Stories
Slash Boxes
Comments

SoylentNews is people

The Quest to Liberate $300,000 of Bitcoin From an Old ZIP File

posted by Fnord666 on Tuesday August 11 2020, @03:08PM   Printer-friendly
from the as-the-bitcoin-turns dept.

upstart writes in with an IRC submission:

The quest to liberate $300,000 of bitcoin from an old ZIP file:

In October, Michael Stay got a weird message on LinkedIn. A total stranger had lost access to his bitcoin private keys—and wanted Stay's help getting his $300,000 back.

It wasn't a total surprise that The Guy, as Stay calls him, had found the former Google security engineer. Nineteen years ago, Stay published a paper detailing a technique for breaking into encrypted zip files. The Guy had bought around $10,000 worth of bitcoin in January 2016, well before the boom. He had encrypted the private keys in a zip file and had forgotten the password. He was hoping Stay could help him break in.

In a talk at the Defcon security conference this week, Stay details the epic attempt that ensued.

[...] "If we find the password successfully, I will thank you," The Guy wrote with a smiley face. After an initial analysis, Stay estimated that he would need to charge $100,000 to break into the file. The Guy took the deal. After all, he'd still be turning quite the profit.

[...] That's partly why the work was priced so high. Newer generations of zip programs use the established and robust cryptographic standard AES, but outdated versions—like the one used in The Guy's case—use Zip 2.0 Legacy encryption that can often be cracked. The degree of difficulty depends on how it's implemented, though. "It's one thing to say something is broken, but actually breaking it is a whole different ball of wax," says Johns Hopkins University cryptographer Matthew Green.

From a massive pool of passwords and encryption keys, Stay was able to narrow it down to something on the order of quintillions.

[...] By February, four months after that first LinkedIn message, they queued it all up and started the attack.

That initial attempt took 10 days to run... and did not work. Further sleuthing finally uncovered a bug. They were, ultimately, able to successfully extract the contents.

Original Submission

 
This discussion has been archived. No new comments can be posted.
The Quest to Liberate $300,000 of Bitcoin From an Old ZIP File | Log In/Create an Account | Top | 51 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Tuesday August 11 2020, @05:26PM (1 child)

    by Anonymous Coward on Tuesday August 11 2020, @05:26PM (#1035028)

    I'm pretty sure I mined some coin in the very, very early days on a couple of the machines that I used to run the rc5des challenge on, just testing it out, but I never thought it would really go anywhere so I forgot about them. They're probably long lost on some abandoned hard drive somewhere around here or, more likely, erased forever.

    Oh well, hindsight is much closer to 20/20 than my crystal ball. :(

    I know I did this, back when you could mine with a CPU. Who would have thought it would actually become something other than a math exercise?

  • (Score: 0) by Anonymous Coward on Tuesday August 11 2020, @05:52PM

    by Anonymous Coward on Tuesday August 11 2020, @05:52PM (#1035041)

    I think a fair amount of us, or people like us, did that in the beginning but then didn't really think it would amount to much or was worth next to nothing so it was just discarded.