top | item 34210845

(no title)

Would be interesting to know how his BTC were stolen. Because he is a BTC core developer, I believe he followed the best practices, like not writing down his password. So infection or keylogger?

discuss

throwaway9870|3 years ago

I am not a security person, but I can't help but wonder where the advice of not writing things down comes from? I think my wife's password book on her desk is a lot more safe than most computer experts.

kube-system|3 years ago

That advice mostly originates from security folks working in workplace environments, where passwords that are written down may be visible to people who are threat vectors.

jeroenhd|3 years ago

Password books are basically physical password managers. The only problem I have with them is that the passwords in most password books I've seen aren't very creative or random. As long as you write down randomly generated passwords instead of permutations of the names of your kids/pets/parents, I don't know what people are panicking about.

The perfect password book is combined with a word you remember but don't write down as a pepper, but I doubt it's much of a problem in practice; it takes one leak of an u hashed password to break the code.

I think for many the risk of someone breaking in and stealing your password book is much smaller than the risk of a centralised password manager getting hacked (LastPass and friends).

andrewstuart|3 years ago

Say your wife is a well known Bitcoin billionaire.

And your wife bought something from my eBay store. Now I have your home address.

And if I am a ruthless character then I quietly break into your house one day with th3e objective of leaving no sign I was ever there. Search for written down passwords, take a photo, leave.

cma|3 years ago

Someone kept theirs in their wallet, and their passphrase showed up on a publicly released police body cam the other day when their insurance was checked or something.

dan-robertson|3 years ago

I think it’s reasonable advice for most people. The alternative is usually having a simpler password which is worse if your threat model is ‘hashed password shows up in big breach’. If your threat model is ‘someone turns up to your house to get your password’ your worry should not be theft of the paper.

im3w1l|3 years ago

The biggest threat with this scheme is you. After that your kids, your house keeper, your friends and visitors.

rileymat2|3 years ago

It comes from the threat model, having a password book on your desk in a cubicle is absolutely not secure.

On a desk at home? It is marginal, certainly a burglary is a low frequency event, but we also have events like fire that make it insecure in other ways.

sosodev|3 years ago

Storing most of his bitcoin in a single hot wallet seems to go against the best practices, no?

mateuszf|3 years ago

He said it was not most of his bitcoins.

https://twitter.com/LukeDashjr/status/1609618498027753472

EDIT: Right, maybe it's all

gnull|3 years ago

What is hot wallet, btw?

nextaccountic|3 years ago

he should been using a hardware wallet

and the bulk of it should be on a paper wallet, in the vault of a bank or another real world institution. the hardware used to generate this key should be wiped out. so if he followed best practices, he didn't lose this money

edit: just found out that the btc was stolen from a dedicated server on ColoCrossing. this makes no freaking sense. no server connected to internet should have access to the keys to your btc (or access to any keys that could be used to later on grab cryptocurrency keys). hot wallets should be hardware wallets, cold wallets should be acid free paper

paulpauper|3 years ago

Yes, he likely made a fundamental rookie error. Large sums should be stored completely offline.

treeman79|3 years ago

How on earth are normal people supposed to trust bit coin. When best practice is to treat it like paper money.

paulpauper|3 years ago

writing down password does nothing when there is a digital copy too and your computer is compromised