Developer posts secret key on GitHub, loses $40K in 2 minutes - eviltoast
  • Web3 developer Brian Guan lost $40,000 after accidentally posting his wallet’s secret keys publicly on GitHub, with the funds being drained in just two minutes.
  • The crypto community’s reactions were mixed, with some offering support and others mocking Guan’s previous comments about developers using AI tools like ChatGPT for coding.
  • This incident highlights ongoing debates about security practices and the role of AI in software development within the crypto community.
  • lurch (he/him)@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    10
    ·
    edit-2
    5 months ago

    the format of the encrypted file can give the attackers an advantage. if your code reads the decrypted file, the attacker can guess the first line is a comment or the name of a setting. a savvy person can combine that with the algorithm to perform a “known plaintext attack”, for example by generating a number of possible passwords that would lead to files starting like that.

    • barsquid@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      5 months ago

      That’s smart. Anyone trying that should definitely have a machine-generated strong password!

    • Natanael@slrpnk.net
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 months ago

      That’s not quite the definition of known plaintext attack (cryptography nerd here), that’s bruteforce with a “crib” to use older terminology (known patterns which allows you to test candidate keys).

      A known plaintext attack is defined as an attack on the algorithm to extract the key faster than bruteforce with analytical attacks.