Brainflayer: A Password Cracker That Steals Bitcoins From Your Brain

 For bitcoin fans, the notion  of a “brain wallet” has long seemed like the ideal method of storing  your cryptocurrency: By simply remembering a complex passphrase, the  trick allows anyone to essentially hold millions of dollars worth of  digital cash in their brain alone, with no need to keep any records on a  computer. It turns out, however, that your mind is a surprisingly vulnerable  place to put the key to your crypto-liquid assets. And now one hacker is  releasing the brain-thieving software to prove it. Next month at the hacker conference DefCon, security Ryan Castellucci  plans to release a piece of software he calls Brainflayer, designed to  crack bitcoin brain wallets and let any hacker suck out the digital cash  stored in them. In fact, wise bitcoiners have known for years that  brain wallets—despite their promise of hiding crypto treasure in the  most private depths of the user’s mind—are often unsafe. Castellucci  says his cracking program is designed to serve as a public demonstration  of that insecurity for those who still haven’t gotten the message, and  put an end to the practice for good. “People still want to use brain wallets because they like the idea of  a key stored in your head…They’re in denial about how bad the situation  is, and some of them are going to get screwed,” says Castellucci, a  researcher for the security firm White Ops. He says his software, which  he plans to publish online at the time of his talk next month, is meant  to serve as a warning: “Please move your bitcoins to somewhere where  they won’t get cracked. I want to undeniably prove to everyone that this  is not safe.” Brain wallets work by taking a chosen passphrase and putting it  through a mathematical function known as a “hash.” The resulting string  of random-looking numbers is then used as a bitcoin private key—the long  string of secret characters that controls a stash of the cryptocurrency  at a certain bitcoin address. Because the same passphrase can be hashed  again at any time to create the full private key, the user doesn’t need  to remember that long key string, only the passphrase. The user can  even delete the private key from his or her computer and walk around  knowing that no one, not even cops who seize the machine, can access his  or her mentally hidden treasure. The problem, says Castellucci, is that humans don’t choose strong,  random passphrases as well as they think they do. And any hacker can  patiently guess millions upon millions of passphrases, converting them  into private keys and trying them on every bitcoin address on the  blockchain, the public ledger of all bitcoin locations. Even when a  bitcoin user thinks she has chosen a sufficiently strong passphrase for  her brain wallet, Castellucci says it often can’t stand up to the  cracking resources of thieves motivated by an instant cash reward. “The  usual bitcoin private key is long enough that no one is going to guess  it before the sun burns out,” says Castellucci. “But if they just have  to guess your passphrase, they’re going to do it, because people are  terrible random number generators.” Castellucci first wrote the brain wallet passphrase cracker that  would become Brainflayer in 2013, shortly after he read about brain  wallets for the first time. He left his program running, scanning for  vulnerable bitcoin addresses, while he went to a picnic for a few hours.  By the time he got back, it had found a wallet containing 250  bitcoins—more than $66,000 at today’s exchange rates—ready to be stolen  by anyone who had run a similar program. (Castellucci eventually managed  to contact the wallet’s owner and convince him to move the bitcoins to a  more secure wallet.) There are plenty of reported incidents of actual brain wallet thefts.  One of those victims, Reddit user “thonbrocket,” describes how they had  used a phrase from an obscure poem in Afrikaans as a passphrase, and  was shocked to find that it was guessed. Castelucci wouldn’t say just how many passphrases Brainflayer is  capable of guessing on a single PC, a detail he says he’s saving for his  DefCon talk. But he hints that if his program were running on a botnet  of malware-hijacked computers, it could try as many as a hundred billion  passphrases a second. More than other passphrase crackers, he says the  program is optimized for the problem of quickly generating bitcoin keys  and scanning the blockchain to try them. He used a technique known as a Bloom filter,  for instance, to most efficiently store and check the blockchain for  matches. His results still aren’t quite as fast as the trillion  passphrases a second that Snowden once warned the NSA is likely capable of. But it could nonetheless surprise many people who believe their passphrases are safe. There’s no reason to think that Brainflayer is an especially powerful  passphrase cracker compared with other bitcoin brain wallet crackers in  the hands of criminals. But that’s the point, says Dan Kaminsky, the  founder of the White Ops security firm that employs Castellucci and a  well-known security researcher with an interest in bitcoin. Brainflayer  is designed to level the playing field and prove to anyone that their  insecure brain wallet can be hacked. “Ryan is not the first person to  write a brain wallet cracker,” says Kaminsky. “But if he puts it out  there, he’ll be the last person to have to write one, because everyone’s  going to have it.” Kaminsky argues that’s still a lesson bitcoiners need to hear.  Despite brain wallets’ security issues, the idea is still too tempting  to people who relish the thought of a perfectly private stash of virtual  currency. “The thinking is, ‘this is the safest possible version of  putting money under my mattress,'” says Kaminsky. “The reality is that  there’s a lot of room under your mattress. There’s not enough room in  your head.”  

https://www.wired.com/2015/07/brainflayer-password-cracker-steals-bitcoins-brain/