RE: Recovering an Incomplete Monero Mnemonic Wallet

You are viewing a single comment's thread from:

Recovering an Incomplete Monero Mnemonic Wallet

in monero •  8 years ago 

How fast can this process run? Could someone with a super computer find a way to check a percentage of valid addresses in a given time frame without a starting point of 12 words?

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

No super computer that exists today could ever find a specific mnemonic using the brute force method I used. I say a "specific" mnemonic because you can find plenty of addresses, they'll just be unused. If you click "Create An Account" on MyMonero, that is the computer, running an algorithm, and spitting out an address. Even I found over 1600 legitimate addresses. The idea here is that there are so many possible addresses that it's unlikely that you would randomly get the same one twice or that it would be completely unreasonable for anyone to search through even the smallest fraction.

Just to give you some math on this, a mnemonic here has 13 words chosen from a collection of 1627 words. That means that without understanding the details on how the algorithm works, there are 162713 , or 5.6 x 1054, possibilities. That's a 5 with 54 digits after it. The likelihood of guessing the mnemonic from a number that large is so small it's basically zero. Exponential growth is really crazy. For example, 1 million (106) seconds is 11.6 days and 1 billion (109) seconds is 31.7 years.

That being said, the algorithm has constraints in it so not EVERY combination of words is valid. Without even knowing the details, since the mnemonic is turned into a 32 digit hexadecimal seed that means there are 1632 possible seeds so it would be easier to just search seeds instead of mnemonic possibilities. So the real search space for the mnemonic is 3.4x1038. The chances of finding the right one on any given attempt are 1/(1632) == 2.9x10-39.

How many attempts would it take you say? Well, if you try half of the numbers, you have a 50% chance of finding the particular address you're looking for. So theoretically you might have to search them all. But in order to have a 50% chance of finding the right one you would have to run the algorithm 1.7x1038 times. Just to illustrate how hard much work this is, let's pretend that the algorithm to generate an address takes the same amount of time that it takes to run a single hash in the bitcoin mining operation. Right now, the entire bitcoin network runs on the order of 1018 hashes per second. Let's pretend we could shrink that into a box and give one of those boxes to every single human on earth (say 1010 people). That means earth could run 1028 hashes/second. Even in these conditions, it would still take us 540 years to have a 50% chance of finding the right one.

Relevant XKCD

What about if you weren't looking for any particular one and just wanted to find ANY address that had a non-zero value in it. In Monero we can't know for sure what any account has (go XMR!), so let's use bitcoin to compare. At the moment there are about 5.5 million addresses with more than $1 USD. If the same were true for Monero (and it's not), that means that finding any of them would be "profitable" and make you at least a dollar. At any given trial, the probability is the number of "hits" over the total number of possibilities. In this case, (5.5x106)/(1632) = 1.6 x 10-32. How long would the super computing earth I described above take to find any account? 1 hour and 42 minutes. If the current existing bitcoin network dedicated all its resources to this task right now it would take 1.98 million years to find an address.

That being said, there is another reason a super computer couldn't do it. Super computers are actually not the best way to go about this. Their CPU speed is incredibly fast, but because they are designed as general purpose computers, specialized hardware can outperform them in very limited domains. Big bitcoin mining operations use asic miners, not general computers. A collection of similarly priced bitcoin asic miners would mine bitcoins more effectively than a supercomputer.

As long as you keep your keys private, your coins are safe.