Researchers Discover a Cheap Method of Breaking Bitcoin Wallet Passwords (softpedia.com)

← Back to Stories (view on slashdot.org)

Researchers Discover a Cheap Method of Breaking Bitcoin Wallet Passwords (softpedia.com)

Posted by timothy on Thursday February 11, 2016 @01:04AM from the cheap-in-what-currency? dept.

An anonymous reader writes: Three researchers have published a paper that details a new method of cracking Bitcoin "brain wallet passwords," which is 2.5 times speedier than previous techniques and incredibly cheap to perform. The researcher revealed that by using a run-of-the-mill Amazon EC2 account, an attacker would be able to check over 500,000 Bitcoin passwords per second. For each US dollar spent on renting the EC2 server, an attacker would be able to check 17.9 billion password strings. To check a trillion passwords, it would cost the attacker only $55.86 (€49.63). In the end, they managed to crack around 18,000 passwords used for real accounts.

96 comments

Min score:

Reason:

Sort:

So for everything else also by roks · 2016-02-11 01:07 · Score: 0

New method?
1. Re:So for everything else also by Anonymous Coward · 2016-02-11 01:35 · Score: 1
  
  No. Actually the method is from August 2015, but this one is faster and cheaper, from what I can read from the article and research paper PDF. Still a long shot, but if any of those 18,000 wallets holds a ton of Bitcoin, then it's worth the investment.
$5 wrench? by Anonymous Coward · 2016-02-11 01:09 · Score: 0

XKCD
1. Re:$5 wrench? by binarylarry · 2016-02-11 01:27 · Score: 1
  
  Why build a million dollar cluster when you can just use AWS?
  
  --
  Mod me down, my New Earth Global Warmingist friends!
2. Re: $5 wrench? by Anonymous Coward · 2016-02-11 01:30 · Score: 0
  
  Doesn't work if the wallet owner is on the other side if the planet.
  Extend the protocol to allow up to 20 passphrases?
3. Re:$5 wrench? by bickerdyke · 2016-02-11 02:39 · Score: 1
  
  Because with the million-doller-cluster, the victim never will know what hit him.
  Never underestimate the element of seagull.
  
  --
  bickerdyke
4. Re:$5 wrench? by dpidcoe · 2016-02-11 06:57 · Score: 1
  
  Because with the million-doller-cluster, the victim never will know what hit him.
  The same could potentially be said for the wrench method though if the wrench operator has brushed up on their ninja skills.
hmm by Anonymous Coward · 2016-02-11 01:14 · Score: 0

now imagine the NSA doing this
1. Re:hmm by Anonymous Coward · 2016-02-11 02:06 · Score: 0
  
  now imagine the NSA doing this
  My god man, that could destabilize the entire Bitcoin economy. It would be chaos.
I don't understand this by Anonymous Coward · 2016-02-11 01:16 · Score: 0

IF (PASSWORD CHECKED > 2 TIMES PER SECOND)
THEN (BLOCK ACCOUNT UNTIL USER CONTACTED AND RESOLVED)
So is this a theoretical approach that means nothing in the real world?
1. Re:I don't understand this by Anonymous Coward · 2016-02-11 01:23 · Score: 0
  
  you might want to look up how bitcoin wallets work. The only user information is knowledge of the wallet's key (password). If you know the key, you effectively own that wallet.
2. Re:I don't understand this by Anonymous Coward · 2016-02-11 01:34 · Score: 4, Informative
  
  It's an offline attack. There is no server against which these passwords are checked. "Brain" wallets are wallets where all keys are derived from a memorized secret through cryptographic functions. You enter the secret password into a program and it "recreates" from that password the Bitcoin addresses and secret keys that you need in order to spend the balances associated with those addresses. In a more conventional wallet, the addresses and keys are generated randomly and stored in a file, typically encrypted with a passphrase. In that case you'd need the passphrase and the stored wallet to gain access to the keys. The advantage of a brain wallet is that you can't lose the wallet file, because there is none. The disadvantage is that it's "single factor": You only need the password/passphrase (something you know) to access it. Conventional wallets are two-factor: You need the passphrase (something you know) and the wallet file (something you have).
3. Re:I don't understand this by Anonymous Coward · 2016-02-11 01:35 · Score: 2, Informative
  
  Again, you're not understanding how a wallet works. The wallet is nothing more than a public key, and the private key is the password, the bitcoin blockchain stores the balance/other stuff.
  When you have the wallet address, you can try searching for the private key, which is supposed to takes extreme amounts of computation to find. At no point in testing these keys do you ever have to communicate with anything else outside of the l1 register in the processor searching for the key.
4. Re:I don't understand this by Anonymous Coward · 2016-02-11 01:35 · Score: 1
  
  You might want to look up how bitcoin wallets work. The entire wallet is there. The software governing it is open, and typically compiled by the user. An attacker only has to remove the WRONG_PASSWORD check you're talking about and they're back to the races.
  Or, more likely, the attacker already stripped out the code they need from the application to check the wallet (sans silly 2 second wait) and has their own software checking against it.
  This isn't a case of asking your local RADIUS server if the username/password you sent is correct, where, assuming you don't own the RADIUS server you can't control how it responds. This is a case of an encrypted file on your own machine (or, in the case of an attacker, in an attackers hands). You, or the attacker, own the means of authentication. Why would you, as an attacker, make things hard on yourself?
5. Re:I don't understand this by Anonymous Coward · 2016-02-11 01:36 · Score: 0
  
  I can lock you from ever getting at your own money if you implement that.
6. Re:I don't understand this by KiloByte · 2016-02-11 01:39 · Score: 1
  
  Then anyone with a botnet can stop you from authenticating forever by simply issuing a request every 2 seconds.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
7. Re:I don't understand this by Anonymous Coward · 2016-02-11 01:39 · Score: 0
  
  Bitcoin is decentralized, remember? You can limit key checks only via wallet services. You can't limit these attempts via calls to the actual blockchain. It's a little bit complex. But I might be wrong, since I don't use it that much. Any Bitcoin expert, feel free to dismiss my explanation.
8. Re:I don't understand this by Big+Hairy+Ian · 2016-02-11 01:44 · Score: 1
  
  Then surely this is bad news for PKI in general or are we saying Bitcoins implementation of PKI is rubbish?
  
  --
  Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
9. Re:I don't understand this by Anonymous Coward · 2016-02-11 01:46 · Score: 0
  
  They are cracking a local encrypted file, there are no server gimmicks
10. Re:I don't understand this by Anonymous Coward · 2016-02-11 01:53 · Score: 1
  
  It's a brute force attack. They have their own implementation of a brain wallet create wallets from a list of passwords and check if the generated addresses have been used (i.e. are in the block chain). If you use a "brain wallet" and your passphrase is on their list of passwords, then they'll find your Bitcoin addresses and with them the keys, the same way your wallet software generates them from your passphrase. If your password is not on their list, they can't steal your coins.
11. Re:I don't understand this by Anonymous Coward · 2016-02-11 01:57 · Score: 0
  
  An actual solution to this is make sure that for every password checked you do 100k iterations for whatever Key deriv. function you're using.
  Check all you like, but you're spending an excruciating amount of time per combination. See bcrypt for an example.
12. Re:I don't understand this by Opportunist · 2016-02-11 02:21 · Score: 0
  
  Ok. Maybe we should outlaw any kind of currency while we're at it?
  Or at least that pesky cash.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
13. Re:I don't understand this by Big+Hairy+Ian · 2016-02-11 02:27 · Score: 1
  
  Ah so basically they are creating a list of public/private key/password combinations. So if you have someones public key you can lookup their private key and password if it's one you've already done. Sounds to me like Bitcoin are using PKI keys that are too short. Not to panic though I know banks that are still using Triple DES :|
  
  --
  Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
14. Re:I don't understand this by Anonymous Coward · 2016-02-11 02:30 · Score: 0
  
  I think what's missing is understanding of what a "brain wallet" is. Rather than keeping a private key in a file on your drive (encrypted or not), a "brain wallet" is a program that deterministically generates a private/public keypair from a password/phrase. Thus you keep the key in your brain, and when you use your account the keys are regenerated on the spot. It also means anyone who guesses the same password as you gets the same key as you and thus your account.
15. Re: I don't understand this by Anonymous Coward · 2016-02-11 02:31 · Score: 0
  
  The central banks of the world are actively seeking to ban cash. It will likely happen within our lifetimes.
  As for human trafficking, the stats include survivors fleeing war zones -- like just about every refugee in Europe, for example. The trouble with statistics is often the definitions.
  The vast majority of trafficking is male labor, of course. But that's the category least talked about.
16. Re:I don't understand this by castionsosa · 2016-02-11 02:32 · Score: 1
  
  I have read discussions on how to mitigate this. Perhaps some slight proof of work? Or, on the underlying protocol, use something like bcrypt and require a certain number of rounds to be run before the wallet is unlocked.
  Brain wallets are useful. By having some key strengthening algorithm in place wouldn't stop brute-forcing, but it would at least slow them down.
17. Re:I don't understand this by mark-t · 2016-02-11 02:36 · Score: 1
  
  While I won't dispute that bitcoin might get used to obscure illegal activity, and I won't even argue that it may even most often be used for such purposes, it is clearly false to suggest that it is never used for anything that is actually entirely okay.
  Don't blame the owners of a tool for the actions of those who might use that tool to harm others, no matter how prolific such use might appear to be. Down that same path lies the reasoning that some governments are using to try and block strong encryption entirely.
  
  --
  File under 'M' for 'Manic ranting'
18. Re:I don't understand this by Big+Hairy+Ian · 2016-02-11 03:18 · Score: 1
  
  *Generates key for "Letmein"*
  
  --
  Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
19. Re:I don't understand this by GameboyRMH · 2016-02-11 03:41 · Score: 1
  
  It sounds like the brain wallet is simply a bad idea then. It practically reduces the security of your bitcoin wallet to nothing more than the strength of your password.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
20. Re:I don't understand this by BlueMonk · 2016-02-11 03:57 · Score: 1
  
  I believe the problem is not that the keys used by the bitcoin infrastructure are too short, but rather that the variation in brain wallet passwords is insufficient, or that it's too easy to convert a brain wallet passwords into a bitcoin public keys to check if they match. The fact that randomly generated keys are not susceptible to this attack like brain wallet passwords are is an indication that its not the infrastructure at fault, I believe.
21. Re:I don't understand this by michelcolman · 2016-02-11 04:28 · Score: 1
  
  Worse, apparently. They can try a whole bunch of possible combinations of words from a dictionary, and for each one, check the block chain to see if the resulting address has been used. They don't have to guess anyone's password in particular, just guess a combination of words that has been used by someone, anyone at all. Instead of trying combinations of userIDs and passwords, you just have to try passwords.
22. Re:I don't understand this by BarbaraHudson · 2016-02-11 05:36 · Score: 1
  
  Either way is a cheap method to deny someone access to their bitcoins.We could call it a DoB (denial of bitcoins attack), or if we use a botnet, a DDoB.
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
23. Re:I don't understand this by Anonymous Coward · 2016-02-11 05:43 · Score: 0
  
  You're not understanding how this works at all. For the same reason you can't recover a password.
  Bitcoin has no central password storage. Essentially you're downloading the public information and bruteforcing it on your own hardware. It's like downloading a password protected zip/rar file and testing every combination in sequence. The zip file isn't going to be rendered unusable by failing.
  The real solution has more to do with how the public and private pieces are stored. Literately you can not store a password or passphrase. You need a temporal key generator (eg your smart phone) to generate half the code, and a biometric to generate the other half. The biometric makes it so that only you (or someone who has killed you, or under duress forced you) can unlock the first half, and the temporal key ensures that you can't just move the key generation somewhere else (eg by pulling it from a phone cloud backup.) But knowing how stupid people are, they would likely use an Android device emulator for the temporal key, making it trivial to just download the android image to another device.
  Remember that the best password system is "something you know" and "something you have", basically the temporal key replaces "something you know" with "something I can replicate the conditions to produce a correct response to a challenge"
24. Re:I don't understand this by BarbaraHudson · 2016-02-11 05:47 · Score: 1
  
  To fine one particular key for one particular individual, sure. However, there's more than one individual in the blockchain. That's why they were able to crack 18,000 passwords.
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
25. Re:I don't understand this by Anonymous Coward · 2016-02-11 07:16 · Score: 0
  
  If you make calculating one wallet more expensive, then you make the entire attack more expensive by the same factor. The goal would be to drive the cost of running all those EC2 instances up so much that it is higher than the expected loot. Cracking 18000 wallets for $55 sounds like you'd have to make the calculation a lot more expensive though.
26. Re:I don't understand this by sexconker · 2016-02-11 07:48 · Score: 1
  
  You might want to look up "brain wallet". Anyone using a "brain wallet" is an idiot.
27. Re:I don't understand this by BarbaraHudson · 2016-02-11 12:18 · Score: 1
  
  Or try the same result on 200,000 wallets - odds are high that after a while, you'll hit several wallets with the same key phrase. You don't have to crack any specific one - it's like trying your car key on every car door at the shopping center - eventually another one will open (had that happen twice by accident).
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
28. Re:I don't understand this by Anonymous Coward · 2016-02-11 20:51 · Score: 0
  
  You don't "try the same result on 200,000 wallets". You try a password by creating one wallet. Wallets are collections of addresses and keys. Then you compare the addresses you created to all addresses that have received money. This is public information: It's the block chain. So, effectively you are "trying the same result" not just on 200,000 wallets but on all wallets. But if you assume that creating one wallet will, by chance, give you access to the addresses and keys of a different wallet, you are wrong. The namespace for the addresses and keys is so large that the likelihood of a collision is too small to matter. If an address created from the password you tried matches an existing address, it is overwhelmingly likely that it was created the same way. This attack only works because people use bad passwords. It does not exploit an underlying flaw in the cryptography.
29. Re: I don't understand this by Anonymous Coward · 2016-02-12 16:46 · Score: 0
  
  I just call it "underwear".
30. Re:I don't understand this by Bengie · 2016-02-14 04:26 · Score: 1
  
  It's an offline attack on publicly distributed information. This may be news to you, but BitCoin is a distributed system, not a website.
31. Re:I don't understand this by Bengie · 2016-02-14 04:31 · Score: 1
  
  This should be the rule of thumb for any password protected file that is very likely to be accessible offline. Like password protected storage. Most people are willing to wait a few seconds to much a much more protected boot drive.
replace "bitcoin wallet" with any noun by Anonymous Coward · 2016-02-11 01:19 · Score: 0

And its still true. If people use "password123" for a password, you can crack it pretty easily.
1. Re:replace "bitcoin wallet" with any noun by U2xhc2hkb3QgU3Vja3M · 2016-02-11 02:54 · Score: 2
  
  That's why I use "password12345luggage", nobody's ever going to guess it!
2. Re:replace "bitcoin wallet" with any noun by U2xhc2hkb3QgU3Vja3M · 2016-02-11 02:55 · Score: 1
  
