Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.

The Quest to Liberate $300,000 of Bitcoin From an Old ZIP File

posted by Fnord666 on Tuesday August 11 2020, @03:08PM   Printer-friendly
from the as-the-bitcoin-turns dept.

upstart writes in with an IRC submission:

The quest to liberate $300,000 of bitcoin from an old ZIP file:

In October, Michael Stay got a weird message on LinkedIn. A total stranger had lost access to his bitcoin private keys—and wanted Stay's help getting his $300,000 back.

It wasn't a total surprise that The Guy, as Stay calls him, had found the former Google security engineer. Nineteen years ago, Stay published a paper detailing a technique for breaking into encrypted zip files. The Guy had bought around $10,000 worth of bitcoin in January 2016, well before the boom. He had encrypted the private keys in a zip file and had forgotten the password. He was hoping Stay could help him break in.

In a talk at the Defcon security conference this week, Stay details the epic attempt that ensued.

[...] "If we find the password successfully, I will thank you," The Guy wrote with a smiley face. After an initial analysis, Stay estimated that he would need to charge $100,000 to break into the file. The Guy took the deal. After all, he'd still be turning quite the profit.

[...] That's partly why the work was priced so high. Newer generations of zip programs use the established and robust cryptographic standard AES, but outdated versions—like the one used in The Guy's case—use Zip 2.0 Legacy encryption that can often be cracked. The degree of difficulty depends on how it's implemented, though. "It's one thing to say something is broken, but actually breaking it is a whole different ball of wax," says Johns Hopkins University cryptographer Matthew Green.

From a massive pool of passwords and encryption keys, Stay was able to narrow it down to something on the order of quintillions.

[...] By February, four months after that first LinkedIn message, they queued it all up and started the attack.

That initial attempt took 10 days to run... and did not work. Further sleuthing finally uncovered a bug. They were, ultimately, able to successfully extract the contents.

Original Submission

 
This discussion has been archived. No new comments can be posted.
The Quest to Liberate $300,000 of Bitcoin From an Old ZIP File | Log In/Create an Account | Top | 51 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 2, Offtopic) by barbara hudson on Tuesday August 11 2020, @03:40PM (32 children)

    by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Tuesday August 11 2020, @03:40PM (#1034964) Journal

    It's every idiots goto password. Or 42, which is the answer to the question "What was the jersey number of Jackie Robinson, the first black baseball player to break the Major League Baseball colour barrier."

    --
    SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

    • (Score: 2, Touché) by Anonymous Coward on Tuesday August 11 2020, @03:48PM (27 children)

      by Anonymous Coward on Tuesday August 11 2020, @03:48PM (#1034971)

      Or 42, which is the answer to the question "What was the jersey number of Jackie Robinson, the first black baseball player to break the Major League Baseball colour barrier."

      Correction: As any literate geek knows, 42 is the answer to "what do you get when you multiply six by nine".

      • (Score: 2) by DECbot on Tuesday August 11 2020, @04:23PM (23 children)

        by DECbot (832) on Tuesday August 11 2020, @04:23PM (#1034986) Journal

        6x9=42?

        Did I miss an issue of the new math journal? Last I read 6x9 is 56. Maybe you mean 6x7?

        --
        cats~$ sudo chown -R us /home/base

        • (Score: 2) by barbara hudson on Tuesday August 11 2020, @04:28PM (14 children)

          by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Tuesday August 11 2020, @04:28PM (#1034990) Journal
          You're assuming base 10. Try 13.5 (at least that's the radix I got when I worked it out in my head. I could be wrong. And yes, fractional radixes are not supposed to be a thing, but consider it the NEW new math).
          --
          SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

          • (Score: 3, Funny) by barbara hudson on Tuesday August 11 2020, @05:00PM (11 children)

            by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Tuesday August 11 2020, @05:00PM (#1035014) Journal
            Correction : radix of 13. A radix of 13.5 gives 40. But I'm still claiming dibs for the invention of fractional bases.
            --
            SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

            • (Score: 2) by RS3 on Tuesday August 11 2020, @05:45PM (2 children)

              by RS3 (6367) on Tuesday August 11 2020, @05:45PM (#1035039)

              "fractional radix" -- my head hurts. I'm back to hating math like I did in college.

