Reddit Posts
Cold encryption device for seed phrases and data. What's your opinion?
Let's have one last discussion about quantum computers.
[SERIOUS] Can ledger, trezor, cold wallets in general be trusted to keep your seed safe?
How to store your secrets in a secure format
I made a descriptive post of every item that you can purchase using candies from Coingecko so you do not have to look
Has anyone used "NExT RFID + NFC Chip Implant" to store a GPG encrypted seed?
My metamask was drained. I'm pissed but I want to learn what happened first.
Utopia Messenger provides 100% security on your communication + ChatGPT assistant.
Massive crypto adoption is happening in the energy sector and no-one is noticing
How many people would be interested in a paper wallet generator that locks the seeds with AES-256?
DexiMarketPlace 🚨One Project - 2 Tokens!🚨 | CMC Predicts 60x From here! 📈 Download their Secure Mobile Wallet app on Android and Apple | Military grade AES256 and BIP39 encryption technology 🔥
Quantum computing will never break cryptography
🚨One Project - 2 Tokens!🚨 | Deximarketplace & Dexioprotocol | Lp Locked | Military grade AES256 and BIP39 encryption technology = Safu | Secure Mobile Wallet App | Cmc Predictoin of 60x Current Value 📈
Unpopular opinion: Storing your seed phrase electronically it is safer than storing it physically
Way to get back my BTC from 2013 via AES encrypted wallet backup ?
Storing your keys online is safer than you think
Increasing Stability of the Utopia p2p Network. The number of full nodes within the Utopia decentralized ecosystem has reached 30,000 and is moving forward
Dexiprotocol 🚀 PokemonGo for crypto! AR app out now on iOS and Android | Fully Doxxed Team | CMC Price Prediction is 1000x from here! | Don’t miss out on this Gem 🔥
Can we use AES hardware acceleration to improve PCG or LCG generator?
Utopia is the perfect answer to your anonymity browsing and payment.
Are my security measures good enough?
Guide: Paranoid fireproof redundant encrypted crypto backup created on an air-gapped computer
Guide: Paranoid fireproof redundant encrypted crypto backup created on an air-gapped device
Fully Bypassing the 3060 Ti LHR Mode
I see people having problems with their Ledgers and Trezors, why not use this backup method?
Tried to build a secure offline private key manager
🕔 | Dexioprotocol | Countdown start for Dexioprotocol wallet app | launching App today |🚀More than 4000 holders and growing | Join Now
📲 | $Dexioprotocol Wallet App Release Tomorrow | Now store, swap, and trade all of your favorite digital assets | CMC listed Token | 🚀5M Market cap | Join Now
‼️Breaking : $Dexioprotocol | New Revolution in Digital Wallet |📲 Wallet App release on 16 Aug 2021 | 🈸 An ultra-secure and state-of-the-art application to store, swap, and trade all of your favorite digital assets |
$Dexioprotocol | 📲 Wallet app Launch on 16 Aug 2021 | 💎 Direct swap your digital assets ! | CMC listed Token |🚀 1000x Protentional | Doxxed Team
🚀 Dexioprotocol | 💎CMC listed |📲Wallet app Launch on 16 Aug. 2021 | Legit Token | 💎5M Market Cap
🚀 Dexioprotocol wallet app Launch on 16th August 2021 🔥 | 4000 holders| 🔥25% of total supply has already been burnt | Doxxed Team
🚀 Dexioprotocol | CMC listed | 📲Wallet app Available on 16th August 2021 🔥 | Join Now
🚀Dexioprotocol |CMC listed | 5M Market Cap |📲Wallet app Available in 6 days | doxxed team
How do you secure your crypto keys? LastPass vs BitWarden vs Standard Notes
LastPass, BitWarden or Standard Notes to store crypto private keys?
Hot wallets like MetaMask are safer than what you think: here is how they work
It is not possible to bruteforce wallet seeds
🚀 DEXI [Trending on CMC] 🚀 [Collect cryptocurrency in AR (like Pokemon Go)] 🚀 [Wallets releasing soon]
Some Best Practices for Crypto and Computer/Device security
TIP: For all your non-cold storage wallets you can use a password manager for all your seeds (and discussion on a possible cold storage method)
Protip: Use a password manager like keepassXC to store all your seeds in an encrypted database.
🚀 Launch countdown to the new Dexioprotocol app 🚀 Available to download in 4 days 🚀
🚀 Introducing the Dexioprotocol wallet 🚀 Revolutionizing cryptocurrency
Just Launched - 🔒 $CRYP - $70k MCAP - A New Replacement To Chat About Crypto Securely
Just Launched - $CRYP - $14k MCAP - A New Replacement To Chat About Crypto Securely
Affordable and secure cold storage for all! Please check out my new PWA (progressive web app), and let me know what you think! More details in post...
Affordable and secure cold storage for all! Please check out my new PWA (progressive web app), and let me know what you think! More details in post...
$JUP Jupiter, NFT Marketplace | Fully Encrypted Messaging App | Framework for dApps creation | Dec-Auth
$JUP Jupiter, NFT Marketplace | Fully Encrypted Messaging App | Framework for dApps creation | Dec-Auth
Jupiter $JUP, NFT Marketplace | Fully Encrypted Messaging App | Framework for dApps creation | Dec-Auth etc
$JUP Metis Submission May 9th! Low MC Gem/Low Supply. Easy 10x at the minimum. Public testing starting
🔥New Launch! SENTINEL! 👮 🔥 Safety of your network first!
🔥New Launch! SENTINEL! 👮 🔥 Safety of your network first! x1000
🔥New Launch! SENTINEL! 👮 🔥 Safety of your network first! x1000
🔥New Launch! SENTINEL! 👮 🔥 Safety of your network first! x1000
🔥New Launch! SENTINEL! 👮 🔥 Safety of your network first! Be part of the community and keep your data safe!
🔥New Launch! SENTINEL! 👮 🔥 Safety of your network first! Be part of the community and keep your data safe!
Coins moved from address 1MbtH87mjZXXFuMpuuHy2xfP31MiTiB1HL
🔥New Lauch 💯SENTINEL💯👮 🔥 Safety of Your Network First! e Part of the Community and keep your Data Safe🚀💯
Why ZipToken (ZIPIT) plays a big role in our current society
Aeternalism (AES) | NFT Marketplace: Beta launched 1 week ago | ~$1M Marketcap | ~150 Holders | DYOR
Uhive : The Social Media that pays in Crypto.