  Oh wait... D'oh!
3. Re:replace "bitcoin wallet" with any noun by turbidostato · 2016-02-11 03:31 · Score: 1
  
  I see what you did here!
  You exchanged your username and your password!
Whats New? by Anonymous Coward · 2016-02-11 01:19 · Score: 0

What is the new thing about this approach, apart from the fact that it uses EC2? It is no secret that brute forcing passwords needs a lot of computing resource, and of course the cloud offers a cheaper way of doing it... No story here?
1. Re:Whats New? by Anonymous Coward · 2016-02-11 01:36 · Score: 1
  
  The story here is the fucktardedness of "brain wallets".
  You have a system secured by a large ECC key of 256 bits or so.
  And then you generate your 256-bit key by SHA-256ing a password that has maybe 40 bits of entropy.
  And then you use it to protect all of your money.
  Whoever thought of this genius "brain wallet" idea needs to be shot.
2. Re:Whats New? by Anonymous Coward · 2016-02-11 01:59 · Score: 0
  
  I suspect someone was just under pressure to publish a research paper to maintain funding and cranked this one out.
3. Re:Whats New? by Anonymous Coward · 2016-02-11 02:09 · Score: 0
  
  Looking for a Ouroboros cloud compute platform that take Bitcoin as payment
4. Re:Whats New? by Anonymous Coward · 2016-02-11 03:10 · Score: 1
  
  I can see using a brain wallet as a sort of traveller's check. Say one is going to a country where everything is thoroughly scrutinized, all physical papers copied and photographed, all electronic devices are searched, all data on all devices is copied off, and anything encrypted (like normal wallets) will be "decrypted" courtesy of a rubber hose and a $5 wrench. In the country, electronic communications are firewalled, so logging onto $REMOTE_STORAGE, or booting up a small live CD distro to fire up Citrix isn't possible.
  Here, brain wallets would be usable. Before embarking on the trip to Lower Elbonia, create a brain wallet, transfer funds to it. Then, after passing through Elbonia's customs, use your BTC client, create a wallet, and pay as normal. When heading back to civilization, either use a brain wallet (for access in the interim), or just move the currency in the wallet created in Lower Elbonia to your secure (yet inaccessible wallet.)
  There are other uses as well. Sometimes it might be useful to transfer coins with just a small piece of paper or a sentence.
researches discover a way to commit crime by Anonymous Coward · 2016-02-11 01:22 · Score: 0

jail em
1. Re:researches discover a way to commit crime by Anonymous Coward · 2016-02-11 01:34 · Score: 1
  
  researchers discover what criminals have known for years.
2. Re: researches discover a way to commit crime by Anonymous Coward · 2016-02-11 01:42 · Score: 0
  
  This. Folks who know what they're doing, are often times several years ahead of whatever shows up in the news.
3. Re:researches discover a way to commit crime by U2xhc2hkb3QgU3Vja3M · 2016-02-11 02:57 · Score: 1
  
  So... jail all politicians and lawyers?
  Oh sorry, these guys are committing legal crimes.
  Carry on.
$dollars by epine · 2016-02-11 01:54 · Score: 1

Password entropy rule of thumb: 40 + log2($dollars)
Yes, I know, for some of you it really sucks to have to come up with 70 bits. But, hey, there's always charity.
Not a big deal - Read the article by Anonymous Coward · 2016-02-11 01:58 · Score: 0

Basically if you pick a bad password it is likely to get cracked. We already knew that.
Some of the passwords:
party like it's 1999
yohohoandabottleofrum
dudewheresmycar
andreas antonopoulos
If you pick a long and actually random phrase it would still take millions of years to brute force.
you can't limit the number of retry by JcMorin · 2016-02-11 01:59 · Score: 1

Breaking the wallet has nothing to do with the blockchain or any online service. It's a local encryption stuff. If the software had a stupid limit, the hacker can just recompile it without the stupid limit so it's pointless (open source software remember). The password should be 12 to 20 words from the dictionary. Make it a billion times harder, thus a billions times more expensive to craft. The law of number make it not cost-effective. Remember brain wallet is something created to recreate your wallet, it's not the bitcoin protocol itself.
And then they all retired by anvilmark · 2016-02-11 02:02 · Score: 1

and lived happily ever after.
Well to be fair... by Junta · 2016-02-11 02:02 · Score: 1

So one, I think bitcoin itself is pretty risky... that said if I were to accept the premise and argue from there.
I would think a 'brain wallet' would be like a 'wallet', i.e. something you have with you at any given time in case you want to spend some cash but can't get to your savings account right now. So you take on some risk on a few hundred dollars in exchange for being to spend it more easily. You move money in and out of it as needed when you get back to where your more secure setup is.

--
XML is like violence. If it doesn't solve the problem, use more.
Wow what a surprise... by Noryungi · 2016-02-11 02:04 · Score: 1, Interesting

In other words, Bitcoin is finally getting the attention it deserves from security researchers. And, surprise! It's full of bugs!
I would be tempted to say: "Film at 11" or even "told ya so", but the truth of the matter is, I have suspected for a long long time that Bitcoin was not as secure as its proponents have been saying all along.
I am waiting for the price of bitcoin to fall pretty freaking fast, once everyone realizes hard-earned bitcoins can be stolen from thin air extremely easily, like they have been stolen in the past.
I still think Bitcoin may yet be proven as the tulip craze of the 21st century. Some people will lose their shirts. Things never change (madness and wisdom of the crowds, yadda yadda yadda).
You can mod me down now.

