This same password in the form of 'passwordpasswordpassword' was my brain wallet.
Why on earth would you do that?
Topic: Brain Wallet hacked, suspect bitcoin talk hackers. - page 2. (Read 5564 times)
Why on earth would you do that?
you could buy a hardware wallet, that is safer than your password:
https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253
https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253
This is interesting, some nice looking units there. I would like one that I could store a brain wallet on (a proper one!). I have a phobia that my house will burn down (for example) and I will lose all my paper wallets and computer memory with my passwords to my backups etc... I think that is the beauty of a brain wallet, even if you lose everything you still have a chance to get your btc back, and if you make it special to you, maybe your family could still get the bitcoin if you die.
That sounds bad, but I dont understand how it could get around root access in linux? it is not a simple mission to do anything like that surely??
I'm not an expert on Linux security - but IIRC linux is incredibly well locked down in terms of user privileges - far more so than Windows. As long as you don't run around as a superuser account all day, generally even if malware gets in you should be ok. Not to mention that it is rather rare for malware to target Linux given that it is used by such a small percentage of people. I do think it more likely that the hacker managed to access your coins via working out your password then bruteforcing brain wallets.
I have since generated a stronger brain wallet on my computer and baited it with some btc..... no trouble at all. Ive been using linux for about 8 years now, my dad got me into it, and we havent had a single problem with viruses or any kind of compromise as far as I know. I really dont think my computer is compromised.
I'm sorry to hear that chessnut, it sucks tbh.
It makes me a bit angry & a little deflated to hear stuff like this.
No matter what we do & how well secure we've made our coins people always seem to find a way to steal some.
You've been really unlucky, it could have been any of us.
I don't know what to say apart from I'm sorry for your monetary loss mate, people you can never be 100% secure but please do everything you can to look after your coins, you can't leave any stone unturned.
It makes me a bit angry & a little deflated to hear stuff like this.
No matter what we do & how well secure we've made our coins people always seem to find a way to steal some.
You've been really unlucky, it could have been any of us.
I don't know what to say apart from I'm sorry for your monetary loss mate, people you can never be 100% secure but please do everything you can to look after your coins, you can't leave any stone unturned.
Yeah, learning the kind of power these guys have to crack passwords is nerve wrecking. I would have thought that it wouldnt be economical to even try when you get to password sizes like the one I was using, even when it is repeated. I dont understand the work it must take to go through billions of combinations, hash them all into private keys, and then rake all those billions of wallets all day long.
I wonder if bitcoin mining technology is making this possible where it wasn't before?
Thanks for all the helpful comments guys,
What I find quite ironic though is that Ive left a paper wallet in plain view as my facebook profile picture. It has 0.1btc in it and been there for months with no trouble! I guess that sort of thing might give one the wrong impression about wallet security.
Now the race is on to find my facebook profile
What I find quite ironic though is that Ive left a paper wallet in plain view as my facebook profile picture. It has 0.1btc in it and been there for months with no trouble! I guess that sort of thing might give one the wrong impression about wallet security.
Now the race is on to find my facebook profile
I can't think of a reason hacker would crack your password and then try to use it as brain wallet while copying it two times (passpasspass).
How to get to idea that someone could use password as brainwallet ; o
How to get to idea that someone could use password as brainwallet ; o
They don't have to. Since they can try billions of hashes per second, per machine, they have the luxury to try just about anything. If you don't have 100+ bits of entropy in your pass phrase, you are hosed.
brain wallets are not secure unless you can remember 128bit password .. even then, i wouldn't trust them
It is much more likely that the hash of "example123", plus variations (such as "example123example123example123"), have been precomputed by the hacker. You can probably store hashes of the 1 million most common passwords with 1000 variations each in less than 100 GB, and looking up a hash might only take a few seconds.
That's the way rainbow tables work to crack a password table. However, with hashing hardware running as fast as it does currently, it's far faster to compute the hashes as they go, rather than look up in a table. They can try billions of hashes per second.
This same password in the form of 'passwordpasswordpassword' was my brain wallet. Its a pretty random password, I dont believe it was brute force hacked. Im really baffled, I think it must have been the bitcoin talk hacker targeting me. There is also a chance it was bitaddress.org that was compromised but Ive never had that trouble before.