Mentions
Ok, I got bored and wrote a python script for you that will unlock your backup file. Here's how to do it. * 1. Download and install python [https://www.python.org/downloads/](https://www.python.org/downloads/) * 2. Once installed, open up a command prompt and type "pip install pycryptodome" (without the quotations). * 3. Make a new folder. In that folder put your backup file. * 4. In the same folder, make a new file called "decrypter.py". * 5. Open [decrypter.py](http://decrypter.py) in notepad and paste the following code: ​ from Crypto.Cipher import AES from Crypto.Hash import MD5 import base64 def openssl_key_iv_derivation(password, salt, key_len, iv_len): d = d_i = b'' while len(d) < key_len + iv_len: d_i = MD5.new(d_i + password + salt).digest() d += d_i return d[:key_len], d[key_len:key_len+iv_len] def decrypt_openssl(enc_file_path, dec_file_path, password): with open(enc_file_path, 'rb') as f: enc_data = f.read() enc_data = base64.b64decode(enc_data) if enc_data[:8] != b"Salted__": raise ValueError("Missing OpenSSL salt header") salt = enc_data[8:16] ciphertext = enc_data[16:] key, iv = openssl_key_iv_derivation(password.encode(), salt, 32, 16) cipher = AES.new(key, AES.MODE_CBC, iv) decrypted = cipher.decrypt(ciphertext) padding_length = decrypted[-1] decrypted = decrypted[:-padding_length] with open(dec_file_path, 'wb') as f: f.write(decrypted) # Variables needed: decrypt_openssl('NAMEOFYOURFILE', 'decryptedfile.txt', 'blabla') Replaced NAMEOFYOURFILE with the actual name of your file, and MYPASSWORD with your actual password. Then save the file. * 6. Open up CMD and navigate to your folder. Type "py decrypter.py". * 7. A new file should appear in your folder called decryptedfile.txt. If you open it you'll notice it is mostly gibberish, but if your password is correct a twelve word seed phrase should appear at the top of the file. If it's not there and all you see if random characters, you got your password wrong. * 8. Open Electrum. Choose File > New/Restore > Standard Wallet > I already have a seed. * 9. Paste your seed, then click options and choose "BIP39 seed". Click next. * 10. If your addresses start with bc1q.... then choose native segwit and type " m/1' " (note the ') in the derivation path. 11. If your addresses are older (possible from 2014), choose legacy and type " m/0' " (again not the ') in the derivation path. This will restore all your wallet address. **Once done, send your coins to a new wallet because you now have an unencrypted seed phrase on your PC.**
Ok, I got bored and wrote a python script for you that will unlock your backup file. Here's how to do it. 1. Download and install python [https://www.python.org/downloads/](https://www.python.org/downloads/) 2. Once installed, open up a command prompt and type "pip install pycryptodome" (without the quotations). 3. Make a new folder. In that folder put your backup file. 4. In the same folder, make a new file called "decrypter.py". 5. Open [decrypter.py](http://decrypter.py) in notepad and paste the following code: `from Crypto.Cipher import AES` `from Crypto.Hash import MD5` `import base64` `def openssl_key_iv_derivation(password, salt, key_len, iv_len):` `d = d_i = b''` `while len(d) < key_len + iv_len:` `d_i = MD5.new(d_i + password + salt).digest()` `d += d_i` `return d[:key_len], d[key_len:key_len+iv_len]` `def decrypt_openssl(enc_file_path, dec_file_path, password):` `with open(enc_file_path, 'rb') as f:` `enc_data = f.read()` `enc_data = base64.b64decode(enc_data)` `if enc_data[:8] != b"Salted__":` `raise ValueError("Missing OpenSSL salt header")` `salt = enc_data[8:16]` `ciphertext = enc_data[16:]` `key, iv = openssl_key_iv_derivation(password.encode(), salt, 32, 16)` `cipher = AES.new(key, AES.MODE_CBC, iv)` `decrypted = cipher.decrypt(ciphertext)` `# Remove PKCS#7 padding` `padding_length = decrypted[-1]` `decrypted = decrypted[:-padding_length]` `with open(dec_file_path, 'wb') as f:` `f.write(decrypted)` `# Variables needed:` `decrypt_openssl('NAMEOFYOURFILE', 'decryptedfile.txt', 'MYPASSWORD')` Replaced NAMEOFYOURFILE with the actual name of your file, and MYPASSWORD with your actual password. Then save the file. 6. Open up CMD and navigate to your folder. Type "py decrypter.py". 7. A new file should appear in your folder called decryptedfile.txt. If you open it you'll notice it is mostly gibberish, but if your password is correct a twelve word seed phrase should appear at the top of the file. If it's not there, you got your password wrong. 8. Open Electrum. Choose File > New/Restore > Standard Wallet > I already have a seed. 9. Paste your seed, then click options and choose "BIP39 seed". Click next. 10. If your addresses start with bc1q.... then choose native segwit and type " m/1' " (note the ') in the derivation path. 11. If your addresses are older (possible from 2014), choose legacy and type " m/0' " (again not the ') in the derivation path. This will restore all your wallet address. Once done, send your coins to a new wallet because you now have an unencrypted seed phrase on your PC.
No this isn't a general cryptography sub. It's for a specific project implementing cryptographic hashes and signatures - bitcoin. Not any other coin, and not any other thing using crypto like TLS or AES or whatever else.
Atomic Wallet employs an OpenSSL‑style MD5‑based KDF (often called “EVP\_BytesToKey”). In the reverse‑engineered Atomic Wallet C# code (from the *CryptoEat* project), you can see it does: // salt is 8 bytes taken from the encrypted mnemonic blob var baseBytes = Encoding.UTF8.GetBytes(password); var baseWithSalt = Combine(baseBytes, salt); // D1 = MD5(password ∥ salt) // D2 = MD5(D1 ∥ password ∥ salt) // D3 = MD5(D2 ∥ password ∥ salt) var hash1 = MD5.HashData(baseWithSalt); var hash2 = MD5.HashData(Combine(hash1, baseWithSalt)); var hash3 = MD5.HashData(Combine(hash2, baseWithSalt)); // concatenate D1∥D2∥D3 → 48 bytes total var result = Combine(Combine(hash1, hash2), hash3); // take first 32 bytes as AES‑256 key, next 16 bytes as IV var key = result.Take(32).ToArray(); var iv = result.Skip(32).Take(16).ToArray(); It then uses AES‑256‑CBC with that key/IV to decrypt the wallet’s mnemonic. You can see the full implementation here: [https://github.com/kzorin52/CryptoEat/blob/master/Modules/Wallet/Atomic.cs](https://github.com/kzorin52/CryptoEat/blob/master/Modules/Wallet/Atomic.cs)
Encrypting AES-256 in my brain was too much math for me, I preferred using a computer.
It's pretty brutal, given the safeguards available, to end up with your iCloud hacked. In my case, they'd need to know my iCloud password and somehow have access to my phone and/or hacked my 2FA to my iCloud which, while not impossible, is pretty tough. But above and beyond that, if I had my passphrases stored in my iCloud, they wouldn't be in a text file. Or, I guess they would, but it'd be a AES-256 encrypted Word or Excel or even Note. Any of those are, in theory, uncrackable. I could have an encrypted Word file with all of this, and I'd feel pretty secure. The issue would be a key logger or whatever else when accessing the file, but the file itself should be no concern. Which is why OP either made it up, or horribly screwed up multiple opportunities to secure his data.
There's not a single part of what I posted that would ever have my private keys online. I'm pretty clear on that. So, that being the case, where is the security hole in a Bitcoin Core wallet.dat file? I'll give you the benefit of the doubt that you didn't read too carefully what I wrote initially because your entire reply goes off in another direction. What old-school database? A wallet.dat comes from Bitcoin Core. You know, the actual initial original thing from which all the rest of this spawned? OK, different question though it's the same answer. I have a Word document that's AES-256 encrypted. Do you have concerns e-mailing that file around? And if you do, I'd suggest that perhaps it's you that needs to educate themselves on not just Bitcoin, but what powers it.
1. No, that's not true, you didn't read my comments carefully on this matter, here's an excerpt from the article: **“**In the world where conflicts continue to erupt across different regions, the ability to remain untethered from any single physical location has never been more important. Take, for instance, the events of February 2022, when countless Ukrainians were suddenly forced to flee their homes. Many never had the chance to return. Banks were damaged or destroyed, and buildings – along with everything inside them – were reduced to rubble. Even if someone had taken the precaution of using Shamir's Secret Sharing to protect their cryptocurrency seed phrase, chances are they hadn't distributed the shares across multiple regions of the country. When disaster strikes, having everything stored in one location – no matter how secure it might seem – can quickly become a single point of failure.**”** Additional comment: Even if I store parts of a phrase in different parts of a country: a) I may always have circumstances that force me to leave a country urgently b) Most of my savings are in crypto and if something happens to my hardware wallet I'll have to travel to different regions to collect these parts, lol 2. This is also a good option (which doesn't make my concept bad), but it still does not protect your seed phrase from being destroyed or lost. This scheme has fewer steps to crack than the one I suggested, and only protects against seed phrase compromise. 3. Yes, and, for example, during a war or natural disaster, it is much easier than you think. During such disasters, entire cities are destroyed. \> Your approach, while better than storing the plain seed, is still less secure than physical storage imo. Please note that your opinion is supported only by assumptions and not by concrete logic, which gives it little weight in a rational discussion, as sound arguments require evidence and clear reasoning to be truly persuasive. \> In case KeePass is compromised (multiple password manager leaks have happened before and password manager databases are under constant attack, because they're very valuable honeypot targets), the attacker only has to crack your passwords to be able to access your seed. Your passwords are guaranteed to be easier to crack than the seed itself, so imo your setup is overall less secure than standard recommendations. Let's say you got my database, my master key, and my password to a database. Now you have two parts of my seed phrase encrypted with AES-256-GCM with salt and nonce. That's 2\^256 decryption options, which makes decryption impossible with current technology. Now let's take the password suggested in the article and determine its entropy (the formula was suggested by ChatGPT): "1939Poland 1939France 1945Victory" will be converted to "iqeq|\*01@\^|)\*iqeq#2@\^(3!iqhs\\/1(702Y$" H = log2(N\^L) = L \* log2(N) N is the alphabet power (number of possible symbols), L is the password length. H ≈ 39 \* log2(95) ≈ 39 \* 6.57 ≈ 256 bits of entropy, which roughly corresponds to AES-256 in terms of brute-force resistance. So the only weak point is human intelligence and its ability to come up with a password concept that is simple enough to remember, but hard enough for someone else to guess. But that still doesn't make my storage concept bad. Just like if you put a pin of 0000 on your hardware wallet, and then lost it and someone stole it, that doesn't make a hardware wallet bad.