--
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
1. Re:Wow what a surprise... by Anonymous Coward · 2016-02-11 02:09 · Score: 5, Informative
  
  Brain wallets are wallets where password phrases are chosen by the user. It's not Bitcoin that's vulnerable, it's humans. The standard way for wallets to be generated is based on private keys that are randomly generated, not picked by a user.
2. Re: Wow what a surprise... by bill_mcgonigle · 2016-02-11 02:16 · Score: 1
  
  The trouble with merely modding down comments like these down is we don't have a "long winded, no idea what he's talking about" mod.
  This is simple crypto optimization, like happens every year. It's necessary and expected, and :shudder: anticipated by the designers of bitcoin (aside: stop looking for one man, stupid magazines).
  Personally, I'm intrigued as I have a very old wallet I've forgotten the password to, and commission-based cracking services have been unable to touch it. Sadly, it's not worth much more than the EC2 time but it's a bur in my saddle to have it outstanding.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
3. Re:Wow what a surprise... by Anonymous Coward · 2016-02-11 02:17 · Score: 0
  
  >I am waiting for the price of bitcoin to fall pretty freaking fast, once everyone realizes hard-earned bitcoins can be stolen from thin air extremely easily, like they have been stolen in the past [coindesk.com].
  You'll be waiting a long time. People still use credit cards, after all, and in the US once one swipe or one untrustworthy bartender/waiter away from theft from thin air (no further access to your card required). Somehow the credit card industry hasn't collapsed from people running scared.
  Yes, I'm aware unlike credit cards, Bitcoin isn't insured. That's a failure of the insurance industry to take advantage of the situation, because Bitcoin is a small time item. Someday insurance companies will offer insurance for Bitcoin, and then it will offer the same security as credit cards. It's already happening here and there.
  >I still think Bitcoin may yet be proven as the tulip craze of the 21st century. Some people will lose their shirts. Things never change (madness and wisdom of the crowds, yadda yadda yadda).
  8 years of, on the long term, constant gain is a ridiculously long tulip mania, which was only considered a mania for less than 1 year.
  But hey, whatever floats your boat. Fiat will be around, probably forever, and it will continue to be accepted everywhere (if for any reason, because the government forces it so), and likely most all jobs will continue to pay in it. If you don't want to participate in Bitcoin, you can see yourself out. Nobody will care. Though I think as payment acceptors continue to say no to anything that feels like it could tarnish their supposedly golden record, you may find yourself without the ability to pay for certain legal but less savory goods. And, of course, you will still need to use that antique system of a sixteen digit number (now with an added 3 digits!) to protect you from headaches when you pay for items you are still allowed (by the credit card processor) to buy online.
  Me, I like governing my own protection, and I sure as heck used more than 19 digits to protect my bitcoin! And fortunately, a lot of places accept it, so many I've forgotten my 16 digits + the 3 'hidden' ones. :D
4. Re: Wow what a surprise... by Orgasmatron · 2016-02-11 02:37 · Score: 1
  
  This won't help you recover your old wallet. It has nothing to do with bitcoin wallet passwords, which are encrypted with AES-256-CBC.
  Amusingly, they appear to have applied Sipa's highly optimized ECDSA library to help find UTXOs that can be spent with their brute forced "brain wallet" privkeys.
  
  --
  See that "Preview" button?
5. Re:Wow what a surprise... by Crowd+Computing · 2016-02-11 02:54 · Score: 1
  
  The overwhelming majority of the so-called Bitcoin bugs we read about are bugs affecting particular implementations. In this case, this concerns the use of common English words as a sort of mnemonic code to generate a set of Bitcoin wallet addresses. A Bitcoin wallet program not using such a security method would not be affected by this attack.
6. Re:Wow what a surprise... by Anonymous Coward · 2016-02-11 02:57 · Score: 0
  
  How is this a bug in bitcoin?
7. Re:Wow what a surprise... by ledow · 2016-02-11 03:03 · Score: 4, Informative
  
  Not really.
  If someone gets hold of your wallet enough to try passcodes, it's game over anyway.
  It's like saying that credit cards are insecure because they only have 10,000 possible 4-digit PINs. Well, yes. But the general idea is to stop them getting the card in the first place, and to use other security measures to protect the card.
  The stupid idea of having such emphemeral wallets that are vulnerable to these kinds of attacks was ridiculous before it started. That's not "normal" Bitcoin.
  For normal Bitcoin, you make a wallet file on your machine, encrypt the wallet file with a strong passphrase, perform transactions, then store it in a safe place. You only get it back out on a secure machine where you're required to enter the passphrase again to do anything useful with it.
  If someone is on the machine that you perform BitCoin transactions on, to the point that they can read your wallet file and try to enter passphrases, that's game over anyway. They could just as easily just sniff your keyboard for the passphrase.
  Again - stupid security "attack" that wouldn't happen in real life unless you were a complete dope anyway, is taken as "bad news" for an unrelated technology which people like you jump on the bandwagon of disparaging without checking facts.
  Hint: Word .doc passwords aren't secure either. Or old (pre-AES) ZIP file passwords. You can easily check just as many of those in the same time as this "attack" on something like EC2. The idea is that you don't let people get a file full of expensive information in the first place, or rely on such naff security if that's what you want to do. And that's exactly what BitCoin does too.
  The wallet decryption is only valid if someone can copy your wallet. And that's, quite literally, like someone taking your wallet in real life. The problem is already there. That they might be able to use it to cost you money is entirely logical from that point onwards.
8. Re:Wow what a surprise... by Asgard · 2016-02-11 04:03 · Score: 3, Insightful
  
  This attack is different then the one you describe. You are describing someone attacking an encrypted wallet file. The attack in this article is based on generating wallets that are identical to someone else's without having access to their data.
  When you generate a 'standard' wallet, the computer generates a large random number and uses that as the basis for the wallet. In brainwallet, a human picks a phrase that is the basis for the wallet. Humans are monumentally poor at picking one that cannot be guessed. That is the target of this attack. If user Alice generates a brainwallet with the phrase 'i am a fish', attacker Dave can use EC2 to generate an identical wallet (and thus be able to transfer the coins elsewhere) with the base phrase 'i am a fish'.
  The Bitcoin community has been aware that brainwallets are interesting-but-a-bad-idea for quite some time.
9. Re:Wow what a surprise... by Khyber · 2016-02-11 04:12 · Score: 1
  
  No, bitcoin is quite vulnerable, especially with some of the latest updates. The new transaction reverse feature is so easily abused as to be worthless. I can 'buy' something with bitcoin and then reverse the transaction. You're shit out of money, shit out of product, and shit out of luck. No real chance of recourse.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
10. Re:Wow what a surprise... by golgotha007 · 2016-02-11 04:14 · Score: 1
  
  If bitcoins can be "stolen from thin air extremely easily" as you suggest, then today all the bitcoins would be already stolen. The MtGox fiasco was because their backend systems and code were not hardended. This was also back in the day when single-sig was used and an exchange would have full control of your coins. Today with multi-sig, it's not possible for an exchange or third party to steal your coins - they don't have control of them.
  Please do some research before posting such misinformation as this. You should be embarrassed (at least, I'm embarrassed for you).
11. Re:Wow what a surprise... by Khyber · 2016-02-11 04:17 · Score: 1
  
  "8 years of, on the long term, constant gain is a ridiculously long tulip mania"
  No. Bitcoin pretty much followed the exact same pattern as any regular financial note, right down to bull runs and bear traps, on a much higher-accelerated timescale. This means that it is likely that Bitcoin will have a depression, a serious one, faster than you expect.
  And as it stands, with China holding the majority of bitcoin and hashing power, (they are the ones manufacturing these ASICs and such) they effectively control the currency. The Great Firewall of China doesn't make transaction times any easier, and the ledger/blockchain is so huge as to be useless to anyone new to the currency.
  This is very clearly an 'established players only' playground. It's the exact same bullshit as the Federal Reserve.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
12. Re:Wow what a surprise... by Anonymous Coward · 2016-02-11 04:17 · Score: 0
  
  > The new transaction reverse feature is so easily abused as to be worthless. I can 'buy' something with bitcoin and then reverse the transaction.
  That's not how that works.
13. Re:Wow what a surprise... by Khyber · 2016-02-11 04:34 · Score: 1
  
  "It's like saying that credit cards are insecure because they only have 10,000 possible 4-digit PINs"
  That has not been true for a while, now. Wells Fargo makes you pick a PIN up to 12 digits long, now. It's en like that since I got my WF account in ~2008.
  Of course, 12 digits in a 10-digit numerical system makes things a bit easier to break due to necessarily repeating symbols, but oh well.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
14. Re:Wow what a surprise... by castionsosa · 2016-02-11 05:46 · Score: 1
  
  BitCoin will wind up between being the next best thing since sliced bread and refrigeration versus a tulip fad. It is a new sector for financial trade, and has already had its first tier of scammers and pump and dumpers.
  What will happen is that it will evolve. Either BitCoin adds features, or a BTC 2.0 will come along to give more features to allow it to be used in more circumstances. Things like escrow where Charlie can independently inspect goods, then allow or decline an Alice -> Bob transaction. Or, allowing a transaction to have info in it, such as "sales tax/VAT is part of this payment" or a "For:" field, which shows that the seller did pay taxes, so a blockchain accounting can show the books are balanced.
15. Re:Wow what a surprise... by BarbaraHudson · 2016-02-11 06:00 · Score: 1
  
  and in the US once one swipe or one untrustworthy bartender/waiter away from theft from thin air (no further access to your card required).
  That's only true for backwards places that still require you to swipe your card. Even the US is changing - mostly moving to the less secure chip and signature, instead of chip and pin, but it's progress.
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
16. Re:Wow what a surprise... by Anonymous Coward · 2016-02-11 07:03 · Score: 0
  
  >No. Bitcoin pretty much followed the exact same pattern as any regular financial note, right down to bull runs and bear traps, on a much higher-accelerated timescale. This means that it is likely that Bitcoin will have a depression, a serious one, faster than you expect.
  I'm sorry, I thought we were discussing Tulip Mania. Apparently we aren't anymore. No problem, yes, compared to traditional financial investments, Bitcoin is a roller coaster. Compared to Tulips, it isn't Tulips. Changing the topic only confuses things, if you ask me.
  Bitcoin users worldwide have stated many times to stop treating it as an investment. The originators of bitcoin never said it was an investment. Other groups have come about and offered it as one. That does not mean it is an investment. Treat is as money, especially as money you you use to temporarily facilitate transactions and you'll be happier. FWIW, no sane financial investor would suggest you get some paper money, stick it in a drawer and watch it grow, either. They'll tell you you're nuts. Just like I'm telling you the same thing. Though I do have a couple of bitcoin because I look at it as a similar gamble to a lottery ticket.
  >And as it stands, with China holding the majority of bitcoin and hashing power, (they are the ones manufacturing these ASICs and such) they effectively control the currency. The Great Firewall of China doesn't make transaction times any easier, and the ledger/blockchain is so huge as to be useless to anyone new to the currency.
  So much like US currency then.
  >This is very clearly an 'established players only' playground. It's the exact same bullshit as the Federal Reserve.
  So, yeah, same thing, like US currency and heck, most all investments out there, including the ones that financial experts suggest as a good buy. I'm not getting the point. People are not happy because it doesn't work like money, and it's like Tulips, but when it isn't like Tulips, it's like stock and they are unhappy that it is similar to money. My head is literally asploding right now.
17. Re:Wow what a surprise... by Katmando911 · 2016-02-11 11:52 · Score: 1
  
  No, bitcoin is quite vulnerable, especially with some of the latest updates. The new transaction reverse feature is so easily abused as to be worthless. I can 'buy' something with bitcoin and then reverse the transaction. You're shit out of money, shit out of product, and shit out of luck. No real chance of recourse.
  Can you link to what you are talking about? I thought the only way to actually reverse a transaction in Bitcoin would be to control 51% of the hashing power in the system. (i.e. generate a longer blockchain without that transaction which would invalidate the block with the transaction)
Unsafe practices still unsafe by Orgasmatron · 2016-02-11 02:24 · Score: 5, Informative

Is it even possible for Slashdot to do competent reporting on a bitcoin story? I know you guys rely on "news" sites to do the actual reporting, but one thing the new management could really do to win favor from older users is to learn a little about the topics being reported so that misleading or stupid stories and headlines could be avoided now and then.
The passwords used by the bitcoin program to encrypt wallets is just fine.
What is broken is "brain wallets", which were never a good idea, and were never safe.
Any arbitrary string of the appropriate length can be a bitcoin private key. The bitcoin software tries really hard to generate them with as much entropy as possible ("randomly"). To create a "brain wallet", you start with a low entropy string, so low that you can remember it in your brain, and then you do stuff to it to expand it out to the key length.
Naturally, the "do stuff to it" part cannot add any entropy, otherwise you wouldn't end up with the same private key every time.
Now some brain wallet schemes try really hard to maximize the amount of work involved in the "do stuff to it" stage. Some of them even use highly regarded PBKDF functions.
Here is the workflow for cracking brain wallets:
1. seed phrase guess
2. derive privkey
3. derive pubkey
4. derive pubkey hash
5. scan UTXO set
Password researchers optimized step 1 years ago.
Clusters for hire in the cloud have been attacking step 2 for a while now, mitigating the work amplification in PBKDF.
What these researchers have done now is find a faster method of generating the pubkey hashes and scanning the UTXO set for coins that can be spent. (Steps 3-5)
Bitcoin remains fine. Don't use brain wallets. We told you they were a bad idea years ago, and now we have (even more) confirmation.

--
See that "Preview" button?
1. Re:Unsafe practices still unsafe by Khyber · 2016-02-11 04:38 · Score: 0
  
  "Is it even possible for Slashdot to do competent reporting on a bitcoin story?"
  Is it possible for Bitcoin to be competent? Nope. Not as long as your literal backing is the price of electricity/hardware you spent to make a bitcoin instead of an actual good or service. When people figure that out and realize that they're paying hundred of dollars for something that ultimately cost a few cents to create, they're going to leave you high and dry.
  The only people that approve of this new-age Ponzi Scheme are those typically performing criminal activities, the overly-paranoid, conspiracy nutjobs, and the people that plan on taking advantage of the other aforementioned groups.
  So which one are you?
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
2. Re:Unsafe practices still unsafe by Anonymous Coward · 2016-02-11 04:44 · Score: 0
  
  Let me get this right, they generated the private key based on a passphrase alone? (even if passed through a PBKDF).
  Wow. Just wow. This is why you don't let amateurs design cryptographic systems.
3. Re:Unsafe practices still unsafe by Orgasmatron · 2016-02-11 06:17 · Score: 1
  
  Brain wallets are not and never have been part of bitcoin (the software) or bitcoin (the protocol) or bitcoin (the network), but they are part of bitcoin (the ecosystem).
  A key is just some bits, and a transaction is just a script. You can manage your keys and transactions offline, with only minimal contact to the software/network. This enables some really cool stuff, and even some really serious high security schemes.
  But it also enables some really stupid bad ideas. Guess which category "Brain wallets" fits into...
  
  --
  See that "Preview" button?
4. Re:Unsafe practices still unsafe by Orgasmatron · 2016-02-11 06:37 · Score: 1
  
  Literal backing? What does that even mean? And are you aware that when you withdraw cash from your bank account, you are "paying hundred[s] of dollars for something that ultimately cost a few cents to" print?
  Personally, if I had to pick from your three groups, I'd probably be in the first one, but that's mostly because it is no longer possible for a U.S. citizen to get through a day without committing a federal crime of some sort.
  None of my bitcoin uses had anything to do with crime, or paranoia, or taking advantage of others. I used bitcoins to purchase a rifle, for example, and it was shipped to a FFL in my state, where I filled out the 4473 and waited for the NICS check. I wouldn't have done it that way if my interest had been either crime or paranoia. And the seller was well known for taking bitcoin payments long before I came around, so I don't see how I could have taken advantage of some poor defenseless gunstore.
  I prefer to think of myself as a student of money, and a fan of technology. Bitcoin is a step closer to the platonic ideal of "money". It is no more or less virtual than the dollar or the euro or the yen, but it is decentralized. And just like the dollar, the euro, the yen, or even (to an extent) gold, it is worthless beyond being useful as money. (Yes, I know that gold has industrial and aesthetic uses, but they are economically trivial.)
  
  --
  See that "Preview" button?
5. Re:Unsafe practices still unsafe by calque · 2016-02-11 17:52 · Score: 1
  
  I used bitcoins to purchase a rifle, for example, and it was shipped to a FFL in my state, where I filled out the 4473 and waited for the NICS check. I wouldn't have done it that way if my interest had been either crime or paranoia.
  Did you pay sales tax?
6. Re:Unsafe practices still unsafe by Orgasmatron · 2016-02-11 19:52 · Score: 1
  
  No, but I did report it as "use tax" on my next state tax return.
  I bet you've never done that, even though you are almost certainly required to whenever you buy from an out of state vendor that ships to you but doesn't collect your state's sales tax.
  
  --
  See that "Preview" button?
7. Re:Unsafe practices still unsafe by JesseMcDonald · 2016-02-12 04:30 · Score: 1
  
  To create a "brain wallet", you start with a low entropy string, so low that you can remember it in your brain, and then you do stuff to it to expand it out to the key length.
  To be fair, it is possible to create a "brain wallet" with enough entropy to remain secure from this sort of attack. Such wallets will have randomly generated passphrases with at least 128 bits of entropy (generally 12-24 words selected uniformly from a standardized 2000-word dictionary, yielding about 11 bits per word). A 24-word passphrase of this sort is equivalent in entropy to a standard 256-bit Bitcoin private key, and within the memorization capacity of most humans.
  The problem is "brain wallets" generated from low-entropy passwords, especially ones supplied by the user. Offline attacks against low-entropy passwords are, naturally, trivial to implement with modern computing capabilities.
  
  --
  "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
Wallet != Brain wallet by Anonymous Coward · 2016-02-11 02:27 · Score: 0

A "brain wallet" is not the same as the password on your wallet.dat file. This is an intentionally misleading title and just more petty smear tactics against Bitcoin.
Managing risks and rewards by Anonymous Coward · 2016-02-11 02:30 · Score: 0

I guess the point at which it is computationally less expensive to crack wallets than to generate new bitcoins had to happen sometime.
Better now than a future in which commerce actually might depend upon them.
Hmm, honeypot potential??? by davidwr · 2016-02-11 03:06 · Score: 1

Create a few billion wallets with common passphrases, each containing 1 Satoshi, then host them around the intertubes in places where malicious people willing to spend a small amount of effort will find them.

--
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
1. Re:Hmm, honeypot potential??? by Khyber · 2016-02-11 04:42 · Score: 1
  
  Honeypots are specific. Creating billions of bitcoin wallets would be useless given the current blockchain size that you need to check against.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
The IRS? by JimSadler · 2016-02-11 03:55 · Score: 1

I would think that the IRS, as well as Homeland Security, would both find it quite useful to follow money over the BitCoin universe. What's a criminal to do?
1. Re:The IRS? by Anonymous Coward · 2016-02-11 07:31 · Score: 0
  
  Use real anonymous crypto!
Use bcrypt by emil · 2016-02-11 04:20 · Score: 1

Weak passwords are even more vulnerable with a fast hashing algorithm. Hashed password storage should use bcrypt, which is intentionally slow, and makes dictionary attacks less practical.
Breitbart of the IT world by Anonymous Coward · 2016-02-11 04:55 · Score: 0

to learn a little about the topics being reported so that misleading or stupid stories and headlines could be avoided now and then.
Slashdot . . . the Breitbart of the IT world.