Bitcoiners are just like everybody else: They use rubbish passwords Don't pretend you can invent a strong enough, memorable password to protect your Bitcoins: crypto-boffins can crack the so-called "brain wallet." In research published at the International Association for Cryptologic Research (IACR), University College London's Nicolas Courtois and Guangyan Song and White Ops' Ryan Castellucci …
If they can run 10e9 password checks for $60 - what sort of complexity is 'suitable'? For normal use. I'm not talking about withstanding a year of continuous attack on something that isn't rate limited or anything of that nature but let's assume a non-2FA web site (i.e. not your bank).
Yeah - I know that's a 'how long is this piece of string' question - but I really have no idea what sort of size/complexity we're dealing with nowadays.
Now if you'll excuse me there's some youngsters I have to chase off my lawn.
Not all that long. 9 random characters is probably fine.
If you've got $60 worth of bitcoins then using a random 9 digit number (which obviously has 10e9 possibilities) as your password would make it not currently worthwhile cracking your password. Guard against a 10x increase in performance / reduction in cost by using a 10 digit number. Alternatively, use a random password of upper case, lower case and numbers (62 possible chars). That would only need to be 1/(log(62) times as long which means 5.58 random characters will do it.
6 gives 56 x 10e9 possiblities.
9 gives 13,537,086 x 10e9 so should give plenty of room for the possiblity that you're storing more than $60 worth and increases in processing power for the near future (unless quantum computing hits the big time soon in which case this is all moot).
Final option, use the xkcd method. Pick 4 random words, even if you only pick from the 1000 most common that's 1000^4 = 10e12 possibilities
I'd just like to point out that although it occurred to me as well, that kind of worth-the-effort analysis isn't really accurate, because they're not trying to get your password, they're trying to get everybody's. So although they may have to spend more than $60 to get $60 worth of bitcoins from your account, they also get money from a bunch of other accounts.
If it's also the door guard's day off, sure.
Then again, maybe it also voice prints selected senior British actors.
Ian McKellen
Michael Hordern (BBC radio Mithrandir)
Peter Cushing (always possible, e.g. he played Doctor Who in movies, but also a Star Wars baddie)
Christopher Lee: obviously not. He's a vampire.
should be over.
Assuming each account will have at least 1 bitcoin, and they would not object to making a contribution because they have a direct and immediate interest in the research, this would mean that £4.5M is available for research, which is much more generous than any other research grant. This would also have the advantage of not having to face a review committee.
BTW - @AC xkcd gets it so wrong, as this piece of work some admirably demonstrates. The other thing that randall gets wrong is that restricting pass phrases to dictionary words reduces the size of the rainbow tables significantly, which makes the cracking so much faster.
AC because dangerous people who have lost bitcoins might want to ask questions in so many uncomfortable ways.
"BTW - @AC xkcd gets it so wrong, as this piece of work some admirably demonstrates."
If you're referring to the "Correct Horse Battery Staple" I don't think so; the dictionary attack relies on the pass phrase being a relatively common expression or a name of someone or something so, unless you actually used "correcthorsebatterystaple", your combination of four unrelated words is still relatively secure (based on number of possible words to the power four) as this is a large number even if you restrict it to fairly common English words:
http://www.oxforddictionaries.com/us/words/how-many-words-are-there-in-the-english-language
The very first phrase in the Bitcoin wiki on this subject is : "A brainwallet refers to the concept of storing Bitcoins in one's own mind by memorization of a passphrase. As long as the passphrase is not recorded anywhere, the Bitcoins can be thought of as existing nowhere except in the mind of the holder. If a brainwallet is forgotten or the person dies or is permanently incapacitated, the Bitcoins are lost forever. ".
My first reaction to that was Hoy Cow, how more useless can you get ?
If someone steals my Visa, I can have it blocked. If I lose my account password, I can go to the bank, prove I'm myself and get another one. If I lose my Internet access, I can go to the bank. With real money, there is always a fallback option.
This ? A knock on the head and your "money" is gone forever.
And you can't even light a cigar with it. Pff.
That's the whole point of crypto currencies though; trust no-one (except yourself and the maths (and the group of large miners who de facto set the rules)).
For there to be a fall back option, you need to trust someone to be the central bank and have access to everyone's money. At that point you may as well use a real bank and a real currency.
So either you do make a backup and store it in a separate "Availability Zone" (your mum's house) or you accept that mindwallets are like cash, let go of a bank note on a windy day and it's gone, no fallback.
Let's use the phrase "THese ARen't THe DRoids YOu're LOoking FOr".
Take the first two letters from each word. Capitalize the first one (it's a sentence) and add punctuation. This gives you:
Tharthdryolofo! - a 15-character near-random password that's EASY to use.
You don't have to REMEMBER it, you say the phrase as you go and simply type the relevant letters.
I teach my users this trick and it's working a charm. The least technical of them can remember a sentence. This is the best real-world compromise I've found.
That strikes me as an awful strong claim. It may well be that many people use them insecurely, or even that using them securely is impractical. But it certainly isn't impossible.
I've probably mentioned before that I'm a fan of Diceware for strong passphrases. You have a list of 7776 words and pick one by rolling 5 normal dice. It's completely random, and also nicely easy to quantify exactly how many possibilities there are. Each word is worth a little under 13 bits of "random". So to get 256 bits (the length of the private key), you'd need 20 words. Obviously memorizing 20 random words is not an easy task, but it's doable.
Or another option, English text is said to contain 1 to 1.2 bits of information per letter. So if you can memorize a 256-letter non-random (but unpublished) paragraph that should do the job as well.
And either of those method are probably more secure than necessary. A bitcoin address is only 160 bits, significantly shorter than the 256-bit private key, so I would guess that's a reasonable length to shoot for and still get very good security.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
