As announced before, we were going to have a brute-force contest on the web wallet which is going to last for 1 year. The account was created and replenished with
10K SWIFT today. The address will be staking for next year and anyone who can crack it will be able to spend the staking rewards as well. Our web wallet's source code is on github. The algorithm to create the password and private key from the email address and password is the 144,000th keccak hash of both email + password with a semicolon in between.
It's noteworthy to mention that the passphrase which is the email + password with a semicolon in between is used like a salt in each hash. The operation can take up to 30 seconds on mobiles and up to 10 seconds on laptops. Most modern laptops and computers are still going to need at least half a second for each try.
The following video on Twitter proves the address for the contest is generated using this method by logging in via the web wallet. The email used to login is
email@example.com which does not exist in reality, and the password's length is 14 which is a combination of numbers and lower case characters only, but still passes the strength test which the web wallet forces upon all accounts. This contest will end on the 10th of January 2020! The person who refers this contest to anyone who can then hack it, will also receive an extra
10K SWIFT from @msg768. Spread the word and good luck!