Given how complex bitcoin is to explain, you would expect anyone owning the currency to have a good understanding of what makes a strong password. While the rest of us choose '123456' – the most popular password for six years running – cryptocurrency traders should have bulletproof security.
Not so fast. A group of computer security researchers, including two from University College London, found many bitcoin users rely on simple, easily guessable passwords to lock the digital wallets used to store the currency. Using £40-worth of Amazon cloud computing, they were able to quickly make one trillion guesses, cracking 18,000 passwords.
Some bitcoin users choose to secure their money with so-called 'brain wallets'. These are passwords resembling simple phrases which are then converted using an algorithm into a 256-bit number. This number, far longer than the original passphrase, is then used as the password to their bitcoin wallet. Despite the extra step here, a simple fact remains: know the passphrase, unlock the wallet.
Using an Amazon EC2 cloud computing account, giving them more power than a regular computer, and software designed to guess common passwords, the researchers were able to guess 500,000 phrases per second. For every $1 (£0.70) spent on the system, an attacker trying to break into a bitcoin wallet this way could make 17.9 billion guesses in what is known as a brute-force attack.
The team were able to crack some "quite difficult" passwords, but the selection they chose to publish, below, shows how simple many of them were. The researcher's conclusion is a simple one: "Our research demonstrates again that brain wallets are not secure and no one should use them."
- say hello to my little friend
- to be or not to be
- Walk Into This Room
- party like it's 1999
- andreas antonopoulos
- Arnold Schwarzenegger
- for the longest time
- captain spaulding