Regarding the recent theft of Burst accounts
-
@delords Using a 12 word passphrase out of 1600+ possible words would require more time than the universe has existed to crack. Throw in some uppercase letters, numbers, symbols and the task become exponentially harder. If you use a secure passphrase you're safe. I had a test account with an unsecure passphrase, and it got hacked - lesson learned. I take the system generated passphrase and tweak it a little - it's basically uncrackable.
-
@haitch Is it possible to somehow change the passphrase of an account? Or do I have to make a new one and transfer all the assets and all my burstcoin to a new one?
-
@theoneandonely It's not possible to change your passphrase, because your address is generated from your passphrase. You'd need to create a new account and transfer your Burst and assets to it.
-
Remember that hacking comes from an external system to burst, but hey as we should know all the total security on the internet does not exist unfortunately, but if you apply a little common sense will complicate things a lot these bastards.
The bad thing is that as humans we are we make a lot of mistakes and I say it from my own experience ;)
-
btw. you can also use Keepass2 or similar to store your passwords and generate them! And make them however long you want! (I think!)
-
@haitch Thanks and noted. I will open another account and tweak the phrase asap.
-
@nixxda i use keepass but it didnt stop me from getting infected by this bad boy.
luckily antilogger encrypted all my key-presses so the majority of the shit they got was nonsense.
below is an example of what i saw when i opened the files that was logging all my shit
:: dclogs (22:36:10) :: @MikeMike - Discord (22:36:13) :: @Focus - Discord (22:36:29) :: Clipboard Change : size = 18 Bytes (22:36:29) sadasadasdadasdasd :: Sign in to your account - Google Chrome (22:37:13) :: Clipboard Change : size = 16 Bytes (22:37:13) 54d56s4da65s5d :: (22:37:27) :: Discord Notifications (22:37:36) :: New Tab - Google Chrome (22:37:52) [<-][<-] :: OTC OldTimer's Clean-It Download - Geeks to Go Forum - Google Chrome (22:39:02) :: Untitled - Google Chrome (22:39:05)with this virus. it can easily steal your keepass passwords from your clipboard.
-
Now I am freaking out.
I just created a new wallet with a presumed more stronger passphrase.
Visited a faucet for free activation coin.
Named it and transferred my burst to it but nothing is showing in my Recent transaction talk less of coins in the new wallet.
Help me out.
-
@delords Please tell us your Account IDs to help you.
-
lol
What a day!? Finally showed up.
-
Sorry for your loss.
Once you get your security back fully let us know so we can send some bits and that goes for others as well.
Appreciate all the work you and those who helped you get to the bottom of this and your further reporting important facts we all could benefit from.
-
I recently started using KeePass and I love it. I ordered some cheap flash drives from newegg and I will be creating separate Burst accounts to be stored in a KeePass encrypted database, then duplicating those databases onto the flash drives to be stored in multiple safe locations. These passwords will never touch a cloud and all transactions will be handled by my own local wallet.
In my opinion, the password should be encrypted anywhere and everywhere it can be encrypted - even when doing local wallet transactions, even when storing it in a properties file for the miners. Security is all about taking precautions you don't necessarily HAVE to take and since attacks can come from places you can't think of, I take the philosophy of plug every hole you can even if you don't think you need to.
For me, it's important to note that both of these successful attacks circumvented the encrypted password by gaining access to the password at a point where it was not encrypted. Neither attack was able to break or compromise the encryption of the Burst network itself in any way.
-
This post is deleted!
-
This post is deleted!
-
@Focus The topic here: "Regarding the recent theft of Burst accounts "
Discussion about "court data technologies" here: https://forums.burst-team.us/topic/3853/court-data-technologies
-
@croydan1 I missed this post earlier, but having the dictionary words listed is not a problem.
There are from memory 1664 words in the list it uses, the number of permutations of 12 of those words ( Permutation = ordered list ) is 433,086,275,460,543,172,562,465,902,777,223,577,600 (4.3 x 10 ^ 37).
Testing 100,000 pass phrases per second would take on average 6,817,605,276,509,386,098,427,194.3176053 Years to find a specific pass phrase.
You'd need to be able to test 100 Quadrillion (10 ^ 15) passphrases/second to get it down to the 6 Billion years range .....
Adding numbers, upper case and symbols increases that exponentially as you can no longer test just the 1664 words.
-
@haitch and to @all I know that this is correct but i was very tired I had a rough day and the theft just set me off into a poor mood, with that said yes I agree that with that many words it makes it almost impossible I was in some way just trying to get across to just take more precaution and I did not convey that thought in a logical written way so I do truly apologize I want all of you to know that I am not here to create or cause panic in anyway shape or form.
Apologies,
Croydan
-
@croydan1 Nothing to apologize for.
-
@Lexicon
I sent a little New silver over to you, get you back on track again so to speak. :)
-
the auto generate pass phrase is secure , it's tec not impossible to be brutforce hacked but the luck factor of a prog hiting the right combo of words would be like going out and buying a million lotto tickets and all million of them being winner's. no one would ever try to use this method to traget a single account as that is even more difficult by a huge factor. anyone who would attempt it would only be leting it run in the hopes of hitting the lotto.
for our wallets security they are far more at risk from leaving info as word doc's on your comp and open to key logger's virus's or people who you personaly know that may see it as a fact buck.
if you do want even more security like i do follow the guide lines of the auto generator but use words not in the list and give it some complexity with number's cap's symbols , just never use a shorter pass phrase than recomended




