Researchers describe a way of hacking Brain Wallet

[tobacco123]

If private key can be hacked, then that will be the end of bitcoin.

Come, hack this address : 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF

[1715249555]

1715249555

[1715249555]

1715249555

[lister storm]

it is impossible to hack a wallet with a good password, i dont think that they found out something new

[Mickeyb]

it is impossible to hack a wallet with a good password, i dont think that they found out something new

This guy from yobit knows everything, and we were all thinking addresses are made with random private keys, nope we use "good passwords"

[Anddos]

Such threads are pointless and only create panic and discomfort.

[AliceWonderMiscreations]

Private keys can be hacked if you pRNG is flawed.

In fact I believed it happened with the Android bitcoin client where actual value was stolen as a result.

Flawed pRNG is analogous to a brain wallet but you are not likely to know your pRNG is flawed until it is disclosed by a security researcher.

[AliceWonderMiscreations]

Such threads are pointless and only create panic and discomfort.

The bliss of ignorance is much better.

[franky1]

If private key can be hacked, then that will be the end of bitcoin.

Come, hack this address : 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF

vanity addresses are easier to hack compared to totally random addresses..

imagine it. if it only took you half an hour for the owner to gen that address.. it wont take long for someone else to follow the same steps.
some of the flaws of vanity address is that some coders base it from the same starting nonce(not random initially).. so others can follow the same steps.

vanity addresses have more entropy than a brain wallet. but not as much as totally random

[NorrisK]

This type of news is just spreading fear to people who are not familiar with the technology. Although it may make them think twice about the type of seed they use (not made up yourself), it is still confusing for most.

It is an idditional reason I like the system of a trezor for instance. 20 random words you have no control over to pick and in addition you can add a password or as many passwords to it which act like a salt at the end of your seed for every private key derived from the seed. If you spread your coins around multiple added salts it is basically impossible to crack. (they'd have to guess the 20 words correctly and than a completely unrelated and random salt, good luck).

[xqus]

If private key can be hacked, then that will be the end of bitcoin.

Come, hack this address : 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF

vanity addresses are easier to hack compared to totally random addresses..

imagine it. if it only took you half an hour for the owner to gen that address.. it wont take long for someone else to follow the same steps.
some of the flaws of vanity address is that some coders base it from the same starting nonce(not random initially).. so others can follow the same steps.

vanity addresses have more entropy than a brain wallet. but not as much as totally random

That is true, but not that easy. It's not like since it took half an hour to generate an address with for example the first 4 characters predefined, it will take a looooooooooot longer to generate they key for one specific address.

[Pursuer]

for the love of god some mod change this topic's topic!
OP is spreading FUD (with or without purpose) with only removing a simple word of "Brainwallet" from the news. there is a lot of new users that are going to panic by reading this stuff and the article on cryptocoinsnews itself does not help either, they don't care as long as they receive traffic to their news site.

[franky1]

If private key can be hacked, then that will be the end of bitcoin.

Come, hack this address : 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF

vanity addresses are easier to hack compared to totally random addresses..

imagine it. if it only took you half an hour for the owner to gen that address.. it wont take long for someone else to follow the same steps.
some of the flaws of vanity address is that some coders base it from the same starting nonce(not random initially).. so others can follow the same steps.

vanity addresses have more entropy than a brain wallet. but not as much as totally random

That is true, but not that easy. It's not like since it took half an hour to generate an address with for example the first 4 characters predefined, it will take a looooooooooot longer to generate they key for one specific address.

if the original owner of 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF used a dodgy vanitygen that had a nonce that started at 0
then for someone else, they too can use that same program and generate it in the same time.

however
if the original owner of 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF used a good vanitygen that had a nonce that started at RANDOM+X
then for someone else, just to find 1Feex would give for examlple
1FeexGFqW9sb6uQMjJrcV6bAHb8ybZjCrH
1FeexqW9sb6uQMbZjCrHG6bAHbFjJrcV8y
1FeexQMbZjCqW6urH9sbAH8ybFjJrcVG6b
over an hour and a half period. and it would take YEARS (even grand children would be pensioners) by the time they happen upon
1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF

depending ofcourse on how much entropy RANDOM was

[AliceWonderMiscreations]

When I generated vanity addresses, I just read from /dev/urandom until private key resulting from hashing the data gave me the address I wanted.

Actually what I did is put every address into a database and then looked through the database containing millions of addresses until I found ones that looked neat.

I doubt they can be cracked any easier than non vanity addresses. The 25 byte hex address has nothing about it that is vanity, and that's what has to be cracked. Well, the ripemd160 part of it.

[jonald_fyookball]

Cracking brain wallets with weak pass phrases is same as cracking online accounts such as email/social-media/etc, which is why brain wallets are not recommended. Who ever tells you that bitcoin private keys can be cracked, tell them to go ahead and do it, instead of telling you.

actually its worse.  With online accounts, you can slow down the number of attempts with captchas, IP blocking, etc.  But with private keys, you are free to throw as much computing power at it as you want.  That is one reason that extra care should be taken with Bitcoin.

[jonald_fyookball]

Private keys can be hacked if you pRNG is flawed.

In fact I believed it happened with the Android bitcoin client where actual value was stolen as a result.

Flawed pRNG is analogous to a brain wallet but you are not likely to know your pRNG is flawed until it is disclosed by a security researcher.

Thats why the ultimate form of cold storage involves generating physical entropy to eliminate this attack vector.

[AliceWonderMiscreations]

Private keys can be hacked if you pRNG is flawed.

In fact I believed it happened with the Android bitcoin client where actual value was stolen as a result.

Flawed pRNG is analogous to a brain wallet but you are not likely to know your pRNG is flawed until it is disclosed by a security researcher.

Thats why the ultimate form of cold storage involves generating physical entropy to eliminate this attack vector.

Physical entropy is also sometimes not very random.

I have no clue about windows, but /dev/random on Linux is a blocking entropy pool and the problems in Linux usually come from /dev/urandom being used fresh after install without enough of a seed because the install is fresh.

The distributions often use /dev/urandom because they don't want users to have to be forced to wait - waiting can be a problem for example when generating the ssh keys on first boot. /dev/urandom is probably good enough for short term one use keys but long term like ssh keys, TLS keys for x509 certs, and bitcoin private keys really should be using /dev/random even if it means the user has to wait because there's not enough entropy.

Bigger problem on servers where there isn't keyboard / mouse / sound card.

[European Central Bank]

They're hacking human dumbness. That's way more predictable and less secure than anything genuinely randomly generated.

[AliceWonderMiscreations]

It wastes entropy but since I run haveged not really a problem - this is what I actually do when generating a private key outside my wallet

Code:

def randomHexAlphabet():
        a = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f']
        for i in range(0, random.randint(27,45)):
                random.shuffle(a)
        return a

def randomByte():
        a = randomHexAlphabet()
        with open("/dev/random", 'rb') as f:
                m = hashlib.md5()
                data = f.read(32)
                m.update(data)
                rhash = m.hexdigest()
                rnum = int(rhash[16:-12], 16)
                rnom = rnum % 256
                return a[rnom % 16] + a[rnom / 16]

I can generate any hex string a byte at a time and since there is activity between generation of each byte (the shuffling of the hex alphabet), the read from /dev/random is not sequential.

EDIT

The %256 isn't needed, it will always be the last byte of the two bytes read from the md5sum.
Things you don't see until you read it outside of a text editor...

[Kakmakr]

We all know this is BS, but the average Joe do not know this and we need to stop this kind of reporting. We should have a army of people spreading the truth about Bitcoin and creating articles to counter this FUD. We can complain in forums like this, but it will not reach the average Joe.

Our strategy should be to create more positive content than negative content to a ratio of 5 : 1

[Amph]

Private keys can be hacked if you pRNG is flawed.

In fact I believed it happened with the Android bitcoin client where actual value was stolen as a result.

Flawed pRNG is analogous to a brain wallet but you are not likely to know your pRNG is flawed until it is disclosed by a security researcher.

they should use a hardware random number generator instead, since it much more akin to a real casual generation than anything else

[AliceWonderMiscreations]

Private keys can be hacked if you pRNG is flawed.

In fact I believed it happened with the Android bitcoin client where actual value was stolen as a result.

Flawed pRNG is analogous to a brain wallet but you are not likely to know your pRNG is flawed until it is disclosed by a security researcher.

they should use a hardware random number generator instead, since it much more akin to a real casual generation than anything else

The android problem I believe was caused by using non blocking entropy source instead of blocking entropy source.

Long term keys should always use /dev/random and /dev/urandom should be used for short term session keys.

Android does some java wrapper to access the kernel entropy pool and if I remember it wasn't obvious how to make it use the blocking instead of non-blocking.

With Linux anyway, you can have a hardware entropy source feed /dev/random so that's what programmers should read entropy from, it is up to the hardware admin whether or not an external entropy source helps to feed it. Smart phones obviously don't have that. PCs I believe there are some that use USB that easily connect but I've never used them.

And with Linux it saves unused entropy as a seed so using /dev/urandom is usually safe if the system install is not fresh but I believe the java layer thing in Android did not do that.

I don't do mobile apps but I believe what happened with Android is the java layer always uses /dev/urandom but Android doesn't save the seed from unused entropy so you had to specifically seed it before using it and the android bitcoin client (and browsers for tls connections) didn't.