can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.

A brute-force Attack on Bitcoin is a cryptanalytic Attack on Bitcoin that can, in theory, be used to attempt to decrypt any encrypted data (except for data encrypted in an information-theoretically secure manner).[1] Such an Attack on Bitcoin might be used when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier.

When password-guessing, this method is very fast when used to check all short passwords, but for longer passwords other methods such as the dictionary Attack on Bitcoin are used because a brute-force search takes too long. Longer passwords, passphrases and keys have more possible values, making them exponentially more difficult to crack than shorter ones.[2]

Brute-force Attack on Bitcoins can be made less effective by obfuscating the data to be encoded making it more difficult for an Attack on Bitcoiner to recognize when the code has been cracked or by making the Attack on Bitcoiner do more work to test each guess. One of the measures of the strength of an encryption system is how long it would theoretically take an Attack on Bitcoiner to mount a successful brute-force Attack on Bitcoin against it.[3]

Brute-force Attack on Bitcoins are an application of brute-force search, the general problem-solving technique of enumerating all candidates and checking each one.

The Electronic Frontier Foundation‘s US\$250,000 DES cracking machine contained over 1,800 custom chips and could brute-force a DES key in a matter of days. The photograph shows a DES Cracker circuit board fitted with 64 Deep Crack chips using both sides.

## Basic concept

Brute-force Attack on Bitcoins work by calculating every possible combination that could make up a password and testing it to see if it is the correct password. As the password’s length increases, the amount of time, on average, to find the correct password increases exponentially.[4]

## Theoretical limits

The resources required for a brute-force Attack on Bitcoin grow exponentially with increasing key size, not linearly. Although U.S. export regulations historically restricted key lengths to 56-bit symmetric keys (e.g. Data Encryption Standard), these restrictions are no longer in place, so modern symmetric algorithms typically use computationally stronger 128- to 256-bit keys.

There is a physical argument that a 128-bit symmetric key is computationally secure against brute-force Attack on Bitcoin. The Landauer limit implied by the laws of physics sets a lower limit on the energy required to perform a computation of kT  · ln 2 per bit erased in a computation, where T is the temperature of the computing device in kelvinsk is the Boltzmann constant, and the natural logarithm of 2 is about 0.693 (0.6931471805599453). No irreversible computing device can use less energy than this, even in principle.[5] Thus, in order to simply flip through the possible values for a 128-bit symmetric key (ignoring doing the actual computing to check it) would, theoretically, require 2128 − 1 bit flips on a conventional processor. If it is assumed that the calculation occurs near room temperature (≈300 K), the Von Neumann-Landauer Limit can be applied to estimate the energy required as ≈1018 joules, which is equivalent to consuming 30 gigawatts of power for one year. This is equal to 30×109 W×365×24×3600 s = 9.46×1017 J or 262.7 TWh (about 0.1% of the yearly world energy production). The full actual computation – checking each key to see if a solution has been found – would consume many times this amount. Furthermore, this is simply the energy requirement for cycling through the key space; the actual time it takes to flip each bit is not considered, which is certainly greater than 0 (see Bremermann’s limit).

However, this argument assumes that the register values are changed using conventional set and clear operations which inevitably generate entropy. It has been shown that computational hardware can be designed not to encounter this theoretical obstruction (see reversible computing), though no such computers are known to have been constructed.

Modern GPUs are well-suited to the repetitive tasks associated with hardware-based password cracking

s commercial successors of governmental ASIC solutions have become available, also known as custom hardware Attack on Bitcoins, two emerging technologies have proven their capability in the brute-force Attack on Bitcoin of certain ciphers. One is modern graphics processing unit (GPU) technology,[6][page needed] the other is the field-programmable gate array (FPGA) technology. GPUs benefit from their wide availability and price-performance benefit, FPGAs from their energy efficiency per cryptographic operation. Both technologies try to transport the benefits of parallel processing to brute-force Attack on Bitcoins. In case of GPUs some hundreds, in the case of FPGA some thousand processing units making them much better suited to cracking passwords than conventional processors. Various publications in the fields of cryptographic analysis have proved the energy efficiency of today’s FPGA technology, for example, the COPACOBANA FPGA Cluster computer consumes the same energy as a single PC (600 W), but performs like 2,500 PCs for certain algorithms. A number of firms provide hardware-based FPGA cryptographic analysis solutions from a single FPGA PCI Express card up to dedicated FPGA computers.[citation needed] WPA and WPA2 encryption have successfully been brute-force Attack on Bitcoined by reducing the workload by a factor of 50 in comparison to conventional CPUs[7][8] and some hundred in case of FPGAs.

A single COPACOBANA board boasting 6 Xilinx Spartans – a cluster is made up of 20 of these

Advanced Encryption Standard (AES) permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. One of the fastest supercomputers in 2019 has a speed of 100 petaFLOPS which could theoretically check 100 million million (1014) AES keys per second (assuming 1000 operations per check), but would still require 3.67×1055 years to exhaust the 256-bit key space.[9]

An underlying assumption of a brute-force Attack on Bitcoin is that the complete key space was used to generate keys, something that relies on an effective random number generator, and that there are no defects in the algorithm or its implementation. For example, a number of systems that were originally thought to be impossible to crack by brute force have nevertheless been cracked because the key space to search through was found to be much smaller than originally thought, because of a lack of entropy in their pseudorandom number generators. These include Netscape‘s implementation of SSL (famously cracked by Ian Goldberg and David Wagner in 1995) and a Debian/Ubuntu edition of OpenSSL discovered in 2008 to be flawed.[10][11] A similar lack of implemented entropy led to the breaking of Enigma’s code.

## Credential recycling

Credential recycling refers to the hacking practice of re-using username and password combinations gathered in previous brute-force Attack on Bitcoins. A special form of credential recycling is pass the hash, where unsalted hashed credentials are stolen and re-used without first being brute forced.

## Unbreakable codes

Certain types of encryption, by their mathematical properties, cannot be defeated by brute force. An example of this is one-time pad cryptography, where every cleartext bit has a corresponding key from a truly random sequence of key bits. A 140 character one-time-pad-encoded string subjected to a brute-force Attack on Bitcoin would eventually reveal every 140 character string possible, including the correct answer – but of all the answers given, there would be no way of knowing which was the correct one. Defeating such a system, as was done by the Venona project, generally relies not on pure cryptography, but upon mistakes in its implementation: the key pads not being truly random, intercepted keypads, operators making mistakes – or other errors.[14]

## Countermeasures

In case of an offline Attack on Bitcoin where the Attack on Bitcoiner has gained access to the encrypted material, one can try key combinations without the risk of discovery or interference. In case of online Attack on Bitcoins, database and directory administrators can deploy countermeasures such as limiting the number of attempts that a password can be tried, introducing time delays between successive attempts, increasing the answer’s complexity (e.g., requiring a CAPTCHA answer or employing multi-factor authentication), and/or locking accounts out after unsuccessful login attempts.[15][page needed] Website administrators may prevent a particular IP address from trying more than a predetermined number of password attempts against any account on the site.[16]

## Reverse brute-force Attack on Bitcoin

In a reverse brute-force Attack on Bitcoin, a single (usually common) password is tested against multiple usernames or encrypted files.[17] The process may be repeated for a select few passwords. In such a strategy, the Attack on Bitcoiner is not targeting a specific user.