Artisanal RSA

Sometimes hacking requires doing things that, while possible to do with some algorithm, simply aren’t supported by any existing implementation. Usually for good reason. A good example of this that I’ve run into in the past is needing to initialize a hash algorithm with a specific state. There’s really not any reason to do this unless you’re trying to execute a length extension attack, and with the exception of HashPump (which was written specifically for that use case) I’m not aware of any library that supports it. I recently ran into this with problem with RSA.

Read more...

Bitfi’s hardware wallet is terrible

It recently came to my attention that John McAfee has been advertising a cryptocurrency hardware wallet from a company called Bitfi, with the claim that it is "unhackable". There's even a $250,000 bounty[1] to hack it. I do not have one of the actual devices in my possession, but from my review of the publicly available "source code" [PDF] and their private key calculator, my conclusion is that their product is most charitably described as a "footgun".

Read more...

Storybits: error resistant mnemonics

At DEFCON 22, Dan Kaminsky and I talked a little bit about something I built which he dubbed "Storybits[1]". Storybits can reversibly transform short strings of binary data into a series of words designed to produce a mental image. Order of the words does not matter, and many typos can be corrected automatically. I already had working code at the time of that talk, but since then it's just been sitting around on my computer. People have been asking about it, so I put it up on GitHub, though it's still a hacky prototype. I've thrown together a demo and written a bit about how it works.

Read more...

Forensic Bitcoin cracking: as easy as 1, 3, 7...

Since its release at DEFCON 23, I've done quite a bit of work on brainflayer. First, I added support for a few other brainwallet-like schemes and hex-encoded private keys. Then, in October, I integrated some code provided by Dr. Nicolas T. Courtois and Guangyan Song from UCL that sped up brainflayer by about 150%. With a subsequent optimization that yielded a further 65% speedup, it is now over four times faster than the initial release.

In January, I added specialized code for brute force private key search. While trying it out, I found something very interesting.

Read more...

Recreating Craig Wright’s Sartre file

By the time I had a look into Craig Wright's blog post that seemed to imply that he is Satoshi, others had already pointed out that the signature was copied from a 2009 transaction. The contents of the "Sartre" file, however, were still a mystery. Dan Kaminsky had a blog post up analyzing the commands from CW's post, but hadn't been able to figure that bit out, so he asked me to have a look.

Read more...

HTTPS subresource validation fail

In the spring of 2014, I found a bug in several browsers, including Epiphany, Xombrero, Opera Mini and Midori. They were loading subresources, such as scripts, from HTTPS servers without doing proper certificate validation. I tracked this down to some bad defaults in webkit which have since been fixed.

Read more...

Why I’m releasing a brainwallet cracker at DEFCON 23

On August 7th I will be giving a talk at DEF CON about cracking brainwallets. As part of that talk, I will be releasing a fast[1] brainwallet cracker. I'm writing this post to provide a little insight as to why I'm giving away a tool that could be used to steal. I also hope that people who are currently using brainwallets will take notice and move to a more secure storage method.

Read more...

Using GitHub with multiple accounts or deploy keys

GitHub's implementation of git over ssh identifies accounts (for purposes of access control) solely by ssh public key. As a consequence, a particular public key can be associated with, at most, one account. Deploy keys are even more restricted - they can only be associated with a single repository. While ssh can try several keys, GitHub doesn't know what you're trying to access until after you authenticate, so a workaround is required to select the right key.

Read more...

Stupid certificate tricks

Sometimes I do things for no real reasons other than “because I can” and/or “it amuses me”. For example, embedding a snarky message into my HTTPS certificate.

Read more...

Why Bitcoin mining ASICs won’t crack your password

I've seen a lot of people expressing concern that Bitcoin mining ASICs are going to lead to some sort of password cracking apocalypse.

They won't.

Read more...

How I made my header image

I'm pretty happy with how my header image (seen above) turned out. Here's how it was made:

Read more...

Never forget to start screen again

There a few systems that I frequently work on from multiple locations. I like to be able to log back in and pick up where I left off after disconnecting and screen is great for that, but I have to remember to start it before I do anything else. After forgetting one too many times, I figured out how to start it automatically when I open an interactive SSH session. Here's what I came up with:

Read more...