It recently came to my attention that John McAfee has been advertising a cryptocurrency hardware wallet from a company called Bitfi, with the claim that it is "unhackable". There's even a $250,000 bounty[1] to hack it. I do not have one of the actual devices in my possession, but from my review of the publicly available "source code" [PDF] and their private key calculator, my conclusion is that their product is most charitably described as a "footgun".

Since its release at DEFCON 23, I've done quite a bit of work on brainflayer. First, I added support for a few other brainwallet-like schemes and hex-encoded private keys. Then, in October, I integrated some code provided by Dr. Nicolas T. Courtois and Guangyan Song from UCL that sped up brainflayer by about 150%. With a subsequent optimization that yielded a further 65% speedup, it is now over four times faster than the initial release.

In January, I added specialized code for brute force private key search. While trying it out, I found something very interesting.

By the time I had a look into Craig Wright's blog post that seemed to imply that he is Satoshi, others had already pointed out that the signature was copied from a 2009 transaction. The contents of the "Sartre" file, however, were still a mystery. Dan Kaminsky had a blog post up analyzing the commands from CW's post, but hadn't been able to figure that bit out, so he asked me to have a look.

On August 7^th I will be giving a talk at DEF CON about cracking brainwallets. As part of that talk, I will be releasing a fast[1] brainwallet cracker. I'm writing this post to provide a little insight as to why I'm giving away a tool that could be used to steal. I also hope that people who are currently using brainwallets will take notice and move to a more secure storage method.

I've seen a lot of people expressing concern that Bitcoin mining ASICs are going to lead to some sort of password cracking apocalypse.

They won't.