mechs (OP)
|
|
July 06, 2013, 05:30:17 AM |
|
I decided to mess around and make a brain wallet. I used the website www.brainwallet.org. Supposively, this javascript is client side only. Anyway, I made a brain wallet and decided to test it. I moved my spare change (I keep most of my BTC in cold storage) about 0.178 BTC to the new brain wallet I made "15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2". Literally within seconds, it was moved to a new bitcoin address not owned by me "1Lp3S4PajwhuFCyrAXSFdVGxLuqTsXtVQC" https://blockchain.info/address/15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2I am very security conscience and am certain my wallet file was not compromised. My only thought is the brainwallet website has been compromised instead and some bot is stealing the private keys generated there and then instantly transfering any funds deposited to these compromised wallets to their own bitcoin addresses. DO NOT USE www.brainwallet.org and if you have used it, then immediately move your funds to a new location ASAP. I am not complaining though, I only lost 0.178BTC - it could have been much worse.
|
|
|
|
mechs (OP)
|
|
July 06, 2013, 06:01:13 AM |
|
I don't think you can download the script from the site. Regardless, whether it is the website author or a hacker, the site is compromised. I don't think it had anything to do with my wallet.dat password being compromised - it is a very long, secure password and I do not believe there are any trojans on my system.
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
July 06, 2013, 06:08:39 AM |
|
I decided to mess around and make a brain wallet. I used the website www.brainwallet.org. Supposively, this javascript is client side only. Anyway, I made a brain wallet and decided to test it. I moved my spare change (I keep most of my BTC in cold storage) about 0.178 BTC to the new brain wallet I made "15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2". Literally within seconds, it was moved to a new bitcoin address not owned by me "1Lp3S4PajwhuFCyrAXSFdVGxLuqTsXtVQC" https://blockchain.info/address/15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2I am very security conscience and am certain my wallet file was not compromised. My only thought is the brainwallet website has been compromised instead and some bot is stealing the private keys generated there and then instantly transfering any funds deposited to these compromised wallets to their own bitcoin addresses. DO NOT USE www.brainwallet.org and if you have used it, then immediately move your funds to a new location ASAP. I am not complaining though, I only lost 0.178BTC - it could have been much worse. Is your passphrase just too simple?
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
July 06, 2013, 06:08:54 AM |
|
You can save the website for offline usage or better yet get it from github.
I use from a computer with no internet access - and it works fine for generating the key pairs this way.
|
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1114
WalletScrutiny.com
|
|
July 06, 2013, 06:09:35 AM |
|
/sub
I used Brainwallet for a friend half a year ago on an offline pc with the code from github. The money is still there. I wouldn't trust the version that happens to be on any website but for now I do trust github to not mess with repos. I wish there was some signing involved though. If reputable dev would confirm to have seen nothing fishy about version [hash], I would pick up the changelog (if any) from there and decide if I use the signed version or the updated version. I picked the most recent version as it was old already, so I assumed it was reviewed by quite some people but I guess git's feature to mess with the history would allow to forge an old-looking head easily.
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1013
|
|
July 06, 2013, 06:15:46 AM |
|
Is your passphrase just too simple?
Any passphrase you can memorize is almost too simple by definition.
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
July 06, 2013, 06:31:51 AM |
|
What passphrase did you use?
ireallylikecookies -> not ok poweroutletsmmaybeeshockyuoifyuotuochit -> a lot better.
|
|
|
|
virtualmaster
|
|
July 06, 2013, 07:45:06 AM |
|
How could be compromised a brainwallet ? Breaking known algorithms should we exclude because that would affect all kind of wallets.
You have a javascript brainwallet like brainwallet.org or bitaddress.org or namecoinia.org. 1. It has a connection to the internet and transmitting your private keys. You can avoid this if you save the page on your computer and switch off the internet connection when you are generating the keypairs. Alternatively you can do it in a virtualbox container which has no internet connection. 2. You are generating a random keypair however it isn't random in the reality, but follows a deterministic or stored pattern known to the brainwallet creator. The source is known (javascript) but it is obfuscated and difficult to check it. In this case it doesn't matter if you are offline or online.
Best if you generate deterministic wallet with a passphrase which is random and long enough but you choose it and your computer is offline. In this case I cannot imagine how could the brainwallet creator know the private keys.
Of course they are other attack possibilities also but they are not brainwallet specific. If you downloaded from a pishing site, you have some trojans on your computer or you have written the passphrase on a paper and let on the table on your bureau.
|
|
|
|
Mike Hearn
Legendary
Offline
Activity: 1526
Merit: 1134
|
|
July 06, 2013, 08:18:00 AM |
|
The owner of that site needs to shut it down. This kind of thing was inevitable and we warned about it from the start. Someone has calculated a rainbow table and the passphrase you chose is in it.
