Brainflayer: Remembering the Bitcoin Brain Wallet Password Cracker
Brainflayer Can Crack Bitcoin Brain Wallets
Brain wallets have always captivated the cryptocurrency community. Particularly popular among the anti-establishment and security-minded fans of Bitcoin, the concept of a brain wallet is particularly enticing. A brain wallet is, put simply, just a wallet where the details regarding the cryptocurrency wallet is not stored on any central source, but is instead memorized by the owner of the Bitcoins. Though this might seem difficult, the proponents of brain wallets have created hundreds of ways to remember the complex passphrases in order to access what could be millions of dollars in the world’s most popular cryptocurrency.
But security experts have actually found that the brain wallet system is an incredibly dangerous way to store Bitcoins. In addition to the threat of losing the code due to memory failure, debilitating brain injury, or conflation of different passcodes, some experts warn that brain wallets might actually be easier to hack for a nefarious criminal than regular wallets are. According to leading whitehat hackers, there actually exists a program in the status quo that could potentially hack brain wallets with ease, giving evil men access to the coins held inside what the owner perceived to be an uncrackable wallet.
The DefCon hacking conference revealed the work of security expert Ryan Castellucci, who has been working on the release of a program that can crack into brain wallets. The software is called Brainflayer, and it allows hackers to deplete brain-based Bitcoin wallets of all of the funds inside with ease. For long-time followers of the Bitcoin wallets and associated security discussions, this should come as no surprise that someone was able to make such a program. Professionals have warned against the use of brain wallets for quite some time.
A Public Demonstration
This hacker didn’t release his program in order to inspire more criminals to dive into Bitcoin wallets and take the money inside. Instead, it was meant to be a quite public and direct demonstration that brain wallets are simply not a safe way to store information related to Bitcoins stored by a user. Castellucci works for a security company known as White Ops, and he took steps to publicly publish the software online.
Though it might seem counter-intuitive, this kind of whitehat hacker strategy has been used on numerous occasions, inside and outside of the Bitcoin community. By publicly publishing the means to hack large amounts of accounts, the hacker intends to inspire those who still use the brain wallet system to recognize the deep security flaws with their setup and switch to a more secure way of storing their coins.
Brain Wallet Woes
According to Castellucci, the main issue with Bitcoin brain wallets is that humans are, by default, very predictable. Most brain wallets function by allowing users to choose a string of words and numbers to generate their wallet information. For hackers, hacking a Bitcoin brain wallet is as simple as figuring out which words and numbers have been chosen to compose the passphrase.
This seems like it would be hard, but security researchers and psychologists alike agree that humans have a lot of trouble choosing words that are truly unrelated to one another. A hacker simply has to brute force a brain wallet by continually trying words and number combos that are, in some way, related to the terms preceding and following them.
In publicly releasing the cracker, the security professional hoped that more individuals would recognize the fallibility of the brain wallet, and transfer their coins to an actual wallet. Though perhaps they might be more vulnerable to system failures, Castellucci is firm in his conviction that this minimal risk is far better than the threats posed by motivated hackers trying to crack a simple brain wallet.