← Back to context

Comment by TheDong

2 days ago

> It's like coming across a key someone dropped on the road. You don't even know what it's for.

There's a lot of keys that are self-identifying, even real keys. My key has "Apartment Name, Apartment Number" engraved into the head, and searching the apartment name on google brings it up in the first 5 results.

Let's say you find the following plaintext on the network: "sk-xxx....". Do you know what it's for? What if it's AKIAIOSFODNN7EXAMPLE?

What if it's a list of words from the BIP-39 wordlist?

> Of course all this assumes that there's even someone paying any special attention to the probably huge volume of data that these services are going to get.

It only takes one person, and since this is HTTP traffic, not HTTPS, the number of people who can see it is huge. Everyone on your wifi (i.e. the whole coffeeshop, remember firesheep), your ISP, each router between your ISP and china, and so on.

I wouldn't be surprised if someone is scanning all traffic that they see for bitcoin private keys and BIP-39 phrases since both of those could lead to some significant financial gain.

Heck, back in the day in my college dorm I ran a wifi hotspot only to sniff plaintext traffic and poke around, since I had a less strong sense of morals, and I bet the kids these days are still doing that.

3 comments

TheDong

Reply
quesera  2 days ago

> My key has "Apartment Name, Apartment Number" engraved into the head

Hotels learned not to do such silly things several decades ago.

I'm surprised that your building management lacks such obvious wisdom.

  • TheDong  1 day ago

    It's been a real lifesaver, whenever a guest loses the guest key it just ends up back in my mailbox eventually.

    Also, like 80% of the hotels I've stayed at in the last year have the hotel name on the keycard, though admittedly they usually don't include the room number.

    The remaining 20% had physical keys with keychain fobs that had the room number and often hotel name (typically japanese ryokans do this)

    • quesera  1 day ago

      Interesting. I might live in a lower-trust society than you do.

      I'd greatly prefer to lose keys forever, anonymously, than to trust that a random human who is presented with a key and instructions for finding the lock it fits, will not be the sort to take advantage of the situation.

      In the latter case, I'm changing my locks anyway, which is far more onerous than just making a new copy of the key.