Someone used the passphrase "how much wood could a woodchuck chuck if a woodchuck could chuck wood" to store 250 BTC. I personally drained it by mistake, then tracked down the owner, via the pool he'd mined it from.
I'm a co-author of that paper, we later got funding to do a larger cracking run and found more wallets, and even some that still had balances. See slide 18:
Feeding a massive corpus reddit comments and six years of IRC logs into the cracking tool was particularly interesting.
> And no, anyone with 400,000 ETH who claims they used a brain wallet, and oppsie .. someone stole it. Is having a boating accident, if you know what I mean.
It was about 40,000. The password was "guybrush", and I spoke to the guy who made it. He didn't understand how the tool worked when he made an address. Much later, the Ethereum foundation sent him the ETH. It was gone by the time he went to spend it. Dude put out a press release offering to let whoever did it keep half if they gave back the other half. The ETH hasn't moved since the day it was stolen, almost eight years ago.
I assure you, the guy made a genuine fucky wucky.
If I'd gone blackhat with this research, I could be retired to a volcano lair on a private island by now.
That sounds exactly like a well acted boating accident.
My angle is that simple brain wallets that use a combination of a memorable phrase with some individual information, like the user’s name, birthdate, address and a 4 digit PIN, used as salt, are then extremely secure. And your paper and the original comment I responded to don’t emphasize that it’s the user’s use of such an systen that makes them vulnerable not the foundation of the technique of brainwallets.
Basically you’re blaming the car for the drivers not understanding how to drive and immediately crashing.
And you're blaming the victim for not understanding things that were never explained to them until after they were already pwned.
The correct way to handle this would be for brainwallet software to generate and provide the user with a high-entropy passphrase rather than asking for the user to provide one. Failing that, it could at least reject very-low-entropy passwords (e.g. impose a minimum 20 character limit).
But even then we're band-aiding the underlying problem, which is that decentralization[0] and finance go together about as well as twizzlers and guacamole. Transaction reversibility is a feature, not a bug, and there's no trustworthy way to implement that sort of thing in a decentralized finance system. Absent a way to dispute fraudulent transactions the only way to avoid your money becoming everyone's money is to overcompensate on preventative measures: i.e. insanely long passphrases stored on hardware keys in lockboxes buried under a garden birdbath.
And sure, yes, we can point and laugh at the credit card industry for treating primary account numbers printed on the front of the card as secure tokens, taking decades to adopt EMV cards in the US, charging horrible swipe and chargeback fees to businesses, and so on. However, there is a reason why, a decade and a half in, people use credit cards and not Bitcoin. Credit cards actually function as a payment mechanism and you are less likely to be defrauded using them.
[0] I additionally dispute the idea that any cryptocurrency system is actually decentralized. The need to agree on the validity and order of transactions necessarily requires one individual or institution actually decide the rules everyone else, with unanimity, agrees upon. Operation of the network is nominally decentralized but the need for security against transaction reordering in the face of no strong identity being available means that practically, it is centralized.
We've seen this with the 'scaling wars' of Bitcoin. Two groups of shadowy puppetmasters - developers and miners - duked it out over absurdly stupid technical arguments regarding how to scale Bitcoin.
> don’t emphasize that it’s the user’s use of such an systen that makes them vulnerable not the foundation of the technique of brainwallets.
That's because it is the foundation of the technique that makes them vulnerable. They are an "attractive nuisance". A system must be evaluated based on "typical use", not "perfect use".
You come across as a social Darwinist who would be happy for all the warning labels to be removed from everything and all safety regulations repealed. The world you advocate for would be an awful dystopia. You have nothing to say I haven't heard before.
I think this more applied to you. You actually invested time to write a paper about brainwallets because some people don’t understand or know how to use them properly. The paper is not logical, if it was then a small POC I know about is all of them, which obviously it isn’t, you can’t find serious people’s brainwallets, they would be salted in a way that it’s hopeless to crack.
You claim brainwallets are fundamentally unsafe, which honestly is total nonsense if you understand them and how they work.
I’m gonna guess you’re a ban Bitcoin type because it’s… wrong or whatever.
I'm a co-author of that paper, we later got funding to do a larger cracking run and found more wallets, and even some that still had balances. See slide 18:
https://rya.nc/files/measuring_the_use_and_abuse_of_brain_wa...
Feeding a massive corpus reddit comments and six years of IRC logs into the cracking tool was particularly interesting.
> And no, anyone with 400,000 ETH who claims they used a brain wallet, and oppsie .. someone stole it. Is having a boating accident, if you know what I mean.
It was about 40,000. The password was "guybrush", and I spoke to the guy who made it. He didn't understand how the tool worked when he made an address. Much later, the Ethereum foundation sent him the ETH. It was gone by the time he went to spend it. Dude put out a press release offering to let whoever did it keep half if they gave back the other half. The ETH hasn't moved since the day it was stolen, almost eight years ago.
I assure you, the guy made a genuine fucky wucky.
If I'd gone blackhat with this research, I could be retired to a volcano lair on a private island by now.
WTF is your angle here?