New wallet enforces very strong brainwallets. Have we a case brute forced brain wallet with 40 or even 20+ characters password?
【Current status report】
The latest implementation of NanoWallet has become a very powerful blain wallet implementation. (However, it is not absolute.)
However, to the extent I know, there is a group that makes another wallet from the source of NanoWallet. Both offer unique tokens using NEM’s system.
It is DIMCOIN and GCCH COIN CLASSIC.
DIMCOIN has become as strict as 40 characters, only the length of the character.
However, I have found a problem that security is not raised at all in this way.
We asked DimCoin side again to warn us about the details.
DIMCOIN users previously used 15 characters, currently 40 characters.
When I typed in the 40 letters that came into my mind at the test, I finally broke through 40 characters of Brain Wallet. Moreover, I found it in 1 minute without using a computer)
The act of increasing the number of characters is proof that it is very dangerous.
About GCCH COIN CLASSIC, it is a NanoWallet as it is, so there are considerable problems.
In recent verification,
Any user : DIMCOIN user : GCCH user = 2 : 5 : 7
About, users who use brain wallet and weak password are found.
Additional notes:
Weak brain wallet users include many main net Faucet users.
Hello, my coins were withdrawn from the purse and sent such a message.The password you are using for your Brain Wallet is weak. It is publicly available on Internet (GitHub) and already used for dictionary attacks. To protect your funds, we transfered it to a safe account. To retreive your funds, a) Prepare new simple wallet b) Prepare a screenshot of the account screen in your NanoWallet. If a certain amount is exceeded, more detailed identification may be requested (one or more of SMS, id scan, selfie holding your id, skype call) c) Post a message in the forum https://forum.nem.io/t/8147/
a) I prepared a new simple wallet
b) I have a screenshot of my NanoWallet account
Please return my coins to my new wallet.
Where can I send the address of the new wallet and the screenshot?
Thank you for contacting us.
We will send you a private message from here.
Please wait for a while.
We conducted personal authentication.
I could confirm that you are a valid address owner.
Thank you for your cooperation.
Custody transaction:
http://chain.nem.ninja/#/transfer/8c6cddb95f928d3b77d7850a42d34845b23e830145aeb93275c1ff476c5abd6a
Refund transaction:
http://chain.nem.ninja/#/transfer/0a34885a0cea98c1a0aa9ddb2ee547d0ca2650317ddd639d05612feb9ff345e1
With this, refund completion will be done.
thanks
Good evening! @mexxer has sent me to you, my funds have been locked! I can see why. I created a new simple wallet! Now did as you recommended, everything as it should, now I ask to transfer my xem my new wallet. What to do next? This is the address of the old wallet NDZRV3-AUSHLW-Q54C3Y-CLD5VD-AK72FP-OGVXJ3-PO3Q
@Sasha_Smirnov
Thank you for contacting us.
From now on, we will transfer funds from old address to newly created NEM address.
Before that, I’d like you to do personal verification, so I will send you a private message from me.
Please wait for a while.
@Sasha_Smirnov
I performed personal authentication and confirmed that I am the principal.
The refund transaction is as follows.
http://chain.nem.ninja/#/multisig/cc74aa500de8b2f9b05706ffc332063835bbf4e60e47bdf9cbdede9d6036194e
http://chain.nem.ninja/#/multisig/c460949f47a23c38c2fa03ff51a68b827ee10746303b91b31df1015472e28c88
Good morning! @mexxer has sent me to you, my funds have been locked! I can see why. I created a new simple wallet! Now did as you recommended, everything as it should, now I ask to transfer my xem my new wallet. What to do next? This is the address of the old wallet NAC2OR-JXBOKK-SSS4GV-5IIRFU-VXWNZC-COPSCY-KBPL
Please tell me the address of the newly created simple wallet.
And from now on I will send you a private message in order to do personal authentication.
Hello @mizunashi
I received the encrypted message and I agree. I have made a simple wallet with a 40 character password and would like to see my funds released into it.
Looking forward to resolving this.
With kind regards,
Daan
@Daan
Could you tell me the previous address and the address you just created with Simple Wallet?
After that, we perform refund work after doing individual authentication.
Thank you.
Supporting time is limited.
Please check again.
Thanks for the fast reply 
You can take your time though, since it’s outside the supporting time and all.
My previous address is:
NDTJEV-ZFKADC-ZAS3AT-QCN5TK-UC6JPA-EDAOPM-NXRL
My new address is:
NBX3RO-7INYTR-CWYI2A-2RRHL5-M5VPL5-BDZSMV-IRC5
Thanks again!
Thank you for your reply.
I will carry out individual authentication with a private message from now on.
Please wait for a while.
Although it is less than 1 xem, since the amount sent is not enough, I will send it from another address later.
@Daan
I performed personal authentication and confirmed that I am the principal.
The refund transaction is as follows.
http://chain.nem.ninja/#/multisig/58ee64f9c9c597dc1692d3a70ab9e9a4608aeeda29f9749f01190d88f6ffbdca
http://chain.nem.ninja/#/multisig/8e0a1912995c00b4fbc1575326bfb5893a7a46d8818096dccb58073cc8492901
Thank you very much for your cooperation on personal verification.
Since I was able to verify with an account owned by himself in personal authentication, I refunded it.
The refund transaction is as follows.
http://chain.nem.ninja/#/multisig/161616926806ae6bbc495ae8eafe2ff297d1d9d1448bc540a2c1d5699b21f0cd
1 Like
It’s been a month since we started this project.
As a report, I will report only the part which is not a problem on security.
I got from accidental discovery and 5/sec (intel midrange CPU) We achieved a speedup of proof of concept to 13,000/sec.
(13000/sec is the measured value of the borrowed hardware, and this number is impossible on the machine I currently own.)
This is the speed which realized improvements repeatedly in the program for the past month.
The speedup of these computing abilities is a result of extensive efforts such as procurement of hardware by own funds is greatly involved.
And accordingly, algorithm change, direct reading of NIS DB files, and so on.
I am planning to develop in the future, seeking further efficiency improvement.
Today, we are planning to introduce equipment of about US$ 5,000 personally, and we will make efforts to prevent any NEM hacking in advance.
Even now hackers continue to calculate. Before that we have to find a brain wallet using weak passwords.
As an activity, I can also predict that it will be an activity whose end can not be seen.
Actually, the results of this one month in a program evolving from slow computation to refinement are as follows.
· Discovery of 550 vulnerable accounts
· Protection of 3.2 M xem
Here, I am active with self funds, and I am very troubled with financing.
Although the price of the equipment is also so, fee used for warnings etc. to vulnerable accounts is also considerably used.
In addition, for all vulnerable accounts, we all check reference to nembex and send a warning sent manually. We are developing it so that it can be automated here.
If there are people who can agree, I would like to ask donation to the address below.
I will clarify here that this is optional and not mandatory.
Donation destination address: NCH4UST5ITXTMLWSHKYFAAZXJNCSP7OFW3B3654L
Thank you.
2 Likes
Please, help. I created a new simple wallet. Now I need to transfer my funds from the old wallet, I can not do it. I made a screenshot for confirmation. Should I post a screenshot here?