freequant
|
|
January 16, 2015, 03:05:54 PM |
|
Title is wrong and FUD'y: it should read "compromised bitcoin client coldstorage hacked easily". This is a complete non-news, it was already possible to do the same thing by using a custom random generator that would generate numbers in a reduced subset of the integer space.
|
|
|
|
Flashman
|
|
January 16, 2015, 03:11:29 PM |
|
Of course more broadly one would have to assume that if you're D/Ling a precompiled binary with compromised ECDSA, the key generation module would also be compromised.
If you're D/Ling compromised binaries period, your Nest thermostat is going to kill you from hypothermia in your sleep, or your cellphone is deliberately trying to give you brain cancer by going full power on all radios any time you pick it up, and so on.
|
TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6
Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
|
|
|
Razick
Legendary
Offline
Activity: 1330
Merit: 1003
|
|
January 16, 2015, 03:17:10 PM |
|
You have to be using a compromised wallet for this to work.
|
ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
|
|
|
dsattler
Legendary
Offline
Activity: 924
Merit: 1000
|
|
January 16, 2015, 03:21:47 PM |
|
I think nowadays most of the people only read the headlines! But not all of them go straight to btt and spread FUD!
|
Bitcointalk member since 2013!
|
|
|
MrTeal
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
January 16, 2015, 03:22:08 PM |
|
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction. It's shocking how insecure Bitcoin is, really.
|
|
|
|
qwk
Donator
Legendary
Offline
Activity: 3570
Merit: 3478
Shitcoin Minimalist
|
|
January 16, 2015, 03:25:26 PM |
|
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction. It's shocking how insecure Bitcoin is, really. You got it all wrong. It's so much easier to just train the alligators to replace the wallet than to do it yourself.
|
Yeah, well, I'm gonna go build my own blockchain. With blackjack and hookers! In fact forget the blockchain.
|
|
|
MrTeal
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
January 16, 2015, 03:27:27 PM |
|
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction. It's shocking how insecure Bitcoin is, really. You got it all wrong. It's so much easier to just train the alligators to replace the wallet than to do it yourself. That's just stupid. If it was a Caiman, sure. But everyone knows alligators only know how to use Macs.
|
|
|
|
Flashman
|
|
January 16, 2015, 03:28:56 PM |
|
Not if you turn up the heat remotely on the Nest to make them smarter
|
TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6
Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
|
|
|
ChuckBuck
|
|
January 16, 2015, 03:30:20 PM |
|
You have to be using a compromised wallet for this to work.
Not necessarily. You could be using a vanilla version of the software, but the attacker could still easily get all your private keys by accessing your house. Once he's past the alligator pit and dart traps, it's a simple matter of replacing the wallet with a compromised one, avoiding the rolling boulder on the way out, and waiting for you to sign a transaction. It's shocking how insecure Bitcoin is, really. You got it all wrong. It's so much easier to just train the alligators to replace the wallet than to do it yourself. You guys are definitely all wrong. Before the attacker can even get to do all that, he has to get past air conditioner ducts by hacking into the security deactivating the laser sensors for like 2 minutes tops. Then he has to drop into the wallet safe area by like 10 stories using suspension cables, while managing not to drop one drop of sweat from his forehead or the heat sensor alarms will go off alerting security to kill him: Only then can the attacker upload the compromised version of the wallet software.
|
|
|
|
uvt9
|
|
January 16, 2015, 03:54:44 PM |
|
not sure if OP is just spreading FUD, or he's just a pure idiot. It seems he doesn't even understand the article he post.
|
|
|
|
rio3232
|
|
January 16, 2015, 04:16:25 PM |
|
well, i hope blockchain wallet not going hacked is blockchain ever hacked once ?
|
|
|
|
Blazr
|
|
January 16, 2015, 04:18:50 PM |
|
well, i hope blockchain wallet not going hacked is blockchain ever hacked once ? You mean blockchain.info/wallet? yes they've had their fair amount of screw ups, recently with an RNG bug that actually worked similar to the attack mentioned above, but they have covered almost all losses so far. I would recommend NOT using that service.
|
|
|
|
|
freequant
|
|
January 16, 2015, 04:37:05 PM |
|
I'm working on a whitepaper regarding another yet unpublished attack vector. I found that ECDSA is vulnerable to pre-computed private key attack. All you need to do is to have your victims use a compomised bitcoin client of your making that generates a set of predefined keys. This attack is so much more bad ass because you don't need anymore to search the blockchain to find keys that may have been generated by your handiwork since you know them already. Now, you'd really have to be an idiot not to withdraw your bitcoins right now before I decide to use your cold storage.
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
January 16, 2015, 04:54:04 PM |
|
OP mostly FUD but good that people are aware of all the attack vectors. Can't be too careful when it comes to large amounts of money.
If you are using electrum, I have published several utility scripts in the electrum sub forum that you can use to verify if the addresses and keys from your copy of electrum are legit.
|
|
|
|
mayax (OP)
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
January 16, 2015, 06:55:38 PM |
|
OP mostly FUD but good that people are aware of all the attack vectors. Can't be too careful when it comes to large amounts of money.
If you are using electrum, I have published several utility scripts in the electrum sub forum that you can use to verify if the addresses and keys from your copy of electrum are legit.
how can normal people use such script? the normal people wants something safe and simple. it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.
|
|
|
|
cheekychap
|
|
January 16, 2015, 06:57:25 PM |
|
Well, I don't see it saying HACKED Easily anywhere. Its hackable, but I am sure it wont be easy.
|
|
|
|
Flashman
|
|
January 16, 2015, 06:58:05 PM |
|
it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.
Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first.
|
TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6
Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
|
|
|
mayax (OP)
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
January 16, 2015, 07:00:43 PM |
|
it was proved that the COLD wallet can be hacked. once you are hacked, you cannot recover the bitcoin.
Yup, and normal people can easily pick up a handful of moondust, provided NASA takes them to the moon first. or they can think : why would I use Bitcoin when I have fiat currency and other payment processors? Yes, I can use Bitcoin to speculate a bubble but nothing more.
|
|
|
|
Flashman
|
|
January 16, 2015, 07:06:13 PM |
|
My, my, you are getting repetitive, why not go troll the Swiss about how they should trust central banks who only have their well being and happiness in mind.
|
TL;DR See Spot run. Run Spot run. .... .... Freelance interweb comedian, for teh lulz >>> 1MqAAR4XkJWfDt367hVTv5SstPZ54Fwse6
Bitcoin Custodian: Keeping BTC away from weak heads since Feb '13, adopter of homeless bitcoins.
|
|
|
|