spooderman (OP)
Legendary
 Offline
Activity: 1680
Merit: 1045
|
 |
April 19, 2014, 09:12:52 AM |
|
So I encouraged a friend of mine to buy some bitcoins quite a long time ago. They have since become worth a lot. She wrote a long password (22 characters!), and kept the coins in an encrypted wallet-qt. As they appreciated and appreciated I got more and more nervous, and the time finally came to put them in cold storage. This was when we discovered that she had written down her password wrong. I tried 128 different combinations. None worked. I asked help from a lot of people here. Some good advice, but all a little too technical for me. I felt the coins were basically gone, because as we all know, if you don't have your private key (or the password to your wallet.dat!) you don't have any bitcoins. My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends  ). They have now been moved to cold storage, printed using an offline computer (with no hard drive in!) that ran the html for bitaddress.org. The private key has never been near a webam or window (drones, government agencies), has been laminated (read about a guy on here accidentally spilling whiskey all over his paper wallet), kept in a safe place that only she has access to, TWICE. I have learnt from everyone else here. I hope to help everyone a little with my story. This new paradigm of having COMPLETE responsibility for ones own money is going to take some adjustment, but the more we help each other, the less horror stories we all have to hear about. Good luck and happy bitcoining. |
Society doesn't scale.
|
|
|
InsertUsernameHere
Member
Offline
Activity: 67
Merit: 10
|
|
April 19, 2014, 09:15:12 AM |
|
So I encouraged a friend of mine to buy some bitcoins quite a long time ago. They have since become worth a lot. She wrote a long password (22 characters!), and kept the coins in an encrypted wallet-qt. As they appreciated and appreciated I got more and more nervous, and the time finally came to put them in cold storage. This was when we discovered that she had written down her password wrong. I tried 128 different combinations. None worked. I asked help from a lot of people here. Some good advice, but all a little too technical for me. I felt the coins were basically gone, because as we all know, if you don't have your private key (or the password to your wallet.dat!) you don't have any bitcoins. My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends ). They have now been moved to cold storage, printed using an offline computer (with no hard drive in!) that ran the html for bitaddress.org. The private key has never been near a webam or window (drones, government agencies), has been laminated (read about a guy on here accidentally spilling whiskey all over his paper wallet), kept in a safe place that only she has access to, TWICE. I have learnt from everyone else here. I hope to help everyone a little with my story. This new paradigm of having COMPLETE responsibility for ones own money is going to take some adjustment, but the more we help each other, the less horror stories we all have to hear about. Good luck and happy bitcoining. How much was it worth? |
ShareCoin : SiAMsjQv2jG1epUS55V9pyz2CrxRLg4yAu
|
|
|
Bit_Happy
Legendary
Offline
Activity: 2114
Merit: 1040
A Great Time to Start Something!
|
|
April 19, 2014, 09:19:49 AM |
|
How much was it worth?Enough that he might not want to say, but... Not nearly enough for anyone to try to track down his IP address.  OP: Congrats on a successful recovery.
|
|
|
|
spooderman (OP)
Legendary
Offline
Activity: 1680
Merit: 1045
|
|
April 19, 2014, 09:31:07 AM |
|
Lessons from this community:
1. Never trust exchanges, be the sole owner of your private keys.
2. Paper wallets are a great way of having a key that no one else in the universe can know.
3. Laminate your paper wallets.
4. Have more than one copy.
5. Never panic sell, if you are going to trade, have a plan. It's much easier to get unlucky than it is to get lucky.
6. Split your cold storage up.
7. Don't let your printed private key be seen by any electronic devices (with cameras). This is maybe a little "tin-foil hat-y" for many people, but it's possible that in a few years we will see that this is justified behaviour (in fact we already do, with regard to webcams being remotely activated - thank you Snowden.)
8. Drones are tiny now, and could be flying around outside your window, or inside your house without you knowing. Cover your private key as much as you can!
9. We've never had money this good before. Get as many as you can, don't lose them and don't let other scare you into selling them.
10. People are used to having mommy and daddy hodl their hands when it comes to money. With bitcoin there is no central authority. You are entirely responsible - can you handle the responsibility?
(Apologies for 7&8 sounding overly paranoid. It's not especially difficult to do what I say there, and not so unreasonable if you ask me. The only price you pay is seeming "over-the-top" to any observer, but to be honest, no one should be observing you do this in the first place! We all do strange things when we have the luxury of some privacy. Why can't this be one of them?)
|
Society doesn't scale.
|
|
|
spooderman (OP)
Legendary
Offline
Activity: 1680
Merit: 1045
|
|
April 19, 2014, 09:32:25 AM |
|
How much was it worth?Enough that he might not want to say, but... Not nearly enough for anyone to try to track down his IP address. OP: Congrats on a successful recovery. exactly |
Society doesn't scale.
|
|
|
|
halicarton
|
|
April 19, 2014, 10:31:28 AM |
|
How much was it worth?   |
| ............It's never late to buy BTC for $1.........
........Services-backed cryptocurrency of $1 000 000 000 000 market .........
.............. | ...........PRE ICO Sep.27 – Oct.04............
............ICO Oct.10 – Nov.07............
