Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday February 01 2018, @02:37AM   Printer-friendly
from the handy-piece-of-code dept.

My old physics teacher always said: "It's the dumb criminals who get caught; you never catch the smart ones." He was a really smart guy, and he did live a nice lifestyle, hmmm...

Anyway, so IOTA. As with any digital currency, you need some random information - a passphrase typically - that is used when you create your wallet. In the case of IOTA, which is supposed to be IOT friendly, this means a string of 81 random characters, the generation of which could be pretty easily automated.

That's great, and the OSS world being full of helpful people, someone wrote a handy generator, put the code for all to see on GitHub, and put their generator onto a website where you could easily make use of it. Nice.

Actually, diabolical. The code on the website really was identical to the code on GitHub, except for one tiny, almost insignificant change: at some point, the owner swapped out the random seed to a value that he knew. Not even constant - that would have been too obvious - but known nonetheless.

And for many months, many people used his friendly little service. Until January 19th, when he emptied their IOTA wallets, erased his presence from the Interwebs, and quietly disappeared. $4 million or so richer.

This one won't be caught.

tl;dr for anyone who doesn't get it: The point of having a secret password, secret passphrase, or secret key is that it's secret. Which means that you don't have it generated for you by a public web service.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday February 01 2018, @05:09PM

    by Anonymous Coward on Thursday February 01 2018, @05:09PM (#631550)

    Hey, that's the combination on my luggage!