Security question - how safe is our password/account?
-
@daWallet I'm confident the wallet generated passphrase is safe - the one that got hacked was user (me) generated.
I'll be dead before my passphrases get hacked.
-
so he cant target hack anyone's wallet ... the best anyone could do is set up a prog running the known words in the DB for auto generate wallet and hope to get lucky with brute force.
-
@Gibsalot there are 10 ^ 3400 ( close estimation) potential password phrases - they will not be cracked in our lifetime
-
like the auto generated pass phrase i use the 12 word system and build upon it. for instance ... choose 3 songs take a string of lyrics from each combine them to make 1 string that sounds kinda funny but you can remember it, then proceed to add capital's and numbers however you see fit ...
-
@haitch @daWallet @luxe
Come on guys...
Just check at this moth******** account history,
Just FUDing the forums, just check tread names...edit: deleted that line ;)
Just delete it.
-
Some pretty good info in the above posts to put in the new thread/OP page possibly about the effectiveness of the self generated password and option to even add to that.
So, Thanks! to Elmer Fud... lol
-
@MikeMike said in Security question - how safe is our password/account?:
Some pretty good info in the above posts to put in the new thread/OP page possibly about the effectiveness of the self generated password and option to even add to that.
So, Thanks! to Elmer Fud... lolYou're right ... !
Just delete the guy! ;-)
-
@haitch said in Security question - how safe is our password/account?:
the one that got hacked was user (me) generated.
The account he got into was yours? I even thought that it could be an account of him LOL
I talked with @Zeus about this and i thought he could be done some reverse engeneering in the addresses but he explained me why that is not possible and i rest assured xD
-
@gpedro No - it happened about a year ago. Really insecure password, small miner - lost a few thousand Burst.
Hacking a "normal" passphrase is not realistic.
-
@haitch Oh ok so that address could even still belong to himself and he just wanted to plant the panic xD
I've seen some not good posts of @Jumper in the last few days what would explain a bit if he is just planting the panic xD
-
@gpedro Yeah, I've been getting concerned about what @jumper is doing - a lot of BS issues coming from that account. I've asked him for proof of his "hack" - if I don't get a response the account will go away and the IP will be blocked.
-
Seems a total fudster to me, and should be removed from the forum. He either managed to bruteforce a simple password, or simply blatantly lied... and created an account and said he 'hacked' it.
Either way, he's here to do nothing but ensue panic, and it's pointless. IMO.
If BURST could be hacked, the account sitting with over 100 million coins in it for a full YEAR, would have likely been a great target.
-
@crowetic Or the Polo account (what holds 684,130,592.32 BURST by now) LOOOL
-
my 2 cents :
- either it was his own account
- was a public node wallet...
but then again, i am a tad tech retarded. either way, i concur with the option to delete this thread because account security has never been an issue in NXT, BURST or HZ unless ofc you use your pet name as a password...
-
Think of the service this guy could provide, getting back accounts with forgotten or miss typed passphrases!
How silly lol
Jumper also runs a pool... sounds fishy
-
I guess some / most of us on our first wallet used the auto generated 12 Word phrase, so there are probably a lot of passphrases around of that style?
It would be an interesting experiment for someone to have a piece of code that worked through some of the 12 word groups and checked if any of them gave an in use Burst Address?
It may be highly unlikely but one day someone is going to uses the auto generated passphrase and it's going to pop out with an in uses Burst Address?
Rich
-
Nonsense, Passphrases cannot be Brute-Forced ..
Name inside Demo Wallet is not Russian (apparently Google Translate)
Jumper does not work in security cause those in the field knows something called ethics and methodology which I didn't sense in his presentation. The Aim of presenting a vulnerability or a flaw is basically to offer (or sell) a fix.
If this is true, then its a gold-mine which i fail to understand why he's sharing, in my opinion he's freaking people out nothing more.If someone freaked, they can open Local wallet and choose their passphrase carefully (Or Generate random pass with OpenSSL, but that's an extreme) Print it (Hard Copy) and never store it on Computer (Soft Copy) and Never use it in Online Wallets.
If that's so hard cause you use your wallet often, then open an online wallet for daily use, transfer funds to above wallet and leave what you can afford to be stolen
-
@rnahlawi The risk that I see is not in the likelihood that someone could fluke a passphrase but that there might be a bug in the algorithm that generates the Passphrase in the first place, or that understanding the algorithm could reduce the search needed, or finally that someone could put up a fake piece of software that generates genuine wallets that could then easily be cracked by them?
All of which points at the need for a truly random passphrase, however that is not what most of us will have used for our first wallet. Perhaps the code should be changed and ask for you to insert an additional word?
Rich
-
@RichBC Agree, 1300 word list combination can be cracked by time or with right algorithm.
When you start generating Burst, you will start being creative to protect your investment, stop using defaults for a start ;)
Maybe exporting and importing Private key as an option would be great value
-
@rnahlawi I disagree. 12 words of 1300 in a random order are 128 bit of entropy which is enough. For example Lyrics of a song are way worse.



