I've seen some posts (,) about brainwallets. I'd like to raise some awareness about this.
Brainwallets are bad. It's like giving razors to toddlers, yes, that bad.
Brainwallets have a history in Bitcoin, until Defcon 23, where Ryan Castelucci  basically shamed
brainwallet.org so much that they dropped off the Internet .
Some highlight from the paper :
- His first simple brainwallet cracker, cracking ~10K pw/s, came across 250BTC. Oops. (He managed to return it).
- Second attempt: Does about 130,000 passphrases per second on a quad core i7 3.5GHz
- Using EC2 spot instances would cost $175 will and check one trillion passphrases in 9 hours
- A mid-sized botnet with million nodes each trying 10,000 passphrases per second could check nearly 1015 (~249.5) in a day
- At that speed a passphrase of four random common English words falls in about an hour
Example cracked brainwallet phrases:
- Zed's dead baby. Zed's dead.
- Am I invisible because you ignore me?
- The Persistence Of Memory
- permit me to issue and control the money of a nation and i care not who makes its laws
He also concluded:
- There appear to be at least four currently active brainwallet thieves, probably more
- Send funds to a particularly weak brainwallet and they’ll be gone in seconds
- Lookup tables for large numbers of passwords have clearly been built
I recommend everyone even remotely positive towards brainwallets to read the full presentation. Unless you're Edward Snowden (both in your opsec-training and threat model), you don't need Brainwallets. And if you do, you're better off writing your own implementation. Let's not standardize a Brainwallet format and give out to users who don't know better. It's tragedy waiting to happen.
Edited: Added link to updated presentation, corrected according to rya_nc
's comments below
Preet Bharara, the United States Attorney for the Southern District of New York, George Venizelos, the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), and Peter Edge, Executive Associate Director of Homeland Security Investigations (“HSI”), announced today the arrest of BLAKE BENTHALL, a/k/a “Defcon,” in connection with his operation and ownership of the Silk Road 2.0 website, a hidden website designed to enable its users to buy and sell illegal drugs and other unlawful goods and services anonymously and beyond the reach of law enforcement. BENTHALL was arrested yesterday in San Francisco, California. He will be presented later today in federal court in San Francisco before Magistrate Judge Jaqueline Scott Corley.
Manhattan U.S. Attorney Preet Bharara said: “As alleged, Blake Benthall attempted to resurrect Silk Road, a secret website that law enforcement seized last year, by running Silk Road 2.0, a nearly identical criminal enterprise. Let’s be clear—this Silk Road, in whatever form, is the road to prison. Those looking to follow in the footsteps of alleged cybercriminals should understand that we will return as many times as necessary to shut down noxious online criminal bazaars. We don’t get tired.”
FBI Assistant Director-in-Charge George Venizelos said: “It’s been more than a year since the FBI made an arrest of the administrator of the black-market bazaar, Silk Road, and here we stand again, announcing the arrest of the creator and operator of Silk Road 2.0. Following a very close business model to the first, as alleged, Blake Benthall ran a website on the Tor network facilitating supposedly anonymous deals of drugs and illegal services generating millions of dollars in monthly sales. Benthall should have known that those who hide behind the keyboard will ultimately be found. The FBI worked with law enforcement partners here and abroad on this case and will continue to investigate and bring to prosecution those who seek to run similar black markets online.”
HSI Executive Associate Director Peter Edge said: “Blake Benthall’s arrest ends his status as the alleged administrator of a website that allows illicit black-market activities to evolve and expand, and provides a safe haven for illegal vices. HSI will continue to work in partnership with its federal and international law enforcement partners around the world to hold criminals who use anonymous Internet software for illegal activities who seek to hide behind the anonymity of the Internet to carry out illegal activities accountable for their actions.”
According to the Complaint unsealed today in Manhattan federal court:
Since about December 2013, BENTHALL, a/k/a “Defcon,” has secretly owned and operated an underground website known as “Silk Road 2.0”—one of the most extensive, sophisticated, and widely used criminal marketplaces on the Internet today. The website has operated on the “Tor” network, a special network of computers on the Internet, distributed around the world, designed to conceal the true IP addresses of the computers on the network and thereby the identities of the network’s users. Since its launch in November 2013, Silk Road 2.0 has been used by thousands of drug dealers and other unlawful vendors to distribute hundreds of kilograms of illegal drugs and other illicit goods and services to buyers throughout the world, as well as to launder millions of dollars generated by these unlawful transactions. As of September 2014, Silk Road 2.0 was generating sales of at least approximately $8 million per month and had approximately 150,000 active users.
Silk Road 2.0 was created in the wake of the Government’s October 2013 seizure of the website known as “Silk Road” and the arrest of its alleged owner and operator, Ross William Ulbricht, a/k/a “Dread Pirate Roberts.” The original Silk Road website had been designed to enable people anywhere in the world to buy and sell illegal drugs and other illegal goods and services anonymously and beyond the reach of law enforcement. Before its seizure in October 2013, Silk Road was used extensively to facilitate such transactions.
In November 2013, approximately five weeks after the Government shut down Silk Road and arrested Ulbricht, Silk Road 2.0 was launched. Designed to fill the void left by the Government’s seizure of Silk Road, Silk Road 2.0 was virtually identical to the original Silk Road website in the way it appeared and functioned. In particular, like its predecessor, Silk Road 2.0 operated exclusively on the “Tor” network and required all transactions to be paid for in Bitcoins in order to preserve its users’ anonymity and evade detection by law enforcement. Likewise, the offerings on Silk Road 2.0 consisted overwhelmingly of illegal drugs, which were openly advertised as such on the site. As of October 17, 2014, Silk Road 2.0 had over 13,000 listings for controlled substances, including, among others, 1,783 listings for “Psychedelics,” 1,697 listings for “Ecstasy,” 1,707 listings for “Cannabis,” and 379 listings for “Opioids.” Besides illegal narcotics, other illicit goods and services were openly advertised for sale on Silk Road 2.0 as well, including fraudulent identification documents and computer-hacking tools and services.
