The quest to liberate $300,000 of bitcoin from an old ZIP file:
In October, Michael Stay got a weird message on LinkedIn. A total stranger had lost access to his bitcoin private keys—and wanted Stay's help getting his $300,000 back.
It wasn't a total surprise that The Guy, as Stay calls him, had found the former Google security engineer. Nineteen years ago, Stay published a paper detailing a technique for breaking into encrypted zip files. The Guy had bought around $10,000 worth of bitcoin in January 2016, well before the boom. He had encrypted the private keys in a zip file and had forgotten the password. He was hoping Stay could help him break in.
In a talk at the Defcon security conference this week, Stay details the epic attempt that ensued.
[...] "If we find the password successfully, I will thank you," The Guy wrote with a smiley face. After an initial analysis, Stay estimated that he would need to charge $100,000 to break into the file. The Guy took the deal. After all, he'd still be turning quite the profit.
[...] That's partly why the work was priced so high. Newer generations of zip programs use the established and robust cryptographic standard AES, but outdated versions—like the one used in The Guy's case—use Zip 2.0 Legacy encryption that can often be cracked. The degree of difficulty depends on how it's implemented, though. "It's one thing to say something is broken, but actually breaking it is a whole different ball of wax," says Johns Hopkins University cryptographer Matthew Green.
From a massive pool of passwords and encryption keys, Stay was able to narrow it down to something on the order of quintillions.
[...] By February, four months after that first LinkedIn message, they queued it all up and started the attack.
That initial attempt took 10 days to run... and did not work. Further sleuthing finally uncovered a bug. They were, ultimately, able to successfully extract the contents.
(Score: 2, Offtopic) by barbara hudson on Tuesday August 11 2020, @03:40PM (32 children)
It's every idiots goto password. Or 42, which is the answer to the question "What was the jersey number of Jackie Robinson, the first black baseball player to break the Major League Baseball colour barrier."
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2, Touché) by Anonymous Coward on Tuesday August 11 2020, @03:48PM (27 children)
Correction: As any literate geek knows, 42 is the answer to "what do you get when you multiply six by nine".
(Score: 2) by DECbot on Tuesday August 11 2020, @04:23PM (23 children)
Did I miss an issue of the new math journal? Last I read 6x9 is 56. Maybe you mean 6x7?
cats~$ sudo chown -R us /home/base
(Score: 2) by barbara hudson on Tuesday August 11 2020, @04:28PM (14 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 3, Funny) by barbara hudson on Tuesday August 11 2020, @05:00PM (11 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by RS3 on Tuesday August 11 2020, @05:45PM (2 children)
"fractional radix" -- my head hurts. I'm back to hating math like I did in college.
(Score: 2) by barbara hudson on Tuesday August 11 2020, @06:17PM (1 child)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by RS3 on Wednesday August 12 2020, @02:21AM
Bummed out? When I first saw your analysis I thought "makes sense" and "another math thing beyond me". Many of life's great innovations have been stumbled upon, or at least motivated by unintended circumstances (mistakes?). Now you just need to apply for a math research grant and show us how it's done. :)
It may help to work on moving a decimal point, uh, partially. You know, 0.4 places and such. You'll figure it out.
(Score: 0) by Anonymous Coward on Tuesday August 11 2020, @09:50PM (4 children)
Sorry, you didn't create fractional radix systems first. You were beat by thousands of years. The golden ratio base is probably the widest used and formally studied.
(Score: 4, Insightful) by barbara hudson on Tuesday August 11 2020, @11:54PM (3 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by SemperOSS on Wednesday August 12 2020, @06:49AM (2 children)
0.25 points? You're probably showing off by giving yourself the points in base 0.14159265.
I don't need a signature to draw attention to myself.
Maybe I should add a sarcasm warning now and again?
(Score: 3, Interesting) by barbara hudson on Thursday August 13 2020, @12:54AM (1 child)
So a very very small quantity indeed, and still probably too generous. But that's okay - my doggies still love me. As long as I walk them, and share my food and bed with them so they can wake me up every few hours , they're happy. They teach me patience, but when they wake me at 4am it's pretty much impossible to get back to sleep, so I read Wikipedia This Day in History and follow interesting stuff down the rabbit hole for an hour or two. I highly recommend it (not waking up at 4 am though, unless you have to get up to pee).
Would be interesting to see if school age kids learning at home could benefit from such an unstructured approach, where they just followed their interests.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by SemperOSS on Thursday August 13 2020, @07:49AM
My entrance to the rabbit hole was my (long departed) Dad, who would, when we asked a question at the dinner table (or wherever) take us by the hand to the encyclopedia and let us find the right place ourselves, which often failed as we would get sidetracked by some interesting facts on the way.
Like you, I am still pursuing that way to “entertainment” when I am exposed to places that provide the means. (Even Reddit, but don't tell anyone I go on there.)
I don't need a signature to draw attention to myself.
Maybe I should add a sarcasm warning now and again?
(Score: 2) by D2 on Tuesday August 11 2020, @09:53PM (2 children)
Bad news... https://en.wikipedia.org/wiki/Non-integer_base_of_numeration [wikipedia.org]
(Score: 2) by barbara hudson on Tuesday August 11 2020, @11:51PM (1 child)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by RS3 on Wednesday August 12 2020, @02:24AM
And you did it independent of that knowledge.
If I had a nickle for everything I've invented that's already been invented, well, I'd have some nickles.
(Score: 3, Insightful) by hendrikboom on Tuesday August 11 2020, @07:35PM (1 child)
Try arithmetic to the basis sqrt( - 2 ). It was mentioned once in the Scientific American. The say coming up with trial divisors for long division required inspiration.
(Score: 3, Insightful) by barbara hudson on Tuesday August 11 2020, @08:12PM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Tuesday August 11 2020, @04:37PM (3 children)
Haha, try again!
(Score: 3, Funny) by DECbot on Tuesday August 11 2020, @04:39PM (2 children)
yeah, my bad. 6x7 is 54. Sorry for the typo.
cats~$ sudo chown -R us /home/base
(Score: 0) by Anonymous Coward on Tuesday August 11 2020, @05:18PM (1 child)
Try again, again?
(Score: 0) by Anonymous Coward on Wednesday August 12 2020, @04:10AM
Probably using an Intel processor.
(Score: 3, Informative) by KilroySmith on Tuesday August 11 2020, @04:40PM (1 child)
With your username, it is with delight that I say:
whoosh!
Missing this is forgiveable for the millenials of our time, but not a person of your august nature.
I heartily recommend to you:
https://www.amazon.com/Ultimate-Hitchhikers-Guide-Galaxy/dp/0345453743 [amazon.com]
(Score: 0) by Anonymous Coward on Tuesday August 11 2020, @09:58PM
It is not.
(Score: 1, Informative) by Anonymous Coward on Tuesday August 11 2020, @05:37PM
I always thought there was something fundamentally wrong with the universe!!!
(Score: 0) by Anonymous Coward on Thursday August 13 2020, @04:38AM
The 6x9's in my car are 42 watts.
(Score: 2) by barbara hudson on Tuesday August 11 2020, @04:25PM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 1, Insightful) by Anonymous Coward on Tuesday August 11 2020, @06:13PM
Damn straight. You know this. I know this. The question is, why isn't the lib'rul media telling you this?
What do they have to hide? Why do they insist on telling you that six times nine is 54? Why the unfair bias against alternative truths?
(Score: 0) by Anonymous Coward on Wednesday August 12 2020, @07:11PM
People just don't understand what a hoopy frood the OP is... so unhip their bums fall off.
A confusing guide for the confused [stackexchange.com].
slightly less confusing [spooniom.com]
Or for those who hate links...
(Score: 0) by Anonymous Coward on Tuesday August 11 2020, @04:05PM
Damn it, that's the password to my p̶o̶r̶n̶cats.zip file.
(Score: 2) by Tokolosh on Wednesday August 12 2020, @02:55PM (2 children)
Jackie Robinson's middle name was Roosevelt, after Theodore of that ilk. Teddy has been canceled, due to being racist/imperialist/sexist/unwoke/whatever. Therefore Jackie is also on the shitlist and is dead to us, canceled, deplatformed. The fact that you mention Robinson means that you are a despicable person and must apologize before and after being sent for re-education.
(Score: 0) by Anonymous Coward on Wednesday August 12 2020, @09:31PM (1 child)
Kind of hurts that the loss of white privilege is happening on your watch, doesn't it? It's looking less likely, but maybe come November you'll be able to keep those "undesirables" *nudge nudge, wink wink* out of your suburbs for another four years. But you're going to have to come up with some new ways to keep them "undesirables" *nudge nudge wink wink* from being able to cast votes.
(Score: 2) by barbara hudson on Thursday August 13 2020, @12:38AM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 3, Interesting) by drussell on Tuesday August 11 2020, @03:52PM (6 children)
I'm pretty sure I mined some coin in the very, very early days on a couple of the machines that I used to run the rc5des challenge on, just testing it out, but I never thought it would really go anywhere so I forgot about them. They're probably long lost on some abandoned hard drive somewhere around here or, more likely, erased forever.
Oh well, hindsight is much closer to 20/20 than my crystal ball. :(
(Score: 2) by DECbot on Tuesday August 11 2020, @04:29PM (2 children)
I got a bargain on my obsidian crystal ball. Though I admit I don't have the skill to use it for predictions. It always appears dark, cloudy, or obstructed.
cats~$ sudo chown -R us /home/base
(Score: 2) by DECbot on Tuesday August 11 2020, @04:31PM
But it does look pretty awesome at the bowling alley.
cats~$ sudo chown -R us /home/base
(Score: 2, Touché) by Anonymous Coward on Tuesday August 11 2020, @04:46PM
Sadly, that's just what the future is.
(Score: 0) by Anonymous Coward on Tuesday August 11 2020, @05:26PM (1 child)
I know I did this, back when you could mine with a CPU. Who would have thought it would actually become something other than a math exercise?
(Score: 0) by Anonymous Coward on Tuesday August 11 2020, @05:52PM
I think a fair amount of us, or people like us, did that in the beginning but then didn't really think it would amount to much or was worth next to nothing so it was just discarded.
(Score: 2) by ledow on Tuesday August 11 2020, @07:01PM
At one point I owned a whole Bitcoin.
I think over the ten years or so I had it it was spent on video games and gift cards (only really practical way to turn it into real money - my banks won't accept payments from almost any Bitcoin exchange).
The remainder of it I cashed in for a £30 gift card. It cost me almost nothing, made profit. Sure, if I could have kept hold of it with perfect foresight, it would be worth thousands. But I can say that about an awful lot of things.
(Score: 1, Troll) by Anonymous Coward on Tuesday August 11 2020, @04:46PM (1 child)
Crypto should have a small account maintenance fee. There is an associated cost to maintaining an account, it's not free. For example banks sometimes charge such fees as well. The proceeds of the fees should go to those that are mining/verifying transactions. That way the currency can go back into circulation instead of contributing to unpredictable deflation that's hard to account for because who knows for sure which coins are still useful and which aren't.
(Score: 1, Informative) by Anonymous Coward on Tuesday August 11 2020, @05:53PM
there's probably a coin that does things the way you envision. Crypto projects have all kinds of consensus algorithms service infrastructure and economic systems. you can check out coinmarketcap.com and go to each coin's website to see what all they do. you might be surprised how much all these projects are doing.
(Score: 2) by iWantToKeepAnon on Tuesday August 11 2020, @05:12PM (3 children)
Um, no. More like:
"Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
(Score: 2) by Osamabobama on Tuesday August 11 2020, @06:03PM (2 children)
$300,000 sale price, minus $10,000 purchase price equals $290,000 gross profit. Expenses of $100,000 reduce net profit to $190,000.
Appended to the end of comments you post. Max: 120 chars.
(Score: 2) by iWantToKeepAnon on Tuesday August 11 2020, @09:09PM (1 child)
Except the 300k is already in his wallet ... although misplaced; he just paid a finder fee. Besides that, I think your values are off:
Sounds like he paid $25k; which is a bargain but $0 would have been better by writing down the password.
"Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
(Score: 3, Touché) by FatPhil on Wednesday August 12 2020, @06:03AM
Nonsense. The wallet contained neither dollars nor proxies thereof.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday August 11 2020, @05:29PM (2 children)
I thought that was ultra weak and crackable within hours.
(Score: 0) by Anonymous Coward on Tuesday August 11 2020, @09:53PM (1 child)
There are multiple ZIP encryption standards. Some are easier to break than others. Given the date, he probably used software that defaulted to AES.
(Score: 2) by sgleysti on Wednesday August 12 2020, @02:10PM
Article says that it was encrypted with Zip 2.0 legacy encryption, but that the particular implementation of that flawed encryption was good, making it harder to crack. The easy ones have not only the flawed Zip 2.0 legacy encryption but also a bad implementation of it.
(Score: 1, Interesting) by Anonymous Coward on Tuesday August 11 2020, @05:55PM
any chance bitcoin used to facilitate this backup method and The Guy actually has someone else's stolen backup? either way it's probably stolen from some Windows user. oh well, they deserve it for supporting the enemies of free humanity.
(Score: 2) by legont on Wednesday August 12 2020, @02:06AM
He will be totally screwed.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.