Bitcoin Forum
December 12, 2024, 01:48:52 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Major Brainwallet Problem  (Read 1598 times)
Sothh (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
September 05, 2013, 12:36:29 PM
Last edit: September 05, 2013, 01:05:02 PM by Sothh
 #1

Hey guys,

I found a major, major problem with brainwallet.org

It seems that the wallet always generates the private key/address pair of 5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T by default.

The private key is the sha256 of "correct horse battery staple"

Checking the block chain for 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T and you will find hundreds if not thousands of transactions and double spend attempts.

It appears lots of people have been actually using this address.  I don't know who the creator of brainwallet is, but they should be informed.
Pokerfan
Full Member
***
Offline Offline

Activity: 130
Merit: 100



View Profile
September 05, 2013, 12:52:16 PM
 #2

The address is generated from a password, "correct horse battery staple" in this case. That's the whole point of a brain wallet.

Use your own secure password, get your own brainwallet.
bitcoindigi
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
September 05, 2013, 12:56:18 PM
 #3

what's the problem? it's common sense to not use easy passphrases.
Sothh (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
September 05, 2013, 01:01:29 PM
 #4

The address is generated from a password, "correct horse battery staple" in this case. That's the whole point of a brain wallet.

Use your own secure password, get your own brainwallet.

I know.  The problem is it gives a default to start with.  It should not allow you to use the default.
Sothh (OP)
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
September 05, 2013, 01:16:27 PM
 #5

The address is generated from a password, "correct horse battery staple" in this case. That's the whole point of a brain wallet.

Use your own secure password, get your own brainwallet.

I know.  The problem is it gives a default to start with.  It should not allow you to use the default.

anyone can create the keys (see http://www.xorbin.com/tools/sha256-hash-calculator) and use them in any wallet so there is no way to "stop" anyone from using a specific key.  I saw this on reddit and I checked out the address.  I posted this in another thread and someone pointed me here since we posted about 90 seconds apart on the same subject.  If I try to import this key into Armory it crashes it when it tries to scan the transactions.  I imported it into blockchain.info wallet and then I started getting all these notices of dust transactions. 

I know, I just find it distasteful to spread a private key without telling people on the website that thousands of other people have the same key.
jarhed
Sr. Member
****
Offline Offline

Activity: 672
Merit: 254


View Profile
September 05, 2013, 01:23:29 PM
 #6

Default pass should be "change this passphrase now else say bye bye to your coins"
J35st3r
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
September 05, 2013, 06:43:52 PM
 #7

This was pretty thoroughly discussed here https://bitcointalk.org/index.php?topic=251037.0

TL;DR brainwallets are just a tool, but you need to be very sure of what you are doing to create a secure passphrase. If you don't understand why this is the case, then you should not use them. Easy to get burned and lose your coins.

1Jest66T6Jw1gSVpvYpYLXR6qgnch6QYU1 NumberOfTheBeast ... go on, give it a try Grin
Abdussamad
Legendary
*
Online Online

Activity: 3710
Merit: 1586



View Profile
September 05, 2013, 09:43:28 PM
 #8

Major Brain Problem
virtualmaster
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500



View Profile
September 06, 2013, 12:00:54 PM
 #9

The problem is that by brainwallets you need to use your brain, especially the cerebrial cortex.
 
Grin Grin Grin
Amazing. They are over 2.500 transactions on this address.
"change this passphrase" would be better but probably some people would use it also.

Calendars for free to print: 2014 Calendar in JPG | 2014 Calendar in PDF Protect the Environment with Namecoin: 2014 Calendar in JPG | 2014 Calendar in PDF
Namecoinia.org  -  take the planet in your hands
BTC: 15KXVQv7UGtUoTe5VNWXT1bMz46MXuePba   |  NMC: NABFA31b3x7CvhKMxcipUqA3TnKsNfCC7S
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!