WARNING WARNING TL;DR Material Ahead.. Proceed at your own peril!
Yeah, I'm not real hot on Mt. Gox's Yubikeys, which costs like $30 and are only usable with Mt. Gox (my understanding; someone please correct me if I'm wrong). I'm not sure I actually trust Gox to implement multi-factor auth correctly, or any type of security (I don't like their new password hashing scheme, for example, which still seems lacking).
Yawn, for real though?! I read about some script kiddie saying what they are doing isn't secure, so it must not be..
Back up your claims with some facts and figures son... you'll get more respect.My original MT.Gox password was "R8YC2txHc1RWtScewxid" and is listed in its MD5+Salt format in the hack DB as "$1$9W57ShSS$H37Nb7ik2PUf2WY/p/OEl.)"
Lets try that with a multi-iteration triple salt.. lets see what we get...(Honestly I don't know what that is, but I'll try, lol)
mkpasswd -m sha-512 R8YC2txHc1RWtScewxid <- This will produce a random 128bits of salt which will be used for the next 3 iterations, combined with the 512bit hashed output of my original gox password...
Produces this output "$6$86Ev9OHO/tSQ/NsH$dadWFKTBwRv7hzHDE721AWlALB14RggRquYrJwYm5XrKzYjSdPduedhlPQe.68Pdn6gDDrBAyYgVbizCxY72O."
Now we use that random salt to apply a secondary SHA-512 to that with this command
mkpasswd -m sha-512 dadWFKTBwRv7hzHDE721AWlALB14RggRquYrJwYm5XrKzYjSdPduedhlPQe.68Pdn6gDDrBAyYgVbiz CxY72O. 86Ev9OHO/tSQ/NsH
Produces this output "$6$86Ev9OHO/tSQ/NsH$NbFEw6ToZrAnGai3kVDp1GbqY5iX7o0zu41iMelKnbjBvR/xUMAbxQ3Zk3egojw8GxXUlzGVTyCBT7NhKbLyE."
Now for the final iteration of SHA-512 using the same salt one last time...
mkpasswd -m sha-512 NbFEw6ToZrAnGai3kVDp1GbqY5iX7o0zu41iMelKnbjBvR/xUMAbxQ3Zk3egojw8GxXUlzGVTyCBT7NhKbLyE 86Ev9OHO/tSQ/NsHProduces this output "$6$86Ev9OHO/tSQ/NsH$BBh.ljcEs8wqAWtpm1CAsoCpuAKXVPh8WJaTsr/H9o8uPXD9Qa5vDyHZkIhHWtoRSm.qLQkmJ7qXcDrsSbtJ90"
Yeah.. good luck with that.. even though its considered a speedier hash in comparison to bcrypt, its still 100% NON REVERSABLE, it has a HUGE output which is for all intents and purposes completely collisionless.
I used Steve Gibsons "Password Haystacks" tool to do some sample calculations on what would be required to crack my current MT.Gox password.
OMGWTFBBQ.. you are right.. My MT.Gox account is terribly terribly insecure.. what will I ever do now!?!?! Oh noes, and I gave away its length too!! I'm a goner!
Just because some group of guys say bcrypt is better, doesn't automatically make SHA-512 insecure today... Take my advice and use a better password than "Poop" or "123456".. Take advantage of that LastPast you have to generate something wicked..
And don't be critical of people who
MIGHT know more than you.. you sound like you are trying to make everyone else's words your own.
My Yubikey was free.
While LastPass is a great password management service that can generate, store and automatically submit complex passwords for many sites, believing that this is a viable replacement for a site specific multi-factor authentication system is just flat out incorrect advice to give. The fact that you are storing passwords in LastPass, and using the Yubikey to access them does not stop anyone from compromising any account if password has been compromised. You understand the difference, right? In your scenario the Yubikey is used as a secondary factor for LastPass.
No offense intended to the OP, but I feel it's kind of a bad idea to keep both your Yubikey and your flash drive with your wallet.dat on the same keychain, because if someone steals it not only are you locked out of Mt. Gox (at least temporarily), but it makes it easier for the thief to mount an attack. You're also probably more vulnerable to the $5 wrench attack:
http://xkcd.com/538/ Having a super "military strength" crypto flash drive kinda signals you have something secret and potentially valuable in your pocket. I'd prefer to have an unassuming flash drive with a hidden Truecrypt volume on it:
http://www.truecrypt.org/hiddenvolume or something equivalent.
Same sentiments here in hoping that no offense is taken.. I don't think you are trying to intentionally trying to mislead people into making poor security decisions, but I do think you havent fully thought through everything you said.
You are just repeating what you think is true .. because thats what someone else wrote.
How would the attacker be able to mount an attack by getting access to both my ironkey & yubikey? (The other drive you see is empty, its a tool.) Did you just make that up hoping no one would call you on it? The $5 wrench attack would NEVER work as an attack vector against the Yubikey or Ironkey.. HOW!?! The ONLY way he would get any of my Bitcoins would be if my car was broken down, and he used the wrench to help get it going, I would give him a few coin, and say THANKS!!
Question.. Have you actually attempted using TrueCrypt as a roaming data security solution for any period of time with any level of convienience?
My experience was that mounting a TrueCrypt volume requires the same level of system access that enable the components that modern rootkits use to be completely undetectable, stuff like TDSS, Aleureon, and newer more sophisticated EVIL EVIL PROGRAMS capable of interacting with the kernel of an operating system, and its those undetectable things that will eat both your USB drive AND your bitcoins alive. munch munch munch.. burp.
http://www.truecrypt.org/docs/?s=non-admin-usershttp://www.truecrypt.org/docs/?s=truecrypt-portableYou do realize that a truecrypt drive is pretty easy to get into, right?... If I got my hands on it, I could copy it, and recompile your truecrypt with a version that sends me your password, or return it with a virus or utility program could pull the keys right out of a systems RAM any time its mounted. If it sent those keys back to me, I could then mount the copy I made right before I returned your drive!! cake.
http://www.truecrypt.org/docs/?s=unencrypted-data-in-ramhttp://www.truecrypt.org/docs/?s=paging-filehttp://www.lostpassword.com/hdd-decryption.htm Considering one has to have net access to send and confirm Bitcoin transactions anyway, it might be best to just keep several copies of your wallet.dat encrypted and sprinkled around the interwebs in secret locations. For long term storage, e.g.: in safety deposit box or under the bed, I do not trust magnetic media. I do however like the idea of storage on paper, but I haven't seem a really good implementation of that yet.
Just my .02 BTC.
Do you truely believe that sprinkling your wallet.dat all over the interwebs might just be the best approach to keeping your wallet.dat available and secure?. If any one of those files gets uncovered and decrypted you might find that those efforts were all in vain. Remember the bitcoin community has a higher level of knowledge & capability in that area.
What implementations of paper based storage of bitcoins have you explored? What is wrong with paperback? I found it to have high levels of resilience against damage, highly recoverable, and additionally it was configurable with strong FIPS-197 compliant AES encryption via a configurable password. Check it out (
http://www.ollydbg.de/Paperbak/index.html) or does this not live up to your security standards either!?! Here is a nice sample to print and scan back in.. the password is "bitcoin"
http://www.mediafire.com/?yks2s9251yfvywyWell anyway... If you think I'm wrong you can tell me again.. I really don't mind, it helps me learn. The ONLY weakness I can perceive would be the act of using your bitcoins on a foreign computer, ever, which is an unavoidable weakness... The ironkey will allow you to run a portable VM like tinylinux, or ubuntu even if you have the space.
If you are looking to buy something a little less expensive.. that Kingston Locker+ posted by the previous poster is the closest thing yet I have seen to an Ironkey for such a low cost.. its a schweet deal for the money!! it uses the same techniques, minus a few features, and no linux support, Not recommeded for VM usage.
