Author

Topic: blockchain.info wallet: aliases don't work anymore? (Read 3638 times)

legendary
Activity: 3710
Merit: 1586
The way bc.i works is your browser gets a copy of the encrypted wallet when it visits a page with a legitimate identifier. So aliases make it easy for hackers to get copies of encrypted wallets. All they have to do is run a bot that loops over a dictionary and harvests encrypted wallets en masse. Then they can take their sweet time brute forcing those wallets using their GPU farms. This is how many ordinary users who used simple passwords lost their coins.

So now when you visit an alias you get an email that tells you your wallet identifier and then you login using that.
legendary
Activity: 2912
Merit: 1060
Removed as a security risk
Any more info on this? What's the involved risk, exactly?

Bad alias + bad password = more vulnerable to attacks than random GUID + bad password?

I know reusing addresses is forbidden mostly
Uhmmm.... no understand.

I does reusing addresses relate to using an alias instead of a guid as a blockchain wallet ID?  Huh

Oops nevermind

Yes usernames are bad because most people will use the same one here, etc. Now if the database leaks, they can now brute force your wallet if they think you're a big target.
legendary
Activity: 1176
Merit: 1011
Removed as a security risk
Any more info on this? What's the involved risk, exactly?

Bad alias + bad password = more vulnerable to attacks than random GUID + bad password?

I know reusing addresses is forbidden mostly
Uhmmm.... no understand.

I does reusing addresses relate to using an alias instead of a guid as a blockchain wallet ID?  Huh
legendary
Activity: 2912
Merit: 1060
Removed as a security risk
Any more info on this? What's the involved risk, exactly?

Bad alias + bad password = more vulnerable to attacks than random GUID + bad password?




I know reusing addresses is forbidden mostly
legendary
Activity: 1176
Merit: 1011
Removed as a security risk
Any more info on this? What's the involved risk, exactly?

Bad alias + bad password = more vulnerable to attacks than random GUID + bad password?
legendary
Activity: 2912
Merit: 1060
Removed as a security risk
sr. member
Activity: 469
Merit: 250
English Motherfucker do you speak it ?
Sorry for hijacking thread, but kinda the same issue.
How do I login with another alias?
Like if I have two wallets.

Currently the only way for me to do it, is to do it in private mode because cookies or something save the wallet identifier and I cannot change it without going into private mode browsing.
legendary
Activity: 1176
Merit: 1011
I use a couple of blockchain.info wallets for spare change, and I always logged in using an alias link, such as https://blockchain.info/wallet/MyBigFatWallet (just a random example)

But for a while now, these alias links (or entering the alias manually at https://blockchain.info/wallet/login ) don't seem to work anymore. Instead I'm getting this:

Insecure Alias. Please login using your wallet identifier link.

So instead of the alias names, I now have to use the explicit wallet identifier, such as https://blockchain.info/wallet/5a1949f9-3a0d-53bd-1b7d-b7082e4b7ea1 (again, just a random example)

Piuk or anyone else: is this correct, or did I mess something up?

Note that the error is different from what I'm getting when entering a non-existing alias, in that case it just says "Unknown Wallet Identifier".
Jump to: