Phil Dougherty has a side hustle as a friendly hacker. By day, he’s a software developer at the University of Wisconsin, building free educational games and conducting research on the ways people play them. Meanwhile, back at home, Dougherty is the shepherd of a program that’s constantly running down ways to break into other people’s cryptocurrency wallets.
Dougherty works with folks who have lost, forgotten or incorrectly written down their Ethereum passwords, locking themselves out of their wallets and forfeiting the digital cash that’s lurking within. These people are, essentially, shit out of luck. There’s no customer support hotline for Ethereum, no security questions to answer, no “Forgot password?” link.
Cryptocurrency security relies on hashing algorithms that transform a traditional password, such as “banana$123,” into a unique string of numbers and letters, called a hash. To get specific, Ethereum wallets use a password-based key derivation function, meaning users input a unique password they can (theoretically) remember, and in return, they receive a key that serves as a unique, secure authorization code. The idea is that it’s impossible to reverse-engineer the hash to unlock a user’s base password, though a handful of algorithms have been compromised over the years, including MD5 and SHA1. However, as Dougherty’s clients have discovered, Ethereum’s security system is tight.
Click here to read more!