Print 33 comment(s) - last by Motoman.. on Jun 24 at 2:20 PM

Until 2 months ago, Mt. Gox was using unsalted MD5 hashing to protect its Bitcoin users' passwords. The site was lucky -- very lucky -- that it added the salt right before it lost its database.  (Source: Google Images)

Bitcoin enthusiasts have been forced to realize that exchange closures are a reality of modern economics.  (Source: Nerd Merit Badges)

A very real unresolved issue facing the market is what to do about botnet miners.  (Source: Google Images)
Market still hasn't been reopened, three days later

DailyTech was among the first to report on the massive hack of Mt. Gox and was the first to correctly note that the world's largest Bitcoin exchange was using a mix of unsalted MD5 (very insecure) and salted MD5 (somewhat secure) passwords.

Since the Sunday events, Mt. Gox has been scrambling to reopen and reform.

I. Confirmation -- Insecure Standard Was Used for Over a Year

Mt. Gox revealed on Monday that the forum posts by administrators and Mt. Gox users (which we cited) were correct -- some of the accounts were unsalted.  

Mark Karpeles, spokesperson for the Japan-based exchange writes:

If you receive ANY email which seems coming from Mt.Gox asking you to download something (certificate, generating program, etc), DO NOT DOWNLOAD. Do not either input your password on any site which is not MTGOX.COM.

[Update - 2:06 GMT] What we know and what is being done.

    • It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.
    • Two months ago we migrated from MD5 hashing to freeBSD MD5 salted hashing. The unsalted user accounts in the wild are ones that haven't been accessed in over 2 months and are considered idle. Once we are back up we will have implemented SHA-512 multi-iteration salted hashing and all users will be required to update to a new strong password.
    • We have been working with Google to ensure any gmail accounts associated with Mt.Gox user accounts have been locked and need to be reverified. 
    • Mt.Gox will continue to be offline as we continue our investigation, at this time we are pushing it to 8:00am GMT. 
    • When Mt.Gox comes back online, we will be putting all users through a new security measure to authenticate the users. This will be a mix of matching the last IP address that accessed the account, verifying their email address, account name and old password. Users will then be prompted to enter in a new strong password.
    • Once Mt.Gox is back online,  trades  218869~222470 will be reverted. 
The fact that Mt. Gox was using salted MD5 is somewhat disappointing as for a financial institution -- particularly an exchange that handles nearly 90 percent of the $130M+ USD of Bitcoins in existence -- you would expect them to only use the latest and greatest in encryption (like the salted SHA-512, which they are now migrating too).

The fact that up until 2 months ago they used unsalted MD5 -- which has been easily crackable by rainbow tables and brute force attacks for years -- is downright disturbing.  As it is, it appears very, very lucky that Mt. Gox decided to migrate to salted MD5 when it did.  Otherwise the damage might have taken weeks or months to revert, not days.

While there's no proof of causation, perhaps the attacks on Sony Corp. (TYO:6758) proved a wakeup call for Mt. Gox.  As a result it decided to patch up its blatantly unacceptable hashing scheme with a slightly better one, just in the nick of time.

II. Out With The Old, In With the New

At least Mt. Gox seems to have learned its lesson.  It writes:
  • SHA-512 multi-iteration salted hashing is in enabled and ready for when we get users reactivating their accounts
  • We are going to push our relaunch time to 2:00am GMT tomorrow so we have time to launch a our new backend and withdraw passwords.

Thanks to everyone sending the supportive emails and our extremely patient users.

This is a very good sign.  In and of itself "salting" the hash is an approach whose quality is highly dependent on how often you use the same salt.  While not as good as unique salting, iterative salts promise that the same salt is not used for all users' hashed passwords.  Thus it's harder to crack.  Combined with the superior strength of SHA-512, this scheme should be very strong by today's cracking methods and computing power, as long as the code that generates the salts is never leaked.

Yesterday the site informed users:

You can now file requests to recover your Mt.Gox account. Each request will be verified and accounts which are confirmed secure will be recovered with the provided email and password.

And today it had good news to report, writing:

We're happy to report that over 10% of our user base have already reclaimed their accounts. Newly reclaimed accounts require strong passwords which are secured with SHA-512 multi-iteration triple salted hashing

For the time being, deposits that were send to Mt.Gox accounts that were not in accounts before we took things offline will be in a "pending" status. Once we have the new backend in place, we will start processing these pending deposits and withdraws. Also, shortly after the backend is up and running we will allow customers with newly reclaimed accounts to login to Mt.Gox, and use the site as per usual, with the exception that active trading will be disabled. Users may place orders to buy or sell, but they will be queued until we enable trading, which will most likely be a couple of hours after users are able to login to Mt.Gox. 

