no so sure about this open to brute force with common word dict
so word1word2word3word4
try
The comic does actually go to some trouble to explain why this method is resistant to a brute force attack.
Topic: BLOCKCHAIN.info Wallets in Danger!!! (Read 4437 times)
no so sure about this open to brute force with common word dict
so word1word2word3word4
try
The comic does actually go to some trouble to explain why this method is resistant to a brute force attack.
Dude, you got lucky!
What he said. You got hacked by a whitehat, could have gone the other way. 
It's also worth noting that if somebody would broke onto blockchain.info server he could modify the form so that all passwords are sent to the server. So your wallet security still pretty much depends on the server security.
no so sure about this open to brute force with common word dict
so word1word2word3word4
try
What about 2-factor authentication? GA for example?
I guess it's better to have password "12345" with GA than 12+ password without GA.
I guess it's better to have password "12345" with GA than 12+ password without GA.
I think you should give the guy a small reward for his time and trouble, he had full access to your wallet, and you would have had NO way to recover those coins.
You are lucky indeed to have your password broken by such an honourable man!!
You are lucky indeed to have your password broken by such an honourable man!!
Hell, i even do not know my passes,
enemy can not get them from me even
via extortion : i simply don't know
, what to reveal to him
enemy can not get them from me even
via extortion : i simply don't know
, what to reveal to him
This adds another difficulty then however.
Remember the Marathon Man?
Is it safe?
Use something like keepass or lastpass to keep each of your passwords secure and long. Never reuse passwords for God's sake. I personally use LastPass with 2FA and a random 31-word password, complete with both cases and numerals. (don't ask me how I memorized that!)
Mate, you got really lucky. Remember to tip that guy if you can, as most hackers would just disappear with your coins. Please enable the 2-FA while you're at it too.
Subject line is misleading.
Enable Two-Factor-Authentication while you're at it.
Must have been a nice guy to not just abscond with it all.
I like that.
Makes me remember that not all the hackers are out to get us haha they are here to also help us (sometimes
How secure are random numeric passwords, I know they can eventually be gotten but whats the time frames of say a 10 or 15 digit passcode
I like that.
Makes me remember that not all the hackers are out to get us haha they are here to also help us (sometimes
How secure are random numeric passwords, I know they can eventually be gotten but whats the time frames of say a 10 or 15 digit passcode
Dude, you got lucky!
And probably used only passwords that were combinations of words in the dictionary, popular names and numbers.
Indeed is a weak password, that one. But "monkey" and "123456" are worse...
Indeed is a weak password, that one. But "monkey" and "123456" are worse...
My password has ~30 characters + ~100 characters pass-phrase.
today i got this email:
looks like he scanned for wallet-shortnames and then bruteforced the password locally.
he did withdraw 40 btc but i was able to recover them via the given private key.
everyone update your passwords to something crazy with 20+ characters!!!
Quote
Aladin, you password at Blockchain is Fuckyou000, which is a clear example
of a weak password.
I withdrew 40 BTC in order to show you the scope of the threat. You can
take them back going to Blockchain.info -> Import/Export -> "I Understand"
-> Import Wallet-> and copy this private key:
5Jsq2G1Cd2UKJi6icvAaPon8uXXXXXXXXXXXXXXXXXXXXXXXXXXX
In order to avoid an eventual loss I recommend you to create a new Wallet
with a strong password (random, the more the better, with UPPER and
lowercase) and send all your coins there.
If you have any problem importing this private key please let me now and
I'll help you.
Have a good day :-)
of a weak password.
I withdrew 40 BTC in order to show you the scope of the threat. You can
take them back going to Blockchain.info -> Import/Export -> "I Understand"
-> Import Wallet-> and copy this private key:
5Jsq2G1Cd2UKJi6icvAaPon8uXXXXXXXXXXXXXXXXXXXXXXXXXXX
In order to avoid an eventual loss I recommend you to create a new Wallet
with a strong password (random, the more the better, with UPPER and
lowercase) and send all your coins there.
If you have any problem importing this private key please let me now and
I'll help you.
Have a good day :-)
looks like he scanned for wallet-shortnames and then bruteforced the password locally.
he did withdraw 40 btc but i was able to recover them via the given private key.
everyone update your passwords to something crazy with 20+ characters!!!
Jump to: