Bitcoin Giant Mt. Gox Promises to Change Post-Hack
I like to think that I am up on some of the latest developments on the ole interwebs but the truth is I only know what I care about and distributed computing isn't on my radar. However when Podcast Co-Host, Darren, sent me this news story it sparked my interest.
A virtual currency system that can be traded for actual USD, and much like the stock market these Bitcoins have an exchange rate that changes on a regular basis. However, here is the kicker to get Bitcoins you "mine" for them by running a program that generates a "block" that ends up being worth about 50 Bitcoins. You can then take that "block" and trade it for real currency.
At the current exchange rate that works out to be about $850US.
Of course with the good comes the bad which is the basis of this news report, it would seem people have tried to fraud the system, which turned out to be rather easy since they only used MD5 encryption to secure user accounts.
The fact that Mt. Gox was using salted MD5 is somewhat disappointing as for a financial institution -- particularly an exchange that handles nearly 90 percent of the $130M+ USD of Bitcoins in existence -- you would expect them to only use the latest and greatest in encryption (like the salted SHA-512, which they are now migrating too).
The fact that up until 2 months ago they used unsalted MD5 -- which has been easily crackable by rainbow tables and brute force attacks for years -- is downright disturbing. As it is, it appears very, very lucky that Mt. Gox decided to migrate to salted MD5 when it did. Otherwise the damage might have taken weeks or months to revert, not days.
They claim that the new accounts will be encrypted using SHA-512 so account information will again be secure, but if you read carefully as part of the "upgrade" the Mt. Cox exchange also rolled back all transactions to a previous time and thus negating any trades that occurred during the missing timespan and in the process also altered the exchange rate.
Bottom line, this is like shorting a stock right before a major disaster.
Related Web URL: http://www.dailytech.com/Bitcoin+Giant+Mt+Gox+Prom...
