Forgot password, bitcoins lost?

Forgot password, bitcoins lost?

Forgot password, bitcoins lost?

Do you remember the first forgotten password of your life? Okay, sorry, phrased like that it might sound absurd since, if you forgot it, how could you remember it now? I mean if you remember the first time you forgot a password. Because, of course, forgetting a password for an online service now is not a major problem, since you have the password recovery function, but what happened if you forgot the password to access the first email service, where you did you get discharged back in the nineties? I'm not saying this is my case, but an example of a serious problem with a forgotten password.


On the other hand, when we talk about passwords, we tend to associate them with online services, forgetting that there are many other fields of application of them and that we can summarize with a single word: files. And, of course, in this case, in the case of a forgotten password and that was the one that gave us access to its content, we will not have the password recovery function that the online services offer us. In other words, we will have a problem, the quantitative assessment of which will depend directly on the value of the content of a said file.


Ars Technica publishes today an interesting article about it, in which it echoes a real case, in which a forgotten password, and that protected access to a file in zip format, could have cost its owner 300,000 $. And that was the value, in exchange, of the bitcoins that had been saved in the compressed file.


The story begins in January 2016, when a person acquires 10,000 $ worth of bitcoins and, to protect them, saves them in a compressed file on his laptop. A compressed file that effectively protects with a password. Time passes, the value of the cyber currency increases substantially and, when the owner of the bitcoins tries to recover them, he discovers that he has forgotten the key with which he protected the zip file.


Aware that the forgotten password can be very, very expensive, and far from giving up, this person searches for information on the Internet and finds an essay written by Michael Stay, security expert, published now about two decades ago, and in which the expert affirms that it is possible to find out the password of this type of files. A ray of light and a cable to pull, so the owner of the bitcoins, neither short nor lazy, contacts Stay and explains his situation and the cost that the lost password may have for him.


Over the years, the security features around passwords have evolved substantially. According to Stay, the first implementations of the same were not very secure, some could be deciphered almost immediately. Over the years, however, the industry has been betting on more and more secure standards, to the point where, with current technology, and except in the case of choosing easily deductible passwords, breaking the encryption of a file of this kind can be an impossible task.


After an exchange of messages and the collection of certain information, the owner of the bitcoins and Stay reached an agreement, based on which the security expert would charge 100,000 dollars, of the 300,000 that the bitcoins were worth at that time if finally managed to find the forgotten password. And, after making some inquiries, in addition to verifying that his contact was the legitimate owner of the file, he was able to find out with which application the zip was created and, surprise, the implementation of the encryption function in it was "attackable".


To achieve this, the work was divided into two phases, a first of defining the attack and collecting elements for it, and a second in which all this material would be used, on a platform composed of several cloud computing systems, to try to find the forgotten password. A months-long job, however, it was a fun and challenging task for Stay.


And what happened in the end to the forgotten password? Luck was on the part of the researcher and the owner of the bitcoins, since not only was it possible to recover it but also, thanks to Stay's excellent planning, it could be done in a much shorter period than initially planned. Something that both parties appreciated because halfway through the process, bitcoin entered a downward trend that greatly scared both of them.


The happy ending to this story could, without a doubt, have been very different. If the owner of the bitcoins had used an application with a better implementation of the encryption functions, or if the file had been created more recently, it is likely that the forgotten password could never have been recovered (well, I qualify that never, changing it to "Until the actual arrival of quantum computing "). And that's why, from time to time, it pays to remember how useful password managers are.


If you want to know the full story of the forgotten password, in this video you can hear it from the mouth of Michael Stay himself


 

No comments