Thanks again for your continued patience and understanding while we work to get Mt.Gox back online.

The exchange will reopen at $17.50 USD per Bitcoin.  Expect a reopening sometime later this week or next week.

III. An Important Lesson, But More Tough Questions Remain

The Mt. Gox incident was a valuable lesson to the proponents of Bitcoin.  

First, it taught them that no matter how "evil" it seemed, there are absolutely cases where markets must be closed from trading.  Hopefully, this will now lead to the major exchanges agreeing to close trading early on some days to slow the violent volatility from major inflation or deflation, making Bitcoins "more currency-like".

Second, it taught anyone who runs a Bitcoin exchange that it's absolutely mandatory to use the latest in hashing and salting technology.  Weak hashing alone was not enough to protect Mt. Gox, as its attackers quickly exploited over 1,000 accounts.

Bitcoin users can learn a similar lesson from these events -- they must strongly encrypt their local wallet.dat file.  There are now trojans in the wild that are stealing Bitcoins from open wallets.  The moral of the story -- the necessity of encryption -- is thus equally applicable on both sides of the Bitcoin use (pun not intended).  

Of course, additionally, just don't store your wallet on systems you believe might be compromised as an optimistic trojan could wait for you to decrypt your wallet file and then strike.

That said, one very daunting question still facing Bitcoin is the question of mining abuses.  A recent Symantec article wrote that botnets of infected computers could mine Bitcoins to make as much as $100,000 USD a month.  Such abuse is a major threat to the burgeoning Bitcoin economy if it becomes prevalent as it will both rob innocent miners of their loot and delegitimize the movement itself by equating Bitcoin mining to supporting the spread of malware.

This is a far more troubling problem than the previous ones.  The community will have to think long and hard to come up with a good answer.


Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Can I just ask...
By Motoman on 6/22/2011 3:25:28 PM , Rating: 1
...WTF can you buy with bitcoins?

RE: Can I just ask...
By JasonMick on 6/22/2011 3:28:26 PM , Rating: 2
...WTF can you buy with bitcoins?

Not great, still, but it's a start.

Hey you can buy Newegg gift cards with them (via Bitegg) so there's one use you and other readers could likely appreciate...

RE: Can I just ask...
By Motoman on 6/22/2011 3:33:20 PM , Rating: 2

Still don't get it though...the "mining" for them makes no sense. There's no basis for their value. It's just...wacky.

RE: Can I just ask...
By cochy on 6/22/2011 3:41:29 PM , Rating: 2
If people want them, they have value.
If they have value, people will mine them.

RE: Can I just ask...
By gamerk2 on 6/22/2011 4:00:10 PM , Rating: 3
Exactly. The USD has value because people want it. Gold has value because people want it. Things have value, becasue people want them.

Its that simple.

RE: Can I just ask...
By Motoman on 6/22/11, Rating: -1
RE: Can I just ask...
By Bob45885 on 6/22/2011 5:05:42 PM , Rating: 5
"The USD has value because the US government provides a guarantee of it's value."

Oh really?

So the US Government has promised you that you'll be able to buy WHAT for a dollar? A loaf of bread? oh no.. those days are over. A gallon of milk? nope. Those days are over too.

Think about what you are saying. There is absolutely NO guarantee by the US Government that the dollar is worth ANYTHING. Perhaps you missed the memo, when Nixon eliminated the gold standard - the last time that the dollar had any guarantee. Even then, you couldn't knock on the doors of Ft. Knox and ask for your nugget of gold!

You need to read up on the definition of fiat currency. Because you are flat out, 100%, totally and completely incorrect.

RE: Can I just ask...
By Motoman on 6/22/2011 9:55:22 PM , Rating: 4
The US government guarantees that the US dollar is valid to settle debts both public and private. That is 100% correct. That's what I was referring to - obviously inflation and whatnot control what a dollar can actually buy.

Bitcoins have no one standing behind them - no validity for settling debts, nothing.

That's a big difference between the 2 currencies.

RE: Can I just ask...
By B3an on 6/23/11, Rating: 0
RE: Can I just ask...
By Motoman on 6/23/2011 2:18:31 PM , Rating: 2
So did POGs.

I'm going to have a hard time putting any faith in a currency that has "value" because "many people" are "standing behind them."

RE: Can I just ask...
By BansheeX on 6/22/2011 6:37:17 PM , Rating: 2
Federal Reserve notes have a coerced value because the government has declared them legal tender and requires you to pay taxes in them. It also expects you to pay capital gains taxes on gold if you convert it to FRN after new FRN are issued. If not for all of that force behind FRN, there is no way people would have "accepted" them into use. A free market would be using encased gold milligrams or something. I suppose if you threaten jail and theft on alternatives, then people "want" unbacked paper with an issuer, but c'mon... there's nothing voluntary about where we are.

RE: Can I just ask...
By Motoman on 6/22/2011 9:58:40 PM , Rating: 1
POGs had value because people wanted them.

The US dollar has value because it's the government-backed currency of the's what all wages are paid in, and what debts (both public and private) are paid in. No one "wants" dollars - they get them from their employer, and they spend them to get things.

I have a feeling that Bitcoins are nothing more than electronic POGs.

RE: Can I just ask...
By JasonMick on 6/22/2011 3:42:59 PM , Rating: 2

Still don't get it though...the "mining" for them makes no sense. There's no basis for their value. It's just...wacky.

As I understand it the purpose for mining is to seed initial wealth.

This is a somewhat foreign concept in the world of real world currencies, which typically evolved over hundreds of years, based on the trade of real world commodities like gold or furs. But in effect, these resources did serve as a seeding mechanism for initial wealth. By the time the currency evolved into an abstract (non-commodity based) entity, wealth was already seeded....

The idea with Bitcoin is to skip the commodity phase and compress the seeding process to a couple decades rather than a couple centuries, by seeding by computing an algorithm.

Once wealth has been injected in the system, the idea is that it will trickle down to form a large economy, similar to the ideas of President Reagan...

RE: Can I just ask...
By idiot77 on 6/22/11, Rating: -1
RE: Can I just ask...
By Bob45885 on 6/22/2011 5:07:00 PM , Rating: 2
The mining process is to reward people who process transactions.

RE: Can I just ask...
By idiot77 on 6/22/11, Rating: -1
RE: Can I just ask...
By Darkskypoet on 6/22/2011 4:04:18 PM , Rating: 2
The 'mining' also handles transaction verification and transmission. Eventually the mining new bit coins goes the way of the dinosaurs, and transaction fees funds the compute power of the 'miners'.

RE: Can I just ask...
By Reclaimer77 on 6/22/11, Rating: -1
RE: Can I just ask...
By futrtrubl on 6/22/2011 7:55:14 PM , Rating: 2
Consider it people being paid by the issuer to make the system more secure. That's what the mining does, runs an algorithm so that transactions cannot be faked.

RE: Can I just ask...
By Taft12 on 6/23/2011 2:33:23 PM , Rating: 2
Still don't get it though...the "mining" for them makes no sense.

Oh it makes plenty of sense to me: Millions of dollars to the early adopters!

RE: Can I just ask...
By Paulywogstew on 6/22/11, Rating: -1
RE: Can I just ask...
By amanojaku on 6/22/2011 3:44:26 PM , Rating: 2
Bitcoins are like casino chips: they aren't issued by a government, and their value isn't based on anything realistic. You can "cash them in" at an exchange that recognizes the value of bitcoins. The exchanges and the holders form a giant p2p network to enable transactions.

RE: Can I just ask...
By Motoman on 6/24/2011 2:20:48 PM , Rating: 2
Not really.

I can go to a casino, buy a $1,000 chip, and carry it around for a while. Then I can go back to the cashier and get $1,000 back for it. Guaranteed.

Or, I can buy $1,000 worth of Bitcoins, hang onto them for a bit, and then go to sell them again...only to be told "oh, yeah, the market isn't so good right now - those are worth fitty cents now."

Although the allusion is valid - Bitcoins are a gamble. But they're not analogous to the casino's chips - they're analogous to the action of rolling the dice itself.

RE: Can I just ask...
By interstitial on 6/24/2011 12:43:43 PM , Rating: 2
It's often used to pay for criminal transactions as the transactions aren't easily(/at all?) traceable and escrow services can be used. This makes it a good method of transaction for drug dealers/hitmen/hackers etc.

Better article picture...
By Iaiken on 6/22/2011 4:08:11 PM , Rating: 2
RE: Better article picture...
By soydios on 6/22/2011 5:31:39 PM , Rating: 2
can you add a potential NSFW on such things?

RE: Better article picture...
By IcePickFreak on 6/22/2011 10:09:54 PM , Rating: 2
He wouldn't have to if you finished those TPS reports instead of slacking off. ;)

I think Symantec is off its mark a wee bit.
By Darkskypoet on 6/22/2011 4:02:59 PM , Rating: 2
Couple of issues with Symantec opening up their norton pushing pie holes.

1. Most bot nets are comprised of somewhat crapier systems then what BTC miners are using... CPU mining is ineffective as a percentage of mining compute power. For instance, a Radeon 6950 will churn out 320-340 MH/s... A hexacore i7, about less then 10 MH/s. Considering that most people rocking good hardware, are some what above the average user in capabilities, A bot net would have to be very large to make a dent in the proportion of 'shares' being mined.

Further, in cases where said systems did have decent gpus, the extra heat / noise / etc is a genuine tip off that something is wrong with your system... not to mention other issues that occur when one is mining on a daily use system.

These systems would scream 'I am really messed up, please fix me'.

2. Lets say all of that was overcome and a botnet was mining... all it would do is knock the difficulty of the next set of blocks up immensely. So even if for the first week or two, the botnet was generating bit coins hand over fist, as soon as the next interval of blocks to mine was opened, the difficulty would be reset so high that it would account for this extra processing power, and negate it.

At this point it comes down to who owns what percentage of compute power as to who recieves what portion of the BTC mined. However, taking into account both 1 and 2, the botnet would not be generating that much revenue, and would get pushed out to the corners unless the botnet was comprised of OpenCL-able or CUDA capable GPUs.

By DanNeely on 6/22/2011 4:20:24 PM , Rating: 2
The trojans aren't doing mining. They're just adding StealBitCoins() to the list of functions they run on every infected box.

By letmepicyou on 6/23/2011 12:50:45 AM , Rating: 2
When they speak of "mining for bitcoins", there's something I'm not quite clear on. Evidently, they seem to rely heavily on GPU processing power (mostly from ATI/AMD). But what I don't get is what exactly is in the data you "mine", and what happens to that data once you find a "coin" ? It seems that the answer to this question just doesn't EXIST, and if it DOES exist, what, exactly, kind of data is it you "mine" and why? Things like this always seem a bit fishy to me. It would seem to me that if you want to create distributed computing project to, say, create a genetic sequencing engine that will allow someone to quickly tailor a genetic virus, or some other nefarious purpose, you would create a self-sustaining mini-society that actually pays money to attract the biggest baddest machines into the fray. Where are the answers to the question "what data is in a bitcoin mine?" and "where does the mined data eventually end up and who controls it?"
That's what I'd like to know.

By Holy-Fire on 6/23/2011 4:43:37 AM , Rating: 2

Mining means calculating hashes of a block header consisting of a merkle root of transactions, the hash of the previous block, some other stuff and a nonce. The hash must be numerically low enough to make a valid block. This is tried many times with different nonces until a valid block is found. This system makes it hard to find blocks and hence hard to reverse transactions. The more people mine, the harder double-spending becomes.

This is a peer-to-peer network based on open-source code. Nobody controls it. You can look at the source code to see exactly what it does. There's no conspiracy.

See also

Wrong Info
By Flunk on 6/22/2011 4:04:07 PM , Rating: 2
they must strongly encrypt their local wallet.dat file.

This isn't too useful if they have access to your system. If you ever want to use your wallet you have to decrypt it first and if your opponent is anything but a complete idiot they will just write then trojans to wait for you to decrypt and mount your wallet before they steal it.

The correct way to secure your wallet is to secure your system so that it's never infected in the first place (because once that happens you're effectively done).
By dacoinminster on 6/23/2011 10:16:21 AM , Rating: 2 is just one exchange. I use, which has lower fees and seems more professional to me. I have a code that will get you 10% off your fees there if anybody wants to buy or sell bitcoins on TH-R1168

"Intel is investing heavily (think gazillions of dollars and bazillions of engineering man hours) in resources to create an Intel host controllers spec in order to speed time to market of the USB 3.0 technology." -- Intel blogger Nick Knupffer

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Laptop or Tablet - Which Do You Prefer?
September 20, 2016, 6:32 AM
Update: Samsung Exchange Program Now in Progress
September 20, 2016, 5:30 AM
Smartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki