The Quest To Liberate $300,000 of Bitcoin From an Old ZIP File (arstechnica.com) 38
A few quintillion possible decryption keys stand between a man and his cryptocurrency. From a report: In October, Michael Stay got a weird message on LinkedIn. A total stranger had lost access to his bitcoin private keys -- and wanted Stay's help getting his $300,000 back. It wasn't a total surprise that The Guy, as Stay calls him, had found the former Google security engineer. Nineteen years ago, Stay published a paper detailing a technique for breaking into encrypted zip files. The Guy had bought around $10,000 worth of bitcoin in January 2016, well before the boom. He had encrypted the private keys in a zip file and had forgotten the password. He was hoping Stay could help him break in. In a talk at the Defcon security conference this week, Stay details the epic attempt that ensued.
[...] "If we find the password successfully, I will thank you," The Guy wrote with a smiley face. After an initial analysis, Stay estimated that he would need to charge $100,000 to break into the file. The Guy took the deal. After all, he'd still be turning quite the profit. "It's the most fun I've had in ages. Every morning I was excited to get to work and wrestle with the problem," says Stay, who today is the chief technology officer of the blockchain software development firm Pyrofex. "The zip cipher was designed decades ago by an amateur cryptographer -- the fact that it has held up so well is remarkable." But while some zip files can be cracked easily with off-the-shelf tools, The Guy wasn't so lucky. That's partly why the work was priced so high. Newer generations of zip programs use the established and robust cryptographic standard AES, but outdated versions -- like the one used in The Guy's case -- use Zip 2.0 Legacy encryption that can often be cracked. The degree of difficulty depends on how it's implemented, though. "It's one thing to say something is broken, but actually breaking it is a whole different ball of wax," says Johns Hopkins University cryptographer Matthew Green.
[...] "If we find the password successfully, I will thank you," The Guy wrote with a smiley face. After an initial analysis, Stay estimated that he would need to charge $100,000 to break into the file. The Guy took the deal. After all, he'd still be turning quite the profit. "It's the most fun I've had in ages. Every morning I was excited to get to work and wrestle with the problem," says Stay, who today is the chief technology officer of the blockchain software development firm Pyrofex. "The zip cipher was designed decades ago by an amateur cryptographer -- the fact that it has held up so well is remarkable." But while some zip files can be cracked easily with off-the-shelf tools, The Guy wasn't so lucky. That's partly why the work was priced so high. Newer generations of zip programs use the established and robust cryptographic standard AES, but outdated versions -- like the one used in The Guy's case -- use Zip 2.0 Legacy encryption that can often be cracked. The degree of difficulty depends on how it's implemented, though. "It's one thing to say something is broken, but actually breaking it is a whole different ball of wax," says Johns Hopkins University cryptographer Matthew Green.
And what do we learn from all this? (Score:5, Funny)
Oh crap, all my passwords were on the monitor I just binned
<sigh>
how's James Howells doing these days? (Score:2)
I also store all YOUR passwords in Pi. And there's nothing you can do to stop me!
Re: (Score:2)
My password is pi, so you'll never be able to type it in a reasonable amount of time. Ha!
Re: (Score:2)
Re: (Score:2)
Oh crap, I just binned the fridge
Since it's /. and nobody reads the articles (Score:5, Informative)
If you want to know how it actually ended up:
"...Stay combed through his attack, worried about some obscure, incorrect assumption or a hidden bug. He soon struck on a new idea about which number, or "seed," to try as the starting point for the random number generator used in the cryptographic scheme. The Guy combed the test data as well and noticed an error that occurred if the GPU didn't process the correct password on the first attempt. Stay and Foster fixed the bug. With both of these revisions to the attack in place, they were ready to try again.
"Poof! Out came a bunch of Bitcoin," Foster says. "It was such a relief," Stay adds.
In the end, the infrastructure costs to run the attack were $6,000 to $7,000 instead of the roughly $100,000 they had originally estimated, Foster says. The Guy paid about a quarter of the original price tag."
Did not say what the password actually was (Score:1)
Thanks for the summary, it didn't have one item I was really curious about - what was the original password? Here I'm assuming from the description that they were trying to a bunch of strings to get in so they would know what string worked...
I was just curious if the original password he used was something guessable given enough time or maybe even one where a dictionary attack would have worked, or if he generated some really strong password that he managed to lose somehow.
Re:Did not say what the password actually was (Score:5, Funny)
Re: (Score:3)
And on this day many luggage locks were hacked.
Re:Did not say what the password actually was (Score:5, Interesting)
Likely they never got back the original password. They just found a random string that ended up hashing the same and producing the right key. I'm guessing more of a brute force once they found the bug in the software,
So the password remains hidden.
What made it possible is ZIP doesn't encrypt metadata, so you can still read the directory of an encrypted file and you can simply brute force the keys since you can test if a file extracted right. They found a bug in the key generation algorithm that narrowed the keyspace and simply tested all the keys.
Re: (Score:1)
The lesson taught here, attempting to use bitcoin requires an entire functioning digital infrastructure, in emergencies, it become entirely worthless, no longer support by functioning fiat currency states and their infrastructure. Think cell phones work in a real emergency, mains power to the towers and fibre optic to carry the messaging.
The big claims about reliability of bitcoin are entirely in marketing and nothing more. Any failure of society, kills bitcoin first.
Re:Did not say what the password actually was (Score:4, Informative)
You don’t need the original password. You just need something that hashes to an equivalent.
This is why the salt bug was so important.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
So they took a salary of roughly $93,500 for it, and that excludes energy costs of the infrastructure. Also puts into perspective how hard is to break bitcoin. Billions in infrastructure and labor, and with a much much longer timeline. And much higher possibility to get nowhere. Quantum and optical computing breakthroughs would be needed.
They charged him less than what they originally quoted.
Re:Since it's /. and nobody reads the articles (Score:4, Informative)
Note to submitters: I would have read TFA if I had known beforehand that he was eventually successful. A story about him failing would be much less worth my time.
This is not a terrible example, but in general, it's time journalists were taught that clickbait headlines PUT PEOPLE OFF.
Re: (Score:3)
Even worse, this was a Duplicate story, it was posted several days ago, so they added a clickbait headline to it, and then OMITTED THE GOD DAMNED RESULTS!
WTF, man?
clickbait browser filter needed (Score:2)
a filter that simply hides links/photos to articles using "this" in most cases would be wonderful, and eliminate huge swaths of clickbait . . . and then it could go onto secondary flags, such as "the reason" . . .
hawk
Re: (Score:2, Insightful)
Re: Since it's /. and nobody reads the articles (Score:2)
Thank you.
I was about to read the article but there were "always necessary" cross-site tracking cookies that couldn't be disabled.
Re: (Score:2)
The Guy paid about a quarter of the original price tag."
That's quite a discount. I'm surprised; it seems he should've been charged the full $100k because that was the agreement beforehand. After all, if not for Stay, he'd have $0 worth of Bitcoin. But I guess Stay is a nice person.
Re: (Score:2)
There's some guy in the UK who put, what is now worth £50million of bitcoins onto a harddrive. He got confused and threw away the drive instead of a different one, so it's ended up somewhere on a local dump. He's been working to get to it, and has figured out which "zone" of the dump it's in. He just needs a suitable permit to go digging to find his lost hard drive. Unsurprisingly, the local council won't give him a permit (I presume unless he pays upfront - he's seemingly unwilling or unable to do so
This guy is being suckered. (Score:2)
The zip file contains an auto executable which upon being cracked, will email the method back to the client, who will then use the method on a different job.
News for Nerds from days ago! (Score:2)
Slashdot. Where topical news goes to die.
What an idiot (Score:2)
"charge $100,000 to break into the file."
In such cases you demand to be paid by the hour and use an IBM-Convertible to do the calculations.
Re: (Score:1)
I did this - didn't know it was a special thing (Score:5, Interesting)
Many years ago I downloaded a zip file on my 2400bps modem that was encrypted. It was, I think, a game of some kind? Anyway, after I downloaded it I discovered that the zip file that I had downloaded contained another zip file and a text file that said, "To obtain the password to extract this file, send $X to this address".
Not wanting to have to send in my $X, and having already spent several dollars of long distance charges downloading this file, I wrote a batch file that read through a big list of words and tried each one in turn against that zip file. After each attempt it checked to see if any files had been extracted, if not then it ran again with the next word on the list.
I left that batch file to run overnight (on my 286 I think) and in the morning I had an unencrypted file and the password which was, as I recall, "purchase". If I hadn't succeeded with an actual word I suppose I would have started in with random characters and such, but as it was this job took something less than one whole night to accomplish. However long it took to get to the P's in my wordlist, I guess.
Zip files were a relatively new format at the time (remember Phil Katz?), but I remember doing this and can't remember the actual file that I managed to unencrypt. I guess the technical challenge was more fun than whatever I got out of it as a result.
Re: (Score:3)
The file you recovered read...
Be sure to drink your Ovaltine
did they try 123456? (Score:1)