Using just plain song lyrics would be really, really bad advice.

Deciding on an algorithm only known to oneself and using song lyrics as a source of entropy is a good idea.

This.

99 % of what's being said about password hashes here seems to be inaccurate or flat out wrong.

MD5 isn't nearly as weak as people seem to think. A lot of is because articles often say things like "a 6-character alphanumeric MD5 can be cracked in a second these days". While that may be true, they often fail to mention that the required time grows exponentially with each character. A 12-character one takes 56800235584 times longer. If the "in a second" part is correct, that's 1801 years. Add a special character in there and you are looking at 540360087662636962890625 combos. At 10 terahashes per second you will be through them all in some 600000 years. And that's just a simple MD5. Unix crypt does it somewhere around 1000 times over with some added flavors.

The purpose of a salt also seems to be misunderstood. It's really only there so that each password needs to be tested separately. Having something 'secret' added to the string doesn't hurt, but it doesn't add any value to cryptographic strength. It's really just a plaintext password hidden in code.

Ok, had missed that.


I still think it's a simpler explanation than the other suggested scenarios.


I could easily see someone thinking that their coins are more safe at an exchange than in the unencrypted wallet.dat on a Windows computer. And normally, they probably are.

And people do use weak passwords. I've seen managers in large companies use their dogs' names as passwords, literally putting millions of $ at risk.


To me this just somehow doesn't seem plausible. Just too many assumptions - the internal mechanism must exist; the hacker needs to gain access to it; the hacker needs to learn how to use it within a relatively short time frame; he'd need to have come up with the elaborate scheme of invisibly moving them in the first place, etc.

The explanation of someone just stumbling upon a large amount of BTC and going "ooh geewiz, I'm a gonna sell deez and I'll be rich!!$$!!$" or "lulz, sell, sell ,sell!!! tango down!" are just so much simpler.

It was 300 IIRC. There's a file in pastebin with some 600 passwords, cracked by people who specialize in cracking passwords. I wouldn't expect that number to grow much from there.


The Unix MD5 scheme isn't the same as "md5 with salt". Yes, trivial passwords are trivial, but the Unix MD5 scheme in its current form is considered secure. It's computationally quite a bit more expensive than a single round of MD5, which itself is fairly secure despite some known collision attacks, and with current technology, the predicted age of the universe isn't enough to crack a sufficiently long and complex non-dictionary password. Basically, you are looking at thousands of years of difficulty on average somewhere around 12 alphanumeric characters (uppercase+lowercase).


And this would have shown on the trade charts, so it is not likely. The hacker also presumably didn't have write access to the database.

How about these for the likeliest scenarios:
1. It is someone who wants to remain anonymous and is only communicating with MtGox. In my experience, rich people often like to keep low profile.
2. It was MtGox's own account where all the fees had been collected.
3. It was the account of an early adopter, who stopped following bitcoin before it was worth anything, and is completely unaware of what's happening.


The reason for rolling back is because the sale was the direct result of a lapse in MtGox's security practices. If the hacker had indeed just guessed a weak password, I doubt they would be rolling back.

Did you feel the same before the meds? I was prescribed anti-depressants a couple of years back and they made me feel very suicidal.

There are different kinds of meds and not all of them suit everyone. You should talk to whomever prescribed them.

This is not true. A properly hashed strong password would take millions of trillions of trillions of trillions of trillions of trillions centuries to break even with the most ridiculous hashing cluster you can imagine. See the link in foo's post above.

Even the Unix MD5 crypt scheme is really strong as long as you stay away from dictionary words and make sure the "search space" is large enough.

Also, once an attacker has gained access to a database, the game is pretty much over, and the passwords are only a nice bonus...

One way to construct a somewhat easily remembered long password is to think of a song, poem or somesuch, which you could remember in your sleep, and then apply some algorithm on the words.

As an example, pick the first three letters of each word from the first line of Paranoid:

Finished with my woman 'cause she couldn't help me with my mind

Then pick some characters to delimit the letters and maybe start or end the password. Make up some rule by which you make some of letters uppercase. For example:

3Fin.wIt.my.Wom.'Ca.she.Cou.hEl.me.Wit.mY.min%

That's 46 characters fairly easily remembered. Half of that would be enough, and in fact 3 letters may be a bit much since I ended up with a couple of dictionary words in there.

(You want the brute-force search space be large: use 1 or more characters from each group: uppercase, lowercase, numbers, symbols.)

Already at 10 characters alphanumeric, the possible number of combos is 839299365868340224. @5 Ghash/s, it would take over 5 years to go through them all, and each additional character multiplies the time by 62.

It really does look to me like a lot of people actually oppose client encryption of wallet.dat, as if it didn't bring ANY security, when in fact it probably has more protective value than a firewall or an antivirus program.

It's easy agree if you have a relatively large amount of bitcoins, you should take extra measures to protect them.

An age-old fallacy. Anything that helps, helps.

Do you not install locks and burglar alarms because they aren't 100 % proof?
Should we not install airbags in cars even though they don't guarantee survival?
etc etc
I could come up with hundreds of examples.

Having wallet.dat encrypted is just the last wall of defence, which could potentially give its owner enough time to realize his computer has been compromised, and allow him to move the coins to a safe wallet. The private keys really only need to be unencrypted when payments are made, so the attack surface is reduced by much more than most people probably realize. It also requires the thief to target Bitcoin specifically, pretty much eliminating opportunity-made-thieves, and reducing the risk from random break-ins.

It's also somewhat easy to implement.

No, it's not 100 % hacker-proof, but to have any usability wallet.dat needs to be available relatively easily. All the suggestions of having an extra computer not routed to the internet, or booting from a thumbdrive, just to make the occasional online payment are laughable. Make those kinds of requirements, and Bitcoin is guaranteed to not take off, ever.

You seem to completely ignore the fact that you'd have to buy the others' coins as well.

I'm solo mining with some 2 GHash/sec (I've got my own private pool setup).
Been averaging only slightly above a block/day tho. Luck is a bitch.

Yeah, it's been looking like there'd be a lot of upwards pressure in there for a while now, but coins aren't moving. Probably the ddos.

Looking at the market depth, it looks more like it's going to go up soon.

And therefore...?

The main benefit of Bitcoin is pretty obvious. You can reliably send money across the Internet sans expensive middle-men.

But until the whole economic "food chain" can work in Bitcoins, it's unrealistic to expect any major paradigm shifts. Anthing that you buy for BTC at the moment was probably bought from a wholesaler with USD or EUR to begin with.

We are lightyears away from an economy where all the basic materials, wages and taxes are paid in bitcoin.

In fact, any sane person should realize such economy is very unlikely to happen at all.

The size of the BTC market is WAY too small for the big boys.

If anything, I think there might be some interest in big mining farms. But I could be wrong.

Well, it isn't. P2P file sharing is really only a way to distribute data. The biggest benefit to the average user is less risk at getting caught copying copyrighted stuff.

Bitcoin is not analogous at all. It is not about multiplying money.

That + whoever wired money in during the weekend  + Silk Road accepting users again = another spike almost certain imo. Might not reach $30 this time though. If the price gets past the $25 point within the next couple of days, I'd expect another steep decline to follow.

I was anticipating a big rebound, but not this quick.

I think there's a possibility of a record high before the week is over.
I'm sure I'm not the only one who'd have started buying big at $10 - $13, had I had USD at MtGox.
Also, as I understand, Silk Road is offline. I think the demand will shoot up if/when it returns.

Nope... not connecting...