Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 31. (Read 224563 times)

You are also assuming that there have not already been rainbow tables made for simple passwords.

Not really. I'm sure there's CUDA code and openCL code to dramatically improve on that. (About x10 last time I checked for a single mid-range GPU vs a multicore CPU)

Might want to ask in the Lite-coin community, but maybe you won't be told much about it.

Long story short, bcrypt slows down bruteforcing vs SHA but not remotely as much as often advertised.

muyuu, your argument about bruteforcing the passwords is not entirely correct, because Bitcoinica uses bcrypt. This means that difficulty of cracking even simplier passwords rises dramatically (from minutes to days), and somewhat complex (7+ chars or so) passwords are safe, because it would take years to brute them. That's why I think the a password should be primary method of verification in the claim process.

Well, they only took 5-6 solid days to make this form though, how could they possibly do anything more sophisticated than a plain HTML form. It has some twitter bootstrap CSS too, I reckon.

You certainly do.  I hadn't paid attention to the fact that they'd moved from a VPS to a VPS and done nothing else to fix a security hole.  I've learned lessons from this, even if Bitcoinica didn't/hasn't.


You didn't miss anything.  It's not on the claim form, it just should be.  It was on Mt.Gox's claim form after their hack last year though; and it was a good idea then.

Honestly though, having everybody handing their ID, phones and passports would filter most trivial attempts at cashing out illegitimately via the claim process.

Not that I'd give them any of that. LOL

So it does provide some safety (at an expense I wouldn't be willing to take myself, but that's besides the point).

1) Nothing else they are asking will provide any significant security.

2) If weak passwords are a problem .... don't let user use weak passwords to begin with.  Tada problem solved.  Check user's password against complexity requirements and a blacklist of commonly used weak passwords.

3) If the site uses 2nd factor authentication then weakness of the password is immaterial.  For example brute forcing the weak passwords doesn't help the attack if the account is protected by yubi-key or google authentication.


As indicated above some weak passwords don't make cashing out strong accounts by automated method.

See, I do all that as well. Don't reuse passwords, use strong passwords AND also change them every so often (well, within reason).

As for judgement, after I saw their continued VPS policy and some of their posts here, my judgement told me to pull off everything from the site. Got you beaten there by judgement, didn't I


Well, I didn't know this. I haven't filled in the claim since I don't have any US$ or BTC in Bitcoinica any more see the previous point for reference.

Good point though.

Hey all future site operators .... Looking at this disaster from the outside you likely (hopefully) are thinking to yourself how do "I" avoid this same mess in a giant debacle.

Simple.  Have a failsafe "bug out" address (backed up off site daily) ..... wait for it .... encrypted with the user's own password. 

When user signs up ask them for a payout address in the event of attack, govt shutdown, internal strife, zombie apocalypse, etc.
Take this "bug out" address, encrypt it with the user's password and store in the credentials table.  

Tada.  Instant claim form.
username
password
2nd factor authentication (you are a solid secure site so of course you are using 2 factor authentication right?)

Validate credentials against the login table.  If valid then use the the password to decrypt the user supplied bug out address.  If the process fails then forward user to manual verification process.  If the "bug out" address decrypts successfully then display the address to the user for verification as ... wait for it ... read only cash out option.

Sadly I think you are right on the reason for the detailed (and technically dubious) claim form. 

Disappointingly... no.  I suspect you would win.

Wanna bet?

Note I said that the weak password would put them in the "needs more verification" pile, not the "you're fucked" pile.

I think you misunderstood my suggestion... The strength check is done at "claim time", so Bitcoinica could quite easily do this right now.  The password is the same so if it was weak when the user set it, it's weak now.  If it's strong, then mark the claim "finished" and move on.


There are two different types of bruteforcing.  There is bruteforcing the login dialog and bruteforcing the password hashes.  The salt is always stored plain-text with the hashes, and it is the hashes that the salt protects.  The salt, for these purposes, is known, and changing it doesn't change the difficulty of the brute force because it would always be known if you can see the hash.


Quite so; my question is still why those of us with strong passwords are being punished for the few with weak passwords?  That's not even the question really; because the password hasn't been used at all as part of the claim.


As it happens, I haven't.  I don't believe in changing passwords regularly.  There is plenty of evidence to suggest that it actually weakens security.  You are better off picking (a) a strong password and (b) a different password for each site.

I certainly didn't take your suggestion personally though; I don't think we actually fundamentally disagree -- but I do think our discussion here is useful and might be interesting for others (and hopefully someone at Bitcoinica is watching too).

Obviously, never said the opposite. As for the amount of the last withdrawal, the only thing I've said about this is that I think it's a bad idea.

 

WUT? Where did I argue this?

My argument can be summarised like this: even hashed and salted passwords are not good enough when your whole DB is compromised and you need a method so nobody gets burnt. (Simply because there will always be people with unsafe passwords).

Surely they could also be asking for the password, cannot see why not.

Okay. Sounds brilliant. Is this infeasible for some reason?

Obviously you are right but it's still in Bitcoinica's best interests that these people don't get f*cked because they would still be ultimately responsible for it.

As for the point about MtGox, sure, but Bitcoinica don't do this do they.


Yes and no. Salt is not secret but it's also not public or fixed, simply because you then give more time for bruteforcing.

I don't trivialise it, I know how long does it take since I do have a mining rig capable of bruteforcing passwords at a respectable rate even in bcrypt. There are people out there in Bitcoinica's DB with 4 and 5 letter passwords. How much would you bet about that? With time you can bruteforce longer passwords, which is what they may be doing right now.



Surely not, I reckon I added that just a suggestion in case you had not changed passwords in a long time? Hope you didn't take it personally, huh.


I agreed with this point all along, this was not directed at you but aurumxchange who just made this point before.

Come on this is just going round and round being stupid.

Verification by password:
Attacker only has hash (if he gained access to db).
Attacker can only brute force weak passwords.

Verification by account data
Attacker has all of this data in plain text.
No brute required.  He simply looks up the record and submits a claim.

So you are arguing the second method is better because the hacker might have the hash and might be able to brute force some of the account passwords?

Reading through this thread is only confirming what I suspected about Bitcoinica.

Funny how after how much they exaggerated their volume, the price has been completely unaffected by them closing. The 420 sale at Silk Road affected the price more!

I'm all about giving people the benefit of the doubt, but after looking at all the evidence, can there be any? Seems to me that anyone else did something like what Bitcoinica is doing they would already have the "scammer" tag

Give them time to try their dictionary attacks and bruteforcing. They might also be waiting just in case they see some opportunity from the claim procedures and aftermath.

Looks obvious to me that they're going to deal with it on a case-by-case basis. A bit of a poker game, "some me what you have and I'll come back to you" - obviously they won't waste much time with people claiming 2BTC.

But like I said before... the policies may suggest the guys at bitcoinica are not sure the hackers don't have the actual passwords (or are just playing it safe for the people who used unsafe ones). If you read their first announcement... they also told users to change reused passwords from other services, make your own conclusions.


Obviously there is nothing wrong about this, but cynical me could think they may not be so sure about their "most stringent best practices for password security".