1/ This article enumerates the inefficacy of modern wallet solutions (and why I recently wrote a three-part series titled, 'Why You Don't Need a Hardware Wallet' <-- being released today in an hour or so).
2/ If you read the quoted tweet above and thought to yourself, 'Wait a minute, I thought that Bitcoin & blockchain were supposed to be unhackable!', then you're on the right track.

Its more so that the *cryptography* used for Bitcoin cannot be reasonably cracked.
3/ However, these cryptographic primitives (i.e., ecdsa) are only as strong as their implementation and only as secure as their execution environment.

The idea of encrypting 'wallet.dat' files (a default standard for $BTC by Core), is unnecessarily dumb & unnecessary.
4/ Here is a 'StackExchange' response that breaks down how to actually change the contents of something that's been encrypted
at this point in time.
source = crypto.stackexchange.com/questions/8578…
5/ Anyone can correct me if I'm wrong...but it appears that the hash (SHA-512) in unsalted? (not seeing anything about a KDF here in these specifications).
5a/ This + encrypted master key being stored in memory (yielding cipher txt) & encryption being done with a non-random input [i.e., a user-generated password], which leads me to believe that rainbow tables / dictionary attacks would be viable here

security.stackexchange.com/questions/4594…
6/ I'm not sure why the Keybase wallet version of BIP38 has not been adopted for use as a standard by modern Bitcoin wallets.

BIP38 specifications are a step in the right direction, but ultimately suffer from the same inherent weakness ... stealable private keys
7/ Keybase's warp wallet (influenced by the 'MemWallet'), simply utilized the concept of 'Brainwallets' (without some of the more asinine, generalized assumptions included within the Bitcoin Wiki; link = en.bitcoin.it/wiki/Brainwall…)

This *does not mean use mnemonics*
8/ Conversely, Keybase(.)io created the 'warp wallet', which utilizes 'Scrypt', a memory-hard hash function [i.e., they actually introduce a KDF into the equation].

keybase.io/warp/warp_1.0.…

keybase.io/warp/warp_1.0.…
9/ The effectiveness of this solution vs. the 'brainwallet' outlined via BIP38 (in the specs + Bitcoin Wiki) derives from Keybase taking advantage of the deterministic property of Bitcoin wallet generation (secp256k1) with same *seed*

Outlined = tools.ietf.org/html/rfc6979
10/ Net result is that Keybase was able to create a Bitcoin wallet with only 8 characters (only number & letters, no symbols), with 20 bitcoins up for grabs (since 2016) --- they have yet to be stolen
11/ Notably, the Vice article that is linked in the quoted tweet (at the top of this thread), insists that the wallet in question with $690M+ in it was being passed in hacker circles; so there's no reason to believe that this simplistic PW by the Keybase wallet wouldn't as well
12/ Guess that's the conclusion of this thread / rant on ineffective (unnecessary) wallet 'solutions' that persist in lieu of *much better alternatives* that have been proposed and shelled out (and are still available as an open source solution).

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with librehash

librehash Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @librehash

4 Nov
1/ Once upon a time, CZ promised us that he would never list 'shitcoins'.

Not even if they "pay 400 or 4,000 BTC".

He forgot to mention (about the coins that he did list on his exchange "without fee", that he has extensive ties with each project's community) Image
2/ $NEO was probably listed because of @cz_binance's relationship with Da Hongfei (head of NGC Capital whom is also a seed investor in Binance); these guys go way back - maybe that's why @binance tends to list *almost all* of Da Hongfei's projects.
2a/ Attached, we can see Da Hongfei listed as one of the seed investors in Binance (source: Binance exchange whitepaper ; not the exchange token, but the actual exchange itself) Image
Read 6 tweets
3 Nov
1/ Not in the least bit, and the protocol isn't really designed to operate like Bitcoin (since Bitcoin was created for peer-to-peer payments).

Also, the upside for what Ethereum can / can't do seems to be a hell of a lot more limited than it is for Bitcoin (ironically).
2/ The fact that Ethereum has an account-based transaction system (vs. UTXO) means that all Ethereum wallets must have an incrementally increasing 'nonce' value; the downside here is that this requires one to 'sync' with a node / API running *somewhere* on planet earth
3/ More so to that API point that I made above, the disadvantage here for Ethereum users (in comparison to Bitcoin; don't worry I'll bring up an advanage).

Metamask users, for instance, have their wallets pointed at Infura(.)io's API endpoint.
Read 5 tweets
2 Nov
1/ Since nobody has mentioned this, figured it should be said here : "JPCoin" / J.P. Morgan's digitized bank note (which is essentially what it is), completely fried Ripple's supposed value offering as a blockchain.

Brief article about it here: librehash.org/jpmcoin-the-be…
2/ For years, @Ripple has fed us all the narrative that their token $XRP will one day become the *dominant* solution for cross-border payments by financial institutions. Image
3/ They espoused the same logic in one of their recent blog posts (published September 2020), titled, 'Why Real-Time Cross-Border Payments Are Poised To Breakthrough'

link = ripple.com/insights/why-r… Image
Read 10 tweets
15 Jun
1/ Recently we decided to look at $USDT / #Tether - an entity that consistently outdoes itself with the level of rampant fraud that perpetrated by them in the blockchain space.
2/ Specifically, we want to look at the troubling number of Tether tokens that have been 'minted' over the past two months.

Specifically, from mid-April to mid-May (just one month) - over *3 billion tokens were minted*.
2a/ Perhaps even more troubling is the fact that over one 24-48 hours span, we saw the supply for USDT increase by 2.5 billion.

Yes, billion - you read that correctly.
Read 11 tweets
26 Oct 19
1/ After looking deeper into this issue, there is *enormous cause for concern* as the entity in question on the Bitcoin Cash blockchain essentially has full control over the chain at this point in time. (thread)
2/ Skipping to the chase here, the address in question can be found here (Blockchair) = blockchair.com/bitcoin-cash/a…
3/ For $BTC / $BCH , there is no 'attribution' in block headers.

We can make a very educated guess about who mined a given block from:

A) Address receiving 'coinbase' transaction [block reward]

and/or

B) Mining pools that sign blocks
Read 12 tweets
5 Sep 19
1/ We decided to waste no time in heading directly to the documentation of Hedera Hashgraph - found here: docs.hedera.com/docs/

Specifically, we're going to look at 'key generation'

Ed25519 > secp256k1 (ECDSA) [what Bitcoin uses]
2/ Providing an eclectic range of signatures is somewhat worrisome because the biggest source of compromise among users as it pertains to key generation using these signatures is user error / incorrect implementation.
3/ More important is implementation; visiting the GitHub = github.com/hashgraph/hede…
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!