When Silk Road 2.0 was launched, it was controlled for a short time by a co-conspirator using the same online moniker as that allegedly used by Ross Ulbricht in operating the original Silk Road website—“Dread Pirate Roberts.” In late December 2013, however, BENTHALL, using the moniker “Defcon,” took over administration of the site and has owned and operated it continuously since that time. In that role, BENTHALL has controlled and overseen all aspects of Silk Road 2.0, including, among other things: the computer infrastructure and programming code underlying the website; the terms of service and commission rates imposed on vendors and customers of the website; the small staff of online administrators and forum moderators who have assisted with the day-to-day operation of the website; and the massive profits generated from the operation of the illegal business.
During the Government’s investigation, which was conducted jointly by the FBI and HSI, an HSI agent acting in an undercover capacity (the “HSI-UC”) successfully infiltrated the support staff involved in the administration of the Silk Road 2.0 website, and was given access to private, restricted areas of the site reserved for BENTHALL and his administrative staff. By doing so, the HSI-UC was able to interact directly with BENTHALL throughout his operation of the website. BENTHALL, 26, of San Francisco, California, is charged with one count of conspiring to commit narcotics trafficking, which carries a maximum sentence of life in prison and a mandatory minimum sentence of 10 years in prison; one count of conspiring to commit computer hacking, which carries a maximum sentence of five years in prison; one count of conspiring to traffic in fraudulent identification documents, which carries a maximum sentence of 15 years in prison; and one count of money laundering conspiracy, which carries a maximum sentence of 20 years in prison. The maximum potential sentences are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.
Mr. Bharara praised the outstanding joint efforts of the FBI and its New York Cyber Branch and HSI and its Cyber Crimes Center and Chicago-O’Hare Field Office. He also thanked the Drug Enforcement Administration’s New York Organized Crime Drug Enforcement Strike Force, which comprises agents and officers of the DEA, the Internal Revenue Service, the New York City Police Department, HSI, the New York State Police, the Bureau of Alcohol, Tobacco, Firearms and Explosives, the U.S. Secret Service, the U.S. Marshals Service, Office of Foreign Assets Control, and New York Department of Taxation. Mr. Bharara also thanked the Department of Justice’s Computer Crime and Intellectual Property Section for its assistance and support, the Department of Justice’s Criminal Division Office of International Affairs, and the law enforcement authorities of France, Germany, Lithuania, the Netherlands, and the United Kingdom. Mr. Bharara also noted that the investigation remains ongoing.
The prosecution of this case is being handled by the Office’s Complex Frauds and Cybercrime Unit and Money Laundering and Asset Forfeiture Unit. Assistant United States Attorneys Serrin Turner, Timothy Howard, and Daniel Noble are in charge of the prosecution. Assistant United States Attorney Margaret Graham is in charge of the forfeiture aspect of the case. The charges contained in the Complaint are merely accusations, and the defendant is presumed innocent unless and until proven guilty.
Bryce Case, Jr., the “Bitcoin Baron,” has served as a cryptocurrency evangelist since 2012, giving the first talks on bitcoin at DEFCON and SkyTalks, as well as participating in many of the seminal cryptocurrency-focused conferences. As a co-founder of the 501(c)(3) non-profit Unsung.Org with Jason King (the spiritual successor to Sean’s Outpost and one of... #4 Until you remove your training wheels, don’t #store your #Bitcoin on an #exchange (#Vortex, #Coinbaze, etc). #5 Bitcoin #Wallets, cause ’tis the #season to be hustled. There are so many fake wallets out now due to the frenzied rush into BiTCOIN. #6 When you get your #money up in #Bitcoin, it’s time to step away from #Virtual #Wallets. Money Flow Indicator that uses 2 different exchanges There was a prize of 0.5 bitcoin (~140 dollars) for solving the defcon shoot badge contest. Start with the QR code on the badge. You will need access to a badge to complete the last step of the contest. I can't afford that. Try the Ride and Room sharing threads on the Forums. You may also want to visit your Local DEF CON Groups meeting and see who you might want to bunk up with. It's important to mention you should use good judgment when sharing a room and consider who is sleeping next to you and who has access to your belongings.
Invest in IT Startups with as little as 10$ (or bitcoin) and watch your money grow every second! Withdraw instantly every $1 or 0.01BTC! http://bit.ly/1bQdMOQ. How to mine Bitcoin is a top question, and it is more difficult than ever to mine an entire Bitcoin since the Bitcoin BTC blockchain recently halved, reducing the block reward from 12.5 Bitcoins ... Join HighOnCoins telegram: https://t.me/joinchat/FxarBE1O9pL1PyUWgBmnAg No bitcoins? Get started at CoinBase.com, use this link to get extra $10: http://hoal... I'll cover a history of brainwallets, safer passphrase-based wallet generation, passphrase security, in-the-wild cracking activity, and how I accidently stole 250 Bitcoins (and tracked down the ... In which I meet some clever hardware hackers at Defcon who built this awesome Bitcoin vending briefcase. Like what you see? Donate with Bitcoin to 1JqU22aWrv...