Bitcoin Forum
December 11, 2017, 12:18:19 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [18] 19 20 »  All
  Print  
Author Topic: BTC-E.COM NICE RECOVERY FROM THE HACK! =)  (Read 50561 times)
EuSouBitcoin
Sr. Member
****
Offline Offline

Activity: 472


View Profile
July 31, 2012, 03:45:46 PM
 #341

Bruteforced the password? I doubt it. 1.54 Hundred Thousand Centuries (Assuming one hundred trillion guesses per second) according to https://www.grc.com/haystack.htm
But instead of a 16 character password, I still prefer the 50 character password I use with uppercase, lowercase, numbers and symbols.

You can't win if you don't play. But you can't play if you lose all your chips.
1512951499
Hero Member
*
Offline Offline

Posts: 1512951499

View Profile Personal Message (Offline)

Ignore
1512951499
Reply with quote  #2

1512951499
Report to moderator
1512951499
Hero Member
*
Offline Offline

Posts: 1512951499

View Profile Personal Message (Offline)

Ignore
1512951499
Reply with quote  #2

1512951499
Report to moderator
1512951499
Hero Member
*
Offline Offline

Posts: 1512951499

View Profile Personal Message (Offline)

Ignore
1512951499
Reply with quote  #2

1512951499
Report to moderator
Bitcoin mining is now a specialized and very risky industry, just like gold mining. Amateur miners are unlikely to make much money, and may even lose money. Bitcoin is much more than just mining, though!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
July 31, 2012, 04:07:27 PM
 #342

I'm no expert, but I don't think it was "guessed" or "dictionary attacked" because it wasn't that kind of password. An API key would just be a random string, like a btc address. (like "wE7rtGvs19EImfY5")

That's why I said I find a leak more likely. Somehow, the attacker found the password.

Does BTC-e have employees or is it a one man show?

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
Mike Jones
Newbie
*
Offline Offline

Activity: 14


Bitcoin's Chief Executive Officer


View Profile
July 31, 2012, 04:44:43 PM
 #343

No reason we cant have financial insurance with bitcoin, put in perspective of the East India Company, Lloyds insurance and pirates on the high seas there isn't a whole lot in the difference.
There is a difference: You can't print more Bitcoins and fractional reserve is difficult to pull.

Don't you worry about Bitcoin, let me worry about Bitcoin.

1HjH1Gm45w1m6J44VmXezvih3NzgXG7YfE
cryptoanarchist
Legendary
*
Offline Offline

Activity: 1106



View Profile
July 31, 2012, 04:52:52 PM
 #344

No reason we cant have financial insurance with bitcoin, put in perspective of the East India Company, Lloyds insurance and pirates on the high seas there isn't a whole lot in the difference.

The only way someone could insure bitcoins would be to collect enough in premiums to cover a certain amount - which would be the premiums MINUS the insurers operating costs.

Each company would be better off using their money for their own reserves rather than paying premiums to an insurer. Sounds like BTCe had it right, and kept a small enough percentage of their holdings in their hot wallet to prevent catastrophe.
dree12
Legendary
*
Offline Offline

Activity: 1246



View Profile
July 31, 2012, 04:54:42 PM
 #345

No reason we cant have financial insurance with bitcoin, put in perspective of the East India Company, Lloyds insurance and pirates on the high seas there isn't a whole lot in the difference.

The only way someone could insure bitcoins would be to collect enough in premiums to cover a certain amount - which would be the premiums MINUS the insurers operating costs.

Each company would be better off using their money for their own reserves rather than paying premiums to an insurer. Sounds like BTCe had it right, and kept a small enough percentage of their holdings in their hot wallet to prevent catastrophe.
If there were many small companies, insurance may work by gathering more on average than they pay out.
tgsrge
Member
**
Offline Offline

Activity: 70



View Profile
July 31, 2012, 05:15:44 PM
 #346

according to some quick calculation, a password that uses a 62 characters big alphabet, and is 16 characters long has a maximum theoretical security of 2^80 (this figure is only a very poor estimation)you dont actually need to try all 2^80. you only need to go through 2^40 before you have 50% chance of hitting it. the attacker would compute this offline.2^80 requires a non trivial amount of work but anything below 2^128 is considered theoretically possible.

as far as i can tell from some 2 minute skimming through what is public available on lr's site about their api, they use sha-256.

a 256 bit hash function gives a maximum theoretical security of 2^128. 128 bits is considered out of reach for any sort of brute forcing for the foreseeable future even if all of humanity colluded to do it, so the problem must lie somewhere else if they indeed use sha-256, unless whoever is responsible for the breach has access to a new,undisclosed,unpublished,unknown to the public cryptographical attack on sha-256. this is not likely to be the case. the sha-2 hash function family (of which sha-256 is a part of) is considered state of the art, and a new, real-world practical attack would be MAJOR news and would have very big implications.

so another, more likely possibility is that btc-e did not handle their api key properly (someone from their staff disclosed it, they spilled it out somehow, etc)

another possibility is that they did not generate the api key properly (not random enough, maybe they used a third party to generate it and this third party was malicious or was compromised, maybe the third party also didnt generate it properly, etc.)

it could also be the case is that they are not telling us the entire story, or maybe they didnt use a key that strong.

there is also always the possibility that the api itself is flawed (maybe they used a old version of the api which lr had already replaced but left in anyway for legacy purposes?)

if they used any cryptographically weak hash function, or a hash function that is any shorter than 2^256 it is possible that their key got compromised that way but cryptography is almost never the weakest link.
01BTC10
VIP
Hero Member
*
Offline Offline

Activity: 742



View Profile
July 31, 2012, 05:17:37 PM
 #347

Bitcoin withdrawal is working now.

Thank you BTC-E, this matter has been handled well. I will continue trading on your platform.
ThiagoCMC
Legendary
*
Offline Offline

Activity: 1190

฿itcoin: Currency of Resistance!


View Profile
July 31, 2012, 05:19:54 PM
 #348

YAY! Got my coins back!!
Thanks BTC-e!!
paraipan
Legendary
*
Offline Offline

Activity: 924


Firstbits: 1pirata


View Profile WWW
July 31, 2012, 05:24:00 PM
 #349

YAY! Got my coins back!!
Thanks BTC-e!!

+1  Smiley

BTCitcoin: An Idea Worth Saving - Q&A with bitcoins on rugatu.com - Check my rep
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
July 31, 2012, 05:27:28 PM
 #350

according to some quick calculation, a password that uses a 62 characters big alphabet, and is 16 characters long has a maximum theoretical security of 2^80 (this figure is only a very poor estimation)you dont actually need to try all 2^80. you only need to go through 2^40 before you have 50% chance of hitting it. the attacker would compute this offline.2^80 requires a non trivial amount of work but anything below 2^128 is considered theoretically possible.

Uh no.

Also 80 bits of entropy can be computationally infeasible even with a planetary sized super computer.  Hell an 8 digit password can be made computationally infeasible.  You seem to forget that brute force is based on keyspace ..... AND .... throughput.

What if you can only attempt 100 passwords per second?

Quote
a 256 bit hash function gives a maximum theoretical security of 2^128.
No.
runeks
Legendary
*
Offline Offline

Activity: 952



View Profile WWW
July 31, 2012, 05:30:29 PM
 #351

a 256 bit hash function gives a maximum theoretical security of 2^128.
You need to specify which attack you are talking about in order to claim that the "security" of a hash function is so-and-so. For a collision attack - finding two messages that hash to the same value - 2^128 attempts is required (to have a 50% possibility of finding it) for a 256-bit hash function. But in order to find which message hashes to a certain hash you need to try 2^256 combinations (for a 50% probability of succeeding).

Also, if a password has 2^80 combinations you need to try 2^80 combinations in order to have a 50% probability of finding the correct password, not 2^40.
tgsrge
Member
**
Offline Offline

Activity: 70



View Profile
July 31, 2012, 06:13:34 PM
 #352

the "you only need to try 2^40 before you have 50% of finding it for  2^80 password" is indeed wrong.
anything < 2^128 is considered theoretically possible and this is this is correct.

and again the attacker does not have to try this against lr's servers, once you have access to the hash you can do the attack in an offline manner, with the limit to how many hashes you an compute only being limited by your computing power.

and a hash function that has had a single collision found is considered cryptographically broken. so that is correct as well.
elux
Legendary
*
Offline Offline

Activity: 1458



View Profile
July 31, 2012, 06:13:50 PM
 #353

You need to specify which attack you are talking about in order to claim that the "security" of a hash function is so-and-so. For a collision attack - finding two messages that hash to the same value - 2^128 attempts is required (to have a 50% possibility of finding it) for a 256-bit hash function. But in order to find which message hashes to a certain hash you need to try 2^256 combinations (for a 50% probability of succeeding).

Also, if a password has 2^80 combinations you need to try 2^80 combinations in order to have a 50% probability of finding the correct password, not 2^40.

Shouldn't that be 2^(N-1). ? In this case, 2^79 tries gives equal odds of finding the key.
tgsrge
Member
**
Offline Offline

Activity: 70



View Profile
July 31, 2012, 06:15:33 PM
 #354

Shouldn't that be 2^(N-1). ? In this case, 2^79 tries gives equal odds of finding the key.
this is correct.
runeks
Legendary
*
Offline Offline

Activity: 952



View Profile WWW
July 31, 2012, 06:37:16 PM
 #355

You need to specify which attack you are talking about in order to claim that the "security" of a hash function is so-and-so. For a collision attack - finding two messages that hash to the same value - 2^128 attempts is required (to have a 50% possibility of finding it) for a 256-bit hash function. But in order to find which message hashes to a certain hash you need to try 2^256 combinations (for a 50% probability of succeeding).

Also, if a password has 2^80 combinations you need to try 2^80 combinations in order to have a 50% probability of finding the correct password, not 2^40.

Shouldn't that be 2^(N-1). ? In this case, 2^79 tries gives equal odds of finding the key.

You are correct. If you know a certain password can be found within 2^n combinations you only need to try 2^n combinations to be sure to find it (and 2^(n-1) combinations to have a 50% probability).

I was thinking of a pre-image attack. 2^n tries to have a 50% probability applies to a pre-image attack on a hash function (trying to find out what data hashes to a certain value). For example when searching for vanity Bitcoin addresses.

and again the attacker does not have to try this against lr's servers, once you have access to the hash you can do the attack in an offline manner, with the limit to how many hashes you an compute only being limited by your computing power.
What hash are you thinking about? I thought it was an API key. The only one who might hash this is the LR server.

Quote
and a hash function that has had a single collision found is considered cryptographically broken. so that is correct as well.
This isn't the case. Only if a hash function of n-bit entropy requires fewer than 2^(n/2) tries, on average, to find a collision is it considered broken.

For example, before the MD5 hash function was broken, an MD5 collision could be found with a 50% probability by searching through 2^64 combinations. This wasn't impossible to do, and if someone had done it MD5 wouldn't be considered broken.

I could even get extremely lucky and find a collision for SHA-256. But that wouldn't matter unless I could consistently find them trying less than 2^128 combinations, on average.
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
July 31, 2012, 07:12:27 PM
 #356

Assuming one hundred trillion guesses per second it would still take 1.54 hundred thousand centuries.

Given this was an API key and not an offline attack: Assuming one thousand guesses per second (which is still *crazy* generous for an online attack) that is 15.41 thousand trillion centuries.

Those numbers are for a 100% search, so even halving them doesn't look very good...

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
jothan
Full Member
***
Offline Offline

Activity: 184


Feel the coffee, be the coffee.


View Profile
July 31, 2012, 07:32:20 PM
 #357

I created an account after the BTC-E went crazy, but before it was announced that it was a hack.

I deposited about 40 BTC, this morning my account does not exist anymore. I contacted the support email address, but I have not gotten a reply. I hope they took a backup before resetting the database...

In any case, I was fully aware of the fact that I was taking a risk and 40 BTC was as much as I can afford to lose right now.

I hope they will at least honour the 40 BTC deposit. I highly doubt they will honour the sells at the high price yesterday.

Bitcoin: the only currency you can store directly into your brain.

What this planet needs is a good 0.0005 BTC US nickel.
cryptoanarchist
Legendary
*
Offline Offline

Activity: 1106



View Profile
July 31, 2012, 07:37:31 PM
 #358

I hope they will at least honour the 40 BTC deposit. I highly doubt they will honour the sells at the high price yesterday.

Having trouble buying this.
adamstgBit
Legendary
*
Offline Offline

Activity: 1904


Trusted Bitcoiner


View Profile WWW
July 31, 2012, 07:50:43 PM
 #359

I hope they will at least honour the 40 BTC deposit. I highly doubt they will honour the sells at the high price yesterday.

Having trouble buying this.

they said they will process all BTC deposits and all trades were rolled-back already.

jothan
Full Member
***
Offline Offline

Activity: 184


Feel the coffee, be the coffee.


View Profile
July 31, 2012, 07:56:06 PM
 #360

I hope they will at least honour the 40 BTC deposit. I highly doubt they will honour the sells at the high price yesterday.

Having trouble buying this.

I got contacted by support, I created a new account and they returned the BTC balance I deposited yesterday so I did not lose any money.

Bitcoin: the only currency you can store directly into your brain.

What this planet needs is a good 0.0005 BTC US nickel.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [18] 19 20 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!