Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Discover a Cheap Method of Breaking Bitcoin Wallet Passwords (softpedia.com)

Posted by timothy on from the cheap-in-what-currency? dept.

An anonymous reader writes: Three researchers have published a paper that details a new method of cracking Bitcoin "brain wallet passwords," which is 2.5 times speedier than previous techniques and incredibly cheap to perform. The researcher revealed that by using a run-of-the-mill Amazon EC2 account, an attacker would be able to check over 500,000 Bitcoin passwords per second. For each US dollar spent on renting the EC2 server, an attacker would be able to check 17.9 billion password strings. To check a trillion passwords, it would cost the attacker only $55.86 (€49.63). In the end, they managed to crack around 18,000 passwords used for real accounts.

2 of 96 comments (clear)

  1. Re:Wow what a surprise... by Anonymous Coward · · Score: 5, Informative

    Brain wallets are wallets where password phrases are chosen by the user. It's not Bitcoin that's vulnerable, it's humans. The standard way for wallets to be generated is based on private keys that are randomly generated, not picked by a user.

  2. Unsafe practices still unsafe by Orgasmatron · · Score: 5, Informative

    Is it even possible for Slashdot to do competent reporting on a bitcoin story? I know you guys rely on "news" sites to do the actual reporting, but one thing the new management could really do to win favor from older users is to learn a little about the topics being reported so that misleading or stupid stories and headlines could be avoided now and then.

    The passwords used by the bitcoin program to encrypt wallets is just fine.

    What is broken is "brain wallets", which were never a good idea, and were never safe.

    Any arbitrary string of the appropriate length can be a bitcoin private key. The bitcoin software tries really hard to generate them with as much entropy as possible ("randomly"). To create a "brain wallet", you start with a low entropy string, so low that you can remember it in your brain, and then you do stuff to it to expand it out to the key length.

    Naturally, the "do stuff to it" part cannot add any entropy, otherwise you wouldn't end up with the same private key every time.

    Now some brain wallet schemes try really hard to maximize the amount of work involved in the "do stuff to it" stage. Some of them even use highly regarded PBKDF functions.

    Here is the workflow for cracking brain wallets:

    1. seed phrase guess
    2. derive privkey
    3. derive pubkey
    4. derive pubkey hash
    5. scan UTXO set

    Password researchers optimized step 1 years ago.
    Clusters for hire in the cloud have been attacking step 2 for a while now, mitigating the work amplification in PBKDF.

    What these researchers have done now is find a faster method of generating the pubkey hashes and scanning the UTXO set for coins that can be spent. (Steps 3-5)

    Bitcoin remains fine. Don't use brain wallets. We told you they were a bad idea years ago, and now we have (even more) confirmation.

    --
    See that "Preview" button?