Pages:
Author

Topic: my wallets were stolen just now, can any one help me? - page 4. (Read 12255 times)

legendary
Activity: 1050
Merit: 1002
I agree with the notion that using an Android phone is a flawed solution, but then all "solutions" to this are flawed...

How is the Trezor solution flawed?

Storing 50K on your phone is unwise, but frankly I wouldn't trust that much to a Trezor either

What problem do you imagine there?

, or even a laptop with Armory;

You buy a cheap dedicated laptop and cleanly install an OS. Go to bitcoin.org and download Bitcoin-Qt. Go to bitcoinarmory.com and download Armory. Disconnect it permanently from the Internet. Proceed to use Armory for paper backups, storing and spending coins.

What problem do you imagine?

Quote
Blockchain.info should be used as a convenient spending wallet, not storage wallet.

I disagree. While I think it's true no one should use it for savings and storage, I see no reason to use it at all any more, even for spending, if it's at all possible to avoid doing so. If you have a home computer, there are good clients available to use.

What happens if you're away from home? Blockchain.info can give users similar access to spending bitcoins as online email services give users for accessing email, which is access anywhere in the world. Keeping a few hundred dollars worth of spending money in a Blockchain.info wallet seems very convenient and low risk to me.
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
For the cost of a (plastic) Trezor, one can purchase a cheap Android smartphone, install cyanogenmod if desired, then install Mycelium. While this arrangement has flaws compared to a Trezor, it also has advantages, and it's certainly good enough to produce paper wallets, or to keep turned off as a cold storage medium for modest funds. Anyone who has a lot of bitcoins should currently be using a paper or other cold-storage wallet, but if that's too cumbersome, at least they can go the dedicated-smartphone route rather than keep their bitcoins on a web wallet while waiting for Trezor.

No, I don't like that idea. The problem is Android is still an operating system and therefore vulnerable to malware. It also wasn't built with Bitcoin in mind. You tell people it's safe for them to use as cold storage for 50K then the recent Android bug with random number generation can wipe them out. The Trezor is designed for security and Bitcoin specifically so it's far more unlikely to have such a glaring software flaw.

If people are storing substantial coins then they shouldn't mind spending either the time or money necessary to ensure their coins are safe. For about the same cost they can buy a simple dedicated laptop to use with Armory and be assured their coins are safe, including easy paper wallet backups.

I agree with the notion that using an Android phone is a flawed solution, but then all "solutions" to this are flawed, and the least-flawed solution remains paper wallets. Storing 50K on your phone is unwise, but frankly I wouldn't trust that much to a Trezor either, or even a laptop with Armory; physical and inert media seems to be the only method with a low enough risk.

Android/Mycelium has it's own advantages the other solutions do not. So does laptop/Armory. And so does Trezor. Unfortunately, Trezor isn't out yet, and as far as Mycelium vs. Armory, I'm not convinced bitcoins sitting on a dedicated smartphone are significantly less safe than bitcoins sitting on a laptop with Armory, especially after the difficulty of setup and use is factored in. Still, I completely understand those taking a different stance. (And hey, one could always hedge their bets and do both.)

I think we at least agree that paper wallets remain the most secure storage method for now.


Quote
Blockchain.info should be used as a convenient spending wallet, not storage wallet.

I disagree. While I think it's true no one should use it for savings and storage, I see no reason to use it at all any more, even for spending, if it's at all possible to avoid doing so. If you have a home computer, there are good clients available to use. If you have an Android smartphone, the same is true (I just think one happens to be better.) If someone cannot learn to use one of those clients to spend bitcoins, or cannot afford to do so, or just finds them too inconvenient, then I would question whether they should be using bitcoins in the first place. Maybe next year, or a couple of years from now, but not at this point, sadly.
legendary
Activity: 1050
Merit: 1002
The problem is Android is still an operating system and therefore vulnerable to malware. It also wasn't built with Bitcoin in mind. You tell people it's safe for them to use as cold storage for 50K then the recent Android bug with random number generation can wipe them out. The Trezor is designed for security and Bitcoin specifically so it's far more unlikely to have such a glaring software flaw.

AFAIK the Trezor has got no RNG at all. It is seeded with randomness by the host that it is connected to.

Well, it uses a mnemonic code of 12 words for the seed:

http://www.bitcointrezor.com/faq/#software-design-security

It generates this when the device is first initialized after plugging it into a computer, so yes I think it would grab some randomness from there. At least I hope so. It would then probably use that to randomly choose from an internal dictionary of words.

Don't use Windows...
Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.

Yeah, there are a lot of idiots running the TOR project who recommend to stay away from Windows too http://threatpost.com/tor-urges-users-to-leave-windows

They are not idiots. Staying away from Windows is prudent advice for anyone, especially types interested in Tor. There are several reasons. Even apart from software vulnerability Microsoft has been shown willing to work with the NSA. There were hidden NSA labelled keys found in the operating systems starting from Windows 95, the purpose of which is unknown.
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
I sure hope we can get to the bottom of this
I think they did.  See the link in post #57 above.
hero member
Activity: 715
Merit: 500
Bitcoin Venezuela
Don't use Windows...
Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.

Yeah, there are a lot of idiots running the TOR project who recommend to stay away from Windows too http://threatpost.com/tor-urges-users-to-leave-windows
sr. member
Activity: 420
Merit: 250
★☆★777Coin★☆★
 I sure hope we can get to the bottom of this
full member
Activity: 177
Merit: 101
It feels like android phones have the most secure random number generator even with the crippled 64 bits of entropy, compared to this case.
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
GOOD NEWS (maybe).  If it can be shown that you lost your BTC due to a bug in the blockchain.info wallet it looks like you may get your BTC back from the owner of blockchain.info (nice guy).  See:  

https://bitcointalksearch.org/topic/blockchaininfo-security-funds-stolen-277595

Specifically this post:

Jesse James has informed me of a problem with the rng used by blockchain.info javascript clients being poorly seeded when initialised in a background webworker task. In some browsers this could lead to duplicate R values being used when signing transactions (Firefox is likely to be particularly vulnerable). This issue effects the transaction signing code only, not the generation of private keys.

Patches have now been deployed, Please ensure you upgrade to the latest version of your Blockchain.info client.

Chrome extension - v2.85
Fixefox extension - v1.97
Mac client - v0.11

Users of the web interface should clear their browsers cache before next login.

Only a handful of addresses are known to be affected thus far. Likely if you have been affected by this problem your coins will have been taken already. All affected users will be refunded in full, please PM me or email [email protected].
legendary
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
I believe you are also incorrect here, DeathAndTaxes. The signature part actually consists out of two numbers: r which is a random number, and s, which is actual signature. Normally, if you have two transactions, you have:

Your post is mostly correct in that by trial and error you can find the private key if transactions exist having used the same random number "k".

However it is incorrect to say "... the signature consists of the random number r ...", the number "r" is not random but a result of k*G. This k IS random and may not be revealed.
Your post is mostly correct except there is no "trial and error" about it.  If the same random value is used in the creation of two different signatures then the private key can be directly and immediately calculated from the information publicly available in the block chain.

See my post here for the technical details:  

https://bitcointalksearch.org/topic/m.2910339

To say that r is "not a random number" because it is derived from a random number is silly.  The mod of the x coordinate of k*G of a random number k is a random number.

BTW if anyone wants to calculate the private key the formula is:  private key = (z1*s2 - z2*s1)/(r*(s1-s2))

where r is the repeated random number.  Well, technically, the identical mod of the x coordinate of k*G of the repeated random number k.
legendary
Activity: 1148
Merit: 1018
Funny vanity address to which the funds where sent, quite a lot of stolen money in very few days: 1HackerRpwYH7F6uGu8422dScNxaHAtWYz (https://blockchain.info/address/1HackerRpwYH7F6uGu8422dScNxaHAtWYz)
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
It seems that the web-based blockchain.info wallet was also affected by yet another problem with random number generation. This is likely to be what's happened to the OP. User piuk, who runs the site, has said in the technical thread that the problem has been fixed and that affected people will be refunded in full. See: https://bitcointalksearch.org/topic/m.2970668

Good catch.

Still... in the particular case of what happened to the OP, it wouldn't explain why the thief would leave change (with both addresses.)

