Presented at
The Eleventh HOPE (2016),
July 23, 2016, 8 p.m.
(60 minutes)
Bitcoin is the best thing that ever happened to bored applied cryptographers: it's a public database of keys and signatures made by quickly developed software that, when broken, drops money as if it was loot.
This talk will look at mistakes old and new that enabled attacks: from ECDSA repeated nonces to using Math.random to make keys, from double spending and transaction malleability to crappy brainwallets.
The bad news is that most vulnerable wallets were emptied a long time ago. The good news is that we get to look at how (and how fast) "cryptocriminals" operate in the process. In any case, new tools that implement some of the attacks will be demoed and released.
No need to be a Bitcoin or crypto wizard - everything you need in order to understand what those poor victims didn't will be explained.
Presenters:
-
Filippo Valsorda
Filippo Valsorda is a systems and cryptography engineer at CloudFlare, where he kicked DNSSEC until it became something deployable. Nevertheless, he's probably best known for making popular online vulnerability tests, including the original Heartbleed test. He's really supposed to implement cryptosystems, not break them, but you know how it is.
-
Ryan Castellucci
Ryan Castellucci has co-authored two papers about cryptographic attacks on Bitcoin and given talks on cracking brainwallets. For his day job at White Ops, he finds new and exciting ways to tease out the subtle differences between bots and human-controlled web browsers.
Links:
Similar Presentations: