Pages:
Author

Topic: Bitcoin address SHA-2(string+n) (Read 339 times)

legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
July 05, 2021, 09:56:21 AM
#23
No you misunderstood what I was saying, do not use /dev/urandom for cryptographic random number generation because when it runs out of hardware entropy it will use a PNRG to give you the rest of the bits. I recommend using /dev/random instead which will stall when hardware entropy runs out until more is made available.

FWIW: https://www.2uo.de/myths-about-urandom/.

There seems to be quite a bit of a misconception about /dev/urandom and /dev/random. Bitcoin Core and many other wallets all uses /dev/urandom. There is absolutely nothing wrong with using SHA256, btw. The only important part is for the input to have sufficient randomness.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
July 05, 2021, 09:00:07 AM
#22
I guess the fact that you are using 132 bits of entropy in your string nullifies the cracking speed increase, but you must make sure your entropy source is not dirty or else you could actually be using less entropy unknowingly. A good example of this is using /dev/urandom.

correct /dev/urandom would be a good source of entropy no known weaknesses plus there are good amount of tools available out there that allows you to choose how many bits of entropy you want before hand many even use 256 bit of entropy which is what I consider way over the top.

No you misunderstood what I was saying, do not use /dev/urandom for cryptographic random number generation because when it runs out of hardware entropy it will use a PNRG to give you the rest of the bits. I recommend using /dev/random instead which will stall when hardware entropy runs out until more is made available.
newbie
Activity: 20
Merit: 0
July 05, 2021, 04:39:34 AM
#21
SHA256 is secure you are declaring that sha256 is insecure? besides that length-extension attack wouldn't work on anything which is considered secure such as 132 bits of entropy...

If by secure you mean "cannot be reverse-engineered" then that is correct. However, it is suspectable to brute-force. On a 1080 Ti card a hacker can try SHA256 combos at around 4400 megahash/s. For comparison, the same card can only try scrypt at around 0.9 megahash/s and PBKDF2 with HMAC-SHA256 iterations at 1.6 megahash/s.

I guess the fact that you are using 132 bits of entropy in your string nullifies the cracking speed increase, but you must make sure your entropy source is not dirty or else you could actually be using less entropy unknowingly. A good example of this is using /dev/urandom.

correct /dev/urandom would be a good source of entropy no known weaknesses plus there are good amount of tools available out there that allows you to choose how many bits of entropy you want before hand many even use 256 bit of entropy which is what I consider way over the top.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
July 05, 2021, 01:37:31 AM
#20
SHA256 is secure you are declaring that sha256 is insecure? besides that length-extension attack wouldn't work on anything which is considered secure such as 132 bits of entropy...

If by secure you mean "cannot be reverse-engineered" then that is correct. However, it is suspectable to brute-force. On a 1080 Ti card a hacker can try SHA256 combos at around 4400 megahash/s. For comparison, the same card can only try scrypt at around 0.9 megahash/s and PBKDF2 with HMAC-SHA256 iterations at 1.6 megahash/s.

I guess the fact that you are using 132 bits of entropy in your string nullifies the cracking speed increase, but you must make sure your entropy source is not dirty or else you could actually be using less entropy unknowingly. A good example of this is using /dev/urandom.
newbie
Activity: 20
Merit: 0
July 04, 2021, 08:49:26 PM
#19
I think you are talking nonsense how do you explain key generation? Do you think the random key is generated out of nowhere? Random key generation also needs input without input there is no output also to say that random key generation is the only secure way to generate is a real security risk since all random numbers cant be trusted havent you heard of the weak random seed generated by android clients?
Just because some poorly written applications in the past by incompetent developers used a weak RNG doesn't mean random number generators are weak in general! You just have to know how to use them correctly. Giving them up altogether and relying on a weak method sounds like replacing one mistake with another.

