Pages:
Author

Topic: Can Bitcoin be hacked and what will be the result if it happens? (Read 2728 times)

hero member
Activity: 644
Merit: 500
Weak random numbers were the cause of the thefts from Android generated wallets a couple of years ago. And it sounds like there are still issue with generating random numbers in virtual machines.
My question is still open.

Cryptographically secure random numbers are used in a wide variety of computer security systems.  It really isn't rocket science to do it correctly.  The developers in question simply didn't do their job correctly.  If you'd like to be even more stringent, there are several deterministic wallet solutions that use real-world (physical) entropy for the random seed.  

Yea. Wee still passing the buck, though. "Developed weren't strungent". YaDa yada yada. Point being that random numbers are only as random as the computer has random inputs; virtual machines are terrible entropy wise.

Yes, implemented correctly, Bitcoin is very strong. But an attaxker wnt attack the strongest point, they'll attack the weakest; I'd wager that any implementation running on a VM is going to have a lot more potential vulnerabilities, whether it's memory dumps or recreating the pool of entropy sources in order to "back into" the private keys.

That goes for services running in VM's, VMs that people create as pseudo cold storage devices or even (and ill have to read up more) keys generated on Tails live Cd's now that electrum is included.

It's easy to look at the reference white papers and say "implemented correctly, Bitcoin is as close to 100% secure as is possible", but know that no attacker will attack the strongest point. We need to review examine and discuss all of the weakest links and see how vulnerable those point are, and bring those to peoples attention so they know to avoid those.

The android RNG flaw for example; everyone assumed that Googke wouldn't release shoddy code like that, so android was trusted, people only looked above that later, it was inly after a lot of coins went missing that people realized that the platform itself was the problem.
legendary
Activity: 1022
Merit: 1000
the protocol itself is pretty safe

all the third parties running on it, not so much

I think this is a pretty good summary.  Sites like directory.io, which creep me out even though it has been discredited, suggests there's some potential issues that we haven't seen yet.  But overall Bitcoin is pretty solid.
hero member
Activity: 493
Merit: 500
Weak random numbers were the cause of the thefts from Android generated wallets a couple of years ago. And it sounds like there are still issue with generating random numbers in virtual machines.
My question is still open.

Cryptographically secure random numbers are used in a wide variety of computer security systems.  It really isn't rocket science to do it correctly.  The developers in question simply didn't do their job correctly.  If you'd like to be even more stringent, there are several deterministic wallet solutions that use real-world (physical) entropy for the random seed.  
legendary
Activity: 1204
Merit: 1028
Bitcoin within itself cannot be hacked, theoretically yes, practically no. What can be hacked tho, is people's computer if they don't take care of it. That's how Bitcoins get stolen. The system itself is bulletproof.
hero member
Activity: 644
Merit: 500
I understand a lot of things. Like that public key encryption depends on random number generators. And that random number generators can either be hardware or in software. A VM, without a paravirtualized driver to access a hardware RNG, needs to depend on a software RNG. And entropy can be a real issue for virtual machines.

Your video explains how secure bitcoin can be by virtue of the large keyspace, where a random number generator helps you generate a key from anywhere within that keyspace. But it doesn't address my question, where keys are generated on a platform that might not have access to true random numbers.

From: http://log.amitshah.net/2013/01/about-random-numbers-and-virtual-machines/

Quote
On a system without any special hardware, Linux seeds its entropy pool from sources like keyboard and mouse input, disk IO, network IO, and any other sources whose kernel modules indicate they are capable of adding to the kernel’s entropy pool.

