Author

Topic: Are some private keys safer than others? (Read 2172 times)

sr. member
Activity: 378
Merit: 251
September 27, 2017, 08:34:29 AM
#27
It depends on how long the string is. The longer and more random the string, the better it is compared to shorter keys. Another factor is how well you secure the said key. It does not matter even if you got a key that has a thousand random characters, if you leave it lying around for all the people to see, the key is not that secure.
member
Activity: 69
Merit: 10
Blockchain the future of democratic payment!
September 27, 2017, 07:33:33 AM
#26
Technically yes, but if you store the coin the cold storage that will be more safer than ever. Have you seen on how it works? Well, they're really interesting on how it works and I will definitely say that they're safe even if you're not a technical genius you will understand its concept.
sr. member
Activity: 490
Merit: 389
Do not trust the government
September 25, 2017, 01:32:42 PM
#25
Im not sure I understand this the way you do. I don't think you can generate private keys from a public key with the way you suggest. It's possible to get the private key by brute forcing to reveal every private key (which, in quantum computing would be considered a great accomplishment). It's unreasonable to imagine now, but one day it could be possible.

If I'm wrong here, can you help by posting a theoretical algorithm about how the private keys can be brute forced from a public key. Also, by public keys, that could be xpub, mpk or a bitcoin address as they are all technically public keys, although presumably this relates to xpub.

Well, I am pretty sure that what he meant was that you need a public key in order to figure out the private key using a quantum computer. The hashing of the public key would not be possible to be done as quickly on quantum computer due to the way the work. I have no clue how exactly these quantum computers should work, but to be honest, no one really does in detail either, they are just tests currently and don't really offer anything useful now. No one really understands the quantum physics, they make no logical sense, they are paradoxes that we can't solve, but are trying to utilize.

There is something called Shor's algorithm https://en.wikipedia.org/wiki/Shor's_algorithm
That, to my understanding, is using a public key to find a private key, however on Wikipedia they talk about RSA keys and Bitcoin uses ECDSA, but I know that ECDSA require even smaller quantum computers, due to the efficiency of the algorithm. Shor's algorithm doesn't generate new public/private key pairs, but finds the period for a certain public key, from which it derives the private key. It requires a bit of understanding of RSA keys to know what it does, but that is the idea.

Is having a multisig address more secure? Is that sort of what this guy is asking about right now?

Other than the fact that you need multiple keys to break, not really. No, he is talking about randomness of generating keys.

Don't waste your time wondering about cryptography. 

-snip-

Trying to take on key pair encryption, digital signatures and all the internals of bitcoin's block chain will take more time then you have left on this earth when you add in all the other stuff you need to do. 

I will say that in my opinion, not even the NSA will be able to crack you private key let along the billions of others being generated.  For now it's safe.

It really isn't that complex. You could really learn it all in one course at collage. The tech used here is quite new and there isn't that much of it.
It would take a lot of time to learn the history, but the present technology has little to do with it. So my advice would be the opposite of yours, don't learn history, learn the present.

well those private keys derived from brain wallets were pretty bad actually. They are not really private keys, but still, I guess you can think of it that way, and brain wallets are absolutely terrible security

Private keys generated in the online wallet might be shared to you and hold by the wallet providers. But hardware wallets and desktop wallet are unique can be utilize by the user alone. Henceforth private key is much safer for you to import the wallet and hold the amount in the wallet with much safety. To whom may ever, don't share your private key and wallet.dat file to keep your wallet safe.

Some of the brain wallets were less secure then a normal desktop wallet and even less then a hardware wallet. They were easily guessable.
The online wallet is hardly a wallet, we should all know that, but we are not even discussing this right now. Calling an online wallet a wallet is like calling your online bank account a wallet.
legendary
Activity: 1372
Merit: 1005
September 25, 2017, 01:02:00 PM
#24
well those private keys derived from brain wallets were pretty bad actually. They are not really private keys, but still, I guess you can think of it that way, and brain wallets are absolutely terrible security

Private keys generated in the online wallet might be shared to you and hold by the wallet providers. But hardware wallets and desktop wallet are unique can be utilize by the user alone. Henceforth private key is much safer for you to import the wallet and hold the amount in the wallet with much safety. To whom may ever, don't share your private key and wallet.dat file to keep your wallet safe.
sr. member
Activity: 336
Merit: 250
There is a day to be born, and another to die
September 25, 2017, 07:23:15 AM
#23
well those private keys derived from brain wallets were pretty bad actually. They are not really private keys, but still, I guess you can think of it that way, and brain wallets are absolutely terrible security
member
Activity: 96
Merit: 11
September 24, 2017, 12:32:03 PM
#22
Don't waste your time wondering about cryptography. 

Simon Singh has a set of  5 videos on the history of cryptography.  Available on amazon prime video.

Codebreakers: Science of Secrecy

https://www.amazon.com/dp/B011NM2ICG

It’s in 5 parts each about 30 minutes.  The last is “going public”  and a great explination of the development of key pair encryption.

His book "The Code Book" also covers the history of cryptography. 

Trying to take on key pair encryption, digital signatures and all the internals of bitcoin's block chain will take more time then you have left on this earth when you add in all the other stuff you need to do. 

I will say that in my opinion, not even the NSA will be able to crack you private key let along the billions of others being generated.  For now it's safe.

legendary
Activity: 966
Merit: 1042
September 23, 2017, 10:05:52 PM
#21
As a general rule of course don't derive your private key from something simple. If you use 1 or all 5s etc while generating your wallet with b6 you can expect those funds to be gone rather quickly. Just use some random method and you're good to go.
sr. member
Activity: 336
Merit: 250
There is a day to be born, and another to die
September 23, 2017, 10:02:15 PM
#20
Is having a multisig address more secure? Is that sort of what this guy is asking about right now?
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
September 23, 2017, 06:30:23 PM
#19
I don't see how any standard private key could get hacked in today's world.

I mean, in the future when quantum computing comes around we will definitely need to take that into consideration, but in the meanwhile there is not much to worry about if you use the standard private keys.

Even a quantum computer CAN'T get a private key from a bitcoin address because sha256 hash algorithm is quantum resistant.
However a quantum computer can get the private key from the public key, which is visible if you use bitcoin incorrectly and re-use your address. Public key becomes visible, when you have made a single spend action from your address.

All keys are "standard" private keys. Some of them can be weak. eg. "1", or any key that is too simple. If you generate a key truly randomly, then you can get a weak or a strong key.




Im not sure I understand this the way you do. I don't think you can generate private keys from a public key with the way you suggest. It's possible to get the private key by brute forcing to reveal every private key (which, in quantum computing would be considered a great accomplishment). It's unreasonable to imagine now, but one day it could be possible.

If I'm wrong here, can you help by posting a theoretical algorithm about how the private keys can be brute forced from a public key. Also, by public keys, that could be xpub, mpk or a bitcoin address as they are all technically public keys, although presumably this relates to xpub.
full member
Activity: 378
Merit: 197
September 23, 2017, 05:19:47 AM
#18
I don't see how any standard private key could get hacked in today's world.

I mean, in the future when quantum computing comes around we will definitely need to take that into consideration, but in the meanwhile there is not much to worry about if you use the standard private keys.

Even a quantum computer CAN'T get a private key from a bitcoin address because sha256 hash algorithm is quantum resistant.
However a quantum computer can get the private key from the public key, which is visible if you use bitcoin incorrectly and re-use your address. Public key becomes visible, when you have made a single spend action from your address.

All keys are "standard" private keys. Some of them can be weak. eg. "1", or any key that is too simple. If you generate a key truly randomly, then you can get a weak or a strong key.


member
Activity: 80
Merit: 11
September 22, 2017, 04:57:09 PM
#17
I don't see how any standard private key could get hacked in today's world.

I mean, in the future when quantum computing comes around we will definitely need to take that into consideration, but in the meanwhile there is not much to worry about if you use the standard private keys.

What is a "standard" private key?
hero member
Activity: 966
Merit: 500
September 22, 2017, 04:17:31 PM
#16
Quote
Of course small keys aren't safe. There are no checks for key nor for the seed words. Only important thing is that it was randomly generated.
If it was, then it would be pointless to check if it some small key due to the huge possible range of numbers it could be. If there was any realistic chance for a key to be small, then random number generator is not doing a good job in the first place and that would be the actual problem to solve.

If it is truly random, then your randomly generated private key could be 1 just as probably as anything else. I prefer to check that my randomly generated key is NOT very small  or close to the biggest possible number.

I don't see how any standard private key could get hacked in today's world.

I mean, in the future when quantum computing comes around we will definitely need to take that into consideration, but in the meanwhile there is not much to worry about if you use the standard private keys.
full member
Activity: 378
Merit: 197
September 22, 2017, 03:05:35 AM
#15
I think that some are compared to others. some have brain wallet phrases attached to them that may be easy to guess.

Yes.
Many brain wallet addresses have already been "guessed".
Also some human selected keys have been found.
And there has been bad random number generators in use, which have ended in weaker keys.

And a collision is super duper unlikely, but not impossible.
member
Activity: 108
Merit: 10
September 21, 2017, 06:54:10 PM
#14
I think that some are compared to others. some have brain wallet phrases attached to them that may be easy to guess.
full member
Activity: 356
Merit: 113
September 21, 2017, 02:26:57 PM
#13
I have not done the exact math before responding, but to get a collision is far beyond the scale of getting hit by lightning multiple times. I think it would be more like getting struck by lightning every day for a year or a decade kind of thing.

Yep. It is very unlikely. There are awfully lots and lots of numbers in a private key.

But, anything can happen. And sometimes amazing things do happen.

It is one thing to win a lottery twice and another to trow a can of toothpicks on the floor and them all stacking up vertically one on top of another and staying balanced like that.

This guy gets it.
sr. member
Activity: 490
Merit: 389
Do not trust the government
September 21, 2017, 01:45:08 PM
#12
I have not done the exact math before responding, but to get a collision is far beyond the scale of getting hit by lightning multiple times. I think it would be more like getting struck by lightning every day for a year or a decade kind of thing.

Yep. It is very unlikely. There are awfully lots and lots of numbers in a private key.

But, anything can happen. And sometimes amazing things do happen.


There are different scales of unlikely. There is winning a lottery unlikely and falling through the floor due to quantum tunneling of every particle in your body unlikely. It is one thing to win a lottery twice and another to trow a can of toothpicks on the floor and them all stacking up vertically one on top of another and staying balanced like that.

You simply don't understand the scale here. Winning a lottery is more common then one in a billion and a billion is a joke for address collision. If there was a lottery that only one in 7 billion people won, getting address collision is like one person wining it billion times in a row all of a sudden (actually not even close, not even quadrillion is anywhere close, the number is so high that you can't possibly humanly understand).

Bitcoin private key is usually a 256-bit number, that is like 77 zeros. A billion is just 9. A billion of billions (quadrillion) is just 18. So try quadrillion sets of quadrillion sets of quadrillion sets of quadrillion numbers, well if you can wrap your head around it (you can't) it is still 100 000 that amount.
full member
Activity: 378
Merit: 197
September 21, 2017, 08:39:04 AM
#11
I have not done the exact math before responding, but to get a collision is far beyond the scale of getting hit by lightning multiple times. I think it would be more like getting struck by lightning every day for a year or a decade kind of thing.

Yep. It is very unlikely. There are awfully lots and lots of numbers in a private key.

But, anything can happen. And sometimes amazing things do happen.
full member
Activity: 356
Merit: 113
September 21, 2017, 08:26:19 AM
#10
There are millions of addresses and there was never a collision and there never will be if mathematics about it hold up. Checking for couple of numbers (even a million is considered a couple of numbers) is unreasonable to say the least. Chances are just so low, that you might as well not waste your time or start worrying for all the more likely things to happen, like getting hit by a lightning a thousand times in a row.

Humans are just not good at understanding such huge numbers so people naturally worry about address collisions and similar stupid things.
Don't worry, your key will not be in the first or the last million keys. It is simply not going to happen if your random number generator is any good.
Would not be so sure about the never will be a collision -part
Yes. It is extremely unlikely, but unlikely things can an do happen.
There are several people, who have won the lottery twice. Unlikely, but it happens.
There are also people that have been hit by lightning multiple times.