Since when using words with 132 bit of entropy become weak? Do you even know what are you talking about? it would take you ages or maybe a decade to crack addresses generated using words with 132 bit of entropy the application/tool is as weak as the person behind if you put weak words with low entropy then you will get weak addresses like the addresses generated using applications made by incompetent developers you talk about then its bound to be cracked or you know what you are doing and generate words with high entropy i would rather trust myself then to find out later if the developers were competent enough later when my money gets stolen
legendary
Activity: 3472
Merit: 10611
July 04, 2021, 08:46:54 PM
#18
I think you are talking nonsense how do you explain key generation? Do you think the random key is generated out of nowhere? Random key generation also needs input without input there is no output also to say that random key generation is the only secure way to generate is a real security risk since all random numbers cant be trusted havent you heard of the weak random seed generated by android clients?
Just because some poorly written applications in the past by incompetent developers used a weak RNG doesn't mean random number generators are weak in general! You just have to know how to use them correctly. Giving them up altogether and relying on a weak method sounds like replacing one mistake with another.
newbie
Activity: 20
Merit: 0
July 04, 2021, 08:39:14 PM
#17
I think the problem is that what you want (a vanity bitcoin address) and the method you want to use (SHA256(string+n)) don't make sense together and that is what people are trying to tell you. Mainly it doesn't make any sense to start from a starting seed to generate the vanity address, if you want such an address then simply start from a random key.

I think you are talking nonsense how do you explain key generation? Do you think the random key is generated out of nowhere? Random key generation also needs input without input there is no output also to say that random key generation is the only secure way to generate is a real security risk since all random numbers cant be trusted havent you heard of the weak random seed generated by android clients?

You said something about forgetting and being able to recover it from that seed which again doesn't make sense if you are generating a vanity address because depending on how many fixed starting characters the address has the process can take a very long time and recovering it this way is not practical. Not to mention that using a starting string that you can remember suggests weakness in the randomness.

It makes perfect sense see the above reply.

Here is a suggestion, why not generate a random entropy then start your vanity address search from there until you find the key that corresponds to your desired address. Then take the private key to that address (256-bit) and encode that using an algorithm like BIP39 to a set of words that you can easily store or remember (although it is not recommended to only rely on your memory for backup).

I can remember it and it is very practical as well
legendary
Activity: 3472
Merit: 10611
July 04, 2021, 08:22:47 PM
#16
I think the problem is that what you want (a vanity bitcoin address) and the method you want to use (SHA256(string+n)) don't make sense together and that is what people are trying to tell you. Mainly it doesn't make any sense to start from a starting seed to generate the vanity address, if you want such an address then simply start from a random key.

You said something about forgetting and being able to recover it from that seed which again doesn't make sense if you are generating a vanity address because depending on how many fixed starting characters the address has the process can take a very long time and recovering it this way is not practical. Not to mention that using a starting string that you can remember suggests weakness in the randomness.

Here is a suggestion, why not generate a random entropy then start your vanity address search from there until you find the key that corresponds to your desired address. Then take the private key to that address (256-bit) and encode that using an algorithm like BIP39 to a set of words that you can easily store or remember (although it is not recommended to only rely on your memory for backup).
newbie
Activity: 20
Merit: 0
July 04, 2021, 06:57:28 PM
#15
~

this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness plus it would be deterministic for me if whenever I forget I can recover it however the big number is just hard to recover if lost so the point stands that I will use string, not my name as I gave that just as an example I will use a string with 132 bits of entropy as that is strong and used by electrum as well plus by using GPU I don't want to save all those billions of addresses so i will only save the addresses that match the pattern but with my method of string+n increments and for this increments are necessary if you use same string billions of times it will generate the same address but if you add the needed numbers/increments it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.

A random string with 132-bit entropy is much better than what I initially thought you were doing (just make sure you add the string at the end of n and not the other way around), but in my opinion, if you really want to generate private keys this way then I suggest ditching hashing functions altogether and use Scrypt for your algorithm instead, which can be tweaked to make brute-forcing infeasible.

SHA256 is secure you are declaring that sha256 is insecure? besides that length-extension attack wouldn't work on anything which is considered secure such as 132 bits of entropy anything else other then that would be going far from the topic as per the rules of the forum we should stick to the main topic -Bitcoin address SHA-2(string+n)
newbie
Activity: 20
Merit: 0
July 04, 2021, 06:47:55 PM
#14
can't even describe lol tell me what is so hard to understand? my first post on this topic gives the clear concept of what I want you don't know English now?

As a native English speaker, I find it difficult to understand what you have written because your grammar and punctuation (which are important components of the language) are poor.

If I understand you correctly, you would like someone to create a vanity address generator that returns a number, N, such that a private key derived from SHA256(M|N) has an address that matches a pattern, where M and the pattern are both chosen by the user.

That is certainly doable. Is there a limit on the value of the number?

Keep in mind that as others have mentioned, any brain wallet is insecure. That includes your derivation of a brain wallet. While "now is the time for all good men to come to the aid of their country 67854897" is more secure than "now is the time for all good men to come to the aid of their country", it may not be not secure enough to be used as a private key.

my first paragraph in my topic literally comes from https://en.bitcoin.it/wiki/Deterministic_wallet have grammatical errors? lol really for a native speaker I expected better even non native illiterate person would understand what I wrote in simple English second people don't have to know English to understand it third many programmers don't know English but can write programs using it for if for and while loops besides this is not grammar and education measuring contest
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
July 04, 2021, 02:50:19 PM
#13
~

this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness plus it would be deterministic for me if whenever I forget I can recover it however the big number is just hard to recover if lost so the point stands that I will use string, not my name as I gave that just as an example I will use a string with 132 bits of entropy as that is strong and used by electrum as well plus by using GPU I don't want to save all those billions of addresses so i will only save the addresses that match the pattern but with my method of string+n increments and for this increments are necessary if you use same string billions of times it will generate the same address but if you add the needed numbers/increments it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.

A random string with 132-bit entropy is much better than what I initially thought you were doing (just make sure you add the string at the end of n and not the other way around), but in my opinion, if you really want to generate private keys this way then I suggest ditching hashing functions altogether and use Scrypt for your algorithm instead, which can be tweaked to make brute-forcing infeasible.
legendary
Activity: 4466
Merit: 3391
July 04, 2021, 02:32:39 PM
#12
can't even describe lol tell me what is so hard to understand? my first post on this topic gives the clear concept of what I want you don't know English now?

As a native English speaker, I find it difficult to understand what you have written because your grammar and punctuation (which are important components of the language) are poor.

If I understand you correctly, you would like someone to create a vanity address generator that returns a number, N, such that a private key derived from SHA256(M|N) has an address that matches a pattern, where M and the pattern are both chosen by the user.

That is certainly doable. Is there a limit on the value of the number?

Keep in mind that as others have mentioned, any brain wallet is insecure. That includes your derivation of a brain wallet. While "now is the time for all good men to come to the aid of their country 67854897" is more secure than "now is the time for all good men to come to the aid of their country", it may not be not secure enough to be used as a private key.
newbie
Activity: 20
Merit: 0
July 04, 2021, 11:48:54 AM
#11
the string does not have to bip39 to be secure is just needs to be long enough
I never said that.

i think you are misunderstanding or trying to twist my words or maybe trying to change the topic
You caught me!

you think i dont know about those procedures you talk about
Buddy, we were just having a discussion and I was trying to help. Good luck on your way to find a programmer that will do you a work you can't even describe..

you are clearly not very claver regarding this
im not claver...  Cry
Type 1 deterministic wallet
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

This type of wallet can be created by Casascius Bitcoin Address Utility.

