[2015-08-08] If you're using a brainwallet, move your coins - NOW!

[LiteCoinGuy]

If you're using a brainwallet, move your coins - NOW!

On August 7th I will be giving a talk at DEF CON about cracking brainwallets. As part of that talk, I will be releasing a fast[1] brainwallet cracker. I'm writing this post to provide a little insight as to why I'm giving away a tool that could be used to steal. I also hope that people who are currently using brainwallets will take notice and move to a more secure storage method.


https://rya.nc/defcon-brainwallets.html

http://de.reddit.com/r/Bitcoin/comments/3g7bpa/brainwallet_shut_down_permanently_due_to/

[1714110833]

1714110833

[1714110833]

1714110833

[1714110833]

1714110833

[1714110833]

1714110833

[dsattler]

IMHO humans are not capable to create secure passwords. The time for passwords is over, hardware-based security features like U2F will take over soon. In the meantime I recommend using a password manager and let it create long random passwords which nobody can remember.

[gogxmagog]

I agree with what dsattler said

also, brainwallet has been rife with security flaws and problems for ages.

use your google

a simple search like "is brainwallet secure?" should pull up enough results to scare you away for good. such as this gem "Brainwallets make the Blockchain a public password hash database" 

of course, there's no cure for laziness or stupidity

tsk tsk tsk

[bryant.coleman]

IMHO humans are not capable to create secure passwords. The time for passwords is over, hardware-based security features like U2F will take over soon. In the meantime I recommend using a password manager and let it create long random passwords which nobody can remember.

If the passwords can be hacked, the same can happen to the hardware-based security features as well. In the next two or three years, I believe that someone will invent a bug which can steal coins from hardware wallets such as Trezor.

That said, the hardware wallets are not affordable to everyone right now. So the vast majority of the Bitcoin users will continue to use passwords.

[Digit-0]

a simple search like "is brainwallet secure?" should pull up enough results to scare you away for good.

thats the problem, if people never read do you think people will search for info?

of course, there's no cure for laziness or stupidity

exactly

[dsattler]

IMHO humans are not capable to create secure passwords. The time for passwords is over, hardware-based security features like U2F will take over soon. In the meantime I recommend using a password manager and let it create long random passwords which nobody can remember.

If the passwords can be hacked, the same can happen to the hardware-based security features as well. In the next two or three years, I believe that someone will invent a bug which can steal coins from hardware wallets such as Trezor.

That said, the hardware wallets are not affordable to everyone right now. So the vast majority of the Bitcoin users will continue to use passwords.

Trezor is good, but expensive. The U2F is a cheap hardware token like this:
http://www.amazon.com/Plug-up-International-U2F-SK-01-FIDO-Security/dp/B00OGPO3ZS/ref=pd_sim_sbs_421_1?ie=UTF8&refRID=1E0VYC3YY6MQX1DRWT7M

Nobody said that hardware-based security is not hackable, but you can protect against some known attack vectors with it. The grade of security a hardware device offers you can be measured, the same cannot be said about human-created passwords.