GinnaGinna
Member
 Offline
Activity: 102
Merit: 10
1Ky4J71zErbR3J1BhDWPJ7F7wL1zGusPzW
|
 |
June 29, 2016, 04:40:52 PM |
|
 Sorry guys, I dont want to spread FUD here, but this is very serious. I think I find a flaw in Lisk sourcecode. This is much more bad than DAO bug. Its so easy to bruteforce passphrases with a few low end GPU cards, simple software and database of english words. I already tested it with my LISK addresses, and I success to hack my address in less than 6 hours. This need to be fixed as fast as possible FUD alert. Release more info or even address the code else....try harder.  Ok I will upload software and share link later today, so anyone can test it. |
|
|
|
|
Wilhelmer
|
|
June 29, 2016, 04:49:01 PM |
|
Sorry guys, I dont want to spread FUD here, but this is very serious. I think I find a flaw in Lisk sourcecode. This is much more bad than DAO bug. Its so easy to bruteforce passphrases with a few low end GPU cards, simple software and database of english words. I already tested it with my LISK addresses, and I success to hack my address in less than 6 hours. This need to be fixed as fast as possible Actually, you can upload it now and share. Since you already have everything ready. We welcome your input. I would also assume you contacted Max? FUD alert. Release more info or even address the code else....try harder. Ok I will upload software and share link later today, so anyone can test it. |
|
|
|
|
mamamae
Legendary
Offline
Activity: 1188
Merit: 1001
|
|
June 29, 2016, 04:53:03 PM |
|
what is this , FUD to the top ? the file can be with virus so viruscan it everyone touch the software is probably toast
|
reality ? you fell to Scammers after being in an ICO , IPO
(more like any other stock and index in the world ICO or not got your portfolio down 25 % or 85 %)
Now SEC is helping you getting back up your lost money maybe....
|
|
|
|
Wysi
|
|
June 29, 2016, 04:56:20 PM |
|
Sorry guys, I dont want to spread FUD here, but this is very serious. I think I find a flaw in Lisk sourcecode. This is much more bad than DAO bug. Its so easy to bruteforce passphrases with a few low end GPU cards, simple software and database of english words. I already tested it with my LISK addresses, and I success to hack my address in less than 6 hours. This need to be fixed as fast as possible FUD alert. Release more info or even address the code else....try harder. Ok I will upload software and share link later today, so anyone can test it. please do asap I simply cannot wait to click your link. Please make it a .exe file I can download though as my codes are not that leet yet. |
|
|
|
|
MrRen
Newbie
Offline
Activity: 9
Merit: 0
|
|
June 29, 2016, 04:58:32 PM |
|
I find this very suspicious since if I'd found a flaw in a coin I was invested in I'd take it directly to the devs rather than blab it all over the internet.
Yes. It is most likely an attempt at scaring people but it hasn't worked. As I say, Im not fudding here and not try to scare people. Just want to warn you all. 1,025,109.8 words in the English language x 12 words x 75,000,000 checks per second you get an impossible amount of time try harder please that's like having 1,025,109.8 possible characters , and a password with a length of 12, even at trillions of checks per second you wont be able to crack anything |
|
|
|
|
lordoliver
Legendary
Offline
Activity: 1666
Merit: 1020
expect(brain).toHaveBeenUsed()
|
|
June 29, 2016, 05:02:25 PM |
|
I find this very suspicious since if I'd found a flaw in a coin I was invested in I'd take it directly to the devs rather than blab it all over the internet.
Yes. It is most likely an attempt at scaring people but it hasn't worked. As I say, Im not fudding here and not try to scare people. Just want to warn you all. 1,025,109.8 words in the English language x 12 words x 75,000,000 checks per second you get an impossible amount of time try harder please that's like having 1,025,109.8 possible characters , and a password with a length of 12, even at trillions of checks per second you wont be able to crack anything only 2048 words in the pass-dictionary, but still 5.444517870735016e+39 combinations |
|
|
|
|
|
tombtc
|
|
June 29, 2016, 05:03:37 PM |
|
What a lie. If you find a way to break a password then go ahead and import the top 10 addresses into your wallet  LIE. |
|
|
|
|
|
agaga
|
|
June 29, 2016, 05:06:30 PM |
|
What a lie. If you find a way to break a password then go ahead and import the top 10 addresses into your wallet LIE.  Agree, that's why that story is BS  |
|
|
|
|
GinnaGinna
Member
Offline
Activity: 102
Merit: 10
1Ky4J71zErbR3J1BhDWPJ7F7wL1zGusPzW
|
|
June 29, 2016, 05:17:02 PM |
|
I find this very suspicious since if I'd found a flaw in a coin I was invested in I'd take it directly to the devs rather than blab it all over the internet.
Yes. It is most likely an attempt at scaring people but it hasn't worked. As I say, Im not fudding here and not try to scare people. Just want to warn you all. 1,025,109.8 words in the English language x 12 words x 75,000,000 checks per second you get an impossible amount of time try harder please that's like having 1,025,109.8 possible characters , and a password with a length of 12, even at trillions of checks per second you wont be able to crack anything only 2048 words in the pass-dictionary, but still 5.444517870735016e+39 combinations Main problem is that passphrasses use only lowercase letter without numbers included. So its easier to bruteforce than Bitcoin key. |
|
|
|
MrRen
Newbie
Offline
Activity: 9
Merit: 0
|
|
June 29, 2016, 05:19:45 PM |
|
I find this very suspicious since if I'd found a flaw in a coin I was invested in I'd take it directly to the devs rather than blab it all over the internet.
Yes. It is most likely an attempt at scaring people but it hasn't worked. As I say, Im not fudding here and not try to scare people. Just want to warn you all. 1,025,109.8 words in the English language x 12 words x 75,000,000 checks per second you get an impossible amount of time try harder please that's like having 1,025,109.8 possible characters , and a password with a length of 12, even at trillions of checks per second you wont be able to crack anything only 2048 words in the pass-dictionary, but still 5.444517870735016e+39 combinations Main problem is that passphrasses use only lowcase letter without numbers included. So its easier to bruteforce than Bitcoin key. 2048 words, if it was case sensitive it would be more than that , stop putin us on |
|
|
|
|
Bitdonator
Legendary
Offline
Activity: 1222
Merit: 1002
|
|
June 29, 2016, 05:25:05 PM |
|
I find this very suspicious since if I'd found a flaw in a coin I was invested in I'd take it directly to the devs rather than blab it all over the internet.
Yes. It is most likely an attempt at scaring people but it hasn't worked. As I say, Im not fudding here and not try to scare people. Just want to warn you all. 1,025,109.8 words in the English language x 12 words x 75,000,000 checks per second you get an impossible amount of time try harder please that's like having 1,025,109.8 possible characters , and a password with a length of 12, even at trillions of checks per second you wont be able to crack anything only 2048 words in the pass-dictionary, but still 5.444517870735016e+39 combinations Main problem is that passphrasses use only lowcase letter without numbers included. So its easier to bruteforce than Bitcoin key. 2048 words, if it was case sensitive it would be more than that , stop putin us on yes, and if Max change code and make passphrases casesensitive, that can give extra security to Lisk. |
|
|
|
|
MrRen
Newbie
Offline
Activity: 9
Merit: 0
|
|
June 29, 2016, 05:30:21 PM |
|
I find this very suspicious since if I'd found a flaw in a coin I was invested in I'd take it directly to the devs rather than blab it all over the internet.
Yes. It is most likely an attempt at scaring people but it hasn't worked. As I say, Im not fudding here and not try to scare people. Just want to warn you all. 1,025,109.8 words in the English language x 12 words x 75,000,000 checks per second you get an impossible amount of time try harder please that's like having 1,025,109.8 possible characters , and a password with a length of 12, even at trillions of checks per second you wont be able to crack anything only 2048 words in the pass-dictionary, but still 5.444517870735016e+39 combinations Main problem is that passphrasses use only lowcase letter without numbers included. So its easier to bruteforce than Bitcoin key. 2048 words, if it was case sensitive it would be more than that , stop putin us on yes, and if Max change code and make passphrasses case sensitive, that can give extra security to Lisk. That is an excellent point, but the initial "bug" is bogus A 12 character passcode with only lower case letters has 95,428,956,661,682,176 combinations. There are 26 letters , however there are 2048 words in the passphrase data base Not to mention, one would have to have a perfect list of all those words specifically! There are 1,025,109.8 words in the English language Adding a variable of upper and lowercase alternating letters would definitely be great, but this Fud is just that, fud Basically dont worry guys its all good |
|
|
|
|
|
mattimann
|
|
June 29, 2016, 05:43:15 PM |
|
I find this very suspicious since if I'd found a flaw in a coin I was invested in I'd take it directly to the devs rather than blab it all over the internet.
Yes. It is most likely an attempt at scaring people but it hasn't worked. As I say, Im not fudding here and not try to scare people. Just want to warn you all. 1,025,109.8 words in the English language x 12 words x 75,000,000 checks per second you get an impossible amount of time try harder please that's like having 1,025,109.8 possible characters , and a password with a length of 12, even at trillions of checks per second you wont be able to crack anything only 2048 words in the pass-dictionary, but still 5.444517870735016e+39 combinations Main problem is that passphrasses use only lowcase letter without numbers included. So its easier to bruteforce than Bitcoin key. 2048 words, if it was case sensitive it would be more than that , stop putin us on yes, and if Max change code and make passphrasses case sensitive, that can give extra security to Lisk. That is an excellent point, but the initial "bug" is bogus A 12 character passcode with only lower case letters has 95,428,956,661,682,176 combinations. There are 26 letters , however there are 2048 words in the passphrase data base Not to mention, one would have to have a perfect list of all those words specifically! There are 1,025,109.8 words in the English language Adding a variable of upper and lowercase alternating letters would definitely be great, but this Fud is just that, fud Basically dont worry guys its all good Max,... any comments...? |
|
|
|
|
Soul_eater_123
Legendary
Offline
Activity: 952
Merit: 1000
|
|
June 29, 2016, 05:47:44 PM |
|
Max,... any comments...?
Yes:  |
|
|
|
|
|
rtrtcrypto
|
|
June 29, 2016, 05:52:39 PM |
|
12 word dice-ware like password - even if all lower case - is unbreakable now and in the near/medium/far future. If the NSA was directly brute forcing this password it would take longer than the age of the universe currently. I'm not sure what the LISK word space is, but diceware is 7776 words. 12 words = a password space so gigantic that an attacker, even knowing you used diceware and knowing you used 12 words would not be able to bruteforce it (even if the attacker is, say, the NSA). Here is the size of the password space of a 12 word diceware word: 48,873,677,980,689,257,489,322,752,273,774,603,865,660,850,176 This number is not merely large, it's a monster. A supercomputer running 1 quadrillion guesses per second barely eats at this number. *the NSA can't do 1 quadrillion. If they could, it would take ca.10 nano-tullion (not even sure what the terminology for this number is officially) seconds to go through the entire space. *found it, Nonillion... for perspective, 1 trillion seconds is 31,000+ years. I find this very suspicious since if I'd found a flaw in a coin I was invested in I'd take it directly to the devs rather than blab it all over the internet.
Yes. It is most likely an attempt at scaring people but it hasn't worked. As I say, Im not fudding here and not try to scare people. Just want to warn you all. 1,025,109.8 words in the English language x 12 words x 75,000,000 checks per second you get an impossible amount of time try harder please that's like having 1,025,109.8 possible characters , and a password with a length of 12, even at trillions of checks per second you wont be able to crack anything only 2048 words in the pass-dictionary, but still 5.444517870735016e+39 combinations Main problem is that passphrasses use only lowcase letter without numbers included. So its easier to bruteforce than Bitcoin key. 2048 words, if it was case sensitive it would be more than that , stop putin us on yes, and if Max change code and make passphrasses case sensitive, that can give extra security to Lisk. That is an excellent point, but the initial "bug" is bogus A 12 character passcode with only lower case letters has 95,428,956,661,682,176 combinations. There are 26 letters , however there are 2048 words in the passphrase data base Not to mention, one would have to have a perfect list of all those words specifically! There are 1,025,109.8 words in the English language Adding a variable of upper and lowercase alternating letters would definitely be great, but this Fud is just that, fud Basically dont worry guys its all good Max,... any comments...? |
|
|
|
|
|
|
Soul_eater_123
Legendary
Offline
Activity: 952
Merit: 1000
|
|
June 29, 2016, 05:58:40 PM |
|
GUYS I"VE DISCOVERED A MAJOR BUG!!!!!!!!!!!!!!!!
Lisk runs on a computer. Computers can be hacked. Please PANIC NOW!
|
|
|
|
|
|
johnnywoo2015
|
|
June 29, 2016, 06:04:01 PM |
|
GUYS I"VE DISCOVERED A MAJOR BUG!!!!!!!!!!!!!!!!
Lisk runs on a computer. Computers can be hacked. Please PANIC NOW!
lol my buy orders waiting for that  |
|
|
|
Bitdonator
Legendary
Offline
Activity: 1222
Merit: 1002
|
|
June 29, 2016, 06:06:44 PM |
|
GUYS I"VE DISCOVERED A MAJOR BUG!!!!!!!!!!!!!!!!
Lisk runs on a computer. Computers can be hacked. Please PANIC NOW!
 |
|
|
|
|
lordoliver
Legendary
Offline
Activity: 1666
Merit: 1020
expect(brain).toHaveBeenUsed()
|
|
June 29, 2016, 06:19:44 PM |
|
I find this very suspicious since if I'd found a flaw in a coin I was invested in I'd take it directly to the devs rather than blab it all over the internet.
Yes. It is most likely an attempt at scaring people but it hasn't worked. As I say, Im not fudding here and not try to scare people. Just want to warn you all. 1,025,109.8 words in the English language x 12 words x 75,000,000 checks per second you get an impossible amount of time try harder please that's like having 1,025,109.8 possible characters , and a password with a length of 12, even at trillions of checks per second you wont be able to crack anything only 2048 words in the pass-dictionary, but still 5.444517870735016e+39 combinations Main problem is that passphrasses use only lowcase letter without numbers included. So its easier to bruteforce than Bitcoin key. 2048 words, if it was case sensitive it would be more than that , stop putin us on yes, and if Max change code and make passphrasses case sensitive, that can give extra security to Lisk. That is an excellent point, but the initial "bug" is bogus A 12 character passcode with only lower case letters has 95,428,956,661,682,176 combinations. There are 26 letters , however there are 2048 words in the passphrase data base Not to mention, one would have to have a perfect list of all those words specifically! There are 1,025,109.8 words in the English language Adding a variable of upper and lowercase alternating letters would definitely be great, but this Fud is just that, fud Basically dont worry guys its all good Max,... any comments...? what comment do you need? it's enough said already... everyone feel free to look in the javascript file ( https://login.lisk.io/static/js/vendor_app.js line 56162, in english, chinese, spanish and japanese). 2048 words to the power of 12. Everyone can put that into calculator... its not possible to brute force. |
|
|
|
|
|
