Yep. Unless it was not random enough, like the full name of someone in charge or something - but then I wouldn't call it "brute force" any more either.

The password probably leaked somehow. If I were behind BTC-e, I'm not sure I'd put the service back up before figuring out what happened. If somebody had access to the password once and you don't know how he did it, then what's to stop this person from have access to it again?

Thanks!

But.. why always double-hashes?

RIPEMD-160? For what is this one used in bitcoin? (guessing attempt, to create the address from the public-key?)

I don't believe the guy was talking about brute-forcing it, but finding a flaw in such algorithms. To me, he was implying that every cryptography algorithm has flaws, and it's just a matter of time before they are exploited.
I wanted to counter-argue on how unlikely it is to find such fatal flaws in any of the algorithms used in bitcoin.

So, the champion of losers remains "Merkle–Hellman knapsack cryptosystem"?
6 years before being broken?

And, can I say MD5 was the most "messy" case of broken cryptographic algorithm (caused more actual damage)? Or WEP caused more trouble? Hard to compare I imagine...

I think the "magic bullet" of quantum computing, concerning bitcoin, would be used against ECDSA. AFAIK, if you manage to build one in secret, you could start stealing some bitcoin addresses secretly.
But still, I believe the devs will have the time to change the pubkey algorithm before such threat becomes a reality.

In case it hasn't been clear to everybody else, this is precisely the kind of silliness that I wan't to point out. (EDIT: That is, I want to point out how silly it is to think like that!)

Good point.
How "trustworthy" is bitcoind implementation of ECDSA and SHA-256? I suppose Satoshi didn't implement it himself, did he? How long have the libraries used being available?

Rjk, about MD5, how "broken" was it? I realized it became fairly easier to crack it, but it still needed a considerable effort in calculations. If a serious flaw is found in any of bitcoin's algorithms, but we have time to change the algorithm in use, that's still not that catastrophic.
Still on MD5, according to wikipedia, it took only 5 years from MD5 birth (1991) for a considerable flaw to be found. From that point on its usage was already questionable. 9 years later a more serious flaw. Only in late 2008 its obituary was finally published. So, it didn't happen "all of the sudden". If anything comparable were to happen with SHA-256, we should have time to adapt.

DarkEmi, I believe we can safely rule out the possibility of someone proving P==NP. If that ever happens, bitcoin is the least of our problems.

Yeah, and the world could also really end this year, but come on... what are the odds?

Do you know of any algorithm nearly as old and widely used as SHA-256 or ECDSA that have ever been broken?

Thanks damnek.

So that one lasted 6 years, apparently. The wikipedia page doesn't say much about how widely used it was, but since we are talking about early 80s, I imagine it wasn't that much used.

So, "auction" started. Any bids higher than 6 years?

Probably wouldn't help, but the guy wants to know, let him know. It's his account after all. What's the big deal in knowing which IPs were used to access your own account?

The person in question was probably implying that cryptography is not safe (not "everything"), and that we should therefore not trust any significant amount of money in it.


It's not about brute forcing I'm talking about, that's obviously out of the question.
I'm talking about a potential flaw in the algorithm, like that WEP one.

I've recently been challenged with this "criticism", "all cryptography is breakable, it's just a matter of time", and thus concluding that bitcoin is not safe.

I'm pretty confident that the odds of a fatal flaw in algorithms so established like ECDSA or SHA-256 are so tiny that we should not even bother.
I wonder though if somebody here has some data that could help me hold such claim.

For example, what was the worst case of "broken cryptographic algorithm"? By "worst" I mean which took the longest to happen and/or affected the largest number of people who were already trusting the algorithm.
Has any fatal flaw ever been found in an algorithm as old (at the time the flaw was discovered, of course) as ECDSA for example? It's a bit clear to me that the longer an algorithm resists to professional scrutiny, the less likely it is to have a flaw. But having some numbers would probably help.

Thanks!

How does this person know for sure Zhou Thong was behind U9236056?

He had no authorization to operate investment funds, basically. At least that's what I've seen.

I'm sorry but,

• Who are you?
• Are you claiming you have evidence that LR account U9236056 is controlled by Zhou Thong? Could you really prove that?
• What do all those Chinese symbols in your post mean?

Thanks

It might help. With everything being public, an eventual typical police inactivity would also be public. There's some incentives for them to actually do their job (even because most of the job's done already).
If everything is done entirely in private, the police could just behave as usual (i.e., do nothing useful) and that would be it.

But you do have a point. Perhaps they should have tried to contact Zhou before releasing his private data like this.

This is all quite delicate.

I agree. That's why I don't yet recommend bitcoin to non-technical people. At least not in any sensible amounts.
I do believe though it's just a matter of time until the resources necessary to overcome such problem are available.

You believe "the police" would do any better? They would probably just file a report and ignore it, as always. Unless some of the victims give them some incentive$ to do anything, of course.
Anyway, let's avoid derailing such a "tense" thread.