...................ANN thread Bounty....................
|
|
|
|
gagalady
Legendary
Offline
Activity: 938
Merit: 1000
|
|
April 19, 2014, 10:34:13 AM |
|
My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends ). Could you explain how the code worked with the password hash? thanks. |
|
|
|
|
|
vnvizow
|
|
April 19, 2014, 10:53:14 AM |
|
My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends ). Could you explain how the code worked with the password hash? thanks. I made a simple one before but the basic explanation is that it guesses every combination given the variables and number of 'spaces' until the password cracks |
|
|
|
|
bryant.coleman
Legendary
Offline
Activity: 3780
Merit: 1219
|
|
April 19, 2014, 11:04:56 AM |
|
Hmm.... so 2 million permutations. A 22 character password might need a quintillion guesses or permutations. But in this case it was easier, since some of the characters were known. |
|
|
|
|
|
Light
|
|
April 19, 2014, 11:14:08 AM |
|
The private key has never been near a webam or window (drones, government agencies), has been laminated (read about a guy on here accidentally spilling whiskey all over his paper wallet), kept in a safe place that only she has access to, TWICE.
You have stored them in locations that are separated physically by a reasonably large distance right? For example, don't have them all in your house - if there's a fire then you'll lose them completely. Unless you have a fireproof safe rated for temperatures to ensure your paper doesn't burn up, you might want to look into storing a encrypted version of your wallet on a USB key in a safe deposit box with your bank. |
|
|
|
|
|
fryarminer
|
|
April 19, 2014, 12:06:54 PM |
|
OK so, drones so small they can be flying around inside your house that you don't notice it?! And that they would care to find your private keys? If I was controlling a drone that small I'd be a person who has no idea what bitcoin is, just sayin.. Isn't this just a little extreme?
|
|
|
|
|
|
dreamspark
|
|
April 19, 2014, 02:14:06 PM |
|
Glad it was a positive outcome. One way to make sure there are no mistakes like that is to stamp passwords or keys into a piece of metal that way there can be no problems reading them.
|
|
|
|
|
gagalady
Legendary
Offline
Activity: 938
Merit: 1000
|
|
April 19, 2014, 03:07:17 PM |
|
My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends ). Could you explain how the code worked with the password hash? thanks. I made a simple one before but the basic explanation is that it guesses every combination given the variables and number of 'spaces' until the password cracks Thanks for reply, heh it's helpful to have a code like this. I think you mentioned your password had 12 letters? So how long it took to check all 2 Million permutations? |
|
|
|
|
spooderman (OP)
Legendary
Offline
Activity: 1680
Merit: 1045
|
|
April 19, 2014, 03:17:28 PM |
|
My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends ). Could you explain how the code worked with the password hash? thanks. I made a simple one before but the basic explanation is that it guesses every combination given the variables and number of 'spaces' until the password cracks Thanks for reply, heh it's helpful to have a code like this. I think you mentioned your password had 12 letters? So how long it took to check all 2 Million permutations? The password had a few digits in that we were unsure of. Obviously we weren't trying to guess all 22 digits, that would take the entire bitcoin network a few years I'm guessing? The private key has never been near a webam or window (drones, government agencies), has been laminated (read about a guy on here accidentally spilling whiskey all over his paper wallet), kept in a safe place that only she has access to, TWICE.
You have stored them in locations that are separated physically by a reasonably large distance right? For example, don't have them all in your house - if there's a fire then you'll lose them completely. Unless you have a fireproof safe rated for temperatures to ensure your paper doesn't burn up, you might want to look into storing a encrypted version of your wallet on a USB key in a safe deposit box with your bank. This is good, and I'm going to do this. At the moment they are relatively fire proof, but not enough to be completely at ease. This is an exercise in caution. I want to never worry about these things. Also, the person who mentioned stamping metal is on to something. |
Society doesn't scale.
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
April 19, 2014, 04:59:14 PM |
|
Lessons from this community:
1. Never trust exchanges, be the sole owner of your private keys.
2. Paper wallets are a great way of having a key that no one else in the universe can know.
3. Laminate your paper wallets.
4. Have more than one copy.
5. Never panic sell, if you are going to trade, have a plan. It's much easier to get unlucky than it is to get lucky.
6. Split your cold storage up.
7. Don't let your printed private key be seen by any electronic devices (with cameras). This is maybe a little "tin-foil hat-y" for many people, but it's possible that in a few years we will see that this is justified behaviour (in fact we already do, with regard to webcams being remotely activated - thank you Snowden.)
8. Drones are tiny now, and could be flying around outside your window, or inside your house without you knowing. Cover your private key as much as you can!
9. We've never had money this good before. Get as many as you can, don't lose them and don't let other scare you into selling them.
10. People are used to having mommy and daddy hodl their hands when it comes to money. With bitcoin there is no central authority. You are entirely responsible - can you handle the responsibility?
(Apologies for 7&8 sounding overly paranoid. It's not especially difficult to do what I say there, and not so unreasonable if you ask me. The only price you pay is seeming "over-the-top" to any observer, but to be honest, no one should be observing you do this in the first place! We all do strange things when we have the luxury of some privacy. Why can't this be one of them?)
i dont think its too paranoid. better safe than sorry. there's nothing to lose by being extra careful... there's your hard earned money to lose by not doing so. |
|
|
|
|
vnvizow
|
|
April 20, 2014, 12:17:43 PM |
|
My friend wrote some code and took the password hash and ran almost 2 million different permutations and finally....cracked it! (Always put dots above your lower case "i"s my friends ). Could you explain how the code worked with the password hash? thanks. I made a simple one before but the basic explanation is that it guesses every combination given the variables and number of 'spaces' until the password cracks Thanks for reply, heh it's helpful to have a code like this. I think you mentioned your password had 12 letters? So how long it took to check all 2 Million permutations? These codes do have their limits, that's why some applications and devices only allow a certain number of 'guesses'. Unless you can hack the limit the password can't be hashed. The SHA-256 coding runs in the same style, which is now used for mining. A hash is a guess, by reprogramming a miner you can have up to 1 TeraHash per second, roughly 1,099,511,627,776 guesses per second. So hashing the password should have been easy |
|
|
|
|
|
