Forensic Bitcoin cracking: as easy as 1, 3, 7...

Since its release at DEFCON 23, I've done quite a bit of work on brainflayer. First, I added support for a few other brainwallet-like schemes and hex-encoded private keys. Then, in October, I integrated some code provided by Dr. Nicolas T. Courtois and Guangyan Song from UCL that sped up brainflayer by about 150%. With a subsequent optimization that yielded a further 65% speedup, it is now over four times faster than the initial release.

In January, I added specialized code for brute force private key search. While trying it out, I found something very interesting.

Read more...

Recreating Craig Wright's Sartre file

By the time I had a look into Craig Wright's blog post that seemed to imply that he is Satoshi, others had already pointed out that the signature was copied from a 2009 transaction. The contents of the "Sartre" file, however, were still a mystery. Dan Kaminsky had a blog post up analyzing the commands from CW's post, but hadn't been able to figure that bit out, so he asked me to have a look.

Read more...

Why I'm releasing a brainwallet cracker at DEFCON 23

On August 7th I will be giving a talk at DEF CON about cracking brainwallets. As part of that talk, I will be releasing a fast[1] brainwallet cracker. I'm writing this post to provide a little insight as to why I'm giving away a tool that could be used to steal. I also hope that people who are currently using brainwallets will take notice and move to a more secure storage method.

Read more...

Stupid certificate tricks

Sometimes I do things for no real reasons other than "because I can" and/or "it amuses me". For example, embedding a snarky message into my HTTPS certificate.

Read more...