              • (Score: 2) by barbara hudson on Tuesday August 11 2020, @06:17PM (1 child)

                by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Tuesday August 11 2020, @06:17PM (#1035068) Journal
                Turns out the original poster made a typi^Wtypa^Wmistake. I thought it might be some sort of hidden puzzle. Now I'm bummed out. :-(
                --
                SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

                • (Score: 2) by RS3 on Wednesday August 12 2020, @02:21AM

                  by RS3 (6367) on Wednesday August 12 2020, @02:21AM (#1035356)

                  Bummed out? When I first saw your analysis I thought "makes sense" and "another math thing beyond me". Many of life's great innovations have been stumbled upon, or at least motivated by unintended circumstances (mistakes?). Now you just need to apply for a math research grant and show us how it's done. :)

                  It may help to work on moving a decimal point, uh, partially. You know, 0.4 places and such. You'll figure it out.

            • (Score: 0) by Anonymous Coward on Tuesday August 11 2020, @09:50PM (4 children)

              by Anonymous Coward on Tuesday August 11 2020, @09:50PM (#1035193)

              Sorry, you didn't create fractional radix systems first. You were beat by thousands of years. The golden ratio base is probably the widest used and formally studied.

              • (Score: 4, Insightful) by barbara hudson on Tuesday August 11 2020, @11:54PM (3 children)

                by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Tuesday August 11 2020, @11:54PM (#1035270) Journal
                I figured that out later. But at least it means I can deduce things I didn't know from first principles, instead of depending on rote. I'll give myself 0.25 points for creativity.
                --
                SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

                • (Score: 2) by SemperOSS on Wednesday August 12 2020, @06:49AM (2 children)

                  by SemperOSS (5072) on Wednesday August 12 2020, @06:49AM (#1035428)

                  0.25 points? You're probably showing off by giving yourself the points in base 0.14159265.

                  That is more than 263.5 points in base ten … I think.


                  --
                  I don't need a signature to draw attention to myself.
                  Maybe I should add a sarcasm warning now and again?

                  • (Score: 3, Interesting) by barbara hudson on Thursday August 13 2020, @12:54AM (1 child)

                    by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Thursday August 13 2020, @12:54AM (#1035909) Journal
                    It's in base 20 - I took my runners and socks off :-)

                    So a very very small quantity indeed, and still probably too generous. But that's okay - my doggies still love me. As long as I walk them, and share my food and bed with them so they can wake me up every few hours , they're happy. They teach me patience, but when they wake me at 4am it's pretty much impossible to get back to sleep, so I read Wikipedia This Day in History and follow interesting stuff down the rabbit hole for an hour or two. I highly recommend it (not waking up at 4 am though, unless you have to get up to pee).

                    Would be interesting to see if school age kids learning at home could benefit from such an unstructured approach, where they just followed their interests.

                    --
                    SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

                    • (Score: 2) by SemperOSS on Thursday August 13 2020, @07:49AM

                      by SemperOSS (5072) on Thursday August 13 2020, @07:49AM (#1036032)

                      My entrance to the rabbit hole was my (long departed) Dad, who would, when we asked a question at the dinner table (or wherever) take us by the hand to the encyclopedia and let us find the right place ourselves, which often failed as we would get sidetracked by some interesting facts on the way.

                      Like you, I am still pursuing that way to “entertainment” when I am exposed to places that provide the means. (Even Reddit, but don't tell anyone I go on there.)


                      --
                      I don't need a signature to draw attention to myself.
                      Maybe I should add a sarcasm warning now and again?

            • (Score: 2) by D2 on Tuesday August 11 2020, @09:53PM (2 children)

              by D2 (5107) on Tuesday August 11 2020, @09:53PM (#1035196)

              Bad news... https://en.wikipedia.org/wiki/Non-integer_base_of_numeration [wikipedia.org]

              • (Score: 2) by barbara hudson on Tuesday August 11 2020, @11:51PM (1 child)

                by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Tuesday August 11 2020, @11:51PM (#1035269) Journal
                Yeah, I know, looked it up to see if it existed. Sux 2 B me :-) But at least it was a valid idea, just too late.
                --
                SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

                • (Score: 2) by RS3 on Wednesday August 12 2020, @02:24AM

                  by RS3 (6367) on Wednesday August 12 2020, @02:24AM (#1035360)

                  And you did it independent of that knowledge.

                  If I had a nickle for everything I've invented that's already been invented, well, I'd have some nickles.

          • (Score: 3, Insightful) by hendrikboom on Tuesday August 11 2020, @07:35PM (1 child)

            by hendrikboom (1125) Subscriber Badge on Tuesday August 11 2020, @07:35PM (#1035111) Homepage Journal

            Try arithmetic to the basis sqrt( - 2 ). It was mentioned once in the Scientific American. The say coming up with trial divisors for long division required inspiration.

        • (Score: 0) by Anonymous Coward on Tuesday August 11 2020, @04:37PM (3 children)

          by Anonymous Coward on Tuesday August 11 2020, @04:37PM (#1034997)

          Haha, try again!

          • (Score: 3, Funny) by DECbot on Tuesday August 11 2020, @04:39PM (2 children)

            by DECbot (832) on Tuesday August 11 2020, @04:39PM (#1034999) Journal

            yeah, my bad. 6x7 is 54. Sorry for the typo.

            --
            cats~$ sudo chown -R us /home/base

            • (Score: 0) by Anonymous Coward on Tuesday August 11 2020, @05:18PM (1 child)

              by Anonymous Coward on Tuesday August 11 2020, @05:18PM (#1035023)

              Try again, again?

              • (Score: 0) by Anonymous Coward on Wednesday August 12 2020, @04:10AM

                by Anonymous Coward on Wednesday August 12 2020, @04:10AM (#1035387)

                Probably using an Intel processor.

        • (Score: 3, Informative) by KilroySmith on Tuesday August 11 2020, @04:40PM (1 child)

          by KilroySmith (2113) on Tuesday August 11 2020, @04:40PM (#1035000)

          With your username, it is with delight that I say:
          whoosh!
          Missing this is forgiveable for the millenials of our time, but not a person of your august nature.

          I heartily recommend to you:
          https://www.amazon.com/Ultimate-Hitchhikers-Guide-Galaxy/dp/0345453743 [amazon.com]

          • (Score: 0) by Anonymous Coward on Tuesday August 11 2020, @09:58PM

            by Anonymous Coward on Tuesday August 11 2020, @09:58PM (#1035199)

            Missing this is forgiveable for the millenials of our time,

            It is not.

        • (Score: 1, Informative) by Anonymous Coward on Tuesday August 11 2020, @05:37PM

          by Anonymous Coward on Tuesday August 11 2020, @05:37PM (#1035034)

          I always thought there was something fundamentally wrong with the universe!!!

        • (Score: 0) by Anonymous Coward on Thursday August 13 2020, @04:38AM

          by Anonymous Coward on Thursday August 13 2020, @04:38AM (#1035992)

          The 6x9's in my car are 42 watts.

      • (Score: 2) by barbara hudson on Tuesday August 11 2020, @04:25PM

        by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Tuesday August 11 2020, @04:25PM (#1034988) Journal
        Isn't a radix of 13.5 a bit of a cheat :-)
        --
        SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

      • (Score: 1, Insightful) by Anonymous Coward on Tuesday August 11 2020, @06:13PM

        by Anonymous Coward on Tuesday August 11 2020, @06:13PM (#1035065)

        Correction: As any literate geek knows, 42 is the answer to "what do you get when you multiply six by nine".

        Damn straight. You know this. I know this. The question is, why isn't the lib'rul media telling you this?

        What do they have to hide? Why do they insist on telling you that six times nine is 54? Why the unfair bias against alternative truths?

      • (Score: 0) by Anonymous Coward on Wednesday August 12 2020, @07:11PM

        by Anonymous Coward on Wednesday August 12 2020, @07:11PM (#1035725)

        People just don't understand what a hoopy frood the OP is... so unhip their bums fall off.
        A confusing guide for the confused [stackexchange.com].
        slightly less confusing [spooniom.com]

        Or for those who hate links...

        In the Hitchhiker's Guide trilogy, specifically The Restaurant and the End of the Universe [wikipedia.org] they know from a tremendous supercomputer that the Answer to the Ultimate Question of Life, the Universe, and Everything is 42 but do not know the actual question itself. The computer designed to discover that question is the Earth, destroyed right before the 'read out' was to occur. Figuring that the question (or a corruption or derivation) is inside a surviving Earthman's mind he draws tiles from a homemade stone Scrabble set from a bag. It spells out, "What do you get when you multiply six by nine?" Now you know, all at the expense of a long pedantic explanation and won't have to be entertained by the writing of Douglas Adams instead.

    • (Score: 0) by Anonymous Coward on Tuesday August 11 2020, @04:05PM

      by Anonymous Coward on Tuesday August 11 2020, @04:05PM (#1034980)

      Damn it, that's the password to my p̶o̶r̶n̶cats.zip file.