I'm betting that something similar to the StrongCoin shuffle occurred: the thief didn't actually have access to the keys, but rather had the ability to manipulate the transaction before signing.
sr. member
Activity: 310
Merit: 253
It seems that the web-based blockchain.info wallet was also affected by yet another problem with random number generation. This is likely to be what's happened to the OP. User piuk, who runs the site, has said in the technical thread that the problem has been fixed and that affected people will be refunded in full. See: https://bitcointalksearch.org/topic/m.2970668
hero member
Activity: 483
Merit: 551
The problem is Android is still an operating system and therefore vulnerable to malware. It also wasn't built with Bitcoin in mind. You tell people it's safe for them to use as cold storage for 50K then the recent Android bug with random number generation can wipe them out. The Trezor is designed for security and Bitcoin specifically so it's far more unlikely to have such a glaring software flaw.

AFAIK the Trezor has got no RNG at all. It is seeded with randomness by the host that it is connected to.
sr. member
Activity: 275
Merit: 250
the only web wallet I would consider using as of today is inputs.io

legendary
Activity: 1092
Merit: 1001
Touchdown
Don't use Windows...
Which is absurd. What chance does bitcoin have if people can't use it on their home PC for fear of theft?

Online wallets and clients need 2FA and maybe online banking style "enter letters 3, 5 and 7 from your password" to help improve security.

For anyone moving coins around - buying and selling, day trading, etc - paper wallets or offline storage really isn't practical.
hero member
Activity: 715
Merit: 500
Bitcoin Venezuela
Don't use Windows...
hero member
Activity: 815
Merit: 1000
I believe you are also incorrect here, DeathAndTaxes. The signature part actually consists out of two numbers: r which is a random number, and s, which is actual signature. Normally, if you have two transactions, you have:

Your post is mostly correct in that by trial and error you can find the private key if transactions exist having used the same random number "k".

However it is incorrect to say "... the signature consists of the random number r ...", the number "r" is not random but a result of k*G. This k IS random and may not be revealed.


Also on topic:
BitAddress.org can be downloaded to an offline USB key with Ubuntu AND you can change the private key MANUALLY under the wallet details tab.

This means: No RNG attack whether accidental or malicious, no password cracking, no trojans, no corrupted .DAT files and so on.

(Seriously though this is messed up, my grandmother can't take care of this level of security...)
legendary
Activity: 1050
Merit: 1002
For the cost of a (plastic) Trezor, one can purchase a cheap Android smartphone, install cyanogenmod if desired, then install Mycelium. While this arrangement has flaws compared to a Trezor, it also has advantages, and it's certainly good enough to produce paper wallets, or to keep turned off as a cold storage medium for modest funds. Anyone who has a lot of bitcoins should currently be using a paper or other cold-storage wallet, but if that's too cumbersome, at least they can go the dedicated-smartphone route rather than keep their bitcoins on a web wallet while waiting for Trezor.

No, I don't like that idea. The problem is Android is still an operating system and therefore vulnerable to malware. It also wasn't built with Bitcoin in mind. You tell people it's safe for them to use as cold storage for 50K then the recent Android bug with random number generation can wipe them out. The Trezor is designed for security and Bitcoin specifically so it's far more unlikely to have such a glaring software flaw.

If people are storing substantial coins then they shouldn't mind spending either the time or money necessary to ensure their coins are safe. For about the same cost they can buy a simple dedicated laptop to use with Armory and be assured their coins are safe, including easy paper wallet backups.

Blockchain.info should be used as a convenient spending wallet, not storage wallet.
newbie
Activity: 40
Merit: 0
It would also be very helpful of the dice folks to provide some info in your assistance, given that it seems just about everywhere Bitcoin is valued as currency and a theft has occurred.

Not sure what the odds are tho.

Hi all - heartbroken to see this thread, and I do also see the offending address has played a lot on SD today.  Forwarding this on to our team to see what some logical steps might be; really appreciate you tipping me off in the thread that SD is involved.  By the way, I also run the Support email ([email protected]) - so anytime you know of any suspicious activity, alert me, I'm more than happy to help.  Want to keep the community safe and supported; that's first and foremost.

Thanks to all of you helping the victim track this down.

Kat at SatoshiDICE
sr. member
Activity: 322
Merit: 250
It would also be very helpful of the dice folks to provide some info in your assistance, given that it seems just about everywhere Bitcoin is valued as currency and a theft has occurred.

Not sure what the odds are tho.
Pages:
Jump to: