|
hamdi (OP)
|
 |
March 11, 2013, 12:04:16 PM |
|
today i got this email: Aladin, you password at Blockchain is Fuckyou000, which is a clear example
of a weak password.
I withdrew 40 BTC in order to show you the scope of the threat. You can
take them back going to Blockchain.info -> Import/Export -> "I Understand"
-> Import Wallet-> and copy this private key:
5Jsq2G1Cd2UKJi6icvAaPon8uXXXXXXXXXXXXXXXXXXXXXXXXXXX
In order to avoid an eventual loss I recommend you to create a new Wallet
with a strong password (random, the more the better, with UPPER and
lowercase) and send all your coins there.
If you have any problem importing this private key please let me now and
I'll help you.
Have a good day :-) looks like he scanned for wallet-shortnames and then bruteforced the password locally. he did withdraw 40 btc but i was able to recover them via the given private key. everyone update your passwords to something crazy with 20+ characters!!! |
|
|
|
|
ingrownpocket
Legendary
 Offline
Activity: 952
Merit: 1000
|
|
March 11, 2013, 12:09:24 PM |
|
My password has ~30 characters + ~100 characters pass-phrase.
|
|
|
|
|
remotemass
Legendary
Offline
Activity: 1117
Merit: 1016
ASMR El Salvador
|
|
March 11, 2013, 12:11:00 PM |
|
And probably used only passwords that were combinations of words in the dictionary, popular names and numbers.
Indeed is a weak password, that one. But "monkey" and "123456" are worse...
|
{ Imagine a sequence of bits generated from the first decimal place of the square roots of whole integers that are irrational numbers. If the decimal falls between 0 and 5, it's considered bit 0, and if it falls between 5 and 10, it's considered bit 1. This sequence from a simple integer count of contiguous irrationals and their logical decimal expansion of the first decimal place is called the 'main irrational stream.' Our goal is to design a physical and optical computing system system that can detect when this stream starts matching a specific pattern of a given size of bits. bitcointalk.org/index.php?topic=166760.0 } Satoshi did use a friend class in C++ and put a comment on the code saying: "This is why people hate C++".
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
March 11, 2013, 12:14:01 PM |
|
Dude, you got lucky!
|
|
|
|
|
|
bowen151
|
|
March 11, 2013, 12:18:22 PM |
|
Must have been a nice guy to not just abscond with it all. I like that. Makes me remember that not all the hackers are out to get us haha they are here to also help us (sometimes  How secure are random numeric passwords, I know they can eventually be gotten but whats the time frames of say a 10 or 15 digit passcode |
-Buying/Selling graphics cards every month --Buying BTC every month £/$/€200+ wanted ---UK based re-seller of physical bitcoins Click here to buy |
|
|
|
greyhawk
|
|
March 11, 2013, 12:22:14 PM |
|
Enable Two-Factor-Authentication while you're at it.
|
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
March 11, 2013, 12:24:30 PM |
|
Subject line is misleading.
|
|
|
|
|
|
greyhawk
|
|
March 11, 2013, 01:18:41 PM |
|
No! 20+ pasword is NOT enough.
Use 50+ STRONG password.
 |
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1226
Away on an extended break
|
|
March 11, 2013, 01:21:06 PM |
|
Mate, you got really lucky. Remember to tip that guy if you can, as most hackers would just disappear with your coins. Please enable the 2-FA while you're at it too.
|
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1226
Away on an extended break
|
|
March 11, 2013, 01:29:08 PM |
|
Use something like keepass or lastpass to keep each of your passwords secure and long. Never reuse passwords for God's sake. I personally use LastPass with 2FA and a random 31-word password, complete with both cases and numerals. (don't ask me how I memorized that!)
|
|
|
|
|
|
greyhawk
|
|
March 11, 2013, 01:33:04 PM |
|
Hell, i even do not know my passes, enemy can not get them from me even via extortion : i simply don't know , what to reveal to him This adds another difficulty then however. Remember the Marathon Man?  Is it safe? |
|
|
|
|
|
mintymark
|
|
March 11, 2013, 01:35:43 PM |
|
I think you should give the guy a small reward for his time and trouble, he had full access to your wallet, and you would have had NO way to recover those coins.
You are lucky indeed to have your password broken by such an honourable man!!
|
[[ All Tips gratefully received!! ]]
15ta5d1N8mKkgC47SRWmnZABEFyP55RrqD
|
|
|
minimalB
Donator
Hero Member
Offline
Activity: 674
Merit: 522
|
|
March 11, 2013, 02:09:50 PM |
|
What about 2-factor authentication? GA for example?
I guess it's better to have password "12345" with GA than 12+ password without GA.
|
|
|
|
|
jubalix
Legendary
Offline
Activity: 2618
Merit: 1022
|
|
March 11, 2013, 02:35:48 PM |
|
No! 20+ pasword is NOT enough.
Use 50+ STRONG password.
no so sure about this open to brute force with common word dict so word1word2word3word4 try |
|
|
|
|
comboy
|
|
March 11, 2013, 05:03:16 PM |
|
It's also worth noting that if somebody would broke onto blockchain.info server he could modify the form so that all passwords are sent to the server. So your wallet security still pretty much depends on the server security.
|
Variance is a bitch!
|
|
|
|
Uglux
|
|
March 11, 2013, 05:53:02 PM |
|
|
|
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1147
The revolution will be monetized!
|
|
March 11, 2013, 05:55:41 PM |
|
Dude, you got lucky!
What he said. You got hacked by a whitehat, could have gone the other way. |
|
|
|
|
Nancarrow
|
|
March 13, 2013, 03:59:10 AM |
|
no so sure about this open to brute force with common word dict
so word1word2word3word4
try
The comic does actually go to some trouble to explain why this method is resistant to a brute force attack. |
If I've said anything amusing and/or informative and you're feeling generous:
1GNJq39NYtf7cn2QFZZuP5vmC1mTs63rEW
|
|
|
|