I want the above functionality with a simple twist since gpu will generate addresses in millions compressed and uncompressed form similar to vanity address generators save only the addresses
that have the matching pattern along with the private key that generated that address and do that indefinately gpu either cuda or opencl i will appreciate if you make such program for free if not we can discuss this if you want you can contact me on telegram its same as my username since i am not that active.

can't even describe lol tell me what is so hard to understand? my first post on this topic gives the clear concept of what I want you don't know English now?
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 04, 2021, 11:44:03 AM
#10
the string does not have to bip39 to be secure is just needs to be long enough
I never said that.

i think you are misunderstanding or trying to twist my words or maybe trying to change the topic
You caught me!

you think i dont know about those procedures you talk about
Buddy, we were just having a discussion and I was trying to help. Good luck on your way to find a programmer that will do you a work you can't even describe.

you are clearly not very claver regarding this
im not claver...  Cry
newbie
Activity: 20
Merit: 0
July 04, 2021, 11:33:21 AM
#9
Breath!
this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness plus it would be deterministic for me if whenever I forget I can recover it however the big number is just hard to recover if lost so the point stands that I will use string, not my name as I gave that just as an example I will use a string with 132 bits of entropy as that is strong and used by electrum as well plus by using GPU I don't want to save all those billions of addresses so i will only save the addresses that match the pattern but with my method of string+n increments and for this increments are necessary if you use same string billions of times it will generate the same address but if you add the needed numbers/increments it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.




this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness
Wait, do you mean that you'll hash that entropy or that you'll use it directly for the addresses? There's no need to hash anything neither to take any extra security measures; if you randomly generate 256 bits, they're fine to perform ECDSA, SHA256, RIPEMD-160, SHA256 and then the final base58 encoding.

it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.
You may have misunderstood the procedure. Every address is an encoded RIPEMD-160 hash along with a version byte in the front and with a checksum in the back. [Useful link]

There are no 132 bits of entropy. You may have confused it with the BIP39 in which you use 128 bits of entropy along with 4 bits of hash for the seed generation. Then, after some PBKDF2 and HMAC-SHA256/512 rounds, you end up with the derived addresses. But, that's just a proposal for generating deterministic keys. If you want to go with the standard way, you'll need 256 bits.

the string does not have to bip39 to be secure is just needs to be long enough I think you are misunderstanding or trying to twist my words or maybe trying to change the topic you think I don't know about those procedures you talk about you are not very clever regarding this
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 04, 2021, 11:26:45 AM
#8
Breath!
this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness plus it would be deterministic for me if whenever I forget I can recover it however the big number is just hard to recover if lost so the point stands that I will use string, not my name as I gave that just as an example I will use a string with 132 bits of entropy as that is strong and used by electrum as well plus by using GPU I don't want to save all those billions of addresses so i will only save the addresses that match the pattern but with my method of string+n increments and for this increments are necessary if you use same string billions of times it will generate the same address but if you add the needed numbers/increments it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.




this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness
Wait, do you mean that you'll hash that entropy or that you'll use it directly for the addresses? There's no need to hash anything neither to take any extra security measures; if you randomly generate 256 bits, they're fine to perform ECDSA, SHA256, RIPEMD-160, SHA256 and then the final base58 encoding.

it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.
You may have misunderstood the procedure. Every address is an encoded RIPEMD-160 hash along with a version byte in the front and with a checksum in the back. [Useful link]

There are no 132 bits of entropy. You may have confused it with the BIP39 in which you use 128 bits of entropy along with 4 bits of hash for the seed generation. Then, after some PBKDF2 and HMAC-SHA256/512 rounds, you end up with the derived addresses. But, that's just a proposal for generating deterministic keys. If you want to go with the standard way, you'll need 256 bits.
newbie
Activity: 20
Merit: 0
July 04, 2021, 08:51:45 AM
#7
If you quote a post, write beneath it, not inside the quote tags.
Code:
[quote author=BlackHatCoiner link=topic=5347515.msg57383096#msg57383096 date=1625401428]...[/quote]
Write here...

To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.
I know how a simple deterministic wallet implemetation would be like and I understood your example. I'm just recommending you to be clearer in the future, especially when you want to buy services from an unknown person in the internet.

Why would i want to use hexadecimal number as string since any number plus alphabet can be represented as string for example i will use my name
Again, it depends on what you want to achieve. If these addresses will be used in the future for funding, then knowing your name can increase my odds to find their private keys. On the other hand, if you used a very large random number, I couldn't stand a chance.

Yes i want to generate vanity address using this Type 1 deterministic wallet
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.
Great. Don't use the brain wallet way. Instead I'd suggest you to do the following; generate a random number between 1 and 2256 - 232 - 977 (secp256k1 range). Instead of having an n variable, just increase that number by 1 each time. Simple as that.

this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness plus it would be deterministic for me if whenever I forget I can recover it however the big number is just hard to recover if lost so the point stands that I will use string, not my name as I gave that just as an example I will use a string with 132 bits of entropy as that is strong and used by electrum as well plus by using GPU I don't want to save all those billions of addresses so i will only save the addresses that match the pattern but with my method of string+n increments and for this increments are necessary if you use same string billions of times it will generate the same address but if you add the needed numbers/increments it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
July 04, 2021, 08:23:06 AM
#6
If you quote a post, write beneath it, not inside the quote tags.
Code:
[quote author=BlackHatCoiner link=topic=5347515.msg57383096#msg57383096 date=1625401428]...[/quote]
Write here...

To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.
I know how a simple deterministic wallet implemetation would be like and I understood your example. I'm just recommending you to be clearer in the future, especially when you want to buy services from an unknown person in the internet.

Why would i want to use hexadecimal number as string since any number plus alphabet can be represented as string for example i will use my name
Again, it depends on what you want to achieve. If these addresses will be used in the future for funding, then knowing your name can increase my odds to find their private keys. On the other hand, if you used a very large random number, I couldn't stand a chance.

Yes i want to generate vanity address using this Type 1 deterministic wallet
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.
Great. Don't use the brain wallet way. Instead I'd suggest you to do the following; generate a random number between 1 and 2256 - 232 - 977 (secp256k1 range). Instead of having an n variable, just increase that number by 1 each time. Simple as that.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
July 04, 2021, 08:15:46 AM
#5
Why would i want to use hexadecimal number as string since any number plus alphabet can be represented as string for example i will use my name

The way you're generating your addresses, using SHA256(string + n), better known to cryptographers as SHA256(string | n), is not secure. This is bad news if you're trying to generate these addresses but on the other hand it makes your task easier if your intention is to actually brute force them.

First of all, this is a simple brainwallet input where hackers simply have to guess the value of "string" and then append random junk for "n" (especially if it's your name!) to guess all the deriviations you'll ever do, thus getting all your private keys. There are several programs deployed right now by hackers that are cleaning out all brainwallets as we speak.

The second, less subtle vulnerability is that if you expose your "n" or whatever you use as the index, along with the algorithm used to turn the index into your random ascii "n", people don't have to know what your STRING is to caarry out a length-extension attack (search it on google) since you can look for proof of concepts for length-extension attack anywhere on Github and then adjust the PoC for your specific starting string.
newbie
Activity: 20
Merit: 0
July 04, 2021, 07:29:37 AM
#4
if you make such program for free if not we can discuss this if you want you can contact me on telegram its same as my username since i am not that active.
You should be a little bit more clear if you want someone's services. I've understood half of what you wrote.

I think you have trouble understanding a clear example Type 1 deterministic wallet
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.
And string a random hexadecimally represented number? If you just want to generate brute forcefully addresses starting from a random number, just increase it by 1 for each loop.

Why would i want to use hexadecimal number as string since any number plus alphabet can be represented as string for example i will use my name

I want the above functionality with a simple twist since gpu will generate addresses in millions compressed and uncompressed form similar to vanity address generators save only the addresses
Would you mind telling us what's your purpose? It seems like you want to... generate vanity addresses?

Yes i want to generate vanity address using this Type 1 deterministic wallet
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

Pages:
Jump to: