![]() So, there's an interesting negotiation that takes place."ĭougherty got his start in cryptocurrency cracking in 2017, after reading a Reddit post from someone who wanted to brute force their way into their own Ethereum wallet. It's more of a give-up state where it's no longer worth my time or their time to keep iterating on this, to keep my cracking rig running. "I could keep trying indefinitely on anything. "There is no fail state, right?" he said. Sometimes, however, Dougherty cuts a project off after a few months, before finding the proper password, and he and the client go their separate ways. Still, it can take months to crack a password. Dougherty happens to have the practical knowledge, and his rig is significant: It's running a 1080 Ti graphics card with a 16-core CPU and 64GB of memory. These programs are free and publicly available, but most folks don't have the hardware or the programming expertise to put them to use. On GitHub, he describes expandpass as, "useful for cracking passwords you kinda-remember." ![]() "Over email I just repeatedly ask the person and help massage it out of them where it's not clicking, to break down why the things that they think their password might be, are."ĭougherty then uses a mix of the password-cracking software hashcat and a program he built, called expandpass, which runs through varying, controlled permutations of specific words and symbols, but on a massive scale. "Maybe, instead of choosing your favorite city, you chose your favorite movie or an actor or your name, or something like that," Dougherty said. ![]() Do they usually capitalize letters or change some to numbers? Do they use their birth year, a favorite location or special symbols? People come to him and willingly answer personal questions about their password habits. Ethereum's security protocols may be solid on a technical level, but they can't stop someone from figuring out a password simply by asking the owner what it is, or tricking them into dropping clues. In a phishing attack, a hacker attempts to gather information about someone without their consent, commonly through compromised email links and official-looking forms. Not now Turn on Turned on Turn onĮssentially, you go phishing. You can disable notifications at any time in your settings menu. So the only way to fix that problem, I guess, is to find clever ways to try using that same hash to try and reproduce the complicated output." And because there's no company interface, there's no one that can help you reset that password if you forget it. "You say, I'm creating a wallet with the password 'banana', and it turns into this mess of a key. "With Ethereum, because it's decentralized, you actually do all this on your own computer and it doesn't even touch the internet," Dougherty told Engadget. However, as Dougherty's clients have discovered, Ethereum's security system is tight. The idea is that it's impossible to reverse-engineer the hash to unlock a user's base password, though a handful of algorithms have been compromised over the years, including MD5 and SHA1. To get specific, Ethereum wallets use a password-based key derivation function, meaning users input a unique password they can (theoretically) remember, and in return, they receive a key that serves as a unique, secure authorization code. There's no customer support hotline for Ethereum, no security questions to answer, no "Forgot password?" link.Ĭryptocurrency security relies on hashing algorithms that transform a traditional password, such as "banana$123," into a unique string of numbers and letters, called a hash. These people are, essentially, shit out of luck. ![]() Meanwhile, back at home, Dougherty is the shepherd of a program that's constantly running down ways to break into other people's cryptocurrency wallets.ĭougherty works with folks who have lost, forgotten or incorrectly written down their Ethereum passwords, locking themselves out of their wallets and forfeiting the digital cash that's lurking within. By day, he's a software developer at the University of Wisconsin, building free educational games and conducting research on the ways people play them. Phil Dougherty has a side hustle as a friendly hacker. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |