<html>
<p><br></p>
<p><br></p>
<p><img src="https://www.wired.com/wp-content/uploads/2015/07/GettyImages-185759196-1024x768.jpg" width="1024" height="768"/></p>
<p>&nbsp;For bitcoin fans, the&nbsp;notion &nbsp;of a “brain wallet” has long seemed like the ideal method of&nbsp;storing &nbsp;your cryptocurrency: By simply remembering a complex passphrase, the &nbsp;trick allows anyone to essentially hold millions of dollars worth of &nbsp;digital cash&nbsp;in their brain alone, with no need to keep any records on a &nbsp;computer. It turns out, however, that your mind is a surprisingly vulnerable &nbsp;place to put the key to&nbsp;your crypto-liquid assets. And now one hacker is &nbsp;releasing the brain-thieving software to prove it. Next month at the hacker conference DefCon, security Ryan Castellucci &nbsp;plans to release a piece of software he calls Brainflayer, designed to &nbsp;crack bitcoin brain wallets and let any hacker suck out the digital cash &nbsp;stored in them. In fact, wise bitcoiners have known for years that &nbsp;brain wallets—despite their promise of hiding crypto treasure in the &nbsp;most private depths of the user’s mind—are often unsafe. Castellucci &nbsp;says his cracking program is designed to serve as a public demonstration &nbsp;of that insecurity for those who still haven’t gotten the message, and &nbsp;put an end to the practice for good. “People still want to use brain wallets because they like the idea of &nbsp;a key stored in your head…They’re in denial about how bad the situation &nbsp;is, and some of them are going to get screwed,” says Castellucci, a &nbsp;researcher&nbsp;for the security firm White Ops. He says his software, which &nbsp;he plans to publish online at the time of his talk next month, is meant &nbsp;to serve as a warning: “Please move your bitcoins to somewhere where &nbsp;they won’t get cracked. I want to undeniably prove to everyone that this &nbsp;is&nbsp;not safe.” Brain wallets work by taking a chosen passphrase&nbsp;and putting it &nbsp;through a mathematical function known as a “hash.” The resulting string &nbsp;of random-looking numbers is then used as a bitcoin private key—the long &nbsp;string of secret characters that controls a stash of the cryptocurrency &nbsp;at a certain bitcoin address.&nbsp;Because the same passphrase can be hashed &nbsp;again at any time to create the full private key, the user doesn’t need &nbsp;to remember that long key string, only the passphrase.&nbsp;The user can &nbsp;even delete the private key&nbsp;from his or her computer and walk around &nbsp;knowing that no one, not even cops&nbsp;who seize the&nbsp;machine, can access his &nbsp;or her mentally hidden treasure. The problem, says Castellucci, is that humans don’t choose strong, &nbsp;random passphrases as well as they think they do. And any hacker can &nbsp;patiently guess millions upon millions of passphrases, converting them &nbsp;into private keys and trying them on every bitcoin address on the &nbsp;blockchain, the public ledger of all bitcoin locations.&nbsp;Even when a &nbsp;bitcoin&nbsp;user&nbsp;thinks she has&nbsp;chosen a sufficiently strong passphrase for &nbsp;her brain wallet, Castellucci says it often can’t stand up to the &nbsp;cracking resources&nbsp;of thieves&nbsp;motivated by&nbsp;an instant cash reward. “The &nbsp;usual&nbsp;bitcoin private key is long enough that no one is going to guess &nbsp;it before the sun burns out,” says Castellucci. “But if they just have &nbsp;to guess your passphrase, they’re going to do it, because people are &nbsp;terrible random number generators.” Castellucci first wrote the brain wallet passphrase cracker that &nbsp;would become Brainflayer in 2013, shortly after he read about brain &nbsp;wallets for the first time. He left his program running, scanning for &nbsp;vulnerable bitcoin addresses, while he went to a picnic for a few hours. &nbsp;By the time he got back, it had found a wallet containing 250 &nbsp;bitcoins—more than $66,000 at today’s exchange rates—ready to be stolen &nbsp;by anyone who had run a similar program. (Castellucci eventually managed &nbsp;to contact the wallet’s owner and convince him to move the bitcoins to a &nbsp;more secure wallet.) There are plenty of <a href="http://www.reddit.com/r/Bitcoin/comments/1c13ld/i_invested_all_of_my_bitcoin_to_a_brain_wallet/">reported</a> <a href="http://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/">incidents</a> of <a href="http://www.reddit.com/r/Bitcoin/comments/2850rn/someone_has_cracked_my_brain_wallet/">actual</a> brain wallet <a href="https://bitcointalk.org/index.php?topic=421559.0">thefts</a>. &nbsp;One of those victims, Reddit user “thonbrocket,” describes how they had &nbsp;used a phrase from an obscure poem in Afrikaans as a passphrase, and &nbsp;was shocked to find that it was guessed. Castelucci wouldn’t say just how many passphrases Brainflayer is &nbsp;capable of guessing on a single PC, a detail he says he’s saving for his &nbsp;DefCon talk. But he hints that if his program were running on a botnet &nbsp;of malware-hijacked computers, it could try as many as a hundred billion &nbsp;passphrases a second. More than other passphrase crackers, he says the &nbsp;program is optimized for the problem of quickly generating bitcoin keys &nbsp;and scanning the blockchain to try them. He used a technique known as a <a href="http://billmill.org/bloomfilter-tutorial/">Bloom filter</a>, &nbsp;for instance, to most efficiently store and check the blockchain for &nbsp;matches. His results still aren’t quite as fast as the trillion &nbsp;passphrases a second that Snowden <a href="http://www.wired.com/2014/10/snowdens-first-emails-to-poitras/">once warned the NSA is likely capable of</a>. But it could nonetheless surprise many people who believe their passphrases are safe. There’s no reason to think that Brainflayer is an especially powerful &nbsp;passphrase cracker compared with other bitcoin brain wallet crackers in &nbsp;the hands of criminals. But that’s the point, says Dan Kaminsky, the &nbsp;founder of the White Ops security firm that employs Castellucci and a &nbsp;well-known security researcher with an interest in bitcoin. Brainflayer &nbsp;is designed to level the playing field and prove to anyone that their &nbsp;insecure brain wallet can be hacked. “Ryan is not the first person to &nbsp;write a brain wallet cracker,” says Kaminsky. “But if he puts it out &nbsp;there, he’ll be the last person to have to write one, because everyone’s &nbsp;going to have it.” Kaminsky argues that’s still a lesson bitcoiners need to hear. &nbsp;Despite brain wallets’ security issues, the idea is still too tempting &nbsp;to people who relish the thought of a perfectly private stash of virtual &nbsp;currency. “The thinking is, ‘this is the safest possible version of &nbsp;putting money under my mattress,'” says Kaminsky. “The reality is that &nbsp;there’s a lot of room under your mattress. There’s not enough room in &nbsp;your head.” &nbsp;</p>
<p>https://www.wired.com/2015/07/brainflayer-password-cracker-steals-bitcoins-brain/</p>
</html>