Security question - how safe is our password/account?



  • i made a test wallet BURST-6VMU-X4YC-523C-H4PTE i dont plan on using it crack it if you can ... named it test wallet funded with 5 burst from faucet



  • @Jumper said in Security question - how safe is our password/account?:

    @BenBurst

    Well, it is illegal if I use it in malicious way.

    However, as I have previously written, I wanted to see how secure is. Result is not secure.

    Everyone interpet this the way they want. As for me, I will convert BURST to BTC, which is way more secure.

    That was my last post here. Sorry.

    You brute force 2 addresses with almost nothing on it , and Im pretty sure with auto-generated passwords and you say that Burst is not secure ?

    eheh, you're a good one.



  • If he worked in security as I do, he should know that every password, email, service, can be hacked in a way or another, he says BTC is far more secure, yet BTC had far more money stolen than any other cryptocurrency. And many many times, it's only the fault of the user for using passwords like the ones @luxe said.

    Using only a passphrase is far more secure than using an username/password while the username is already known and the password is only a couple of brute force minutes/hours away (like a 5 or less length password, very often used).

    Happy to see you leave. Good Bye! ^_^



  • This is a real problem. If you let the wallet generate your password, it can be easily guessed. Try making your own password, like "HelloThisIsMy_passWORDandNOONE_should__guess____it12345". The example above is very secure because it has 55 character length and contains numbers and _. It's almost bruteforce-proof.



  • @Miky yes, I was just talking to @gpedro about this. I would not recommend using the generated words, why? Because anyone can download the wordlist from the GitHub page, and that way the brute force can take less time than a completely random generated passphrase, me I use a password generator and have something like this for my string:

    $eS3pnf7Zpl!@UtW1A@G3%L%y?@?z$Hy.wz1MrVj$bFoFGWk-V.X]%[m[h5BzlBG4D!)uf[!cfVP-!?i2c^BdEG6YM3iYtqJuqyRH%4qZw}4pJ0iH!ibuPSQC%9^F^rXc8SQuzN$is!@^Wp@j#jJXZ{mtpRXXw0@Sytp%wKrHYtB}^[)MR2x(JGwk5J[cFUJ?RzQgC5j-Rd@5Gtz.A8XP%8FcmImb4DcMkZ*KtmE}#M@*JmWALppyrYJ{e)r

    Imagine trying to find that with brute force oufff many years lost just trying without success. And no, that's not the length I use either. So never discuss the length of your passphrase, like for example for a brute force here, people can already own the wordlist and even know how many words are used (12) so you only need to do is try all the possible combinations of words with a phrase of 12 words each.

    Still, this can take a very long time to accomplish, but not as secured as when the "hacker" doesn't know anything about your passphrase.

    I still have some autogenerated wallets, and I'm not very concern about the "safety" of them even if I hold more than 200k on those, but I know that the risk is extremely low.


  • admin

    @Zeus said in Security question - how safe is our password/account?:

    $eS3pnf7Zpl!@UtW1A@G3%L%y?@?z$Hy.wz1MrVj$bFoFGWk-V.X]%[m[h5BzlBG4D!)uf[!cfVP-!?i2c^BdEG6YM3iYtqJuqyRH%4qZw}4pJ0iH!ibuPSQC%9^F^rXc8SQuzN$is!@^Wp@j#jJXZ{mtpRXXw0@Sytp%wKrHYtB}^[)MR2x(JGwk5J[cFUJ?RzQgC5j-Rd@5Gtz.A8XP%8FcmImb4DcMkZ*KtmE}#M@*JmWALppyrYJ{e)r

    Yep however generated, thats how a password for secure account should look like :-)



  • IF you go to the plethora of email accounts you will find many with passwords that are easily hacked because people use their pet names etc. This can be the case here or am I mistaken?


  • admin

    @MikeMike I had a test account with a weak password - only 16 characters - it got hacked.Brute forcing is possible, but if you use the wallet generated passwords, you're pretty safe. You can always append to the recommended one to make it even harder.


  • admin

    @Jumper tell me, and just me how you did it, or your post is just FUD and I'll delete this thread. If there is a reproducible way to compromise an account, tell me what it is.



  • @haitch and we will fix it :) or at least someone from devs :D


  • admin

    @Zeus From memory there are about 1,300 words in the wallet dictionary for generating passwords. That gives a password complexity of about: 3.15951902191631E+3485 - that's 3 followed by 3,485 0's possible passphrases. For comparison, the upper range for the number of atoms in the entire universe is around 1E+82

    I'm too tired to do the math to work out how much more complex the possible passphrases are - but trust me, it's a friggin lot - more than the atoms in the universe ........



  • @haitch Good idea, just delete this, because it only just get people scared of things that should not be a concern, everyone knows that a freaking "123456" password is hackable, here and anywhere else.

    Yes I know that there is A LOT of generated words possibilities, even with that it's extremely hard to get an active working burst wallet.
    I still hold some pre-generated passphrases.


  • admin

    @Zeus I'll give @Jumper an opportunity to respond - but if he doesn't provide proof, then this is gone.



  • you can but you should not delete such threads!

    @Jumper If you can and are able to do so, please help! Otherwise such a comment is just plain bashing!
    And maybe, just maybe you've got that passphrase from someone accidentally pasting it into your local chat?!
    A bit like you did some months back;-)



  • @haitch said in Security question - how safe is our password/account?:

    @MikeMike I had a test account with a weak password - only 16 characters - it got hacked.Brute forcing is possible, but if you use the wallet generated passwords, you're pretty safe. You can always append to the recommended one to make it even harder.

    This is the method I personally use "append the generated password" and saw they were so far bullet proof so added to them. For some reason I never use anything self generated if there is an option not to.


  • admin

    The auto generated passphrase with 12 words from the list of 1300 words is safe until the sun explodes. It has exactly an entropy of 128 bit. Everybody who is interested should look up "entropy 128 bit" for further information.

    I can do this magic trick also:

    http://burstcoin.biz/address/6578204074179904234

    Tadaa


  • admin

    @daWallet I'm confident the wallet generated passphrase is safe - the one that got hacked was user (me) generated.

    I'll be dead before my passphrases get hacked.



  • so he cant target hack anyone's wallet ... the best anyone could do is set up a prog running the known words in the DB for auto generate wallet and hope to get lucky with brute force.


  • admin

    @Gibsalot there are 10 ^ 3400 ( close estimation) potential password phrases - they will not be cracked in our lifetime



  • like the auto generated pass phrase i use the 12 word system and build upon it. for instance ... choose 3 songs take a string of lyrics from each combine them to make 1 string that sounds kinda funny but you can remember it, then proceed to add capital's and numbers however you see fit ...


Log in to reply
 

Looks like your connection to Burst - Efficient HDD Mining was lost, please wait while we try to reconnect.