[Emergency ANN] Bitcoinica site is taken offline for security investigation

[ArticMine]

Back to the question of WHEN WILL WE SEE THE FIRST FUNDS BACK TO THE CUSTOMERS? This timing may well lead to more volatility of bitcoin trading and to know this date would be very much appreciated.

Especially when we consider the question of the open positions and at what price they will be liquidated. If the market makes a sharp move in any direction this can get real ugly real fast.

[1713281983]

1713281983

[1713281983]

1713281983

[1713281983]

1713281983

[1713281983]

1713281983

[proudhon]

I'll be sure to let you guys know when I get the $300,000 or so I had in long positions before I use it to buy on MtGox.

[zhoutong]

Thus, with a strong salt making anything but huge rainbow tables ineffective, while some users might have relatively weak passwords that could be solved in reasonable amounts of time, the attackers wouldn't know which they are and would have to attack the entire DB looking for them. How long would it take with a reasonable GPU farm (say 4 5970s) a 6 character case sensitive Latin alphabet password?

It depends on the work-level but lets assume a work level of 10. That means a single core of server can verify a password in ~ 3 ms or 300 p/s.  A 5970 would be ~30x as fast (optimistic) so your might be getting ~ 9kp/s or 36kp/s for 4x5970 rig.

If your password can't be found in a dictionary or easy password list to brute force all 6 char passwords would require
alphabet only (53 values) 53^6 /36000 / 60 /60 /24 = 7 days
alphanumeric (63 values)  63^6 36000 / 60 /60 /24 = 20 days
printable symbols on keyboard (95 values) 95^6 /36000 / 60 /60 /24 = 236 days

If the salt is random per account that means each account must be cracked separately.

Of course the attacker could use multiple GPUs so a good way to think of it is in time value.    A single 5970 can generate ~0.5 BTC per day.  So cracking a 10 BTC account is worth ~ 20 GPU days.  Cracking a 1000 BTC account is worth ~200 GPU days.

Adding 1 more character significantly increases the time value cost.  A 7 char (all printable keys) password is ~ 90,000 GPU days (5970s).  The time value is worth 45,000 BTC meaning if someone had sufficient GPU they could make 45,000 BTC simply mining instead of hacking your account.  Given the attacker has no idea if he will ever crack it (maybe your password is a purely random 14 character string "pOQs9jb!su3gp@") it doesn't really make sense to even try.

6 is likely "good enough" if your password is complex but 7 or 8 makes it so expensive the thief isn't going to even try.  In the time it takes to brute force a single 8 char password he could brute force 86,000 other accounts trying all passwords length 1 to 5.

Thanks for the information. Bitcoinica uses a work level of 20 and forces at least 8 character passwords.

[MrTeal]

Would the expected attack vector in that case be to use the known work size and then go through each user and their unique salt first using dictionary word, then working out from the minimum password size exhausting successively 4 character passwords, then 5, 6, etc?

Yeah that would be the common attack vector.

Generally speaking there are three ways to guess a password.
a) recompiled lists (often 5-8 million based on prior large scale breaches - people love re-using passwords even after breaches)
b) base word dictionary (also contains slang, names, famous people, brands, etc) with substitution
c) pure brute force.

The order of using the masks and lookup tables is kinda an art-form.  Some choices are obvious, some choices are more subjective.

There are only 857K 1-3 char passwords so try them first.  
Next try your "common password list".
A 4 char brute force usually makes the most sense (81 million).
Around 5 or 6 char brute force starts to not make much sense.  That assumes you are going against something solid like bcrypt.
So uaully after 4 or 5 char brute force trying substitution/prefix/suffix makes more sense.

Start w/ 1 substitution against the dictionary and then increase the number of substitutions.  Beyond 2 or 3 you really aren't gaining anything over brute force.  Eventually the "largeness" of the attack space makes continuing futile.

So a sensible takeaway in this situation is that even if a password was used as the sole means of verifying an account, it would be very difficult for the attacker to use the stolen database to actually compromise any accounts for anyone who's password is even remotely secure within the week long timeframe we're talking about. Even going through a 8M entry recompiled list at 36,000 passwords a second would take 3.7 minutes per password, or 2.57 days per 1000 passwords. There might be someone who's password is "password" with 1000BTC sitting in their account, but really anyone stupid enough to do that probably wouldn't have 1000BTC to begin with.

[jgarzik]

What's considered a short, weak password?

See XKCD's take on password strength:  http://xkcd.com/936/

[MrTeal]

What's considered a short, weak password?

See XKCD's take on password strength:  http://xkcd.com/936/

Yeah, I've seen it.

I should have worded it differently. I was specifically asking muyuu what he considered a short, weak password when he said it. My hunch was that as long as it was something non-obvious that even a short password (say 6 characters) would be relatively safe when we're talking about a timeframe of a week.

[M4v3R]

Thanks for the information. Bitcoinica uses a work level of 20 and forces at least 8 character passwords.

If you really did enforce at least 8 character passwords than it's safe to assume that the passwords* are safe.

*Unless somebody used a dictionary password.

[ArticMine]

I'll be sure to let you guys know when I get the $300,000 or so I had in long positions before I use it to buy on MtGox.

But if the BTC price were to drop to say $0.50 or rise to say $50 before the Bitcoinica positions were closed and the accounts settled with the clients  then the real fun begins.

[DiabloD3]

I'll be sure to let you guys know when I get the $300,000 or so I had in long positions before I use it to buy on MtGox.

But if the BTC price were to drop to say $0.50 or rise to say $50 before the Bitcoinica positions were closed and the accounts settled with the clients  then the real fun begins.

And people wonder why I called Bitcoinica a bucket shop.

[bitcoinBull]

the claims process should be finished tonight. It took long because we did not want to use a 3rd party service such as Wufoo for obvious security reasons.

Now that some claims have been filled out, when and how should we expect to get our funds back?!

The silence from you people is maddening.

[Phinnaeus Gage]

Approximately, how many clients/users did/does Bitcoinica have? I'm guessing about a couple hundred.

~Bruno~

[R-]

Approximately, how many clients/users did/does Bitcoinica have? I'm guessing about a couple hundred.

~Bruno~

In the ballpark of 1336 users + Zhou.

[rjk]

In the ballpark of 1336 users + Zhou.

Ahahaha

[XVacant]

Bitcoinica Consultancy, please check if it is a bug: Why the Deposit Method of "Last Deposit" cannot be "BITCOINICA-CODE"?
Now on the claims page, the "BITCOINICA-CODE" is available for  "Last Withdrawal", but not available for "Last Deposit".

[zhoutong]

Approximately, how many clients/users did/does Bitcoinica have? I'm guessing about a couple hundred.

~Bruno~

Almost 5000

[tarrant_01]

The claim page just goes back up to the top when I hit submit. How am I supposed to know if it submitted or not?  I didn't have a position so I put 0's

[BIGMERVE]

The claim page just goes back up to the top when I hit submit. How am I supposed to know if it submitted or not?  I didn't have a position so I put 0's

If you put your email address check that. I got a message instantly with a link to confirm.

[tarrant_01]

Nothing in my mail from them. Checked spam box too.

[faidsaid]

Nothing in my mail from them. Checked spam box too.

No response here. No reply from verify@bitcoinica.com either. Imagine that

[M4v3R]

The claim page just goes back up to the top when I hit submit. How am I supposed to know if it submitted or not?  I didn't have a position so I put 0's

Check for errors. They're not displayed in red like they should, so it's easy to miss them (like I did when I was filling the form for the first time).