Bitcoin Forum
August 22, 2019, 05:07:17 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [2015-08-08] If you're using a brainwallet, move your coins - NOW!  (Read 681 times)
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


In Satoshi I Trust


View Profile WWW
August 08, 2015, 05:53:23 AM
 #1

If you're using a brainwallet, move your coins - NOW!

On August 7th I will be giving a talk at DEF CON about cracking brainwallets. As part of that talk, I will be releasing a fast[1] brainwallet cracker. I'm writing this post to provide a little insight as to why I'm giving away a tool that could be used to steal. I also hope that people who are currently using brainwallets will take notice and move to a more secure storage method.


https://rya.nc/defcon-brainwallets.html

http://de.reddit.com/r/Bitcoin/comments/3g7bpa/brainwallet_shut_down_permanently_due_to/

1566493637
Hero Member
*
Offline Offline

Posts: 1566493637

View Profile Personal Message (Offline)

Ignore
1566493637
Reply with quote  #2

1566493637
Report to moderator
1566493637
Hero Member
*
Offline Offline

Posts: 1566493637

View Profile Personal Message (Offline)

Ignore
1566493637
Reply with quote  #2

1566493637
Report to moderator
1566493637
Hero Member
*
Offline Offline

Posts: 1566493637

View Profile Personal Message (Offline)

Ignore
1566493637
Reply with quote  #2

1566493637
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566493637
Hero Member
*
Offline Offline

Posts: 1566493637

View Profile Personal Message (Offline)

Ignore
1566493637
Reply with quote  #2

1566493637
Report to moderator
1566493637
Hero Member
*
Offline Offline

Posts: 1566493637

View Profile Personal Message (Offline)

Ignore
1566493637
Reply with quote  #2

1566493637
Report to moderator
dsattler
Legendary
*
Offline Offline

Activity: 924
Merit: 1000


View Profile
August 08, 2015, 06:15:09 AM
 #2

IMHO humans are not capable to create secure passwords. The time for passwords is over, hardware-based security features like U2F will take over soon. In the meantime I recommend using a password manager and let it create long random passwords which nobody can remember.

Bitcointalk member since 2013! Smiley
gogxmagog
Legendary
*
Offline Offline

Activity: 1218
Merit: 1004


View Profile
August 09, 2015, 12:03:27 AM
 #3

I agree with what dsattler said

also, brainwallet has been rife with security flaws and problems for ages.

use your google

a simple search like "is brainwallet secure?" should pull up enough results to scare you away for good. such as this gem "Brainwallets make the Blockchain a public password hash database"  Shocked

of course, there's no cure for laziness or stupidity

tsk tsk tsk
bryant.coleman
Legendary
*
Online Online

Activity: 2184
Merit: 1027


LiveCoin - is a modern stock exchange


View Profile
August 09, 2015, 03:19:04 PM
 #4

IMHO humans are not capable to create secure passwords. The time for passwords is over, hardware-based security features like U2F will take over soon. In the meantime I recommend using a password manager and let it create long random passwords which nobody can remember.

If the passwords can be hacked, the same can happen to the hardware-based security features as well. In the next two or three years, I believe that someone will invent a bug which can steal coins from hardware wallets such as Trezor.

That said, the hardware wallets are not affordable to everyone right now. So the vast majority of the Bitcoin users will continue to use passwords.

█████████▄           ▄█
▀██▄         ██
▀██▄    ▄▄ ██
▀███ ███ ██
█████████▄        ▀▀ ██
▀██▄      ▄▄ ██
▄█████████ ███ ██
▄██▀          ▀▀ ██
████
█▀            ▄▄ ██
▄██ ███ ██
▄██▀   ▀▀ ██
▄██▀        ██
███████████▀          ▀█




▄▄█
█████
█████
█████
█████
█████

█████

█████

█████


▄▄█
█████
█████
█████
█████
█████
█████
█████

█████

█████

█████
▄▄█
█████
█████
█████
█████
█████
█████
█████
█████
█████

█████

█████

█████
█▄           ▄█████████
██         ▄██▀
██ ▄▄    ▄██▀
██ ███ ███▀
██ ▀▀        ▄█████████
██ ▄▄      ▄██▀
██ ███ █████████▄
██ ▀▀          ▀██▄
██ ▄▄            ▀█████
██ ███ ██▄
██ ▀▀   ▀██▄
██        ▀██▄
█▀          ▀███████████
Digit-0
Full Member
***
Offline Offline

Activity: 199
Merit: 100


in the end, you only find the beginning


View Profile
August 09, 2015, 04:47:41 PM
 #5

a simple search like "is brainwallet secure?" should pull up enough results to scare you away for good.

thats the problem, if people never read do you think people will search for info?

of course, there's no cure for laziness or stupidity

exactly Tongue
dsattler
Legendary
*
Offline Offline

Activity: 924
Merit: 1000


View Profile
August 10, 2015, 06:04:07 AM
 #6

IMHO humans are not capable to create secure passwords. The time for passwords is over, hardware-based security features like U2F will take over soon. In the meantime I recommend using a password manager and let it create long random passwords which nobody can remember.

If the passwords can be hacked, the same can happen to the hardware-based security features as well. In the next two or three years, I believe that someone will invent a bug which can steal coins from hardware wallets such as Trezor.

That said, the hardware wallets are not affordable to everyone right now. So the vast majority of the Bitcoin users will continue to use passwords.

Trezor is good, but expensive. The U2F is a cheap hardware token like this:
http://www.amazon.com/Plug-up-International-U2F-SK-01-FIDO-Security/dp/B00OGPO3ZS/ref=pd_sim_sbs_421_1?ie=UTF8&refRID=1E0VYC3YY6MQX1DRWT7M

Nobody said that hardware-based security is not hackable, but you can protect against some known attack vectors with it. The grade of security a hardware device offers you can be measured, the same cannot be said about human-created passwords.

Bitcointalk member since 2013! Smiley
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!