The quest to liberate $300,000 of bitcoin from an old ZIP file:
In October, Michael Stay got a weird message on LinkedIn. A total stranger had lost access to his bitcoin private keys—and wanted Stay's help getting his $300,000 back.
It wasn't a total surprise that The Guy, as Stay calls him, had found the former Google security engineer. Nineteen years ago, Stay published a paper detailing a technique for breaking into encrypted zip files. The Guy had bought around $10,000 worth of bitcoin in January 2016, well before the boom. He had encrypted the private keys in a zip file and had forgotten the password. He was hoping Stay could help him break in.
In a talk at the Defcon security conference this week, Stay details the epic attempt that ensued.
[...] "If we find the password successfully, I will thank you," The Guy wrote with a smiley face. After an initial analysis, Stay estimated that he would need to charge $100,000 to break into the file. The Guy took the deal. After all, he'd still be turning quite the profit.
[...] That's partly why the work was priced so high. Newer generations of zip programs use the established and robust cryptographic standard AES, but outdated versions—like the one used in The Guy's case—use Zip 2.0 Legacy encryption that can often be cracked. The degree of difficulty depends on how it's implemented, though. "It's one thing to say something is broken, but actually breaking it is a whole different ball of wax," says Johns Hopkins University cryptographer Matthew Green.
From a massive pool of passwords and encryption keys, Stay was able to narrow it down to something on the order of quintillions.
[...] By February, four months after that first LinkedIn message, they queued it all up and started the attack.
That initial attempt took 10 days to run... and did not work. Further sleuthing finally uncovered a bug. They were, ultimately, able to successfully extract the contents.
(Score: 2) by iWantToKeepAnon on Tuesday August 11 2020, @05:12PM (3 children)
Um, no. More like:
"Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
(Score: 2) by Osamabobama on Tuesday August 11 2020, @06:03PM (2 children)
$300,000 sale price, minus $10,000 purchase price equals $290,000 gross profit. Expenses of $100,000 reduce net profit to $190,000.
Appended to the end of comments you post. Max: 120 chars.
(Score: 2) by iWantToKeepAnon on Tuesday August 11 2020, @09:09PM (1 child)
Except the 300k is already in his wallet ... although misplaced; he just paid a finder fee. Besides that, I think your values are off:
Sounds like he paid $25k; which is a bargain but $0 would have been better by writing down the password.
"Happy families are all alike; every unhappy family is unhappy in its own way." -- Anna Karenina by Leo Tolstoy
(Score: 3, Touché) by FatPhil on Wednesday August 12 2020, @06:03AM
Nonsense. The wallet contained neither dollars nor proxies thereof.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves