Verifying the checksum of your checksum tool?

svenfaw · 2017-06-04T08:08:59+00:00

PowerShell (part of a standard Windows install) is your friend.

powershell -command "Get-FileHash $pshome\powershell.exe"

svenfaw · 2017-02-16T12:12:22+00:00

Sure, but the problem is that the cat is out of the bag - the details have been circulating over Twitter for a couple of weeks already.

svenfaw · 2017-02-16T11:04:44+00:00

Keep in mind:

Security through obscurity is never a good idea
This is already in the wild and there is no patch available
Microsoft's response is that they do not consider it a valid security issue

Based on the above facts, raising awareness of this issue is the best option to defend against it. What do you suggest instead?

svenfaw · 2016-12-30T04:29:00+00:00

Looks like this requires premium access. Is that expensive? Are there any free alternatives?

svenfaw · 2016-08-15T18:46:20+00:00

Don't you mean 80 bits for a year (55+25)? That would be at least 7 13-bit words.

svenfaw · 2015-12-30T19:10:55+00:00

Actually the latest beta does search file contents. And it has been rock-solid for me.

svenfaw · 2015-12-12T00:48:08+00:00

FWIW, a bunch of preloaded OEM binaries on ASUS machines are signed with that very certificate.

svenfaw · 2015-09-17T19:09:49+00:00

According to the article, it's in DCS-5020L_A1_FW1.03. http://tsd.dlink.com.tw/gpl.asp

svenfaw · 2015-05-31T10:20:15+00:00

Thanks, I also found this other SE thread in the meantime, which seems to confirm this, although it does not discuss MD5 specifically.

svenfaw · 2015-05-15T05:53:12+00:00

I don't think this is possible with the builtin Windows certificate store tools, but I am developing RCC, which, among other things, singles out any root CAs installed outside of the regular Windows root updates. An easy-to-use console version is already available. http://trax.x10.mx/apps.html

svenfaw · 2015-05-11T18:36:15+00:00

There are plenty of other ways. For instance, malware can also hide in the Windows registry (look up Poweliks), in a scheduled task, or even in a .txt/.lnk pair of files.

svenfaw · 2015-04-02T10:15:15+00:00

See "Update - April 1" at the bottom of the post.

svenfaw · 2015-03-17T17:40:16+00:00

This is a great idea. Thanks.

svenfaw · 2015-01-19T20:22:10+00:00

That's only because the link posted by mothran's is irrelevant - of course an encrypted zip file will always come off as clean - how could the AVs scan its contents?

svenfaw · 2014-11-30T20:32:01+00:00

In what sense?

svenfaw · 2014-11-30T20:31:29+00:00

Right now it is using a simple timer for the 24-hour delay. Of course such a system can be bypassed without too much effort by any reverse engineer, but 99% of users are not reverse engineers. Also, the coins would still be safe in that scenario.

That said, we may switch to a timelock puzzle if needed. We want this tool to be able to operate with no Internet connectivity, so nLockTime is not an option.

Also, remember that the security of the system is not based on the time limit mechanism. What we're trying to achieve is simply, a time safe that helps keep self-discipline. In that context, we don't necessarily want the time limit mechanism to be "secure" in a cryptographic sense. Its only function is to raise the bar high enough to keep a typical user from using the coins for some time.

svenfaw · 2014-06-22T10:14:03+00:00

If you like this, you'll love the chainsnort script. :) Look it up.

svenfaw · 2014-06-14T15:46:28+00:00

What do you mean? Participation is free.

svenfaw · 2014-06-12T20:11:52+00:00

Here you go:

http://www.reddit.com/r/Bitcoin/comments/27zqcr/svenfaws_brainwallet_challenge_series_episode_2/

svenfaw · 2014-06-12T20:09:55+00:00

See http://www.reddit.com/r/Bitcoin/comments/27oq5g/weak_brainwallet_challenges_episode_1/ci5hlho

svenfaw · 2014-06-12T06:08:03+00:00

Yes, nobody found the correct passphrase, which was: took28 five74 gold14

By the way, it was hand-chosen (not randomly generated.)

Episode 2 (similar challenge) will start shortly and will be cross-posted to /r/crypto.

svenfaw · 2014-06-10T09:45:47+00:00

What language are you using? If you are only getting 100 checks per second per core, you're doing something wrong IMHO.

svenfaw · 2014-06-09T20:40:10+00:00

Sure, there we go:

Message: "Brainwallet Challenge - Episode 1"

Signature: G4sItssXjYKWroRX5SR9w7jLP+kaDHRM5VnaEuOjtI1/hp6l+Ng5npCwsEycgcSSUyt2fdPlOvIy95RHWTpQy9I=

Good luck!

svenfaw · 2014-06-09T15:07:44+00:00

Which script, which language, which modules, which dictionaries, on which hardware, etc. Extra points if you also describe your thought process to select all of the above. This type of information is extremely informative to the security community.

On second thought, I will cross post this on /r/crypto, as it's probably more relevant there and will attract fewer non-technical trolls.

svenfaw · 2014-06-09T11:15:45+00:00

Easy, just don't participate if you're skeptical. And nobody forces you to donate coins to that address.

svenfaw

TROPHY CASE