|
Title: [2015-08-08] If you're using a brainwallet, move your coins - NOW! Post by: LiteCoinGuy on August 08, 2015, 05:53:23 AM If you're using a brainwallet, move your coins - NOW!
On August 7th I will be giving a talk at DEF CON about cracking brainwallets. As part of that talk, I will be releasing a fast[1] brainwallet cracker. I'm writing this post to provide a little insight as to why I'm giving away a tool that could be used to steal. I also hope that people who are currently using brainwallets will take notice and move to a more secure storage method. https://rya.nc/defcon-brainwallets.html http://de.reddit.com/r/Bitcoin/comments/3g7bpa/brainwallet_shut_down_permanently_due_to/ Title: Re: [2015-08-08] If you're using a brainwallet, move your coins - NOW! Post by: dsattler on August 08, 2015, 06:15:09 AM IMHO humans are not capable to create secure passwords. The time for passwords is over, hardware-based security features like U2F will take over soon. In the meantime I recommend using a password manager and let it create long random passwords which nobody can remember.
Title: Re: [2015-08-08] If you're using a brainwallet, move your coins - NOW! Post by: gogxmagog on August 09, 2015, 12:03:27 AM I agree with what dsattler said
also, brainwallet has been rife with security flaws and problems for ages. use your google a simple search like "is brainwallet secure?" should pull up enough results to scare you away for good. such as this gem "Brainwallets make the Blockchain a public password hash database" :o of course, there's no cure for laziness or stupidity tsk tsk tsk Title: Re: [2015-08-08] If you're using a brainwallet, move your coins - NOW! Post by: bryant.coleman on August 09, 2015, 03:19:04 PM IMHO humans are not capable to create secure passwords. The time for passwords is over, hardware-based security features like U2F will take over soon. In the meantime I recommend using a password manager and let it create long random passwords which nobody can remember. If the passwords can be hacked, the same can happen to the hardware-based security features as well. In the next two or three years, I believe that someone will invent a bug which can steal coins from hardware wallets such as Trezor. That said, the hardware wallets are not affordable to everyone right now. So the vast majority of the Bitcoin users will continue to use passwords. Title: Re: [2015-08-08] If you're using a brainwallet, move your coins - NOW! Post by: Digit-0 on August 09, 2015, 04:47:41 PM a simple search like "is brainwallet secure?" should pull up enough results to scare you away for good. thats the problem, if people never read do you think people will search for info? of course, there's no cure for laziness or stupidity exactly :P Title: Re: [2015-08-08] If you're using a brainwallet, move your coins - NOW! Post by: dsattler on August 10, 2015, 06:04:07 AM IMHO humans are not capable to create secure passwords. The time for passwords is over, hardware-based security features like U2F will take over soon. In the meantime I recommend using a password manager and let it create long random passwords which nobody can remember. If the passwords can be hacked, the same can happen to the hardware-based security features as well. In the next two or three years, I believe that someone will invent a bug which can steal coins from hardware wallets such as Trezor. That said, the hardware wallets are not affordable to everyone right now. So the vast majority of the Bitcoin users will continue to use passwords. Trezor is good, but expensive. The U2F is a cheap hardware token like this: http://www.amazon.com/Plug-up-International-U2F-SK-01-FIDO-Security/dp/B00OGPO3ZS/ref=pd_sim_sbs_421_1?ie=UTF8&refRID=1E0VYC3YY6MQX1DRWT7M (http://www.amazon.com/Plug-up-International-U2F-SK-01-FIDO-Security/dp/B00OGPO3ZS/ref=pd_sim_sbs_421_1?ie=UTF8&refRID=1E0VYC3YY6MQX1DRWT7M) Nobody said that hardware-based security is not hackable, but you can protect against some known attack vectors with it. The grade of security a hardware device offers you can be measured, the same cannot be said about human-created passwords. |