Claude just recovered $400K from a forgotten Bitcoin wallet. That's a security warning, not a magic trick.
By Codcompass Team··6 min read
Context-Aware Dictionary Attacks: Why Your Digital Footprint is Now a Cryptographic Liability
Current Situation Analysis
The foundational assumption of password-based encryption has historically been that the search space for a human-generated password is large enough to render brute-force attacks computationally infeasible. This model relies on the separation between human cognition and machine speed: humans create passwords that are hard to guess, and machines are too slow to try every combination.
This separation is collapsing. The recent recovery of a dormant 2014 Bitcoin wallet containing approximately $400,000 demonstrates a paradigm shift in attack vectors. The wallet was not compromised by breaking elliptic-curve cryptography or SHA-256. Instead, an LLM generated a context-aware dictionary attack script. By ingesting biographical data, notes, and hints associated with the owner, the model produced a targeted candidate list of a few million variations. A GPU cluster then exhausted this reduced search space in hours.
This incident highlights a critical vulnerability that is often overlooked in threat modeling: Semantic Entropy. Traditional entropy measures randomness. Semantic entropy measures how predictable a password is given the owner's context. As LLMs improve at correlating public and private data points, the semantic entropy of human-chosen keys approaches zero. Attackers no longer need to search the entire keyspace; they only need to search the distribution of choices a specific human is likely to make.
The risk extends beyond cryptocurrency. Any long-lived encrypted asset—backups, password vaults, archived customer data, or local keystores—protected by a password derived from personal context is now vulnerable. The cost of executing these attacks is dropping, and the capability to correlate OSINT (Open Source Intelligence) with brute-force infrastructure is becoming accessible to non-state actors.
WOW Moment: Key Findings
The following comparison illustrates the efficiency gap between traditional brute-force methods and LLM-contextual attacks. The data underscores why the "strong password" definition must evolve from "unpredictable to humans" to "unreconstructible by models with access to your footprint."
Attack Vector
Effective Search Space
Success Probability (Contextual)
Time to Compromise
Compute Cost
Random Brute Force
$2^{128}$+
Near Zero
Millennia
Prohibitive
Public Dictionary
$10^8$ entries
Low (<1%)
Hours/Days
Low
LLM-Contextual Targeted
$10^6$ – $10^7$ candidates
High (>80%)
Minutes/Hours
Moderate
Why this matters: The LLM-contextual approach reduces the search space by orders of magnitude while maintaining a high success rate. It transforms an impossible cryptographic problem into a manageable computational task. This enables attackers to target assets tha
t were previously considered safe due to age or obscurity, provided the key derivation relied on predictable human patterns.
Core Solution
To mitigate this risk, systems must decouple key derivation from human memorability and public context. The solution involves migrating to Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) outputs for all long-term encryption keys and implementing robust key management practices.
Technical Implementation
The following TypeScript example demonstrates a secure key generation and encryption workflow. It contrasts a risky context-based approach with a secure random approach, emphasizing the use of crypto.randomBytes and modern authenticated encryption.
import { randomBytes, createCipheriv, createDecipheriv, scryptSync } from 'crypto';
import { promisify } from 'util';
const scrypt = promisify(require('crypto').scrypt);
interface SecureKeyPair {
encryptionKey: Buffer;
keyId: string;
}
interface EncryptedPayload {
ciphertext: Buffer;
iv: Buffer;
authTag: Buffer;
keyId: string;
}
class AssetEncryptionService {
/**
* Generates a high-entropy key using CSPRNG.
* This key has no semantic relationship to any user context.
*/
static generateSecureKey(): SecureKeyPair {
const keyId = randomBytes(16).toString('hex');
const encryptionKey = randomBytes(32); // 256-bit key
return { encryptionKey, keyId };
}
/**
* Encrypts data using AES-256-GCM.
* Requires a random key, not a password.
*/
static encrypt(data: Buffer, key: SecureKeyPair): EncryptedPayload {
const iv = randomBytes(12); // 96-bit IV for GCM
const cipher = createCipheriv('aes-256-gcm', key.encryptionKey, iv);
let ciphertext = cipher.update(data);
ciphertext = Buffer.concat([ciphertext, cipher.final()]);
const authTag = cipher.getAuthTag();
return {
ciphertext,
iv,
authTag,
keyId: key.keyId
};
}
/**
* Decrypts payload.
* Fails if key is incorrect or data is tampered.
*/
static decrypt(payload: EncryptedPayload, key: SecureKeyPair): Buffer {
const decipher = createDecipheriv('aes-256-gcm', key.encryptionKey, payload.iv);
decipher.setAuthTag(payload.authTag);
let decrypted = decipher.update(payload.ciphertext);
decrypted = Buffer.concat([decrypted, decipher.final()]);
return decrypted;
}
/**
* Demonstrates the risk of context-based derivation.
* DO NOT USE IN PRODUCTION.
*/
static riskyContextDerivation(context: Record<string, string>): Buffer {
// This simulates deriving a key from predictable inputs.