\> I'd caution that leetspeak isn't the L337 H4x0r awesome you think it is but whatever, just having enough characters is sufficient for passphrase entropy I'm just providing the password that you will get using leetspeak\_pass.py mentioned in the script:`1939Poland 1939France 1945Victory ->`\`iqeq|\*01@\^|)\*iqeq#2@\^(3!iqhs\\/1(702Y$\` The article uses almost the same principle for storing the seed phrase that multisig provides security. Only you will not lose access to funds if you lose access to two wallets and you do not need to monitor this. \> Nah, it's in just a brain wallet with the same weaknesses of every other brain wallet: $5 wrench attack and hit by a bus. Good job. As with storing a phrase on a physical medium, you can secure your wallet by writing down the concept of your password on paper or somewhere else. Compared to storing a seed phrase on paper, physical access to a medium will not give access to your funds and will tell a potential attacker little. Even if he knows what this concept is for, he will still need to gain access to your KeePass database and find out the password for it. That is, we have the same three levels of protection as with multisig wallet, all of them are based on AES-256 and do not require storing additional seed phrases.
From my understand & research that is correct. Even between quantum computing & Ai technologies. Technically It would be "illegal" to hack or steal them. From my understanding even the most advanced technology won't be able to hack due to the hashing sequence. 🤔 The mathamatics involved is unthinkable. The blockchain has I'm not sure how accurate Chat GPT is but ask it yourself. There's at least low-level information available to learn about it. Estimating when SHA-256 might be broken by AI and quantum computers depends on the progress of both fields, especially quantum computing. Here’s an analysis based on current knowledge: 1. Classical Computing and AI Threats AI, even with advanced machine learning models, cannot directly break SHA-256 because it’s based on complex mathematical properties like the avalanche effect (small input changes cause large hash changes). However, AI could help: Identify patterns in hash generation or network vulnerabilities. Optimize the mining process to make it more efficient (but not to break the hashing itself). Therefore, AI alone is unlikely to break SHA-256 anytime soon, if ever. --- 2. Quantum Computing Threats Quantum computers pose a more serious threat because of their ability to solve certain mathematical problems exponentially faster than classical computers: Shor’s Algorithm Shor’s algorithm can theoretically break RSA and ECC encryption by factoring large numbers and solving discrete logarithms efficiently. However, SHA-256 is based on a one-way hashing function (not factoring or discrete logs), so Shor's algorithm cannot directly break SHA-256. Grover’s Algorithm Grover’s algorithm allows quantum computers to search an unsorted database (or invert a hash) in √N time instead of N time. For SHA-256, Grover’s algorithm could reduce the effective security from 256 bits to 128 bits — which is still very strong (AES-128 is considered secure against classical attacks). --- 3. Timeline Estimate Current quantum computers (like those from Google and IBM) have only reached about 1,000 qubits — far below the estimated millions of error-corrected qubits needed to threaten SHA-256 using Grover’s algorithm. Estimates vary, but experts predict that: It could take 15 to 30 years to develop a quantum computer capable of running Grover’s algorithm at a scale that could weaken SHA-256. It may take even longer (if ever) to reduce security to a practically exploitable level, considering the need for fault-tolerant qubits. --- 4. Post-Quantum Cryptography To prepare for this, researchers are working on post-quantum cryptography (PQC), which includes hash-based cryptography that quantum computers are unlikely to break. SHA-256 itself is not currently under immediate threat, but blockchain systems could eventually upgrade to quantum-resistant hashing algorithms (like SHA-3 or lattice-based methods). --- 👉 Conclusion AI is unlikely to break SHA-256 directly. Quantum computers using Grover’s algorithm might weaken SHA-256 to 128-bit security, but this would require millions of qubits and may take 15–30 years (or longer) to become practical. Blockchain systems will likely adopt quantum-resistant algorithms before quantum computing reaches this level.
The data that was leaked is encrypted with a key too. By a key on the server. How do you know the key LastPass used for their AES isn't also compromised?
May be, if they can crack the encryption, which is no more likely than cracking bitcoin , or any random wallet, itself. From their website > LastPass uses AES-256 data encryption plus PBKDF2 hashing with SHA-256 salting. Not sure how that compares to BTC but I think it’s up there.
>mathematically, spoiler there is know universally 'Best'. There is though. All DLT measure Consensus Overhead. With two hashed timestamps, Hedera gets consensus for free. It's also proven aBFT, shards aBFT, and is SHA384 AES256. Best security, infinite scalability, and is Decentralized. 1. 39 council members, equal share/power, is decentralized governance. That's just a fact. Google is the same one vote as IIT Madras (University). All nodes also have **equal node consensus power**, so when permissionless nodes happen, your node is equal to Google's node. Other networks (ALGO for example) have thousands of nodes, but only a handful do all the work, which are controlled by the central entity. Very cool you can spin up your own node, but it does nothing and doesn't really contribute to consensus. Useless. Hedera will be permissionless in the future, and if that's your biggest beef, I say just give it time, it's coming. >This raises concerns about counterparty risk—could the council manipulate the network or token economics to favor corporate interests over individual users? No, and their incentives are aligned regardless. >2. HBAR’s demand isn’t directly driven by transaction volume False. Yes it is. HBAR is needed to perform transactions on the network. Every txn requires HBAR. More txns = more HBAR demand. >The council’s control over HBAR releases (e.g., only 41.9 billion in circulation as of now) can suppress price volatility, which some see as price manipulation rather than organic growth. This is not how coin releases work. They allocate coins from Treasury into their grant foundations like HBAR Foundation and The Hashgraph Association, who's jobs are to grant HBAR away. "Coin releases" do not just hit the open market. They go to builders, and take years and years to be spent/sold. There's no manipulation there. Yes it's also a store of value if there's adoption on this high throughput network. 3. Hashgraph isn't patented. It was when it was first created, but not anymore. It was open sourced with an Apache 2.0 license and is currently the ONLY chain that has donated it's codebase to the Linux Foundation. It's the most open sourced chain in existence. 4. Win Enterprise, win the game. It's been 15+years since BTC was first invented. Less than 7% of the world has touched crypto. Time to onboard the other 93% of people, and it ain't gonna be by the original crypto ethos. It's gonna be when people use crypto without knowing it by interacting with their favorite brands, who push Web3 apps, etc to them. 5. LOL are you serious? It's the most regulatory compliant chain. Regulations will help HBAR most. HBAR ETF is incoming. Enterprises need regulation to launch. And there are no supply dumps. That's patently false, and I explained before how coin releases work. HBAR will be the Trust Layer of the Internet of Value. It will be the most widely used crypto and will take over the world. Funny, sounds like you're gonna miss the ride on some bad info. Haha good luck 👍
Because traditional banks can seamlessly transition their encryption methods behind the scenes without customer interaction. The weakest point for crypto is the private keys. Private keys are designed to be rotated, which banks do on a regular basis. One of the known quantum attack vectors will allow a quantum computer of sufficient size to derive a private key from a public key within hours or days. This means that for banks they need to implement a quantum resistant algorithm in the backend - which already exist - and rotate their keys. For crypto though it means every user would have to generate a quantum resistant key and move their tokens to it and/or the blockchain would need to have some kind of cutoff after which old keys are permanently rejected. I think people get confused because they think quantum breaks all encryption, which it doesn't. Like symmetric encryption we use for data at rest like AES at the moment can only really be halved in the time it takes to crack by quantum, so going from like billions of years to fewer billions but still billions of years.
Anyway, what did you want to say with that chatgpt paragraph? You just described creating an address. What do you actually want to say? That companies use encryption for protecting data in storage and transit? Yes, they do. Usually with AES. That is encryption. Sha hash function is used in creating addresses, yes. Mining uses double sha256 as well to obtain a hash value below target. Nothing is encrypted in bitcoin transactions or blocks. Digital signatures are not encryption.
Its a piece of code. That's like saying AES "sees" the criminals who use it for privacy.
It appears OP is asking about Bip38 encrypted key. That is using AES encryption with scrypt key derivation to slow it down. Mnemonic isn't encrypting anything.
"Which repeats the cycle of centralized institutions for me, since the bank controls the money" You dont understand bitcoin.... Central banks control Fiat/currencies by their ability to print and dilute its value. No Bank can do that with Bitcoin. Fractional reserve banking and the insurance from the central banks no longer works. If you deposit BTC into a bank and they lend it out and they lose that Bitcoin. The central bank cant just print out new bitcoin to cover the loss and bail out the bank. Thats the whole point of Bitcoin No Bail out of banks cause you cant print anymore bitcoin. The only thing they can control is the bitcoin you handed to them and they only control it as long as they have it in their hands......But once they lend it out they lost control as well. **"Everything relies on the BTC protocol"** Bitcoin has never hacked over a 15 year span and at a value of 2 trillion dollars. This system is a honey pot for hackers. But not one time has the network been hacked. If you are thinking about Quantum hacking..... Firstly people are already working to make sure that doesnt happen and secondly. If they manage to hack bitcoin with a quantum computer that means all banks and financial system and every password and encryption system is now broken. Congratulations all of society is fucked even if you take Bitcoin out of the picture. But again like I said people are already working on that. Encryption is software and it gets updated all the time. # 1. Data Encryption Standard (DES) (Broken in 1999) * **What replaced it:** The **Advanced Encryption Standard (AES)** was introduced in 2001, which is still used today (AES-128, AES-256). # 2. MD5 (Broken in 2004) * **What replaced it:** **SHA-2 (SHA-256, SHA-512)** became the new standard. Bitcoin uses SHA-256 and its been good so far. But will get updated in the future no doubt. Just like all the other system out there.
Regarding seed phrases, you can go: 1. Hardware Wallet - Trezor/Ledger - still have to backup the seed phrase somewhere 2. Software Wallet - Metamask, Exodus, Guarda, 100 others - don’t get malware 3. Paper in a fireproof box — don’t lose it. 4. Stamped metal - don’t lose it. 5. Plaintext TXT stored in a 7zip file encrypted with AES256 - able to be backed up to a USB stick, NAS, or cloud storage — just don’t forget the password 6. Photo/QR Code - Don’t get malware like this article or let anyone see it 7. Password Manager — BitWarden, 1Password. 1, 5, and 7 are the best options in my opinion, but would love to hear any other ideas.
Your seed phrase is essentially the same as your ‘strong password’. If you’re going to memorise that why not just memorise your seed phrase? p.s. with AES your pass phrase protects the encryption key file, the key file encrypts your text file not the pass phrase…
Moore's law says we should get there pretty quick. I will only invest in something with SHA384 AES256 aBFT.
Estimates suggest that approximately 317 million physical qubits are necessary to crack a 256-bit ECDSA key within an hour, considering error correction and operational stability. China is years ahead of the US in quantum computing. China Unveils Record-breaking 504-qubit Superconducting Quantum Computer. China set a new domestic record on Thursday with the launch of the "Tianyan-504" superconducting quantum computer equipped with the 504-qubit "Xiaohong" chip. First reported by the South China Morning Post, the news claims that Chinese scientists used a D-Wave quantum computer to successfully attack popular cryptographic algorithms such as Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman (RSA).to successfully attack popular cryptographic algorithms such as Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman (RSA). Jameson Lopp, a bitcoin security expert and CTO at BTC custody solution provider Casa, reminded the community that the bitcoin industry should not dismiss quantum computing as something that will never materialize or threaten bitcoin. The Tianyan-504 is Xiaohong, a superconducting chip with 504 qubits wasn't used to successfully attack popular cryptographic algorithms such as Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman (RSA). The Chinese government will put all of their resources in quantum computers - and they will be using them to be disruptive. The Chinese will crush Bitcoin in one to two years. The progression of quantum computing has been greatly accelerated in the last year. Dismiss quantum computing at your peril. Or at least keep current in the research and the research on cryptography.
Why would he assume the hash algorithm needed in 20 years was already known. Even AES256 was rather new, 20 years before MD5 was hot and is completely broken today.
Sha256 is the hashing algorithm that's used internally by AES.
SHA are hashes, you mean AES or something?
Yeah, I am asking AES decryption here under CryptoMarkets subreddit you moron
Yes there should be a way to decrypt it and get back access to the wallet. I’m guessing it used AES encryption and is in a BIP38 format for the key. There should be some decryption tools on GitHub somewhere.
That's a misconception. The issue here is with private/public key signing which is asymmetric. "Most asymmetric encryption methods (public-key crypto, such as RSA encryption or Elliptic Curve Cryptography (ECC)) are vulnerable to quantum attacks." You're thinking of symmetric encryption (such as AES) which is considered safe assuming the key size is appropriate. So blockchain history is fine, but many many wallets can be cracked. https://www.quintessencelabs.com/blog/why-we-need-post-quantum-cryptography-or-quantum-safe-algorithms
Ledger recover is actually a optional service that the user has to manually pay for and it's opt in. It basically encrypts your 24 words using AES256, splits the encrypted ciphertext into 3 parts using the shamir secret sharing algorithm and sends 1 shard to ledger, 1 to escrowtech and 1 to coincover. You'll only get those shards back and reunited on your device after KYC like manual ID verification f.e. via Passport or other official ID documents with ledger and seperately with coincover. Once those 3 shards are back on a ledger's secure element the device will combine them and decrypt it thus restoring your seed phrase. It's definitely safer than people think it is but every system will eventually have flaws that need to be patched before they get exploited. Like i said, optional though
Idk i think all these hardware wallets are just cleaver marketing and people like the idea of it. If you know how to secure your iphone and perform updates regularly, keep the secure encryption settings on, keep browser access to icloud off, and use a self custody legit app to store them in, you have a way lower chance of loss than with another device to lose or break and not have the keys or get exploited while connecting it to the companion apps used etc. Or if you really wanna be secure, use a liveboot linux on an airgapped computer, and use the completely veracrypt to encrypt the data 1000 times more secure than any of these wallets. AES-Serpent-Twofish would take the NSA the russians and the chinese 1000 years to decrypt if they all worked together and its free. And you could make as many copies of it as you want for free or the next to nothing cost of usb flash drives. Didn't a bunch of people just get exploited with what was the biggest name in these hardware wallets? How many peope have you ever heard of getting their iphone hacked when it wasn't 100% their fault because they're an idiot? Even the biggest forensice data recovery companies in the world couldn't possibly get into an iphone unless it was unlocked after a reboot and apple just added a feature to block that even. Your iphone will reboot and make it impossible for even cellebrite to get into after a certain period of time which is not enough time for them to finish the process of trying to exploid one physically that had been unlocked once since a reboot and it also has to not have the most secure settings configured on top of that. Someone could hack into one of those hardware wallets wayyyy befor they ever got into a properly configured iphone. And you can just add another layer of encryption where they could never get into the wallet even if they managed to get in.The Secure Enclave for storing sensitive data, Sandboxing to isolate app processes, Full-disk encryption, and regular bug bounty programs with MASSIVE budgets 1000 times the size of the entire companies making these wallets makes the iphone the most secure way to digitally store your crypto in my opinion. Short of spending an hour or so encrypting and decrypting an external storage device with veracrypt on an airgapped liveboot linux system which would be literally impossible to get into in any of our livetimes.
In case of not wanting that library this is the more “manual” approach : import hashlib import base58 from Crypto.Cipher import AES def sha256(data): “””Calculate SHA-256 hash.””” return hashlib.sha256(data).digest() def bip38_decrypt(encrypted_key, passphrase): “”” Decrypts a BIP38 encrypted private key using a passphrase. Args: encrypted_key (str): The BIP38 encrypted private key in Base58Check format. passphrase (str): The passphrase used to encrypt the key. Returns: str: The decrypted private key in hexadecimal format, or an error message. “”” # Step 1: Decode the encrypted key from Base58Check try: decoded = base58.b58decode_check(encrypted_key) except Exception as e: return f”Error: Invalid Base58Check encoding - {e}” # Check prefix (0x0142 for non-EC-multiplied keys) if decoded[:2] != b’\x01\x42’: return “Error: Unsupported BIP38 key format (only non-EC-multiplied supported).” # Step 2: Extract the payload flag_byte = decoded[2] encrypted_part1 = decoded[3:19] encrypted_part2 = decoded[19:35] # Check if no compression (flag_byte == 0xC0) if flag_byte != 0xC0: return “Error: Unsupported BIP38 flag byte (only non-compressed keys supported).” # Step 3: Generate the passphrase-derived key passphrase = passphrase.encode(‘utf-8’) passphrase_hash = sha256(sha256(passphrase)) derived_key = passphrase_hash[:16] # Step 4: Decrypt the two parts using AES cipher = AES.new(derived_key, AES.MODE_ECB) decrypted_part1 = cipher.decrypt(encrypted_part1) decrypted_part2 = cipher.decrypt(encrypted_part2) # Step 5: Combine decrypted parts and verify private_key = decrypted_part1 + decrypted_part2 return private_key.hex() # Example usage if __name__ == “__main__”: # Replace these values with your actual encrypted key and passphrase encrypted_key = input(“Enter BIP38 encrypted private key: “).strip() passphrase = input(“Enter your passphrase: “).strip() decrypted_key = bip38_decrypt(encrypted_key, passphrase) if decrypted_key.startswith(“Error”): print(decrypted_key) else: print(f”Decrypted Private Key (hex): {decrypted_key}”)
It was a 50-bit RSA. Nobody uses that. Bitcoin doesn't use RSA at all. Nor AES for that matter. This same reporting was out a [month ago](https://www.thebrighterside.news/post/in-a-global-first-quantum-computers-crack-rsa-and-aes-data-encryption/), he's just recycling it again.
# Step 1: Identify the Wallet Type * Do you know what software or service generated this wallet? Examples include: * **Bitcoin Core**: Uses `.dat` files. * **Electrum Wallet**: Uses `.json` files. * [**Blockchain.info**](http://Blockchain.info), **Mycelium**, **Armory**, or other early wallet services. If you can identify the source, it will be easier to understand the encryption format and decryption requirements. # Step 2: Check for Wallet Metadata Often, the JSON will contain fields like `"version"`, `"crypto"`, `"ciphertext"`, `"iv"`, etc. Can you share a snippet of the JSON without sensitive details (like keys or addresses) to help identify its structure? # Step 3: Attempt Decryption Most wallet files are encrypted with a user-provided passphrase using a key derivation function like: * **PBKDF2** * **scrypt** * **HMAC-SHA256** To decrypt, you typically need: 1. The passphrase you used when creating the wallet. 2. The JSON metadata, including: * Cipher (`AES-256-CBC`, `AES-128-CTR`, etc.). * Initialization vector (`iv`). * Salt (used in key derivation). # Step 4: Use a Wallet Recovery Tool There are tools and scripts designed for wallet recovery, such as: * Bitcoin Wallet Recovery Tool (by John Cantrell): Supports common formats like Electrum, [Blockchain.info](http://Blockchain.info), and Bitcoin Core. * PyWallet: An old Python-based tool for recovering data from Bitcoin Core .dat files. # Step 5: Bruteforce (If No Passphrase) If you've forgotten the passphrase, bruteforce might be an option, but it can be time-consuming depending on the encryption strength.
I work in IT security and I have never heard of PicoCrypt. Seems like just a small and relatively new Github project so I wouldn't trust it so much. If you go this route, I would use GPG, it's been there for decades and if a flaw was ever discovered in GPG, it would make the news much more likely than PicoCrypt. GPG uses AES256 by default, even quantum computers won't crack this. So yeah if I were in your situation, I would use your Raspberry Pi, disconnected from the Internet, with all wireless features disabled, to create a text file with the seed and encrypt it with GPG. Then copy the encrypted file on a flash drive, and store it online.
Electrum would work if you had the key but you don't. You have some ciphertext. Without the password you cannot get the priv key. bip38 uses basically the most efficient encryption algo AES256, but encryption key is derived with scrypt which is slow on purpose. This makes brute forcing bip38 very very tedious even with GPUs. Depending on how much it is maybe could rent Nvidia A100 or something.
OP has some ciphertext. Without the password they cannot get the priv key. bip38 uses basically the most efficient encryption algo AES256, but encryption key is derived with scrypt which is slow on purpose. This makes brute forcing bip38 very very tedious even with GPUs.
I've had honeypot files on various services for years and nothing was taken, even plain mnemonic stored in clear text. AES with good long password will work just fine. Find cloud storage that at least promises zero knowledge encryption. I'm liking the proton drive and filen dot io. And maybe some more generic ones, google, microsoft, even dropbox. Encrypt everything in a secured environment that you control; do not place clear text secrets on some VPS.
Lol, Bitcoin doesn't use AES. You are laughably ignorant
Are you completely ignorant of how Bitcoin works? I didn't think it would have to be explained on this forum. An attack on SHA-256 means the attacker can gain 51% of the network and use it double spend or more generally rewrite the network. And that's just one attack vector. An attack on AES more generally can lead to cracking private keys. Then you can just spend someone else's money. Educate yourself.
Depends on the kind of encryption. If it’s a simple ROT, then he can store it in his head. It can also be a long key that is easy to remember (e.g the lyrics of a song). If it’s something like an 256 AES key, then this could be put on a zip file on a pen drive, encrypted with a strong but memorable password (like correcthorsebatterystaple)
Get a laptop, install Debian on it, never connect it to the internet and use OpenSSL as your wallet. Encrypt your private key with a strong password you memorized well using AES 256 ECB and put that on the bitcoin blockchain.
Dear poster, bitcoin don't uses RSA nor AES, it uses SHA-256 and ECDSA, traditional banking however might have more to lose specially with their legacy networks with prehistoric cobol applications lol
FFS neither RSA or AES are in bitcoin. Read before posting.
SHA256 is a hashing algorithm [1], not an encryption or digital signature algorithm. The banks, social media, etc. wouldn't be affected in this scenario or at least not meaningfully. ECDSA [2] and AES [3] are the standards for signatures and encryption and are independent. ------- 1. https://en.wikipedia.org/wiki/Cryptographic_hash_function 2. https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm 3. https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Bitcoin uses 256-bit AES for the wallet and SHA-256 (hash, not encryption) for data integrity in the chain
Just write your seed words in the bitcoin blockhain, encrypted with AES256
tldr; Chinese researchers have developed a method using D-Wave's quantum annealing systems to break RSA encryption, posing a potential threat to global cybersecurity. The study, published in the Chinese Journal of Computers, demonstrates how quantum computers can optimize problem-solving to attack encryption methods like RSA and AES. This research suggests that quantum computers could break current cryptographic systems sooner than expected, highlighting the urgent need for quantum-safe encryption solutions to protect sensitive information. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
BTC can be updated (with consensus approval) to a quantum proof algorithm. It’s already quantum resistant as it uses AES256 - if I understand correctly.
It would be bad, like really bad. But many things will recover. We already have quantum resistant algorithms, we don’t use them because cost, mostly. If a bank suffers a quantum hack, they can shut off online access, rollback suspicious transactions and ask customers to present an ID card to regain access to the new online portal that is safe. Not to mention practicality of the attack. Most encryption we use today is on the transport side. You may be able to hack my connection to my bank, but that requires you to get access to my traffic, possible if you are (or have hacked) my ISP. But if you are doing a transaction, you still need my 2fa, or an SMS. Again, it may be possible for you to bypass that, but is another hurdle. Your QC may be fast to break encryption, but accessing all these systems without being detected takes time. The first problem with Blockchain is that the encrypted data you need to break is readily available. And you know exactly how much a broken wallet will get you. If you have a computer that takes two months to break an encryption key, it may not be worth it to break a bank communication, you may never get something useful, and even if you do, it may be rolled back. You are also facing a serious investigation. With a wallet, all those problems are gone. There is even a chance the owner of the wallet no longer lives, no alarms raised. An even if they do, most people will assume their keys were compromised in a different way The second problem is that the moment a wallet is compromised, there is no way to determine who is the legit owner and who the hacker. Knowing the key is owning the wallet. Even if there is a massive attack, and even if the community de ides to roll back the chain to before, there is no way of denying the attacker access to that wallet while the legit owner keeps it. Third, you can’t just migrate the chain. My bank uses ECDHE/AES-GCM for the encryption. If tomorrow they start using on of those QC resistant algorithms, I may lose access until I get a QC resistant browser, but that’s it. With blockchain, even if the chain adds support for new QC algorithms, there is always going to be an extra step on the user side. I need to transfer my money from the old wallet to a new QC resistant one. This means the migration needs to happen with enough time so users can do these migrations. Because those who didn’t migrate by the time QC is readily available, well, we are back to problem 2, at this point it is no longer possible to differentiate between legit owner and hacker
Sha256 is not the same as AES 256. The QC issue for bitcoin is not "break SHA256" but it is with ECDSA which could theoretically calculate priv keys from known pub keys. So your question about switching hash algo is mostly moot in terms of QC deterrence. Changing out to SHA3 does nothing to fix ECDSA which you don't even mention.
Yep and Bitcoin shouldn't update to AES256, it would undermine the transparency of it. I didn't know that private keys could be derived from public keys from quantum computers using Shor's algorithm to crack EDCSA. It's wild to think we've come so far in terms of technology for quantum computers in such a short time frame, since it was purely theoretical back in the Satoshi era. Now it's real...
Looking into it... You're right. Why the fuck is everyone talking about SHA256 hashing like it's a type of encryption? The PDF article I referenced is still valid. Quantum Computers won't be able to break the SHA256 hashing algorithm for a hot minute, and AES 256 probably for even longer. ECDSA is not as secure though and would be of primary concern here...
There is no encryption in bitcoin at all. And SHA and AES are quite different, even if 256 bits number is in both names. Bitcoin's keys are using ECDSA. Not mentioning that in a QC comment and only mentioning SHA-256, which isn't at as much risk, and AES, which is irrelevant to bitcoin, kinda invalidates the comment.
According to a paper I found while researching the topic, SHA-256 or AES-256 encryption won't be crackable by any Quantum Computer until at least the 2050s. Apparently it would take atleast a 10 million qubit quantum computer to crack it. According to the researchers, there isn't a conceivable near term scenario for any nation state to be able to engineer and build, let alone fund such a computer for this specific task. We're not even entirely sure if quantum computers of this scale are even possible, let alone viable in an economic or engineering sense. By the time the 2050s roll around, we will have much better encryption methods that will be easy to update to, and Bitcoin will be one of the first things to get that update. TLDR: Funds are safe. Link: https://delinea.com/blog/quantum-safe-encryption (On the webpage there is a ETSI PDF article at the end of the paragraph talking about Grovers Algorithm. Read that.)
Kamala in 2025: "I support the continuing usage of AES256".
Encrypted with Argon2ia and AES-GCM with 256bit QR Codes with any data you like in addtition with custom 2fa all that data is only known to the user who set it up it is nowhere stored you can buy a cheap android pohone install the software it checks if you are offline if you are online the software will disable functions, you can create all on one device, encryption and decryption takes up to 10 mins, but that is due to the highly set parameters, also it is not made for regular use because of the time it takes to en/decrypt its strictly for offline storage, that phone, computer or device does never need to be online all not during generation or decryption, and to all those ppl who keep mentioning my wring, i dont really care about my typos or mistakes in gramar, so... there is that
Lots of good info here. On the issue of dividing a secret between your sons, it’s tricky since if any one son loses or forgets theirs, then the entire secret is lost. You could mitigate this with Shamir’s Secret Sharing. Let’s say you have 3 sons. Split the secret into 3 Shamir Shards, give them each one of those. But in the settings you’ve only required any of the 2 shards to unlock it. Yes this is actually a thing. Yes on a good calculator you can add AES256 encryption to the math - although it’s arguable whether you even need that. It might make the Shamir shards less compatible to decrypt on future calculators (I’d have to read up on this more and test it to know 100%) The shards are not backwards engineer-able to find the secret unless you have the other required shards setup in the calculation. Yes it means you have to type the secret into such calculator - or copy the python code from the link below and make your own that your sons would use and you’d describe this in a will. I do like the idea of giving the sons some sats and letting them learn about Bitcoin, the blockchain and wallets, etc. As well as Shamirs secret. They’re gona end up being math experts. Read more here, and a link to an online calculator is in the External Links section: https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing
Ah yes. I got it mixed up with AES-256. Thanks for correcting me!
Well, you're dealing with AES here. It's not much different from any other encrypted file. Best bet may be having some additional details from the owner like possible password length or some idea of what partial password might have been. Other than that it's blind brute force operation. Good thing here is brute force method is 100% successful against AES. Though it may take decades or millennia :)
I don't believe in any metal plates or other physical crap. It's just a marketing BS to sell you a piece of metal for $200 It is very insecure and can be easily found by friends, relatives, angry girlfriends or boyfriends, and most importantly - authorities. Unless you hide it under your grandma's grave but then, it becomes stupid. With any physical backup, you get a race condition between security and convenience. You can lose money equally if you sacrifice any of the two. I encrypt mine. Always have since 2013. I believe in maths and crypto tech (pan intended). There is nothing better than AES encrypted mnemonic phrase. I can put it anywhere I want. On a billboard or cloud. It ticks both boxes - security and convenience. I know that I will never lose it as I can make 100 copies. I can make a QR code from my encrypted mnemonic and stick it on my car bumper or my key chain. Yes, it takes some initial setup but it's worth it. I have a container dedicated for encryption. Any time I need to encrypt/decrypt, I spin up my container and that's it.
AES 256 was cracked in 2019 with a small Grover's machine.
That's exactly the kind of thinking I've come to expect from a government program. (hint: this isn't a compliment) There's a possibility some of that info is just weakly encrypted and would be easy to crack, but anything that's strongly encrypted (e.g. with AES 256) is effectively out of reach of them knowing unless you find some other way that has nothing to do with QC, like finding a mathematical weakness in the algorithms, or finding the private key on a hard drive. By the time QCs become powerful enough to break stuff like sha256 or secp256k1, the world is going to look *extremely* different.
There are a few quantum resistant encryption schemes on the way: # 1. Lattice-Based Cryptography: * **How it works**: Lattice-based cryptography uses the hardness of certain mathematical problems related to lattices (geometric structures in multi-dimensional spaces). The security of lattice-based schemes relies on finding short vectors in high-dimensional lattices, which is believed to be difficult for both classical and quantum computers. * **Quantum resistance**: Quantum computers are not expected to have a significant advantage in solving lattice problems due to their design. They would need exponentially more qubits (quantum bits) and operations to break lattice-based cryptography compared to classical computers. This makes lattice-based schemes a strong candidate for post-quantum security. # 2. Code-Based Cryptography: * **How it works**: Code-based cryptography uses error-correcting codes where encoding and decoding messages involve solving specific mathematical problems, such as the syndrome decoding problem. These problems are computationally hard and believed to resist attacks from quantum computers. * **Quantum resistance**: Quantum computers are not known to efficiently solve problems related to error-correcting codes used in code-based cryptography. The algorithms used in this approach are designed to be resistant to quantum attacks by leveraging the complexity of decoding techniques. # 3. Hash-Based Cryptography: * **How it works**: Hash-based cryptography relies on hash functions, which are mathematical algorithms that convert input data into a fixed-size string of bits (the hash value). It uses properties such as collision resistance, where it's hard to find two different inputs that produce the same hash value. * **Quantum resistance**: Quantum computers can theoretically perform faster searches for collisions or pre-images (finding an input that matches a given hash value). However, cryptographic hash functions like SHA-256 are designed with sufficiently large output sizes and complex structures that make finding collisions infeasible, even for quantum computers. # 4. Multivariate Cryptography: * **How it works**: Multivariate cryptography uses systems of multivariate polynomial equations for encryption. Solving these equations to break the encryption requires finding solutions in a large space of possible inputs, which is computationally intensive. * **Quantum resistance**: Quantum computers face challenges in efficiently solving systems of multivariate polynomial equations due to the complexity of operations involved. The security of multivariate schemes relies on the difficulty of solving these equations, which current quantum algorithms are not expected to significantly expedite. # Summary: * **Common theme**: All these quantum-resistant cryptographic approaches rely on leveraging mathematical problems that are believed to be hard for quantum computers to solve efficiently. * **Quantum advantage**: Quantum computers do not provide a substantial advantage in breaking these types of encryption compared to classical computers, ensuring robust security even in the future quantum computing era. * **Development**: Ongoing research and standardization efforts aim to further develop and refine these cryptographic techniques to enhance their efficiency and applicability in securing digital communications and data against potential quantum threats. The real threat from quantum computing is to RSA encryption and ECC. AES-256 will still be fine so long as the password has enough entropy, such as above 100.
> Put a USB debugger between the device and the computer. Capture the initial handshake to document the protocol. Run the code in a disassembler / debugger. You don't even need to do that, it's not as if the ledger is entirely closed source with no third party access. The wire protocol is the smart card APDU standard, with the ledger specific application commands generally being documented somewhere (haphazardly, but the docs exist and can be found eventually). Ledger even provides open source libraries for anyone to write software that communicates with their devices. There's also a public SDK for writing device apps so they can work with the things that are closed source. > Find the one that returns the encryption key. Automate trying the return value of every single function in the code as the encryption key. It'd be nuts if they were using symmetric encryption with the key being able to be read from the device in plaintext, or for the key to be hard coded into the software. No competent security engineer would write security software like that. What ledger actually does is the sane thing of having trusted public keys and those keys sign other pubkeys (to convey trust to those other pubkeys), and pubkeys used to sign the messages that are sent (to ensure authenticity). The encryption key that will be used for the seed is exchanged with ECDH, so no secret material is ever actually sent such that a man-in-the-middle can read it. The cryptography is about as difficult to "hack" as the blockchain considering it's also ECDSA on the secp256k1 curve. It probably is more difficult since there are multiple keys involved, and an ECDH, and AES encryption of the shares, as well as a verifiable variant of Shamirs Secret Sharing. Anyways, instead of incorrectly speculating what their protocol is, you could actually just read the technical white paper which describes it in detail: https://github.com/LedgerHQ/recover-whitepaper/tree/main
I encrypted mine on a standalone computer with AES-cbc-256. I made a Makefile target for encryption and one for decryption. I just have to type make decrypt and type in a password the rest is automated. No need to remember the process and the extra parameters / flags I have set.
There is nothing wrong with that. I also encrypt (AES cbc 256 bit) my seeds on a standalone computer without any communication / internet access. AES is a best practice algorithm for this. There are people that claim "but what if a super hacker finds it after breaking into your home, stealing your encrypted backups and using a super computer cluster to brute force you encryption" usually in addition with a link that provides a table showing how quickly one can brute force passwords of different length. However, they completly forget what I am protecting against. I am protecting myself against the common thief. If they see seedwords stamped into steel they probably know what to do. If they find an encrypted SD card formated in a way a windows computer cannot read, they will probably throw it away or not take it to begin with. Also the police, if they would for whatever reason, search my home, they too will not immediatelly know my seed phrase, if ever.
I think most people overthink this a bit and I expect future stories of people losing all their btc because of a fire or some other silly reason that they lost a physical item holding their seed phrase. It should be perfectly fine to encrypt it using GPG with AES256 encryption. Use a very long generated key and of course store that separately. Keep both of these behind well secured and unrelated 2FA protected vaults and I think you’d be pretty safe. Problem with a lot of the suggestions here and people overthinking it is that they run the risk of locking themselves out of their own wallets because of paranoia or trying to be too clever. If AES256 is hackable then we have more problems than trying to hide some seed phrases.
keepass runs a very effective type of encryption. it might even hash it so its unlikely you will be able to crack this. you need to look into what it uses first. I am sure it is AES 256 or similar. If it uses salt you arent getting in there buddy!
A hash cannot be "decrypted", hashing is one thing, encryption is another. Hashing functions like MD5 or SHA256 are one way only, you put something in and get a hash out of it. Encryption algorithms like AES or RSA can encrypt using some encryption key (or a set of keys) and then decrypt it back to original text.
It's actually impossible to bruteforce crack AES currently, unless you know the password it's locked until there's technology to crack it. Get your brother and have him try to remember old passwords he used to use in general and try all of them, that's all you can do.
It's actually impossible to bruteforce crack AES currently, unless you don't know the password it's locked until there's technology to crack it. Get your brother and have him try to remember old passwords he used to use, that's all you can do.
…and the script is encrypted with AES and the symmetric key is distributed with a secret sharing scheme among family members. You’ve asked the other key holders to relocate to different countries for added security. But since it’s a (3,3) secret sharing scheme they are not allowed to die, so you’ve invested in cryo technology that ensures their survival as zombies. The location of your keys can then be extracted with straightforward thought inception techniques. However, you need to make sure that Leonardo DiCaprio does not get too close to your key holders, which is why you’ve blackmailed him into wearing a GPS ankle monitor at all times. A contract with the NSA ensures that he doesn’t get within 100mi of your key holders, but you are afraid of a conspiracy among NSA employees. The president supports forwards their communication to you, but you are afraid he might be a puppet installed by the banking industry.
Yes, in theory. The same algorithm would be able to crack HSA-256 in general, and others like AES. A lot of different, more important, things would also be crackable (encrypted bank data, password hashes, anything over HTTPS, etc). 1. The value of bitcoin would be essentially zero, so what would the hacker benefit from? 2. That technology would be considered a risk to national security. Whoever or whatever created it would be hunted with the full force and fury of several world power militaries. 3. With that amount of computing power, there are far more profitable (and legal) possibilities.
You can also encrypt it with AES-256. Or you can use something more private with built-in end-to-end encryption like Proton Drive.
Well you learn something new veryday. AES is used by bitcoin core to encrypt wallets, but actual signatures use elliptic encryption. My bad
NS and other intelligent agencies alike are most likely under the impression that AES and RSA will be reversible someday with quantum computers. Not SHA-256. It’s mathematically impossible to assume a reversed a 256bit hash (or 32 character string) can hold data much much larger the hash itself. If I hash 1GB of text, there’s absolutely no way to reverse the original 1GB of data out of 256bits.
What is your point then? AES is not strong enough?
They can grab it if they want but good luck cracking an AES 256 bit encryption with a decently strong password. Ain't gonna happen.
Why? Just encrypt the private key with a strong password and place it on different forms of media. Why do people think they have to pay for more than a simple USB drive? Shit, place it on a floppy; who cares so long as you encrypt it with AES 256 bit.
What's cute is not realizing that quantum computers won't be able to "crack" secret phrases, and any cryptographic primitive that is based on scrambling (SHA, BIP-32, AES, etc...). At best, it will reduce their security by some factor, which can easily be remediated by increasing the block size.