    • (Score: 2) by Tokolosh on Wednesday August 12 2020, @02:55PM (2 children)

      by Tokolosh (585) on Wednesday August 12 2020, @02:55PM (#1035559)

      Jackie Robinson's middle name was Roosevelt, after Theodore of that ilk. Teddy has been canceled, due to being racist/imperialist/sexist/unwoke/whatever. Therefore Jackie is also on the shitlist and is dead to us, canceled, deplatformed. The fact that you mention Robinson means that you are a despicable person and must apologize before and after being sent for re-education.

      • (Score: 0) by Anonymous Coward on Wednesday August 12 2020, @09:31PM (1 child)

        by Anonymous Coward on Wednesday August 12 2020, @09:31PM (#1035805)

        Kind of hurts that the loss of white privilege is happening on your watch, doesn't it? It's looking less likely, but maybe come November you'll be able to keep those "undesirables" *nudge nudge, wink wink* out of your suburbs for another four years. But you're going to have to come up with some new ways to keep them "undesirables" *nudge nudge wink wink* from being able to cast votes.

        • (Score: 2) by barbara hudson on Thursday August 13 2020, @12:38AM

          by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Thursday August 13 2020, @12:38AM (#1035894) Journal
          After today's pick of Kampala Harris as Vp2020, it's going to be a landslide. Plenty of "white suburban housewives" that Trump is trying to get afraid of integration by PoC admire her for her performances during both the Kavanaugh confirmation hearings and the presidential debates. This is the first election where people will be voting for both the 46th and 47th presidents on the same ticket, since Biden will only run once.
          --
          SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.

  • (Score: 3, Interesting) by drussell on Tuesday August 11 2020, @03:52PM (6 children)

    by drussell (2678) on Tuesday August 11 2020, @03:52PM (#1034974) Journal

    I'm pretty sure I mined some coin in the very, very early days on a couple of the machines that I used to run the rc5des challenge on, just testing it out, but I never thought it would really go anywhere so I forgot about them. They're probably long lost on some abandoned hard drive somewhere around here or, more likely, erased forever.

    Oh well, hindsight is much closer to 20/20 than my crystal ball. :(

    • (Score: 2) by DECbot on Tuesday August 11 2020, @04:29PM (2 children)

      by DECbot (832) on Tuesday August 11 2020, @04:29PM (#1034991) Journal

      I got a bargain on my obsidian crystal ball. Though I admit I don't have the skill to use it for predictions. It always appears dark, cloudy, or obstructed.

      --
      cats~$ sudo chown -R us /home/base

      • (Score: 2) by DECbot on Tuesday August 11 2020, @04:31PM

        by DECbot (832) on Tuesday August 11 2020, @04:31PM (#1034992) Journal

        But it does look pretty awesome at the bowling alley.

        --
        cats~$ sudo chown -R us /home/base

      • (Score: 2, Touché) by Anonymous Coward on Tuesday August 11 2020, @04:46PM

        by Anonymous Coward on Tuesday August 11 2020, @04:46PM (#1035003)

        dark, cloudy, or obstructed

        Sadly, that's just what the future is.

    • (Score: 0) by Anonymous Coward on Tuesday August 11 2020, @05:26PM (1 child)

      by Anonymous Coward on Tuesday August 11 2020, @05:26PM (#1035028)

      I'm pretty sure I mined some coin in the very, very early days on a couple of the machines that I used to run the rc5des challenge on, just testing it out, but I never thought it would really go anywhere so I forgot about them. They're probably long lost on some abandoned hard drive somewhere around here or, more likely, erased forever.

      Oh well, hindsight is much closer to 20/20 than my crystal ball. :(

      I know I did this, back when you could mine with a CPU. Who would have thought it would actually become something other than a math exercise?

      • (Score: 0) by Anonymous Coward on Tuesday August 11 2020, @05:52PM

        by Anonymous Coward on Tuesday August 11 2020, @05:52PM (#1035041)

        I think a fair amount of us, or people like us, did that in the beginning but then didn't really think it would amount to much or was worth next to nothing so it was just discarded.

    • (Score: 2) by ledow on Tuesday August 11 2020, @07:01PM

      by ledow (5567) on Tuesday August 11 2020, @07:01PM (#1035095) Homepage

      At one point I owned a whole Bitcoin.

      I think over the ten years or so I had it it was spent on video games and gift cards (only really practical way to turn it into real money - my banks won't accept payments from almost any Bitcoin exchange).

      The remainder of it I cashed in for a £30 gift card. It cost me almost nothing, made profit. Sure, if I could have kept hold of it with perfect foresight, it would be worth thousands. But I can say that about an awful lot of things.

  • (Score: 1, Troll) by Anonymous Coward on Tuesday August 11 2020, @04:46PM (1 child)

    by Anonymous Coward on Tuesday August 11 2020, @04:46PM (#1035002)

    Crypto should have a small account maintenance fee. There is an associated cost to maintaining an account, it's not free. For example banks sometimes charge such fees as well. The proceeds of the fees should go to those that are mining/verifying transactions. That way the currency can go back into circulation instead of contributing to unpredictable deflation that's hard to account for because who knows for sure which coins are still useful and which aren't.

    • (Score: 1, Informative) by Anonymous Coward on Tuesday August 11 2020, @05:53PM

      by Anonymous Coward on Tuesday August 11 2020, @05:53PM (#1035042)

      there's probably a coin that does things the way you envision. Crypto projects have all kinds of consensus algorithms service infrastructure and economic systems. you can check out coinmarketcap.com and go to each coin's website to see what all they do. you might be surprised how much all these projects are doing.

  • (Score: 2) by iWantToKeepAnon on Tuesday August 11 2020, @05:12PM (3 children)

    by iWantToKeepAnon (686) on Tuesday August 11 2020, @05:12PM (#1035019) Homepage Journal

    After all, he'd still be turning quite the profit.

    Um, no. More like:

    After all, he'd be reducing his total loss.

    --
    "Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy

    • (Score: 2) by Osamabobama on Tuesday August 11 2020, @06:03PM (2 children)

      by Osamabobama (5842) on Tuesday August 11 2020, @06:03PM (#1035052)

      $300,000 sale price, minus $10,000 purchase price equals $290,000 gross profit. Expenses of $100,000 reduce net profit to $190,000.

      --
      Appended to the end of comments you post. Max: 120 chars.

      • (Score: 2) by iWantToKeepAnon on Tuesday August 11 2020, @09:09PM (1 child)

        by iWantToKeepAnon (686) on Tuesday August 11 2020, @09:09PM (#1035165) Homepage Journal

        Except the 300k is already in his wallet ... although misplaced; he just paid a finder fee. Besides that, I think your values are off:

        In the end, the infrastructure costs to run the attack were $6,000 to $7,000 instead of the roughly $100,000 they had originally estimated, Foster says. The Guy paid about a quarter of the original price tag.

        Sounds like he paid $25k; which is a bargain but $0 would have been better by writing down the password.

        --
        "Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy

        • (Score: 3, Touché) by FatPhil on Wednesday August 12 2020, @06:03AM

          by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Wednesday August 12 2020, @06:03AM (#1035423) Homepage
          > Except the 300k is already in his wallet

          Nonsense. The wallet contained neither dollars nor proxies thereof.
          --
          Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves

  • (Score: 0) by Anonymous Coward on Tuesday August 11 2020, @05:29PM (2 children)

    by Anonymous Coward on Tuesday August 11 2020, @05:29PM (#1035030)

    I thought that was ultra weak and crackable within hours.

    • (Score: 0) by Anonymous Coward on Tuesday August 11 2020, @09:53PM (1 child)

      by Anonymous Coward on Tuesday August 11 2020, @09:53PM (#1035197)

      There are multiple ZIP encryption standards. Some are easier to break than others. Given the date, he probably used software that defaulted to AES.

      • (Score: 2) by sgleysti on Wednesday August 12 2020, @02:10PM

        by sgleysti (56) Subscriber Badge on Wednesday August 12 2020, @02:10PM (#1035538)

        Article says that it was encrypted with Zip 2.0 legacy encryption, but that the particular implementation of that flawed encryption was good, making it harder to crack. The easy ones have not only the flawed Zip 2.0 legacy encryption but also a bad implementation of it.

  • (Score: 1, Interesting) by Anonymous Coward on Tuesday August 11 2020, @05:55PM

    by Anonymous Coward on Tuesday August 11 2020, @05:55PM (#1035044)

    any chance bitcoin used to facilitate this backup method and The Guy actually has someone else's stolen backup? either way it's probably stolen from some Windows user. oh well, they deserve it for supporting the enemies of free humanity.

  • (Score: 2) by legont on Wednesday August 12 2020, @02:06AM

    by legont (4179) on Wednesday August 12 2020, @02:06AM (#1035344)

    The Guy took the deal. After all, he'd still be turning quite the profit.

    He will be totally screwed.

    --
    "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(1)