Which wallet software did you import the key into? Do we need to put a warning about this site into wallet apps? We need to find some way to kill this stupid and dangerous site asap.
|
|
|
|
J35st3r
|
|
July 06, 2013, 09:01:10 AM |
|
Brainwallet just uses this python code ... privkey_hex = hashlib.sha256(keyphrase).hexdigest() (Not that actual code since its from one of my scripts, but something similar). Its trivial to do your own version and avoid the web site entirely (then import the private key into the wallet of your choice). The slightly more tricky part is obtaining the WIF key and addresses, I posted a simple script here https://bitcointalk.org/index.php?topic=247178.msg2642261#msg2642261 but there are probably more professional versions elsewhere on this forum. But as has been said earlier, if you don't understand what a script is doing, then don't use it.
|
1Jest66T6Jw1gSVpvYpYLXR6qgnch6QYU1 NumberOfTheBeast ... go on, give it a try
|
|
|
stelmoi
Newbie
Offline
Activity: 14
Merit: 0
|
|
July 06, 2013, 09:09:56 AM |
|
Since the coins are already gone, please post what password you used for your brain wallet. We can then confirm to you that it was a bad and easily hackable password.
Don't try to be funny and drop the wrong password, everyone will know immediately.
|
|
|
|
willphase
|
|
July 06, 2013, 10:33:18 AM |
|
Sounds like a weak passphrase to me. We already know that people have created huge 'rainbow tables' of bitcoin addresses generated from SHA256 of weak passphrases, and they just sit watching the blockchain for any of them to come up and then siphon off the funds. This is yet another reason why a 'brain wallet' is such a terribly bad idea for anyone to do.
Will
|
|
|
|
OutCast3k
|
|
July 06, 2013, 10:47:07 AM |
|
Since the coins are already gone, please post what password you used for your brain wallet. We can then confirm to you that it was a bad and easily hackable password.
Don't try to be funny and drop the wrong password, everyone will know immediately.
+1, and its not like he can use the address again...
|
coinb.in - Open Source, Multi Signature, HD Wallet and more! | Donate: 33tht1bKDgZVxb39MnZsWa8oxHXHvUYE4G
|
|
|
Abdussamad
Legendary
Offline
Activity: 3682
Merit: 1580
|
|
July 06, 2013, 10:56:31 AM |
|
Sounds like a weak passphrase to me. We already know that people have created huge 'rainbow tables' of bitcoin addresses generated from SHA256 of weak passphrases, and they just sit watching the blockchain for any of them to come up and then siphon off the funds. This is yet another reason why a 'brain wallet' is such a terribly bad idea for anyone to do.
Will
A brain wallet when done right is perfectly fine. A deterministic wallet like electrum is like a brain wallet. 12 words that are the seed to all your bitcoin keys. Of course the entropy is greater than your typical brain wallet. 128 bits for electrum.
|
|
|
|
ThomasV
Legendary
Offline
Activity: 1896
Merit: 1353
|
|
July 06, 2013, 11:00:56 AM |
|
Electrum users are advised not to type their seed in brainwallet.org (or any other website).
|
Electrum: the convenience of a web wallet, without the risks
|
|
|
ymgve
Newbie
Offline
Activity: 24
Merit: 0
|
|
July 06, 2013, 01:54:18 PM Last edit: July 06, 2013, 02:04:46 PM by ymgve |
|
I did a small investigation some time ago to see how widespread the problem was, and these were the results:
- Sent 0.001 BTC to an address generated with a password you will find in any top 10 common password list. Taken immediately. - Sent 0.001 BTC to an address generated with a six digit password. Taken immediately. - Sent 0.001 BTC to an address generated with the same six digit password as above, but with Point Conversion set to "Compressed". Untouched. - Sent 0.001 BTC to an address generated with an upper/lower/digit six character randomly generated password, normal Point Conversion. Untouched.
Someone is definitely out there grabbing things from weak-passworded wallets, but even a six-character random password thwarts them.
Edit: Mechs, tell us which password you used. It's already compromised, so there should be no harm in revealing it. If you can't reveal it because you use that password in multiple places then guess what - that's how they got your password in the first place - by stealing it from some other place you used it.
|
|
|
|
willphase
|
|
July 06, 2013, 02:19:25 PM |
|
If you can't reveal it because you use that password in multiple places then guess what - that's how they got your password in the first place - by stealing it from some other place you used it.
indeed, it would make sense for an attacker to find as many compromised password lists as possible (hint: there was one for mtgox a while back) and use those as seeds as well. A brain wallet when done right is perfectly fine.
Anything, done well, is perfectly fine! The problem is that there are so many bad ways to do a brain wallet, for example: - picking a weak passphrase - forgetting your passphrase - not understanding Change addresses, and losing bitcoins and it's so trivially easy to compromise a brain wallet with a bad passphrase, that it's probably better, for most users, to use an alternative form of key generation and storage. I would never recommend a brain wallet to a new user, but I would recommend blockchain.info with OTP and a strong passphrase to a new user. Will
|
|
|
|
DobZombie
|
|
July 06, 2013, 02:31:21 PM |
|
I decided to mess around and make a brain wallet. I used the website www.brainwallet.org. Supposively, this javascript is client side only. Anyway, I made a brain wallet and decided to test it. I moved my spare change (I keep most of my BTC in cold storage) about 0.178 BTC to the new brain wallet I made "15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2". Literally within seconds, it was moved to a new bitcoin address not owned by me "1Lp3S4PajwhuFCyrAXSFdVGxLuqTsXtVQC" https://blockchain.info/address/15WjmFwpZ1mp3fG55JGoGv3p5y9jtehEB2I am very security conscience and am certain my wallet file was not compromised. My only thought is the brainwallet website has been compromised instead and some bot is stealing the private keys generated there and then instantly transfering any funds deposited to these compromised wallets to their own bitcoin addresses. DO NOT USE www.brainwallet.org and if you have used it, then immediately move your funds to a new location ASAP. I am not complaining though, I only lost 0.178BTC - it could have been much worse. Tell us what pass phrase you used already!!
|
Tip Me if believe BTC1 will hit $1 Million by 2030 1DobZomBiE2gngvy6zDFKY5b76yvDbqRra
|
|
|
giszmo
Legendary
Offline
Activity: 1862
Merit: 1114
WalletScrutiny.com
|
|
July 06, 2013, 02:39:45 PM |
|
The owner of that site needs to shut it down. This kind of thing was inevitable and we warned about it from the start. Someone has calculated a rainbow table and the passphrase you chose is in it.
Which wallet software did you import the key into? Do we need to put a warning about this site into wallet apps? We need to find some way to kill this stupid and dangerous site asap.
The owner of that site should at least warn that "correct horse battery staple" is a particularly bad password. The fact that barely any bitcoins flow through this one tells me that there is no significant amount of noobs using the site. With mass adoption I bet at least 1% of all users would be thankful for this "random" suggestion and go with it. Brainwallet instead should give the user feedback on how secure his key is, although this might make them feel safe where they shouldn't, it can tell them when they are not safe where they feel safe. Else it should suggest to actually use it to use the github version and verify that the signature of these 4 persons confirms the version to not be tampered with. How could be compromised a brainwallet ? Breaking known algorithms should we exclude because that would affect all kind of wallets.
You have a javascript brainwallet like brainwallet.org or bitaddress.org or namecoinia.org. 1. It has a connection to the internet and transmitting your private keys. You can avoid this if you save the page on your computer and switch off the internet connection when you are generating the keypairs. Alternatively you can do it in a virtualbox container which has no internet connection. 2. You are generating a random keypair however it isn't random in the reality, but follows a deterministic or stored pattern known to the brainwallet creator. The source is known (javascript) but it is obfuscated and difficult to check it. In this case it doesn't matter if you are offline or online.
Best if you generate deterministic wallet with a passphrase which is random and long enough but you choose it and your computer is offline. In this case I cannot imagine how could the brainwallet creator know the private keys.
Of course they are other attack possibilities also but they are not brainwallet specific. If you downloaded from a pishing site, you have some trojans on your computer or you have written the passphrase on a paper and let on the table on your bureau.
If the minimized/obfuscated code reduces the entropy by doing something like changing this privkey_hex = sha256(keyphrase).hexdigest() to this: privkey_hex = sha256("evilhackersalt" + sha256(keyphrase)[:3]).hexdigest() you would get "totally random" keys with every change to your input, but the attacker would actually be the only one to know your private key in a trivial list of a million keys. You would only notice this once you try to use your password on a non-poisoned brainwallet. Good luck finding your money if you didn't also backup your priv key, just in case this attacker needs time to swipe your money.
|
ɃɃWalletScrutiny.com | Is your wallet secure?(Methodology) WalletScrutiny checks if wallet builds are reproducible, a precondition for code audits to be of value. | ɃɃ |
|
|
|
prof7bit
|
|
July 06, 2013, 03:04:14 PM |
|
My only thought is the brainwallet website has been compromised instead and some bot is stealing the private keys
No. You just used a weak passphrase. They have *huge* lists of keys already calculated in advance from all kinds of weak passphrases, they knew your passphrase (and with it the key) already long before you even had the idea to use a brain wallet. They are sitting somewhere with a huge list of such weak keys, permanently scanning the network for new transactions and waiting for your coins to arrive at one of their addresses. Next time you should use a long computer generated random passphrase. Use a tool like pwgen that creates pronounceable random nonsense (not in any dictionary) words, so its easy to remember but still completely random.
|
|
|
|
|