Author

Topic: [2015-08-13] CD: New Cracking Tool Exposes Major Flaw in Bitcoin Brainwallets (Read 651 times)

newbie
Activity: 98
Merit: 0
New Cracking Tool Exposes Major Flaw in Bitcoin Brainwallets

Quote
A white-hat hacker has released a new tool designed to illustrate the ease with which illicit actors can steal bitcoins from brainwallets, a type of bitcoin wallet iteration where passwords are not stored digitally – but in the memory of the user.

Originally conceived as a way to keep sensitive wallet data offline and make bitcoin addresses easier to remember, the brainwallet was partly undone due to how it interacts with the bitcoin blockchain. A brainwallet uses a single, long password or phrase, converts it to a private key, a public key and finally an address. Using an offline attack, it's possible to rapidly guess potential passwords to see if they're correct.

New research by Ryan Castellucci, a security researcher at digital fraud firm White Ops, indicates there is as major flaw in this method. He highlights that the final bitcoin address is recorded in the blockchain as a password hash. When used for website authentication, password hashes help determine whether the word or phrase supplied is correct, meaning this data can be used as a reference to bad actors looking for the password.

Full story: http://www.coindesk.com/new-cracking-tool-exposes-major-flaw-in-bitcoin-brainwallets/

Кoгдa выpacтит бтк дo $20к ?
sr. member
Activity: 322
Merit: 250
https://dadice.com | Click my signature to join!
New Cracking Tool Exposes Major Flaw in Bitcoin Brainwallets

Quote
A white-hat hacker has released a new tool designed to illustrate the ease with which illicit actors can steal bitcoins from brainwallets, a type of bitcoin wallet iteration where passwords are not stored digitally – but in the memory of the user.

Originally conceived as a way to keep sensitive wallet data offline and make bitcoin addresses easier to remember, the brainwallet was partly undone due to how it interacts with the bitcoin blockchain. A brainwallet uses a single, long password or phrase, converts it to a private key, a public key and finally an address. Using an offline attack, it's possible to rapidly guess potential passwords to see if they're correct.

New research by Ryan Castellucci, a security researcher at digital fraud firm White Ops, indicates there is as major flaw in this method. He highlights that the final bitcoin address is recorded in the blockchain as a password hash. When used for website authentication, password hashes help determine whether the word or phrase supplied is correct, meaning this data can be used as a reference to bad actors looking for the password.

Full story: http://www.coindesk.com/new-cracking-tool-exposes-major-flaw-in-bitcoin-brainwallets/
Jump to: