Pages:
Author

Topic: Bitcoin greatest vulnerability - page 2. (Read 6080 times)

member
Activity: 63
Merit: 10
June 21, 2016, 02:25:28 PM
#19
Code:
rt= bitcoin address"1234567890A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z"

The (1234567890A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z) system that creates Bitcoin is reduced to (rt)

With Chinese, Japanese, Latin Alphabet, the numbers and a thousand characters number series, only

    (rr) Bitcoin address
    (tt) Bitcoin address
    (rt) Bitcoin address
    (tr) Bitcoin address

       addresses can be created.

In this case when you create a Bitcoin address with a character series(6789012345678901友達彼女雪男),(Llisp),(1234542152695) of  any length, a collision occurs.

Let's consider Bitcoin (tt) as a cold address, in this case someone else can create the cold address.

legendary
Activity: 1512
Merit: 1057
SpacePirate.io
June 21, 2016, 12:59:09 PM
#18
Bitcoin (cold address)-> person can coincidentally create an exact same  account number (cold address) .

OP, please explain your process (step by step) how you are deriving collisions of public keys and obtaining a private key.  Better yet, make a video because it's hard to understand what you are saying in plain English.

What you are describing is a hash collision attack on ripemd-160[sha-256(pk)], which is hard to believe. Extraordinary claims, require extraordinary proof.

Everyone else: Why am I being led into the troll cave?  Huh
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
June 21, 2016, 11:03:12 AM
#17
I knew there was something fishy with bitcoin
Thanks OP for finding out the vulnerability

This is for you
legendary
Activity: 1512
Merit: 1057
SpacePirate.io
June 21, 2016, 10:44:37 AM
#16
Is it worth trying to decipher what OP is talking about? I half expect to see a reference to pyramids and aliens in the next OP update.
member
Activity: 63
Merit: 10
June 21, 2016, 09:59:23 AM
#15
         256 and 160 bits actually does not matter at all
So why?

rt= bitcoin address"1234567890A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z"

    rr
    tt
    rt
    tr
Bitcoin account number with the limited number of characters generated.
coincidence occurs.

a very long string
Code:
"0123456789012345678901234567890123456789012345678901234567890123456789012345
6789012345678901234567890123456789012345678901234567890123456789012345678901234
5678901234567890123456789012345678901234567890123456789012345678901234567890123
4567890123456789012345678901234567890123456789012345678901234567890123456789012
3456789012345678901234567890123456789012345678901234567890123456789012345678901
2345678901234567890123456789012345678901234567890123456789012345678901234567890
123456789012345678901234567890123456789012 ..............................--->"

and a short string the same Bitcoin address can occur
Code:
78901234567890123456789

"same Bitcoin address" It could form
Code:
友達彼女雪男子供男の子子猫お菓子花火木曜日お金土曜昼休み午後二時時間靴下関西家の中
legendary
Activity: 2940
Merit: 1333
June 21, 2016, 03:24:34 AM
#14
new:
can see the Bitcoin account number that I've created by coincidence:

Private key:
5Jf6mGTeCg37iZST1ukHXacwyuhjL3ABvEcpgwCRQX9y9fLGLbD

15eUHuCMKGekXmfH2B5awPWnwY3qVe3Nz1

https://bitcointalk.org/index.php?topic=775881.130;imode

That's amazing. Not only did you find a private key for an address that had been used already (it was a 1-in-2^160 chance that you would ever find any private key that unlocks that address), but you actually found one with *the same* public key as was used when amaclin generated the address.

It's surprising enough that you found one of the 2^96 private keys that unlocks amaclin's address, but you actually found the same one as him - 1 in 2^256 chance!

