Author

Topic: Major Brainwallet Problem (Read 1597 times)

hero member
Activity: 504
Merit: 500
September 06, 2013, 07:00:54 AM
#9
The problem is that by brainwallets you need to use your brain, especially the cerebrial cortex.
 
Grin Grin Grin
Amazing. They are over 2.500 transactions on this address.
"change this passphrase" would be better but probably some people would use it also.
legendary
Activity: 3682
Merit: 1580
September 05, 2013, 04:43:28 PM
#8
Major Brain Problem
full member
Activity: 196
Merit: 100
September 05, 2013, 01:43:52 PM
#7
This was pretty thoroughly discussed here https://bitcointalksearch.org/topic/if-you-used-brainwalletorg-must-read-security-breach-251037

TL;DR brainwallets are just a tool, but you need to be very sure of what you are doing to create a secure passphrase. If you don't understand why this is the case, then you should not use them. Easy to get burned and lose your coins.
sr. member
Activity: 672
Merit: 254
September 05, 2013, 08:23:29 AM
#6
Default pass should be "change this passphrase now else say bye bye to your coins"
full member
Activity: 238
Merit: 100
September 05, 2013, 08:16:27 AM
#5
The address is generated from a password, "correct horse battery staple" in this case. That's the whole point of a brain wallet.

Use your own secure password, get your own brainwallet.

I know.  The problem is it gives a default to start with.  It should not allow you to use the default.

anyone can create the keys (see http://www.xorbin.com/tools/sha256-hash-calculator) and use them in any wallet so there is no way to "stop" anyone from using a specific key.  I saw this on reddit and I checked out the address.  I posted this in another thread and someone pointed me here since we posted about 90 seconds apart on the same subject.  If I try to import this key into Armory it crashes it when it tries to scan the transactions.  I imported it into blockchain.info wallet and then I started getting all these notices of dust transactions. 

I know, I just find it distasteful to spread a private key without telling people on the website that thousands of other people have the same key.
full member
Activity: 238
Merit: 100
September 05, 2013, 08:01:29 AM
#4
The address is generated from a password, "correct horse battery staple" in this case. That's the whole point of a brain wallet.

Use your own secure password, get your own brainwallet.

I know.  The problem is it gives a default to start with.  It should not allow you to use the default.
full member
Activity: 238
Merit: 100
September 05, 2013, 07:56:18 AM
#3
what's the problem? it's common sense to not use easy passphrases.
full member
Activity: 130
Merit: 100
September 05, 2013, 07:52:16 AM
#2
The address is generated from a password, "correct horse battery staple" in this case. That's the whole point of a brain wallet.

Use your own secure password, get your own brainwallet.
full member
Activity: 238
Merit: 100
September 05, 2013, 07:36:29 AM
#1
Hey guys,

I found a major, major problem with brainwallet.org

It seems that the wallet always generates the private key/address pair of 5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS/1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T by default.

The private key is the sha256 of "correct horse battery staple"

Checking the block chain for 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T and you will find hundreds if not thousands of transactions and double spend attempts.

It appears lots of people have been actually using this address.  I don't know who the creator of brainwallet is, but they should be informed.
Jump to: