If you used Brainwallet.org - MUST READ! - Security Breach!

[mechs]

Wow Jesse, that is very kind of you to return the funds! It is amazing you even by chance happen to read this threat.  I am definitely not running a competing bot, as you can tell by the weak brainwallet I created.  I was not even that upset about losing the change, it could have been much more than that.
Thank you again!
mechs

I decided to mess around and make a brain wallet.  I used the website www.brainwallet.org.  Supposively, this javascript is client side only.  Anyway, I made a brain wallet and decided to test it.  I moved my spare change (I keep most of my BTC in cold storage) about 0.178 BTC to the new brain wallet I made "15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2".  Literally within seconds, it was moved to a new bitcoin address not owned by me "1Lp3S4PajwhuFCyrAXSFdVGxLuqTsXtVQC" https://blockchain.info/address/15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2

Mechs, the coins in question have been returned directly to the address in your sig:

https://blockchain.info/tx/8a91cca81bcb8ce4b9483e7d933b84b9363cd1dc0c40d37521f796403047e606

The brainwallet.org author is not the culprit, my bot is.  Since you don't come off as one of the people running a competing bot (and trust me there are lots), I'm fairly confident these coins are indeed yours and am happy to return them.

PSA: Picking a bad brainwallet password is like throwing your money on the sidewalk ... except instead of just the people around you scrambling to pick it up, the entire internet can and most of the internet has no interest in giving your money back.  Worse yet, it's actually impossible for someone wanting to give them back to do so with 100% confidence they are giving them to their rightful owner. 

I agree with the sentiment expressed in the thread that if it's memorable, it's eventually gonna find its way into someone's rainbow table and I leave all you brain wallet users with this to ponder: https://www.youtube.com/watch?v=a6iW-8xPw3k

[1715134335]

1715134335

[1715134335]

1715134335

[1715134335]

1715134335

[1715134335]

1715134335

[favdesu]

I decided to mess around and make a brain wallet.  I used the website www.brainwallet.org.  Supposively, this javascript is client side only.  Anyway, I made a brain wallet and decided to test it.  I moved my spare change (I keep most of my BTC in cold storage) about 0.178 BTC to the new brain wallet I made "15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2".  Literally within seconds, it was moved to a new bitcoin address not owned by me "1Lp3S4PajwhuFCyrAXSFdVGxLuqTsXtVQC" https://blockchain.info/address/15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2

Mechs, the coins in question have been returned directly to the address in your sig:

https://blockchain.info/tx/8a91cca81bcb8ce4b9483e7d933b84b9363cd1dc0c40d37521f796403047e606

The brainwallet.org author is not the culprit, my bot is.  Since you don't come off as one of the people running a competing bot (and trust me there are lots), I'm fairly confident these coins are indeed yours and am happy to return them.

PSA: Picking a bad brainwallet password is like throwing your money on the sidewalk ... except instead of just the people around you scrambling to pick it up, the entire internet can and most of the internet has no interest in giving your money back.  Worse yet, it's actually impossible for someone wanting to give them back to do so with 100% confidence they are giving them to their rightful owner. 

I agree with the sentiment expressed in the thread that if it's memorable, it's eventually gonna find its way into someone's rainbow table and I leave all you brain wallet users with this to ponder: https://www.youtube.com/watch?v=a6iW-8xPw3k

wow, that turn of events!

+1

[CIYAM]

OP - I think the "security breach" part of your topic title should be changed (a poor password that was cracked is hardly a security breach IMO) although it has been a good reminder for people that brainwallets are a dangerous thing (and should not be recommended to people without some specific education about how to go about creating a secure enough password).

[Lohoris]

Oh, I'm impressed by this turn of events

So you defend the stupid so they can continue using weak passwords on brainwallets? Why not take a 50% recovery fee? The money moved again? Is the account in his sig the the brainwallet(WTF!) ?

I'm puzzled as well.
dafuq happened?

[phillipsjk]

Perhaps Brainwallet.org should use their own rainbow table. You can still keep everything client-side for generating the address. However once the address is generated, it can be submitted to the site for checking. Users may be surprised to learn the the chorus from their favorite song (with common mishearings and spellings) is actually in the dictionary.

As has been mentioned earlier in this thread, if you can easily memorize it, it is probably not a secure passphrase. The rule of thumb I use is that If it has ever been published anywhere, it is probably not a secure password. Do you really think the sum total of human knowledge has over 64 bits of entropy? (that data-set is only about 46 bits of entropy).

[scintill]

Another case of cracked brainwallet where the funds were returned: http://www.reddit.com/r/Bitcoin/comments/1j9p2d/blockchaininfo_unauthorized_transactionhow_could/ .  The cracker said he's the same guy from this thread, only this time it was around 3 BTC.

This time the passphrase was quite a bit longer, but was a song title, so the rainbow table is pretty big.  Be smart and careful, people!

[Mike Hearn]

Does anyone know who runs that site or how to contact them? The site itself has no contact info on it, the source code is owned by a user just called "brainwallet", the only thing resembling a contact address is a twitter account also called "brainwallet", etc.

Whoever runs this site needs to shut it down now. It's negligent to do anything less.

[CIYAM]

Personally I think that if people are silly enough to "secure" their bitcoins with nothing more than a poorly chosen password or pass phrase then they probably are best to be relieved of them.

The brainwallet itself is actually a useful "offline" tool (and anyone silly enough to use it "online" well...).

[TheButterZone]

^

Does anyone know who runs that site or how to contact them? The site itself has no contact info on it, the source code is owned by a user just called "brainwallet", the only thing resembling a contact address is a twitter account also called "brainwallet", etc.

Whoever runs this site needs to shut it down now. It's negligent to do anything less.

Joric, I found him in #bitcoin-dev once, and IIRC he ragequit because of the core team bitching about bw.org

https://www.bitaddress.org has a brainwallet tab
Not to mention the "SHA256 hash calculators/generators" all over the net - hello, Private Key Hexadecimal Format.

Can't get security through obscurity...

[prof7bit]

The brainwallet itself is actually a useful "offline" tool (and anyone silly enough to use it "online" well...).

The problem of this thread has nothing to do with online or offline.

Its a useful tool because it creates key/address from a passphrase. This is useful.

[ErebusBat]

The problem of this thread has nothing to do with online or offline.

Its a useful tool because it creates key/address from a passphrase. This is useful.

Not to mention all the other tools it has in it.

The problem is people *think* they know what they are doing, or think things like S00p3r53kri7 are secure.

[Financisto]

Talking about that topic,

I got a doubt and maybe someone else have already done it, though I've never tried this out before:

At the "Transaction" function of brainwallet.org, is it possible to send BTC to same address: "Source Address" = "Destination Address"?

e.g: I was wondering if I could send from a total of 10BTC at address "x", 9BTC to address "y" and 1BTC remaining change back to same address "x".

Does that work through brainwallet.org?

P.s: fees disconsidered in order to simplify the example.

[CIYAM]

e.g: I was wondering if I could send from a total of 10BTC at address "x", 9BTC to address "y" and 1BTC remaining change back to same address "x".

Does that work through brainwallet.org?

P.s: fees disconsidered in order to simplify the example.

Yes - that's how it creates the tx by default (if you want change to go to another address you'd have to edit it).

BTW - I would not use the tx tab of brainwallet as it only works *online* and it requires you to provide your private key (so a malicious version could simply broadcast your private key).

[Financisto]

BTW - I would not use the tx tab of brainwallet as it only works *online* and it requires you to provide your private key (so a malicious version could simply broadcast your private key).

I'd never suggest that too.

For everyone new to that script, I only suggest that you test it offline, then copy and paste the tx to blockchain.

Thanks for the help.

Cheers!

[Carlton Banks]

Does anyone know who runs that site or how to contact them? The site itself has no contact info on it, the source code is owned by a user just called "brainwallet", the only thing resembling a contact address is a twitter account also called "brainwallet", etc.

Whoever runs this site needs to shut it down now. It's negligent to do anything less.

For someone who lives in a direct democracy that has a lot of personal freedom, and hence, a lot of required personal responsibility, you sure as hell like to impose your moral standards on other people.

Bitcoin source code was authored by some unknowable pseudonym, SHUT IT DOWN, PADRE-MIKEHEARN SAYS NO ANONYMYMOUS CODINGZ!!!

[Financisto]

I don't think you understand what a rainbow table is.

Somebody generated the exact same brainwallet you did, long before you ever thought of using that passphrase.

They've actually generated millions of brainwallets, and they're just waiting for someone naive enough to use the same weak passprases and deposit money into one of their addresses.

[..]

Is it manageable watching the balances of thousands/millions of generated wallets like that everyday (with today's tech resources)?

Another thing you can do is repeat hash hundreds and hundred of times. And use a salt - with the original phrase and added to each hash. You can even have a simple formula that changes the salt each hash.

57899@##$% as me salt.
"I like big butts" as my passphrase.

Each hash I change the salt according to the number performed and add it to the previous hash, changing the salt so it grows each time, resulting in a huge salt by last hash.

Reapeat, say, 722 times.

All I have to remember is the salt (write it down), the pass phrase, and the algorythm I used to alter the salt each iteration.
[...]

Is that simple to do by command line (Linux Terminal)?

[BurtW]

Is it manageable watching the balances of thousands/millions of generated wallets like that everyday (with today's tech resources)?

Very easy.

[gmaxwell]

It's run by "Joric". As was the similar wallettools.appspot stuff which predated it in the role of helping fools and their Bitcoin split ways.

I have some pretty fun IRC logs surrounding the creation of Brainwallet.org... e.g. Joric searching for guessable sha256 keys and redeeming them.

He was really resistant to using a strong KDF. Not because he's malicious, as far as I can tell, but simply because anything worthwhile is going to be slow in javascript.

[VTC]

Why write custom scripts and remember various variables when you can just make your brainwallet a bit longer. 
Add your name and ID/passport number before your complex passphrase, easier to remember, increase entropy  by a lot.

[mises]

I decided to mess around and make a brain wallet.  I used the website www.brainwallet.org.  Supposively, this javascript is client side only.  Anyway, I made a brain wallet and decided to test it.  I moved my spare change (I keep most of my BTC in cold storage) about 0.178 BTC to the new brain wallet I made "15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2".  Literally within seconds, it was moved to a new bitcoin address not owned by me "1Lp3S4PajwhuFCyrAXSFdVGxLuqTsXtVQC" https://blockchain.info/address/15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2

I am very security conscience and am certain my wallet file was not compromised.  My only thought is the brainwallet website has been compromised instead and some bot is stealing the private keys generated there and then instantly transfering any funds deposited to these compromised wallets to their own bitcoin addresses.  DO NOT USE www.brainwallet.org and if you have used it, then immediately move your funds to a new location ASAP.

I am not complaining though, I only lost 0.178BTC - it could have been much worse.

That's unfortunate! Thanks for letting us know OP.