mnemonic-hash-checker: use bloom filter to optimize lookup

2023-08-07 22:35:11 -05:00 · 2023-08-07 22:35:11 -05:00 · 9a1312fa16
parent 496df4b353
commit 9a1312fa16
3 changed files with 71 additions and 13 deletions
--- a/mnemonic-hash-checker/src/bloom.rs
+++ b/mnemonic-hash-checker/src/bloom.rs
@ -2,7 +2,9 @@ use std::{fs::File, io::{BufReader, Read}, path::Path};

 use color_eyre::eyre::Result;
 use bloomfilter::Bloom;
+use tracing::info;

+#[tracing::instrument]
 pub fn load(file: &Path) -> Result<Bloom<String>> {
    let file = File::open(file)?;
    let length = file.metadata().unwrap().len();
@ -31,9 +33,11 @@ pub fn load(file: &Path) -> Result<Bloom<String>> {
        (u64::from_be_bytes(sk10), (u64::from_be_bytes(sk11))),
    ];

+    info!("Reading {length} bytes into memory");
    let mut bitmap = vec![0; (length - 8 - 4 - 32) as usize];
    buf.read_exact(&mut bitmap)?;

+    info!("Generating bloom filter from loaded bitmap");
    Ok(Bloom::from_existing(
        &bitmap,
        number_of_bits,
--- a/mnemonic-hash-checker/src/index.html
+++ b/mnemonic-hash-checker/src/index.html
@ -18,11 +18,67 @@
  </head>
  <body>
    <div class="container">
-      <h1>MilkSad Lookup Service</h1>
+      <h1>Milk Sad Lookup Service</h1>
      <p>
-        Query a SHA256 hash of your mnemonic phrase. <b>DO NOT ENTER</b> your
-        mnemonic phrase in cleartext. To generate a hash of your mnemonic, use:
-        <code>echo -n "milk sad wage cup reward umbrella raven visa give list decorate broccoli" | sha256sum</code> with your mnemonic.
+        To help people identify if they are impacted by Milksad, we are
+        providing a web service to check if your mnemonic is in the vulnerable
+        set. Note that this service <i>only</i> covers mnemonics impacted by
+        Libbitcoin Explorer (<code>bx</code>) versions <code>3.0.0</code> to
+        <code>3.6.0</code>, though it may be updated over time to cover other
+        related vulnerabilities we are researching.
+      </p>
+
+      <h2>Who should use this tool?</h2>
+      <ul>
+        <li>
+          If you know you generated your wallet with <code>bx 3.0.0</code> or
+          higher (after March 2017)
+        </li>
+        <li>
+          If you know you generated your wallet with a CLI tool, but don't
+          remember which tool.
+        </li>
+      </ul>
+
+      <h2>What do the results mean?</h2>
+      <ul>
+        <li>
+          Vulnerable means that we are 99.99% sure your mnemonic is vulnerable
+          to being brute forced. You should recreate your mnemonic and move
+          your funds.
+        </li>
+        <li>
+          Match Not Found means that we do not have a record of your mnemonic,
+          but it does not mean it may not be impacted by other issues. If you
+          are not certain your wallet is secure, you may consider changing
+          regardless.
+        </li>
+      </ul>
+
+      <h2>Security and Privacy</h2>
+      <p>
+        We do not want to store BIP39 mnemonics for this lookup service, or
+        have people submit their BIP39 mnemonic private keys to us, so we had
+        to sacrifice the user experience to provide this service safely. Our
+        server contains SHA256 hashes of all currently known vulnerable
+        mnemonics, so you can submit the SHA256 hash of your own mnemonic and
+        see if it is in our set.
+      </p>
+      <p>
+        Please note that it is usually a <i>very</i> bad idea to follow
+        invitations from strangers on the internet when it comes to sharing
+        something about your wallet private keys. Typically they are scammers
+        with bad intentions. We're aware of this and want to avoid being a poor
+        example, so we decided to avoid including a convenient HTML input field
+        to do the hashing for you (and could steal your mnemonic in the
+        process). Users must bring their own SHA256 hash of their mnemonic
+        ideally calculated in their own offline machine. If other people offer
+        a similar lookup service, especially one that accepts a mnemonic as
+        input, please be very cautious.
+      </p>
+      <p>
+        For those wishing to limit metadata sent to us or our service provider,
+        we encourage using Whonix/Tor.
      </p>

      <form action="/check" method="get" enctype="multipart/form-data">
--- a/mnemonic-hash-checker/src/main.rs
+++ b/mnemonic-hash-checker/src/main.rs
@ -7,7 +7,7 @@ use axum::{
    http::{header::CONTENT_TYPE, StatusCode},
    response::{AppendHeaders, IntoResponse},
    routing::get,
-    Json, Router,
+    Router,
 };

 use bloomfilter::Bloom;
@ -76,13 +76,11 @@ struct CheckQuery {
 async fn check_hash_slug(
    query: Query<CheckQuery>,
    State(state): State<Arc<AppState>>,
-) -> (StatusCode, Json<bool>) {
-    let result = check_hash(&query.sha256, &state).await;
-    let status_code = match state.bloom_filter.check(&query.sha256.to_string()) {
-        true => StatusCode::OK,
-        false => StatusCode::NOT_FOUND,
-    };
-    (status_code, Json(result))
+) -> (StatusCode, &'static str) {
+    match state.bloom_filter.check(&query.sha256.to_string()) {
+        true => (StatusCode::OK, "vulnerable"),
+        false => (StatusCode::NOT_FOUND, "match not found")
+    }
 }

 #[tokio::main]
@ -108,7 +106,7 @@ async fn main() -> Result<()> {
        .layer(CatchPanicLayer::new())
        .layer(TraceLayer::new_for_http());

-    info!("server go nyoom");
+    info!("server go nyoom: {addr}");

    axum::Server::bind(&addr)
        .serve(app.into_make_service())