I have not done the exact math before responding, but to get a collision is far beyond the scale of getting hit by lightning multiple times. I think it would be more like getting struck by lightning every day for a year or a decade kind of thing.
full member
Activity: 378
Merit: 197
September 21, 2017, 08:07:32 AM
#9
There are millions of addresses and there was never a collision and there never will be if mathematics about it hold up. Checking for couple of numbers (even a million is considered a couple of numbers) is unreasonable to say the least. Chances are just so low, that you might as well not waste your time or start worrying for all the more likely things to happen, like getting hit by a lightning a thousand times in a row.

Humans are just not good at understanding such huge numbers so people naturally worry about address collisions and similar stupid things.
Don't worry, your key will not be in the first or the last million keys. It is simply not going to happen if your random number generator is any good.
Would not be so sure about the never will be a collision -part
Yes. It is extremely unlikely, but unlikely things can an do happen.
There are several people, who have won the lottery twice. Unlikely, but it happens.
There are also people that have been hit by lightning multiple times.
sr. member
Activity: 490
Merit: 389
Do not trust the government
September 21, 2017, 06:39:36 AM
#8
Quote
Of course small keys aren't safe. There are no checks for key nor for the seed words. Only important thing is that it was randomly generated.
If it was, then it would be pointless to check if it some small key due to the huge possible range of numbers it could be. If there was any realistic chance for a key to be small, then random number generator is not doing a good job in the first place and that would be the actual problem to solve.

If it is truly random, then your randomly generated private key could be 1 just as probably as anything else. I prefer to check that my randomly generated key is NOT very small  or close to the biggest possible number.

Your address could also be generated by someone else by chance, but this is not considered a problem due to ridiculously small possibility that is still way higher then that your key is 1 or anything else small. There are millions of addresses and there was never a collision and there never will be if mathematics about it hold up. Checking for couple of numbers (even a million is considered a couple of numbers) is unreasonable to say the least. Chances are just so low, that you might as well not waste your time or start worrying for all the more likely things to happen, like getting hit by a lightning a thousand times in a row.

Humans are just not good at understanding such huge numbers so people naturally worry about address collisions and similar stupid things.
Don't worry, your key will not be in the first or the last million keys. It is simply not going to happen if your random number generator is any good.
hero member
Activity: 840
Merit: 508
Make winning bets on sports with Sportsbet.io!
September 21, 2017, 05:50:52 AM
#7
use generate privates keys, since it is important key to access your account, you need strong combinations to make it

Which combinations are you talking about now?

If it is truly random, then your randomly generated private key could be 1 just as probably as anything else. I prefer to check that my randomly generated key is NOT very small  or close to the biggest possible number.

That is a good exercise, however the bitcoin private keys would be pretty much uncrackable at least on modern computer. I think winning in  a lottery has a bigger chance, than generating a private key that already has bitcoins on it.

What I understand is that generating private is not bad or not secure and what you need to put in check or always make sure is secure is your passcode/password which mean you have to use a genuine and uncrackable.

Generating vanity addresses is the same security as far as i know, as just using the automatically generated keys by your wallet. Also it does not matter if you have a password, unless you have a BIP39 encrypted key, which is not used by the wallets by standard. I  use at least vanitygen for my keys, and generating a key on vanitygen is as safe as your computer is, assuming that you take care of your security well enough.
hero member
Activity: 2268
Merit: 579
Vave.com - Crypto Casino
September 21, 2017, 05:18:09 AM
#6
What I understand is that generating private is not bad or not secure and what you need to put in check or always make sure is secure is your passcode/password which mean you have to use a genuine and uncrackable.
full member
Activity: 378
Merit: 197
September 21, 2017, 02:52:38 AM
#5
Quote
Of course small keys aren't safe. There are no checks for key nor for the seed words. Only important thing is that it was randomly generated.
If it was, then it would be pointless to check if it some small key due to the huge possible range of numbers it could be. If there was any realistic chance for a key to be small, then random number generator is not doing a good job in the first place and that would be the actual problem to solve.