// An LLM can reconstruct this input space.
const contextString = JSON.stringify(context);
return scryptSync(contextString, 'salt', 32);
}
}
// Usage Example
const secureKey = AssetEncryptionService.generateSecureKey();
const sensitiveData = Buffer.from('Bitcoin wallet seed phrase or backup data');
const encrypted = AssetEncryptionService.encrypt(sensitiveData, secureKey);
console.log('Encryption successful. Key ID:', secureKey.keyId);
console.log('Store key securely. Key material:', secureKey.encryptionKey.toString('base64'));
Architecture Decisions
CSPRNG Key Generation: Keys must be generated using crypto.randomBytes or equivalent OS-level entropy sources. This ensures maximum entropy and zero correlation to user behavior.
AES-256-GCM: Authenticated encryption prevents tampering and provides confidentiality. GCM is efficient and widely supported.
Key Separation: The encryption key must be stored separately from the encrypted data. Storing the key alongside the ciphertext negates the security benefits.
No Password-Based Key Derivation for Long-Term Storage: Avoid deriving keys from passwords for assets that must survive years. Passwords are vulnerable to semantic attacks. Use random keys stored in secure locations.
Pitfall Guide
Pitfall
Explanation
Fix
Semantic Entropy Illusion
Believing that complex patterns (e.g., P@ssw0rd!2014) provide sufficient entropy. LLMs can infer these patterns from context.
Use CSPRNG-generated keys. Eliminate human-chosen passwords for critical encryption.
Cross-Asset Seed Reuse
Using the same base password or seed for multiple assets (e.g., wallet and backup). Compromise of one reveals the pattern for all.
Generate unique, random keys for each asset. Use a hierarchical deterministic wallet structure if seeds are required.
Ignoring OSINT Vectors
Failing to recognize that public profiles, old posts, and breached data can be correlated to reconstruct passwords.
Audit public footprint. Assume any personal detail is available to an attacker.
Weak KDF Parameters
Using fast key derivation functions (e.g., MD5, SHA-256) for password-based encryption, allowing rapid brute-forcing.
Use memory-hard functions like Argon2id with high iteration counts and memory limits.
False Security of Age
Assuming old encrypted files are safe because they are forgotten. LLMs can target these with low-cost attacks.
Treat all legacy encrypted assets as potentially compromised. Re-encrypt with random keys.
Memorable Passphrase Dependency
Relying on passphrases for long-term storage. While better than passwords, they still have semantic entropy.
Migrate to random keys. If passphrases are necessary, ensure they are truly random and not based on dictionary words.
Inadequate Key Storage
Storing random keys in the same location as encrypted data or in insecure cloud storage.
Use Hardware Security Modules (HSMs), paper backups in secure physical locations, or managed secret vaults.
Production Bundle
Action Checklist
Audit Legacy Assets: Identify all encrypted files, backups, and wallets created before 2020. Assume they are vulnerable to contextual attacks.
Migrate to Random Keys: Re-encrypt sensitive assets using CSPRNG-generated keys. Discard old password-based encryption.
Secure Key Storage: Store new keys in HSMs, hardware wallets, or encrypted offline media. Never store keys in the same system as the data.
Review Public Footprint: Minimize personal information available online. Remove old posts containing pet names, locations, or dates that could aid reconstruction.
Rotate Credentials: If old backups contained API keys or tokens, rotate them immediately. The data may be accessible even if the backup is encrypted.
Implement KDF Hardening: For any remaining password-based systems, enforce Argon2id with strict parameters (e.g., memory cost > 64MB, iterations > 3).
Test Recovery Procedures: Verify that key recovery mechanisms work without relying on human memory. Use Shamir's Secret Sharing for distributed key recovery.
Decision Matrix
Scenario
Recommended Approach
Why
Cost Impact
Personal Cold Storage
Hardware Wallet + Random Seed
Maximum security against semantic attacks.
High friction, moderate cost.
Dev Backup Archives
Random Key in Secret Vault
Balances security with operational ease.
Low cost, low friction.
User Authentication
Passwordless / MFA
Eliminates password as attack vector.
Medium cost, high UX benefit.
Legacy Data Migration
Re-encrypt with Random Key
Mitigates risk of old contextual passwords.
High effort, critical risk reduction.
Shared Team Secrets
HSM / KMS with RBAC
Centralized management, auditability.
High cost, high security.
Configuration Template
Use the following configuration for Argon2id when password-based encryption is unavoidable. This maximizes resistance to brute-force attacks.
Generate Random Key: Run openssl rand -base64 32 to create a 256-bit key.
Encrypt Asset: Use a tool like age or openssl with the generated key. Example: age -p -o encrypted.dat plaintext.dat (prefer random key input over passphrase).
Store Key Securely: Save the key in a hardware wallet, paper backup, or managed vault. Do not store it digitally in plain text.
Verify Integrity: Decrypt a test file to ensure the key and process work correctly.
Destroy Old Keys: Securely wipe any old passwords or keys used for the asset.
🎉 Mid-Year Sale — Unlock Full Article
Base plan from just $4.99/mo or $49/yr
Sign in to read the full article and unlock all 635+ tutorials.
