Read time: < 1 Minute
Major Security Flaw in Bitcoin Brainwallet
Originally posted on 13 Aug 2015 by
Ethical hackers have developed a program and have demonstrated the ease of which criminals could steal Bitcoins from brainwallets, in which passwords are not stored digitally but in the users memory.
Ryan Castellucci, a security analyst at White Ops, has observed a major flaw in this method. He points out that the final Bitcoin address is saved in the blockchain as a password hash, which helps in verifying whether the word or phrase is correct when utilised for website authentication. White Ops advise that this data can be used as a reference to hackers looking for the password.
Originally designed to keep sensitive wallet data offline and making Bitcoin addresses easier to memorise, the brainwallet was somewhat undone due to the way it interacts with the blockchain. Using a single, long-word or phrase, converts it to a private key, a public key and lastly a wallet address. Using offline attacks it is possible to quickly guess probable passwords to check they're valid.
Castellucci's brainwallet cracker Brainflayer, released last week at DEF-CON 23, the largest global annual hacker convention, can guess 130,000 passwords per second. If run on more powerful computers, 560 million passwords can be checked using just $1.
Castellucci said, "You can scream from the rooftops that something is weak and vulnerable, but many people will just stay in denial without a working proof of concept. I think that the concept of letting humans choose their own passwords and passphrases for high security applications is fundamentally flawed."
We at Bitcoin Miners UK recommend to stick with the tried and tested wallets; we are due to run a more in depth analysis of the different wallets available. For now we recommend Blockchain wallet for mobile wallet and Armory https://bitcoinarmory.com/ for storage of large amounts of Bitcoin; which makes use of many important securuty features such as Paper Wallet and MultiSig (Multi Signature) wallet, which improves your security massively, there are others but we have not found a more secure wallet yet. Please sign up with us for the latest articles.
You must login to comment