|
Title: Major Brainwallet Problem Post by: Sothh on September 05, 2013, 12:36:29 PM Hey guys,
I found a major, major problem with brainwallet.org It seems that the wallet always generates the private key/address pair of 5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T by default. The private key is the sha256 of "correct horse battery staple" Checking the block chain for 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T and you will find hundreds if not thousands of transactions and double spend attempts. It appears lots of people have been actually using this address. I don't know who the creator of brainwallet is, but they should be informed. Title: Re: Major Brainwallet Problem Post by: Pokerfan on September 05, 2013, 12:52:16 PM The address is generated from a password, "correct horse battery staple" in this case. That's the whole point of a brain wallet.
Use your own secure password, get your own brainwallet. Title: Re: Major Brainwallet Problem Post by: bitcoindigi on September 05, 2013, 12:56:18 PM what's the problem? it's common sense to not use easy passphrases.
Title: Re: Major Brainwallet Problem Post by: Sothh on September 05, 2013, 01:01:29 PM The address is generated from a password, "correct horse battery staple" in this case. That's the whole point of a brain wallet. Use your own secure password, get your own brainwallet. I know. The problem is it gives a default to start with. It should not allow you to use the default. Title: Re: Major Brainwallet Problem Post by: Sothh on September 05, 2013, 01:16:27 PM The address is generated from a password, "correct horse battery staple" in this case. That's the whole point of a brain wallet. Use your own secure password, get your own brainwallet. I know. The problem is it gives a default to start with. It should not allow you to use the default. anyone can create the keys (see http://www.xorbin.com/tools/sha256-hash-calculator) and use them in any wallet so there is no way to "stop" anyone from using a specific key. I saw this on reddit and I checked out the address. I posted this in another thread and someone pointed me here since we posted about 90 seconds apart on the same subject. If I try to import this key into Armory it crashes it when it tries to scan the transactions. I imported it into blockchain.info wallet and then I started getting all these notices of dust transactions. I know, I just find it distasteful to spread a private key without telling people on the website that thousands of other people have the same key. Title: Re: Major Brainwallet Problem Post by: jarhed on September 05, 2013, 01:23:29 PM Default pass should be "change this passphrase now else say bye bye to your coins"
Title: Re: Major Brainwallet Problem Post by: J35st3r on September 05, 2013, 06:43:52 PM This was pretty thoroughly discussed here https://bitcointalk.org/index.php?topic=251037.0
TL;DR brainwallets are just a tool, but you need to be very sure of what you are doing to create a secure passphrase. If you don't understand why this is the case, then you should not use them. Easy to get burned and lose your coins. Title: Re: Major Brainwallet Problem Post by: Abdussamad on September 05, 2013, 09:43:28 PM Major Brain Problem
Title: Re: Major Brainwallet Problem Post by: virtualmaster on September 06, 2013, 12:00:54 PM The problem is that by brainwallets you need to use your brain, especially the cerebrial cortex.
http://upload.wikimedia.org/wikipedia/commons/thumb/a/a6/NIA_human_brain_drawing.jpg/463px-NIA_human_brain_drawing.jpg ;D ;D ;D Amazing. They are over 2.500 transactions on this address. "change this passphrase" would be better but probably some people would use it also. |
