This is the first ray of hope regarding customers recovering any of their missing bitcoin though.
Or that they lost the keys to some wallets and have managed to crack one.
I guess the fact that they have to have been so staggeringly incompetent to have 200,000 bitcoins they didn't even know about makes me feel like there must be some other explanation than the one they are offering.
Attempted theft is up there.
My assumption is that they either made a mistake with the algorithm, or they lost enough chunks of the keys that they can't reconstitute the private key. This could have been as simple as a banks safety-deposit box being inaccessible because it's seized or losing the pieces.
If they were stored digitally, it could be as simple as a media problem (Organic dyes in CDR's degrade. USB drives aren't infallible, etc).
The reason they got this wallet open is because they probably recovered the private key in some ancient backup they forgot they had from before they split the keys into pieces and deleted what they thought were the only copies of the unsecured keys.
This is just my completely unsubstantiated theory, but it seems to match the current facts.
Not saying he is or isnt lying, but we cant just throw around the 'there is no good reason for him to say xyz' in this situation...
Sure, it would have required tons of computing power, but they still would have cracked the key in several weeks' time.
If you remember any details about this passphrase then you can dramatically reduce the strength? (I'm not sure of the word to use here. Someone help me out) of said passphrase.
But yes, if someone was able to crack keys in a reasonable amount of time then bitcoin would crash overnight.
No cracking. They just found a wallet.dat somewhere, that's all. If they lost the keys(as in, lost the wallet.dat with the keys in it) and were able to generate a valid private key given only a public bitcoin address... bitcoin is dead, game over, pack it up.
Now instead, if we're talking about a passphrase to a wallet.dat...
This is a realistic scenario. If the private key generation was of the same quality as the rest of their code (i.e. using a weak PRNG), the reconstructing a private key may be doable.
It's not like Bitcoin wallets weren't previously cracked using this method in the case of an Android wallet misusing the crypto API (http://arstechnica.com/security/2013/08/google-confirms-crit...)
A competent entity in possession of MtGox source code may be in a good position to steal all the loot.
Yeah. This wouldn't be a fail on the MTGox league; this would be a "Satoshi Nakamoto and all the cryptographers who took a look at the code failed". Cracking a wallet is supposed to be something that requires the resources of a state-sized entity.
A galaxy-sized entity, maybe? The only known way to find a private key from a public key is brute force. That's way beyond the abilities of a state, unless they've made a massive breakthrough in quantum computing.
Still completely infeasible.