In this age of hacks and scandals, are passwords really capable of protecting your bitcoins?
Each bitcoin address has a corresponding private key, which enables the owner to spend the bitcoins in it, but this private key also needs protecting.
The private key for your public bitcoin address is crucial, because without it, you will lose access to your coins. You can’t keep this key in your head, though, because it’s a long string of alphanumeric gibberish, which is rather impractical to memorise.
Some people protect their bitcoins by storing them in paper wallets, embedding them in a printed QR code that can be scanned when necessary. That’s a good option, but it leaves the private key physically vulnerable to theft, fire, or coffee.
Another option is to use encrypted passwords, a capability that some bitcoin wallets include. Passwords can also be used to protect other important bitcoin-related assets, such as accounts on an exchange. However, the problem here is that passwords aren’t that secure either: they’re often far easier to crack than you’d expect.
Password cracking software uses dictionary attacks to access passwords by brute force, by trying millions of combinations of known words. Thus, it’s naive to use “password”, “12345”, or the name of your dog as your password – someone, somewhere, will probably have that on a list, unless your dog happens to be called “8%tRuiy0P” rather than “Buffy”.
This Ars Technica article walks through how relatively talentless password crackers can use dictionaries to try and pieces together user passphrases.
But wait – your online exchange or web wallet encrypts your password, so you’re already protected, right?
Don’t be so sure. Many applications that store a password will use what’s known as a hashing function, passing the password through a mathematical calculation to produce a string of characters known as a hash. The software then stores that hash.
Whenever anyone tries to gain access to something by entering a password, (say, a bitcoin private key, or an account on an exchange), the software runs the password through the same hashing function, and then compares the string produced with the string that was originally stored.
No two passwords would produce the same hash – so, theoretically, only people with access to the password could produce a match.
However, as a particular password will always produce the same hash, password crackers can simply hash all of the words in their dictionaries, to produce what’s known as a rainbow table.
That’s a collection of millions of hashes, cross-referenced to the passwords that produced them. That’s how password thieves like those who stole LinkedIn’s list of hashes could decode the passwords. There are techniques, such as password salting and using longer passwords, that can make this lookup process far more difficult, but it’s still useful for password crackers.
Even the seemingly clever passwords or passphrases that you use to protect your bitcoin wallet can be vulnerable to attack. That idea of using random letters or substituting the number ‘1’ for an ‘l’ or an ‘i’? Forget it. The software has rules for testing against that.
Some more savvy people will use two or three words strung together, perhaps with a number or stray letter thrown in. “Angrybadger1125” sounds like a great password, doesn’t it? “When I was a boy I always wanted to be an astronaut” sounds even better. But these passwords aren’t invincible.
Power and efficiency
The problem, as outlined by the University of Cambridge’s Joseph Bonneau, and cited by security guru Bruce Schneier, is that password cracking today is a function of two things: power, and efficiency.
The first means throwing computing power at something (working harder), while the second involves using more sophisticated word matching models (working smarter).
Some people have even mined websites to try and find special interest-related words and passphrases that can be added to lists, and used to augment those huge dictionaries.
“Passwords are the democracy of authentication technologies – they’re the worst thing available, except for everything else,” says Dan Kaminsky, a security researcher most famous for finding what amounted to a zero-day vulnerability for the whole web in the form of a DNS vulnerability in 2008.
So, if you thought your password stood in the way of your private key and an army of online crooks, think again. But the point is that they’re likely to deter enough people to still make them worthwhile.
“The reality is that passwords are highly likely to actually work in the field, which is why we’re addicted to them,” Kaminsky says.
Mike Hearn, one of bitcoin’s core developers, agrees. He gives an example of wallet-stealing malware that was circulating some time ago.
“Adding password-based wallet encryption put a stop to that – even though, in theory, it shouldn’t work very well. Well-crafted malware can log your keystrokes and steal the password, while weak passwords could be brute-forced.”
He continues: “But in practice, it seems to have raised the bar enough to buy time for the development of stronger techniques, like the Trezor.”
Trezor is a hardware device designed to store a master key for accessing your bitcoin wallet, which never divulges any secrets to the host machine. Hearn hopes that this product, or successors to it, will evolve into more general security tools in future.
“A secure display, CPU and buttons in portable form are exactly what is needed to solve many tricky security issues.”
Kaminsky also agrees that hardware currency being built to protect bitcoin users will be useful for other security problems: “I have nothing I can recommend directly, but I expect that to change in a small number of months,” he says.
Hardware has been used for protection before, of course. Two-factor authentication (something you know, plus something you have) is a mainstay of conventional security.
Biometrics (something you are) have also been used to authenticate people, granting them access to privileged resources. But both of these are now fraught with problems, both related to the NSA.
Reports recently surfaced that Apple’s iOS devices are subject to attack from the NSA, which has developed malware which can be implanted on one of the company’s devices and used to access its internal workings.
It isn’t yet clear whether this would enable an attacker to access the biometric fingerprint information on the latest iPhone, but then, hackers have already compromised this, making it largely moot.
What’s more worrying is that encryption technology developed by RSA is now suspected to be back-doored by the NSA, putting huge swathes of currently-used infrastructure at risk. RSA denies collusion, but it doesn’t bode well for at least some commonly-used forms of 2FA.
“2FA is bigger than RSA,” protests Kaminsky, adding:
“You might as well be asking whether security is over because now we know one security company may or may not have known (we have no idea) they were being used in this manner.”
That’s true, but it begs the question: if RSA was back-doored, who else was the NSA also accessing? And who can we trust with 2FA protection?
“There are several proposals for 2FA, many of them being open source (such as Google’s Authenticator) and so less likely to be hiding a backdoor,” says Sergio Lerner, a security expert and frequent contributor to bitcoin’s security efforts. The software inside Trezor is also open source.
“And if you fear that 2FA is not enough, then you can use 3FA (a token, a OTP smartphone app, and a password)!” he says. This multi-channel, out-of-band authentication is a feature of BitGo’s secure wallet.
Cat and mouse
Security is never a zero-sum game. It’s a constant cat-and-mouse game, between those trying to protect systems, and those trying to break them.
There are alternatives to passwords that can work, but design transparency is key. And passwords are unlikely to go away, meaning that we’re going to have to find a way to try and use them properly.
Schneier has some good advice here. “When I was a boy, I ALWAYS wanted to be an airline pilot” isn’t a great choice, but you can make it into a password unlikely to be in any table, by taking the first letters of the words, as long as the software or online app allows the format that it produces.
“WIwab,IAw2ba@p” should keep them fooled for at least a little longer (don’t use this now – choose your own), but is still easy to recall if you know the phrase that it came from.
If you’re storing enough money in a bitcoin address that it would hurt to lose it, and open source 2FA isn’t available, such precautions seem worth the effort, don’t they?
Padlock image via Shutterstock