|
seriouscoin
|
 |
January 18, 2015, 10:04:41 PM |
|
This thread sum up OP's IQ. Hint : well below 60, in "Special" zone
|
|
|
|
|
|
GrandmaJean
|
|
January 19, 2015, 06:43:24 AM |
|
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction. It's shocking how insecure Bitcoin is, really.   I have seen this cartoon a number of times over the last several months. While it is a generalization of how one could get access to someone's bitcoin, it is really not accurate. First and foremost an attacker would need to know who has how much money (to be worth stealing from), then not only that but he needs to get the person he is stealing from to be in the general area of where his private keys are stored in order to carry out this kind of attack This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker |
|
|
|
|
|
promojo
|
|
January 19, 2015, 07:07:53 AM |
|
I will have to read this. Thanks for the infos.
|
|
|
|
|
Remember remember the 5th of November
Legendary
 Offline
Activity: 1862
Merit: 1014
Reverse engineer from time to time
|
|
January 19, 2015, 07:12:49 AM |
|
These articles, OP's thread tell us nothing new, it's just the same song sang differently.
|
BTC:1AiCRMxgf1ptVQwx6hDuKMu4f7F27QmJC2
|
|
|
dsattler
Legendary
Offline
Activity: 924
Merit: 1000
|
|
January 19, 2015, 07:39:37 AM |
|
This attack could also be easily be countered by having a wallet with only a small amount of bitcoin stored on a "decoy" wallet that could be given to an attacker
So long as the attacker doesn't know this trick as well! Then it will become even worse... Better to have a third wallet... (or fourth ? ) to satisfy the attacker with your answers. Good luck with that... As this trick is in the wild now (trezor has it in the manual as well) all the guys with only one wallet are damned IMHO! |
Bitcointalk member since 2013! 
|
|
|
Furio
Legendary
Offline
Activity: 938
Merit: 1000
|
|
January 19, 2015, 07:41:54 AM |
|
Old news. This attack (bugged ECDSA implementation) has been known about for a long long time, before Bitcoin even existed. The attacker must first create a compromised version of ECDSA. This is achieved with a kleptographic 'SETUP', or 'Secretly Embedded Trapdoor with Embedded Protection', which was first described in a 1997 paper by Adam Young and Moti Yung. One of the weaknesses of cold storage is if your cold storage machine is compromised, you're fucked and there is almost nothing you can do to prevent that. There are many many ways an attacker can exfiltrate the private keys from a compromised cold storage machine, including as used in this case a bugged ECDSA implementation. I have an old but freshly installed never been online computer, solely used to generate new .dat files on clients in an offline environment, that's how a store my crypto's, good luck with that  |
|
|
|
|
Razick
Legendary
Offline
Activity: 1330
Merit: 1003
|
|
January 20, 2015, 01:28:42 AM |
|
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction. It's shocking how insecure Bitcoin is, really. Exactly. BUT, it does make a good point. The human element is often far weaker than we'd like to admit, and the fact is social engineering is pretty much the best form of "cryptanalysis" ever invented. |
ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
|
|
|
|
Nrcewker
|
|
January 20, 2015, 02:29:03 AM |
|
gold, hold dollars, let us leave bitcoins..
|
|
|
|
|
ChuckBuck
|
|
January 20, 2015, 02:05:46 PM |
|
Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.
The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.
Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.
Admins please lock, thanks.
|
|
|
|
dsattler
Legendary
Offline
Activity: 924
Merit: 1000
|
|
January 20, 2015, 02:22:33 PM |
|
Mayax or moderators...someone lock this thread up, title is FUD inducing for no reason.
The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions.
Noobs stumbling across this thread may assume that all Bitcoin storage solutions are easily hackable, yet cold/offline has and remains the most secure and foolproof method.
Admins please lock, thanks.
I second this! |
Bitcointalk member since 2013!
|
|
|
|
thelibertycap
|
|
January 20, 2015, 02:33:52 PM |
|
news at 11! a software trojan horse can steal your funds!
i guess bitcoin has really reached mainstream because these people have no idea what an md5 hash and gnupgp is good for
|
|
|
|
|
|
|
physicsdude
Newbie
Offline
Activity: 11
Merit: 0
|
|
January 20, 2015, 10:15:25 PM |
|
Yes, massive news flash: If you have hacked software on your machine your coins aren't safe. Thanks for the enlightenment. This article is a huge piece of FUD.
"The article linked explains the conceivable hack, but it's furthest from easy to execute...bordering on near impossible, if the cold or offline device or wallet follows secure protocols and the correct precautions."
|
|
|
|
|
|
thelibertycap
|
|
January 20, 2015, 10:41:00 PM |
|
"The attacker must first create a compromised version of ECDSA." so what is it about? if i use a proper binary of my wallet, my system is not compromised. |
|
|
|
|
|
dlowings
|
|
January 20, 2015, 10:48:28 PM |
|
Nothing but propaganda to entice people back to online wallets.. Foolishness , sure it's a posabity however even a greater possibility that your online wallet will go up in smoke. Aside from that, cold storage has nothing to do with any computerized storage. Cold storage is a paper wallet .
|
BTC donations welcome:- 1BrersvQubEKt4m2hBXDNvU1B4RiYe6J4i - Feel free to visit wiki.chainminer.com for free hardware listings, and mining info. - IRC on freenode #wiki.chainminer.com
|
|
|
|
R2D221
|
|
January 20, 2015, 11:16:59 PM |
|
How can you install a backdoor in my paper wallet? I really want to know.
|
An economy based on endless growth is unsustainable.
|
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
January 21, 2015, 02:03:10 AM |
|
The article has been read thoroughly by many of us who are knowledgeable and competent. Anyone who does their due diligence to set up a cold storage wallet properly is not going to use a compromised version of ECDSA. Your trolling attempts are rather goofy, because although Bitcoin isn't perfect, having your cold storage keys stolen is one of the LEAST likely things to happen. |
|
|
|
|
R2D221
|
|
January 21, 2015, 02:07:56 AM |
|
“It's not about a backdoor” *article title includes the words “install backdoor”* |
An economy based on endless growth is unsustainable.
|
|
|
|
Ingatqhvq
|
|
January 21, 2015, 04:12:07 AM |
|
That‘s weird, if it really easy to hack cold storage, why so many cold wallet don't be hacked?
|
|
|
|
|
|
