In 2014, I I bought 25,000 Dogecoins as a joke. At one point in 2021, it was worth more than $17,000. The problem is, I don’t remember the password. Determined to get my coins back, I embarked on a journey that exposed me to online hacks, the math behind passwords, and many frustrations.
While most people don’t have thousands of forgotten passwords, everyone relies on passwords to manage their digital lives. As more and more people buy cryptocurrencies, how can they protect their assets? We talked to a number of experts to figure out how to create the best passwords for your digital accounts, and what your basic storage trade-offs are if you own cryptocurrency. let’s start.
How to Hack Your Own Encrypted Wallet
There are several common ways to lose cryptocurrency. You probably keep a wallet on a hard drive you throw away. Your exchange could be hacked. You could lose your password, or you could be personally hacked and stolen. For those who, like me, have lost their passwords, hackers actually offer a silver lining. If you still control your wallet, you can try to hack your own wallet – or find someone who will.
So I reached out to Dave Bitcoin, an anonymous hacker known for cracking encrypted wallets. He agreed to help hack the wallet for a standard 20 percent fee — only paid if he was successful. Dave and other hackers mostly use brute force techniques. Basically, they’re just guessing passwords — a lot.
You can also try to hack your own wallet using applications like Pywallet or Jack the Ripper. But I didn’t want to do it myself, so I sent Dave a list of password possibilities and he started.
After a short wait, I got an email from Dave. “I’ve tried over 100 billion passwords on your wallet,” Dave told me via email. I thought so many incredible attempts meant my coins must have been recovered, but alas, we’ve only scratched the surface. The password was not cracked and my coins are still missing. But what to do?
The Math Behind Strong Passwords
Each new number in the code makes it exponentially more difficult to crack. Consider a one-digit passcode that can be letters or numbers. If the password is case sensitive, it is 52 letters plus 10 numbers. Not very safe. You only need 62 tries to guess the password. (A, a, B, b, C, c…etc).
Now set it to a two-digit passcode. It didn’t double the difficulty of guessing — it made it 62 times harder to guess. There are now 3884 possible passwords to guess (AA, Aa, AB, etc.). Assuming we don’t use special characters, there are about 56 billion possible permutations of a six-digit passcode with the same rules. A 20-character password with these rules has 6220 permutations: 704,423,425,546,998,022,968,330,264,616,370,176 possible passwords. This makes 100 billion seem small by comparison.
This math is bad news for me, because I’m pretty sure I have some kind of long password, like a few lines of lyrics. Talk about face music.
Password Best Practices
Whether it’s for your email or an encrypted wallet, how do you balance creating a strong password that’s both memorable?
“Choosing a passphrase is tricky,” Dave said. “If you go out of your way to create an unusual passphrase for your wallet that you don’t normally use, it’s hard for you to remember, and it’s hard for me to help. If you use A consistent pattern makes it easier to guess your password. Of course, that’s bad for security and makes it easier for someone trying to break into your account.” Balancing security and memorability is ultimately a difficult task that will Depends on individual needs and preferences.