Yes. EDIT: In one of my past lives I was an electronics designer. I know what I could do with the tech of the day, and it was pretty awesome. But the types of [microcontrollers](https://dronebotworkshop.com/esp32-2024/) available today is mind blowing. Multiple cores, wifi, bluetooth, RAM... > Here is Espressif’s list of features for the ESP32-S3 Series: > > Xtensa® 32-bit LX7 dual-core processor that operates at up to 240 MHz > > 512 KB of SRAM and 384 KB of ROM on the chip, and SPI, Dual SPI, Quad SPI, Octal SPI, QPI, and OPI interfaces that allow connection to flash and external RAM > > Additional support for vector instructions in the MCU, which provides acceleration for neural network computing and signal processing workloads > > Peripherals include 45 programmable GPIOs, SPI, I2S, I2C, PWM, RMT, ADC and UART, SD/MMC host and TWAITM > > Reliable security features are ensured by RSA-based secure boot, AES-XTS-based flash encryption, the innovative digital signature, and the HMAC peripheral, “World Controller.”
>we use what's called asymmetric encryption. There is no encryption in bitcoin itself. Wallet file on disk uses AES but algos for keys and sigs don't encrypt anything. RSA is not in bitcoin either.
> U2FsdGVk This is base64 for "Salted", which is the usual string at the beginning of an AES-encrypted message created by OpenSSL If the top part is the encrypted privkey for the 1Petz address, then it requires some tricky decoding of the emoji string Then the animated bottom part is a clue, or a cryptic encoding of the passphrase to decrypt the privkey
Just encrypt it and store it anywhere. You can put it on a billboard if you want. I have a container for this purpose with disabled network. Encrypt it with AES256 or something, then make an armored output, then make a QR code, then make a tattoo of that QR code 😁 Or just print that QR code Or engrave that QR code Numerous possibilities really as long as it is encrypted properly - you are safe. Much safer than putting it on a crypto steel which can be found by someone.
There's a passphrase option, labeled BIP38 That was a not-standard which specified using AES to encrypt a private key, and a base58 encoding format for writing the encrypted key Bitaddress and BTCRecover are probably the only apps which can be used to decrypt a BIP38 prvkey these days
ENCRYPTED. Ffs. FBI can’t crack AES
I recall cryptography was classified as ammunition or something. Now it's going to be fine. You can use AES as much as you like, or any of the other algorithms.
Honestly given the current political situation I would get a laptop, take out to WiFi card, do random data disk format and use Vera Crypt with decoy partition to encrypt it with AES-Twofish-Serpent and store my backup there and just memorize the seed. Jokes aside you should be OK with coldcard just don’t lose the damn seed
AES-256 is not quantum safe. You need 6.8k qubits to break it. We are at 1.2k qubits currently. Assuming moore's law applies to quantum computers, it'll take 2-3 years to have a quantum computer powerful enough. Bitcoin hopefully swaps to a quantum safe encryption by then, but doing so is non-trivial. Apple's pq3 is not completely quantum safe, and dilithium is weak against classical computers.
I mean, you say people are not imagine its magical, yet your comment make it look like that. Let's assume you have a big QC available. Its good enough to break known algorithms vulnerable to Shor, like RSA, ECDSA or Diffie Hellman. It is not good enough to break other stuff, even if it can get an advantage via Grover like SHA or AES. Company A is your target. It's one of those systems you want to fill with trojans, rootkits, backdoors, escape hatches and who the fuck knows. Let's make things easy for you, one of Company A employees have connected to company A VPN from a public wifi that you got access to. You were able to steal the traffic and get that employee credentials. Because Company A is not making use of two factor authentication for the VPN, so you can now connect to Company A VPN as that user, and to make things simpler, you now have shell access to one server in the company as that user. Now what? QC helped you get to this point, but now you have a problem. QC will not give you root access out of the blue, and every action you do from now on has the chance to expose you. Just the act of connecting to the VPN itself can be easily flagged by the security team (two connections from different geographical zones or you connecting via VPN from the outside while the employee is known to be in the office). You could set up an alternative access bypassing the VPN, but that will most likely be flagged by the networking team too. Even if you manage to get a local privilege escalation and become root (that could be quickly flagged, btw), you still need to potentially do multiple jumps to different computers in the company before you can set all your stuff. And this is not a wifi, this is now a wired network. You won't see traffic that wasn't directed to your server. I guess your best bet would be to try to connect to a kerberos AS or go back to the VPN, see if you can snoop more credentials of users. But unless someone connects to those servers from the one you are on right now, you don't really have a way to do it. QC helped you with the initial step, getting those initial credentials, but the rest? No, everything else is up to you. How long until you get find out?
> Open AI's Q-star cracked AES-192 last November. *Allegedly*. Don't just talk about rumors as if they are proven truths.
Yawn, quantum computers are like nuclear fusion, always decades away, if ever. AI is the real risk. Open AI's Q-star cracked AES-192 last November. It's very possible they could train a model that can take any wallet address and tell you what the private key is.
>God forbid for instance if someone figures out how to use quantum computing to instantly mine BTC and solve for all the “lost” wallets. Bitcoin price would finally stabilise, at $0... But if they crack AES-256 Encryption or hashing, society is going to have bigger issues than the value of Bitcoin.
on a text file with a very vague and personalised password reminder, encrypted with AES 256. Then put it inside a [Veracrypt](https://www.veracrypt.fr/code/VeraCrypt/) container with a long password and PIM. Then upload and give to people on UISB sticks to keep safe.
This is not AES key. It's some proprietary blockchain.com wallet identifier. Look at their help pages and deal with them directly.
Personally, I find AES-256 sexier than any traditional art. Checkmate, ECB.
We are working on a hypothetical scenario on which a QC computer with enough qbits to break ECDSA can actually be built. Whether our current inability to produce one is a technical limitation or a physical limitation I don't know. The number of qbits on existing QC has been increasing, and the pace has increased too, but they are still very far from the amount of qbits that will be needed to effectively break ECDSA. Whether that point is reachable or not is still to be determined. It is clear based on the amount of investment there is enough people that believe it can be scaled, but it is also true that just because enough people believe something can be done, it doesn't mean it can. Regarding bank and session cookie, yes, that is the whole point of decrypting the traffic, either get the username/password or pick the session cookie. But that doesn't change anything. I don't know how is it with your bank, but in mine, logging into my bank allows me to do some basic operations (like check my accounts), but when I want to send a transaction, it will not go through without a second validation, be it SMS or 2FA (authenticator). I put the example of SMS because it may be simpler to hijack (and I didn't even mentioned banks blocking transactions that look suspicious, which would be another hurdle), as 2FA is based on a shared secret and is QC resistant. I assume there are banks out there that allows for transfers without the extra security, but I wouldn't be confident using them. After all, stealing credentials or cookies can happen without a QC. Regarding AES, you mention that nothing is resistant if you have the private key. And that is true, whether you have a Quantum Conputer or not. But having a QC does not magically break AES and tell you the private key. It does reduce it's security when performing Grover's attacks, but that means AES-256 would be as secure to a QC as AES-128 is to a regular computer. And we are very still far from breaking AES-128 with classical computers. So that leaves us with the idea of "If you have a QC, is Bitcoin worth attacking?" It certainly represents a lot of money, and by carefully choosing what wallets to attack, a lot of money could be extracted from the system before being detected. Sure, other targets exists, but as we discussed, it is not "point & click", you don't "just hack the bank and get the money".
> But if that machine were to be built, it would be vulnerable you mean if it **could** be built. Seems the laws of physics are not allowing for it. >, there is an SMS that needs to be sent. they dont need to use it anyway; they can just take your session cookie straight up and use your session >(not so easy honestly, most wifi are protected by AES, which is QC resistant its nothing resistant if you have the private key. > don't need to attack your communication to the bank and your SMS or your DNS or something like that. I just need to look for wallets I can hack bitcoin is a tiny fraction of the economy compared to what fiat / government assets you could attack, and it would immediately show your hand and lose value. Noone is going to bother when they could get so much more by attacking higher value targets. but its all moot; because Qubits cannot scale.