I can't think of a reason hacker would crack your password and then try to use it as brain wallet while copying it two times (passpasspass). How to get to idea that someone could use password as brainwallet ; o
Your bitcointalk password is very weak, so it could have been cracked in a short amount of time, but I don't see how anyone could have known that your bitcointalk password was the basis for a brainwallet passphrase. That seems extremely unlikely.
It is much more likely that the hash of "example123", plus variations (such as "example123example123example123"), have been precomputed by the hacker. You can probably store hashes of the 1 million most common passwords with 1000 variations each in less than 100 GB, and looking up a hash might only take a few seconds.
It is much more likely that the hash of "example123", plus variations (such as "example123example123example123"), have been precomputed by the hacker. You can probably store hashes of the 1 million most common passwords with 1000 variations each in less than 100 GB, and looking up a hash might only take a few seconds.
to use or not to use brain wallet I think is a careful choice you need brainpower to make.
A safe rule: If you're unsure whether or not you're savvy enough to use it correctly, you're not savvy enough to use it correctly. You should have absolutely no doubt in your mind when you commit wealth to your chosen form of cold storage.This.
If you "picked" the brain wallet passphrase, it is not good enough and will be cracked. Use (at a bare minimum) 12 random words. 15 would be better.
Not "words I picked at random", but really (truly) randomly selected. Words selected with dice from an appropriate list will work fine.
Be aware that the computer you use to generate the wallet must be secure, and the page you use must be offline.
If you're not sure of any of these factors, your funds are as good as gone. Use a trezor.
If your passphrase has EVER.. EVEN ONCE been typed into the web.
YOU SHOULD CONSIDER YOUR BITCOINS OUT OF YOUR CONTROL...
The same password as your bitcoin talk... you knew it got hacked and didn't act..?!?!?!?!?
YOU SHOULD CONSIDER YOUR BITCOINS OUT OF YOUR CONTROL...
The same password as your bitcoin talk... you knew it got hacked and didn't act..?!?!?!?!?
This is a good practice. One should not be share a password all across the web or to use brainwallet passwords as forum/email passwords.
to use or not to use brain wallet I think is a careful choice you need brainpower to make.
A safe rule: If you're unsure whether or not you're savvy enough to use it correctly, you're not savvy enough to use it correctly. You should have absolutely no doubt in your mind when you commit wealth to your chosen form of cold storage. I am very sorry to hear this happened to you, it is an unusually shitty circumstance.
I haven't read the whole thread, so this may have been mentioned, but I saw you said you weren't very computer savvy: You don't have to mess with Github at all, but if you want to use bitaddress.org, go to the options on say Chrome browser and click "Download Webpage". Download it as a complete webpage, then disconnect your computer from the Internet, open the file in your web browser, and then generate your desired amount of addresses while disconnected from the Internet. It is the best way I can recommend to anybody who is not really computer savvy; it is pretty simple for I think anyone to do.
I haven't read the whole thread, so this may have been mentioned, but I saw you said you weren't very computer savvy: You don't have to mess with Github at all, but if you want to use bitaddress.org, go to the options on say Chrome browser and click "Download Webpage". Download it as a complete webpage, then disconnect your computer from the Internet, open the file in your web browser, and then generate your desired amount of addresses while disconnected from the Internet. It is the best way I can recommend to anybody who is not really computer savvy; it is pretty simple for I think anyone to do.
I wouldn't do that on a computer that has/had computer access - at any time.
Temporarily disconnecting from the internet will not work.
The address generation should be done on a PC that has never and will never connect to the internet.
In fact, once you have created your address, format and re-format a couple of more times.
(and even then, data can still be recovered)
If your passphrase has EVER.. EVEN ONCE been typed into the web.
YOU SHOULD CONSIDER YOUR BITCOINS OUT OF YOUR CONTROL...
The same password as your bitcoin talk... you knew it got hacked and didn't act..?!?!?!?!?
YOU SHOULD CONSIDER YOUR BITCOINS OUT OF YOUR CONTROL...
The same password as your bitcoin talk... you knew it got hacked and didn't act..?!?!?!?!?
maybe you should ask your brother where your BTC are, or your friend? i guess you shared the password with them. or you downloaded some shady stuff...
but Linux and bruteforce seems to be pretty unlikely
but Linux and bruteforce seems to be pretty unlikely
I am very sorry to hear this happened to you, it is an unusually shitty circumstance.
I haven't read the whole thread, so this may have been mentioned, but I saw you said you weren't very computer savvy: You don't have to mess with Github at all, but if you want to use bitaddress.org, go to the options on say Chrome browser and click "Download Webpage". Download it as a complete webpage, then disconnect your computer from the Internet, open the file in your web browser, and then generate your desired amount of addresses while disconnected from the Internet. It is the best way I can recommend to anybody who is not really computer savvy; it is pretty simple for I think anyone to do.
I haven't read the whole thread, so this may have been mentioned, but I saw you said you weren't very computer savvy: You don't have to mess with Github at all, but if you want to use bitaddress.org, go to the options on say Chrome browser and click "Download Webpage". Download it as a complete webpage, then disconnect your computer from the Internet, open the file in your web browser, and then generate your desired amount of addresses while disconnected from the Internet. It is the best way I can recommend to anybody who is not really computer savvy; it is pretty simple for I think anyone to do.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
After this experience you should go to the highest level of security,
which is true cold storage. You generate your keys on a machine
that has never been online and never will be, and use physical
coins/dice to generate entropy.
which is true cold storage. You generate your keys on a machine
that has never been online and never will be, and use physical
coins/dice to generate entropy.
Well, the Winklevoss brothers use Brain Wallet, or at last that's what i've seen on the latest interview. I would never store all of my wallets on a brain walled tho, just "spending money" like you do with Mycellium etc (im hoping no one stores their main stack Mycellium..)
You can still use a brain wallet with cold storage.
The point is, you 1) generate and store your keys in an unhackable way and 2) make sure they have enough entropy.
OP failed to do at least one of those two things.
Maybe the entropy was just too low?
If say your password was 8 random characters and you repeat this 3 times, a hacker could just do all random possibilities containing up to 8 characters (still quite a bit) and past it 2 more times behind it.
If say your password was 8 random characters and you repeat this 3 times, a hacker could just do all random possibilities containing up to 8 characters (still quite a bit) and past it 2 more times behind it.
I'm sorry to hear that chessnut, it sucks tbh.
It makes me a bit angry & a little deflated to hear stuff like this.
No matter what we do & how well secure we've made our coins people always seem to find a way to steal some.
You've been really unlucky, it could have been any of us.
I don't know what to say apart from I'm sorry for your monetary loss mate, people you can never be 100% secure but please do everything you can to look after your coins, you can't leave any stone unturned.
It makes me a bit angry & a little deflated to hear stuff like this.
No matter what we do & how well secure we've made our coins people always seem to find a way to steal some.
You've been really unlucky, it could have been any of us.
I don't know what to say apart from I'm sorry for your monetary loss mate, people you can never be 100% secure but please do everything you can to look after your coins, you can't leave any stone unturned.
That sounds bad, but I dont understand how it could get around root access in linux? it is not a simple mission to do anything like that surely??
I'm not an expert on Linux security - but IIRC linux is incredibly well locked down in terms of user privileges - far more so than Windows. As long as you don't run around as a superuser account all day, generally even if malware gets in you should be ok. Not to mention that it is rather rare for malware to target Linux given that it is used by such a small percentage of people. I do think it more likely that the hacker managed to access your coins via working out your password then bruteforcing brain wallets.
There's no way someone randomly typed out the password. You either find out or bruteforce it. Now, he sad he was using the same password that he uses here, but x3 for his brainwallet... that's pretty much it IMO. You should never use the same password twice, specially passwords you use in public forums.
That sounds bad, but I dont understand how it could get around root access in linux? it is not a simple mission to do anything like that surely??
I'm not an expert on Linux security - but IIRC linux is incredibly well locked down in terms of user privileges - far more so than Windows. As long as you don't run around as a superuser account all day, generally even if malware gets in you should be ok. Not to mention that it is rather rare for malware to target Linux given that it is used by such a small percentage of people. I do think it more likely that the hacker managed to access your coins via working out your password then bruteforcing brain wallets.
Jump to: