Topic: Bitcoin/Crypto Wallet Protection Against Hacking: Seeds and Private Keys (Read 129 times)

vickybitcoin it is not easy for newbies to get involved with cryptos, it is a learning process. I got involved in cryptos nearly 5 years ago and back then it was the same, you have to ask questions and look out what to do and what to avoid. A belated welcome to the crypto world to you

I cannot speculate on what happened to your friend or how it happened when his wallet got hacked but that is sad news. I hope your friend manages to get over the loss and continue to be part of the crypto community.

About protecting your wallet, there are several ways to this but in the end it is your private key that MUST be kept private because anybody in possession of it effectively is in possession of your crypto.

Bitcoins saved in different website/online wallets or saved in on a device with a strong password lock or saved in any manner - cannot be hacked in anyway unless the saved password for them can be traced.

I think this is a good topic to discuss for security measures.  Especially for newbies like me I hope that with this thread posts I can learn more secure ways to protect my wallet..I have been on constant worrying especially that Just two weeks ago I have a friend whose wallet was hacked. I hope those those higher ranks and admins will posts some informative and helpful tips. Thank you.

Spreading crypto across wallets is definitely one of the best practices. In the unlikely event someone gets hacked they have to suffer multiple hacks to lose everything.

The crypto is secure as long as they don't reveal their seed or private key to anyone.

Your cash is not secure if someone has access to your cash.  Your crypto is not secure if someone has access to your crypto.

There are a LOT more than billions of permutations of a 24 word seed.

If you have 1 Billion planets in the universe such that on each planet you have 1 Billion people that each have 1 Billion computers and all those computers are all continuously try 1 Billion permutations per second for 1 Billion years, you still wouldn't have tried even One-Billionth of the possible permutations.

The same is true of private keys.

If you have 1 Billion planets in the universe such that on each planet you have 1 Billion people that each have 1 Billion computers and all those computers are all continuously try 1 Billion private keys per second for 1 Billion years, you still wouldn't have tried even One-Billionth of the possible keys.

Therefore, dictionary attacks on 24-word seeds and brute force of private keys aren't possible.

Furthermore, if you combine ALL the storage space that EVERYONE on earth has, there still isn't enough digital storage space on the earth to store a Rainbow Table of private keys or 24 word seeds.

Therefore, rainbow table isn't possible.

Keep your seed or private keys where others can't access them, and you will be fine.

There's really not much else that can be done with current technology, and that goes for every single security system, not just crypto. Everything can be brute forced, it just boils down to how unlikely that can happen. Nothing is 100% secure, but you try to get as close to that as possible. I personally like the statistics behind Bitcoin's security.

You can lower the risk of losing everything even further by spreading your coins across different wallets, but people should already be doing that anyway.

Thank you Welsh.

Yes creating private keys (or paper wallets etc) in a secure environment is a great thing but the point was exactly what you highlighted, "Passwords are the weakest point of access like anything". Many people think having a hardware wallet means their crypto is "secure" but though it might be safer or more secure using a hardware wallet (instead of typing or copying pasting addresses in browsers) the bottom line is their crypto is not 100% secure if it can be accessed via seeds and private keys (even with billions of permutations)

I'm not sure what you are trying to get at here. I think it's pretty obvious that if anyone has a private key then they have access to the addresses which correspond with that private key. Although, a private key would ideally be generated offline in a secure environment and never be used again until you want to move all of those coins. A private key theoretically could be cracked using brute force or any of the other methods mentioned above, but it's incredibly unlikely. We are talking millions to billions of years to crack one.

Private keys aren't the issue as long as you've generated it in a secure environment and ideally offline. Passwords are the weakest point of access like anything. People always follow some sort of pattern, and you might of heard that nothing is random. In terms of a person it's true nothing is random. The way our mind thinks everything we've been through will effect what words/characters we come up with to put in that password. This is why dictionary attack is often used when databases are leaked because, people generally follow the same patterns of each other.

People are also known for making easily to remember passwords for ease of access, but this is highly unrecommended in terms of passwords for banks and wallets. Honestly, generating a password over 15 characters which is completely random using as many letters/numbers/special characters as possible. This will prevent against all of the methods mentioned above. You are only then vulnerable to malware but, that's an entirely different subject and also concretes the point why wallets only accessed through dedicated offline computers is the best way to go about things.

How safe are your Bitcoins and other crypto? I see two types of problems, one being wallets on devices and one being accessibility from online websites.

If someone has access your device then hacking your wallets is difficult but very much possible.

Dictionary
A dictionary attack is the simplest and fastest password cracking attack. To put it simply, it just runs through a dictionary of words trying each one of them to see if they work. Although such an approach would seem impractical to do manually, computers can do this very fast and run through millions of words in a few hours. This should usually be your first approach to attacking any password, and in some cases, it can prove successful in mere minutes

Rainbow Table
Most modern systems now store passwords in a hash. This means that even if you can get to the area or file that stores the password, what you get is an encrypted password. One approach to cracking this encryption is to take dictionary file and hash each word and compare it to the hashed password. This is very time- and CPU-intensive. A faster approach is to take a table with all the words in the dictionary already hashed and compare the hash from the password file to your list of hashes. If there is a match, you now know the password

Brute Force
Brute force is the most time consuming approach to password cracking. It should always be your last resort. Brute force password cracking attempts all possibilities of all the letters, number, special characters that might be combined for a password and attempts them. As you might expect, the more computing horsepower you have, the more successful you will be with this approach

Hybrid
A hybrid password attack is one that uses a combination of dictionary words with special characters, numbers, etc. Often these hybrid attacks use a combination of dictionary words with numbers appending and prepending them, and replacing letters with numbers and special characters. For instance, a dictionary attack would look for the word "password", but a hybrid attack might look for "p@$$w0rd123"

There are so many softwares out there that try to crack passwords. If someone has a wallet that can be accessed via a seed or private key then that too can be very problematic no matter how unlikely. For example, if you have an Ethereum private key you can go to myetherwallet.com and access funds. If you do not have a private key however low the chances of success it is possible to use the Brute Force attack to try to get access. That same Brute Force style attack can be used with so many different types of seed related online and offline wallets.

No matter how you secure your crypto whether using hardware wallets such as Ledger, Trezor or Keepkey or using Offline Paper Wallets or using Online Web Wallets or using Desktop Wallets or anything else, the problem is your crypto is only safe as long as nobody has your private keys.

How do you keep your crypto safe and do you feel more could be done to keep them safer?