For servers, keyboard and mouse inputs are rare (most don’t even have a keyboard / mouse connected).  This makes getting true random numbers difficult: applications requesting random numbers from /dev/random have to wait for indefinite periods to get the randomness they desire (like creating ssh keys, typically during firstboot.).
...
Virtual machines are similar to server setups: there is very little going on in a VM’s environment for the guest kernel to source random data.  A server that hosts several VMs may still have a lot of disk and network IO happening as a result of all the VMs it hosts, but a single VM may not be doing much to itself generate enough entropy for its applications.  One solution, therefore, to sourcing random numbers in VMs is to ask the host for a portion of the randomness it has collected, and feed them into the guest’s entropy pool.  A paravirtualized hardware random number generator exists for KVM VMs.  The device is called virtio-rng, and as the name suggests, the device sits on top of the virtio PV framework.  The Linux kernel gained support for virtio-rng devices in kernel 2.6.26 (released in 2008).  The QEMU-side device was added in the recent 1.3 release.

Weak random numbers were the cause of the thefts from Android generated wallets a couple of years ago. And it sounds like there are still issue with generating random numbers in virtual machines.

My question is still open.
hero member
Activity: 644
Merit: 500
So Bitcoin system can be called as the triumph of maths and cryptography?
Nope. Cryptocurrencies can. Bitcoin — just first and so far most popular and "big" product of technology with its own strengths and weaknesses
sr. member
Activity: 1078
Merit: 270
the protocol itself is pretty safe

all the third parties running on it, not so much
Thats why I always say to trust only your self with your Bitcoin, its only a matter of time till Coinbase or Circle gets hacked.
legendary
Activity: 1232
Merit: 1001
mining is so 2012-2013
the protocol itself is pretty safe

all the third parties running on it, not so much
legendary
Activity: 1778
Merit: 1043
#Free market
Private key could be hacked if you have billion of quantum supercomputer & some patience Roll Eyes
But, bitcoin network could be hacked if someone could hack every nodes & miners in bitcoin network (if anyone can do it Tongue)

No, it is impossible to find (bruteforce) a number = 10^48 .... Have you seen how it is big that number or not? You need 100 years of time and maybe you can find only one bitcoin private key (converted in binary code). It is not so simple as you think, come one mate... this is math!


For attacking any given key, you needs far far far more time than 100 years. If it was just 100 years, with moores law doubling power every 2, Youd probably only be looking at 10 or 12 years tops (I know the math isn't difficult, I'm just on my phone not bothering to look it up).

I've been curious about the effort to attack a private key that was generated in a controlled environment that you can recreate; say if a key was generated in a VM, if one recreated that VM in its entirety, platform, OS, any serial numbers, MAC address, system time, etc, would that shorten the time taken to attack a private key? Like, what sources does a VM have or use for generating random numbers, since everything, even hardware RNGs is then virtualized.

Can anyone give insight on that?

The generation of a private key is not related with the "machine" itself, so also if you can recrete that exact instance you will not be able to get that "key" a second time. I hope you have seen this video :

- https://www.youtube.com/watch?v=ZloHVKk7DHk

I think you will understand a lot of things.
hero member
Activity: 518
Merit: 500
The Private keys can be brute forced. But I don't think you're going to find the correct combination if you do so very easily or soon. It will take some of the world's super computers years to do that, millions.
However, if you're keeping your bitcoin on a Online wallet just consider your bitcoins lost/hacked already Wink
Is the 51% attack where someone gains control over most of the network? How would that work
hero member
Activity: 644
Merit: 500
Private key could be hacked if you have billion of quantum supercomputer & some patience Roll Eyes
But, bitcoin network could be hacked if someone could hack every nodes & miners in bitcoin network (if anyone can do it Tongue)

No, it is impossible to find (bruteforce) a number = 10^48 .... Have you seen how it is big that number or not? You need 100 years of time and maybe you can find only one bitcoin private key (converted in binary code). It is not so simple as you think, come one mate... this is math!


For attacking any given key, you needs far far far more time than 100 years. If it was just 100 years, with moores law doubling power every 2, Youd probably only be looking at 10 or 12 years tops (I know the math isn't difficult, I'm just on my phone not bothering to look it up).

I've been curious about the effort to attack a private key that was generated in a controlled environment that you can recreate; say if a key was generated in a VM, if one recreated that VM in its entirety, platform, OS, any serial numbers, MAC address, system time, etc, would that shorten the time taken to attack a private key? Like, what sources does a VM have or use for generating random numbers, since everything, even hardware RNGs is then virtualized.

Can anyone give insight on that?
full member
Activity: 238
Merit: 100
Lots of service depends on SHA256 algorithm, if it was hacked, the effect is not only for bitcoin.

Yes of course, if someone will break the sha256 algorithm I am sure the first target will be the bank system and not the bitcoin. Most people will think that the actual banks are safe but they are wrong.

So it is safe with sha256 algorithm, good, but I'm sure many people are working towards trying to hack it, many things what people thought impossible when later people achieved by finding simple solutions, I think it is just a matter of when and I think it will rarely ever happen during our life times  Cheesy
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
You shouldnt care so much about bitcoin hacked but about your smartphone or notebook hacked. It contains your wallet most probably and if a hacker could get into your computer then he might be able to steal from you. Thats why solutions like armory exist where you can hold your wallet away from internet.

If you have your coins in an online wallet website then you have risks of they stealing it or hackers stealing from the website.

While im at it... make backups of your wallet. You dont want to wake up, finding that your harddisc is broken and that you lost your coins on the way.
legendary
Activity: 1386
Merit: 1000
English <-> Portuguese translations
Ok thanks for letting me know, I am relatively new to Bitcoins and I am very much interested in the inner workings of the Bitcoins, so it is a group effort to over write the original source code from Satoshi, does someone verifies the integrity of new codes added or someone can manipulate as it was done earlier by creating false Bitcoins? Thanks and I'm just curious about all this as i think it will be the future of money  Cheesy

I think there needs to be tighter constraints over how the bitcoin core is updated. At the moment, the power is concentrated in a tiny group of developers that can pretty much take liberties as they choose. Most likely, the solution will be to spread the world's wealth across multiple blockchains.

If the actual developers take the wrong path that nobody accepts, we can fork Bitcoin.
Remember that its the people that chooses or not to upgrade their clients and daemons to the new release.
full member
Activity: 197
Merit: 100
QUIFAS EXCHANGE
The bitcoin code is hacked every day and the result is some new shitcoin. Yes, it can be hacked and is hacked all the time but there is no successful exploit.
legendary
Activity: 1778
Merit: 1043
#Free market
Lots of service depends on SHA256 algorithm, if it was hacked, the effect is not only for bitcoin.

Yes of course, if someone will break the sha256 algorithm I am sure the first target will be the bank system and not the bitcoin. Most people will think that the actual banks are safe but they are wrong.
legendary
Activity: 2674
Merit: 3000
Terminated.
The Private keys can be brute forced. But I don't think you're going to find the correct combination if you do so very easily or soon. It will take some of the world's super computers years to do that, millions.
However, if you're keeping your bitcoin on a Online wallet just consider your bitcoins lost/hacked already Wink
This is a serious understatement. Are you trying to do this on purpose or is it the lack knowledge?


Can bitcoin be hacked: Yes
The Result: At least 1 fork and a whole lot of fixes/improvements.
Exactly. Everything can be hacked. If we stood united during/after the hack we would easily recover. The development would definitely speed up.
Q7
sr. member
Activity: 448
Merit: 250
There is no way for you to find out the private key just by knowing the public key but you can certainly brute force. However the probability using this method to find a private key that actually holds bitcoin is low. To hack the network you will need considerable hash rate to do so, thus overall in general very much unlikely.
sr. member
Activity: 462
Merit: 250
Lots of service depends on SHA256 algorithm, if it was hacked, the effect is not only for bitcoin.
legendary
Activity: 1512
Merit: 1000
There are no 100% secure system. However hacking bitcoin needs munch more effort then the value you can get in return.
Pages:
Jump to: