Yeah, I'm not real hot on Mt. Gox's Yubikeys, which costs like $30 and are only usable with Mt. Gox (my understanding; someone please correct me if I'm wrong). I'm not sure I actually trust Gox to implement multi-factor auth correctly, or any type of security (I don't like their new password hashing scheme, for example, which still seems lacking). Yawn, for real though?! I read about some script kiddie saying what they are doing isn't secure, so it must not be..
Back up your claims with some facts and figures son... you'll get more respect.
Woah, whoa... where's all this hostility coming from? I didn't mean to hurt your feelings, man.
My original MT.Gox password was "R8YC2txHc1RWtScewxid" and is listed in its MD5+Salt format in the hack DB as "$1$9W57ShSS$H37Nb7ik2PUf2WY/p/OEl.)"
Lets try that with a multi-iteration triple salt.. lets see what we get...(Honestly I don't know what that is, but I'll try, lol)
If you don't know what it is, why the eff are you defending it so vehemently?
Hopefully, what Mt. Gox is talking talking about is key stretching (http://en.wikipedia.org/wiki/Key_strengthening
), and hopefully they are doing more than just three iterations as in your example because that would hardly do anything to slow down a brute force or dictionary attack. Salts don't help against brute force attacks either, at all. Mt. Gox could add 50 salts and it wouldn't make a difference (unless maybe they stored the salts in another secure database or something). It's troubling they seem to have come up with their own homebrew system. Getting cryptography right is pretty hard and they should have used known good solutions instead of rolling their own thing.
mkpasswd -m sha-512 NbFEw6ToZrAnGai3kVDp1GbqY5iX7o0zu41iMelKnbjBvR/xUMAbxQ3Zk3egojw8GxXUlzGVTyCBT7NhKbLyE 86Ev9OHO/tSQ/NsH[/size]
Produces this output "$6$86Ev9OHO/tSQ/NsH$BBh.ljcEs8wqAWtpm1CAsoCpuAKXVPh8WJaTsr/H9o8uPXD9Qa5vDyHZkIhHWtoRSm.qLQkmJ7qXcDrsSbtJ90"
Yeah.. good luck with that.. even though its considered a speedier hash in comparison to bcrypt, its still 100% NON REVERSABLE, it has a HUGE output which is for all intents and purposes completely collisionless.
I used Steve Gibsons "Password Haystacks" tool to do some sample calculations on what would be required to crack my current MT.Gox password.
OMGWTFBBQ.. you are right.. My MT.Gox account is terribly terribly insecure.. what will I ever do now!?!?! Oh noes, and I gave away its length too!! I'm a goner!
Okay, you've constructed a straw animal here. We're not talking about your password
, we're talking about passwords in general. Your password is a very good one. It seems to be 20 random alphanumeric chars. Most people -- almost nobody -- bothers to make a strong password like that. And Mt. Gox certainly doesn't force anyone to. They seem to have practically no password policy at all
! You can still create a Mt. Gox account using a short dictionary word for a password. A good password policy would have accomplished way, way more to enhance their security than a bunch hand waving about "SHA-512 multi-iteration triple salted hashing".
Try cutting the length of your password in half and see what you get in Password Haystacks. Try cutting it down to seven characters.
For a few hundred bucks an hour you can spin up enough Amazon EC2 power to try hundreds of billions of passwords a second (i.e. Gibson's "Offline Fast Attack Scenario"). If the cracker can just use a dictionary attack to find passwords (like they probably can with Mt. Gox) s/he could probably use an old clunker PC to get those accounts.
SHA-512 is not "considered" faster than bcrypt, it is faster. SHA-512 was designed as a cryptographic primitive to be used as part of more complex crypto systems that need hashes for big chunks of data (e.g. documents, binary files) so it has to be very fast. There are even dedicated hardware implementations of it. Bcrypt on the other hand was designed for password hashing and does not have a fixed speed, so you can make brute force attacks infeasible. You can easily adjust the work factor to keep up with Moore's Law.
Yes, because you were affected by the hack, right? Everyone else hoping for a sloppy modicum of security has to pay $30.
While LastPass is a great password management service that can generate, store and automatically submit complex passwords for many sites, believing that this is a viable replacement for a site specific multi-factor authentication system is just flat out incorrect advice to give. The fact that you are storing passwords in LastPass, and using the Yubikey to access them does not stop anyone from compromising any account if password has been compromised. You understand the difference, right? In your scenario the Yubikey is used as a secondary factor for LastPass.
Yes, I understand the difference. I guess what I meant to say is that I don't trust Mt. Gox to implement multi-factor auth correctly. You might be more secure using your own Yubikey and password manager, and trading on another exchange that takes security more seriously.
You are just repeating what you think is true .. because thats what someone else wrote.
How would the attacker be able to mount an attack by getting access to both my ironkey & yubikey? (The other drive you see is empty, its a tool.) Did you just make that up hoping no one would call you on it? The $5 wrench attack would NEVER work as an attack vector against the Yubikey or Ironkey.. HOW!?! The ONLY way he would get any of my Bitcoins would be if my car was broken down, and he used the wrench to help get it going, I would give him a few coin, and say THANKS!!
How about: first an attacker hits you with a wrench to get the password to your Mt. Gox account, then she hits you again to get the password to your IronKey, then she takes all your Bitcoinage! Seems like it would work to me. BTW, do you memorize your 20-char random Mt. Gox password? Or do you use a password manager or write it down or something?
Question.. Have you actually attempted using TrueCrypt as a roaming data security solution for any period of time with any level of convienience?
Yeah, I have -- for years. It works great.
You do realize that a truecrypt drive is pretty easy to get into, right?...
I use a Truecrypt container not a drive. But anyway, that's false.
Do you truely believe that sprinkling your wallet.dat all over the interwebs might just be the best approach to keeping your wallet.dat available and secure?. If any one of those files gets uncovered and decrypted you might find that those efforts were all in vain. Remember the bitcoin community has a higher level of knowledge & capability in that area.
Yes, I think it's a good approach. I don't think either of those things is likely at all.
What implementations of paper based storage of bitcoins have you explored? What is wrong with paperback? I found it to have high levels of resilience against damage, highly recoverable, and additionally it was configurable with strong FIPS-197 compliant AES encryption via a configurable password. Check it out (http://www.ollydbg.de/Paperbak/index.html
) or does this not live up to your security standards either!?! Here is a nice sample to print and scan back in.. the password is "bitcoin" http://www.mediafire.com/?yks2s9251yfvywy
The only paper-based ones I've looked at print out the private keys to your bitcoins in the clear or as QR codes. I wasn't aware of Paperback. It looks good. I'll definitely take a close look. Thanks for the tip.
Well anyway... If you think I'm wrong you can tell me again.. I really don't mind, it helps me learn.
No, I don't think you're wrong. Ironkey looks like a great product. I just don't trust Mt. Gox's security and I'm not sure I'd personally want to become dependent on an expensive flash drive, especially when there are free tools that are just as (if not more) secure.