If it is truly random, then your randomly generated private key could be 1 just as probably as anything else. I prefer to check that my randomly generated key is NOT very small  or close to the biggest possible number.
full member
Activity: 406
Merit: 100
September 20, 2017, 10:01:29 PM
#4
Considering that many people generate public keys non-stop, I guess some private keys are better to be avoided, for example private key 1 or the maximum key value allowed. Are there any general rules for checking that you private key is safe in this terms i.e. how far it is from the both ends of the range for example, or from the middle or with a few zero bytes in it or with a simple pattern that might attract people picking up keys?

The same question about seeds that are used to generate private keys: are all seeds acceptable or are there some checks in place?

Thank you!
use generate privates keys, since it is important key to access your account, you need strong combinations to make it
sr. member
Activity: 490
Merit: 389
Do not trust the government
September 20, 2017, 07:48:08 PM
#3
Considering that many people generate public keys non-stop, I guess some private keys are better to be avoided, for example private key 1 or the maximum key value allowed. Are there any general rules for checking that you private key is safe in this terms i.e. how far it is from the both ends of the range for example, or from the middle or with a few zero bytes in it or with a simple pattern that might attract people picking up keys?

The same question about seeds that are used to generate private keys: are all seeds acceptable or are there some checks in place?

Thank you!

Of course small keys aren't safe. There are no checks for key nor for the seed words. Only important thing is that it was randomly generated.
If it was, then it would be pointless to check if it some small key due to the huge possible range of numbers it could be. If there was any realistic chance for a key to be small, then random number generator is not doing a good job in the first place and that would be the actual problem to solve.

You simply shouldn't choose the numbers or seeds yourself, because as a human you are not a good source of randomness. As such, there is no need for checks then, as it is simply random otherwise.

This more comes down to how your computer functions IMO. If your compuer is good at randomely generating numbers, then your private keys/public keys should be safe and not be repeated. There have been reports that the randomisation in linux that is used is not as accurate as the randomisation in Windows (I'm not sure how accurate this was or whether it's still significant enough to cause a difference).

It's probably a good idea to check addresses/public keys on block explorers first to see if there's anything significant on them and see if they've already been used (but there probably won't be - and if they have, try to report it and not take any temptation to steal from the user's address you have the private key of if by an odd chance you manage to generate someone else's private key - but this would be near impossible).

I doubt that Windows is better at randomness. Not just because it is generally less security focused system and is closed source, which means there could be a quite predictable algorithm that chooses numbers under the hood. But also because there were many cases when the randomness was attacked in .NET framework. Some of the ransomwere was cracked due to these issues and they just started popping up relatively recently.

Of course there were old Linux versions with bad RNG, and some old routers still have crackable WiFi because of this, but as an open source software, you know what you are using.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
September 20, 2017, 05:51:27 PM
#2
Considering that many people generate public keys non-stop, I guess some private keys are better to be avoided, for example private key 1 or the maximum key value allowed. Are there any general rules for checking that you private key is safe in this terms i.e. how far it is from the both ends of the range for example, or from the middle or with a few zero bytes in it or with a simple pattern that might attract people picking up keys?

The same question about seeds that are used to generate private keys: are all seeds acceptable or are there some checks in place?

Thank you!

This more comes down to how your computer functions IMO. If your compuer is good at randomely generating numbers, then your private keys/public keys should be safe and not be repeated. There have been reports that the randomisation in linux that is used is not as accurate as the randomisation in Windows (I'm not sure how accurate this was or whether it's still significant enough to cause a difference).

It's probably a good idea to check addresses/public keys on block explorers first to see if there's anything significant on them and see if they've already been used (but there probably won't be - and if they have, try to report it and not take any temptation to steal from the user's address you have the private key of if by an odd chance you manage to generate someone else's private key - but this would be near impossible).
member
Activity: 80
Merit: 11
September 20, 2017, 04:57:37 PM
#1
Considering that many people generate public keys non-stop, I guess some private keys are better to be avoided, for example private key 1 or the maximum key value allowed. Are there any general rules for checking that you private key is safe in this terms i.e. how far it is from the both ends of the range for example, or from the middle or with a few zero bytes in it or with a simple pattern that might attract people picking up keys?

The same question about seeds that are used to generate private keys: are all seeds acceptable or are there some checks in place?

Thank you!
Jump to: