How we recovered $XXX,000 in Bitcoin from an encrypted zip file

Presented at DEF CON 28 (2020) Virtual, Aug. 8, 2020, 1:30 p.m. (30 minutes)

About six months ago, a Russian guy contacted me on LinkedIn with an intriguing offer. He had hundreds of thousands of dollars in Bitcoin keys locked in a zip file, and he couldn't remember the password. Could I break into it for him? He found my name by reading an old cryptanalysis paper I wrote nearly 20 years ago. In that attack, I needed five files to break into a zip archive. This one only had two files in it. Was it possible? How much would it cost? We had to modify my old attack with some new cryptanalytic techniques and rent a GPU farm, but we pulled it off. Come hear how.

Presenters:

• Michael Stay - CTO, Pyrofex Corp.
  Mike Stay was a reverse engineer and cryptanalyst in the 1990s, worked for six years on Google's security team, and is currently the CTO of Pyrofex Corp. @metaweta

Links:

• https://defcon.org/html/defcon-safemode/dc-safemode-speakers.html#Stay
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - Michael Stay - How we recovered XXX,000 in Bitcoin from an encrypted zip file - Q&A.mp4
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - Michael Stay - How we recovered XXX,000 in Bitcoin from an encrypted zip file.mp4
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - Michael Stay - How we recovered XXX,000 in Bitcoin from an encrypted zip file.srt (subtitles)
• https://www.youtube.com/watch?v=iFS25HfTe20