I don't believe a word of it, of course. The chance of your claim being true is closer to zero than I can conceive of.
member
Activity: 63
Merit: 10
June 21, 2016, 01:21:31 AM
#13

Electrum

console :

for x in range(10):wallet.create_new_address()
member
Activity: 63
Merit: 10
June 21, 2016, 01:11:39 AM
#12
new:
can see the Bitcoin account number that I've created by coincidence:


Private key:
5Jf6mGTeCg37iZST1ukHXacwyuhjL3ABvEcpgwCRQX9y9fLGLbD

15eUHuCMKGekXmfH2B5awPWnwY3qVe3Nz1

https://bitcointalk.org/index.php?topic=775881.130;imode


I'm sorry, but the only thing this proves it that either you're an alt of amaclin, or amaclin just posted a bunch of addresses he found, including yours... Or are you really trying to say you brute forced 5Jf6mGTeCg37iZST1ukHXacwyuhjL3ABvEcpgwCRQX9y9fLGLbD and cross-referenced it... Sound rather hard to believe...

Or is it a brain wallet with a weak phrase, or a bad PRNG?

I'm sorry, I found the coincidence
wallet Electrum
legendary
Activity: 3514
Merit: 5123
https://merel.mobi => buy facemasks with BTC/LTC
June 21, 2016, 01:06:52 AM
#11
new:
can see the Bitcoin account number that I've created by coincidence:


Private key:
5Jf6mGTeCg37iZST1ukHXacwyuhjL3ABvEcpgwCRQX9y9fLGLbD

15eUHuCMKGekXmfH2B5awPWnwY3qVe3Nz1

https://bitcointalk.org/index.php?topic=775881.130;imode


I'm sorry, but the only thing this proves it that either you're an alt of amaclin, or amaclin just posted a bunch of addresses he found, including yours... Or are you really trying to say you brute forced 5Jf6mGTeCg37iZST1ukHXacwyuhjL3ABvEcpgwCRQX9y9fLGLbD and cross-referenced it... Sound rather hard to believe...

Or is it a brain wallet with a weak phrase, or a bad PRNG?
member
Activity: 63
Merit: 10
June 21, 2016, 12:59:18 AM
#10
new:
can see the Bitcoin account number that I've created by coincidence:


Private key:
5Jf6mGTeCg37iZST1ukHXacwyuhjL3ABvEcpgwCRQX9y9fLGLbD

15eUHuCMKGekXmfH2B5awPWnwY3qVe3Nz1

https://bitcointalk.org/index.php?topic=775881.130;imode
legendary
Activity: 4130
Merit: 1307
June 19, 2016, 09:14:58 AM
#9
OP, you are completely and absolutely wrong. The private keys ARE NOT randomly generated characters. They are actually 256 bit numbers. This means that the total number of possible private keys is 2^256 - 1, which is a ridiculously large amount of possible private keys. Those private keys are converted into the characters that you see through a process known as Base58 Check Encoding (https://en.bitcoin.it/wiki/Base58Check_encoding). You cannot just throw random characters together to get a private key because it will probably fail the Check part of Base58 Check Encoding. The Check is the first four bytes of a SHA256 checksum of the private key.

Note that most Bitcoins are spendable by addresses, not public keys. Addresses are only 160 bits, and any private key whose public key hashes to the same 160 bit address is able to spend the coins at that address.

So for most coins it's "only" a 160 bit search to find a private key that can spend them. You don't need to find the same private key as the proper owner of the coins, you only need to find one which gives the same address.

Of course, a 160 bit search is still impractical to carry out. But it's a lot easier than a 256 bit search.


and in this case:
Bitcoin (cold address)-> person can coincidentally create an exact same  account number (cold address) .

If someone uses something non-random, sure. E.g. "Dog" as a "brain wallet" or a non random PRNG.

Otherwise, no.  Saying otherwise is either FUD or not understanding math etc as Foxpup etc has explained.
member
Activity: 63
Merit: 10
June 19, 2016, 07:58:15 AM
#8
OP, you are completely and absolutely wrong. The private keys ARE NOT randomly generated characters. They are actually 256 bit numbers. This means that the total number of possible private keys is 2^256 - 1, which is a ridiculously large amount of possible private keys. Those private keys are converted into the characters that you see through a process known as Base58 Check Encoding (https://en.bitcoin.it/wiki/Base58Check_encoding). You cannot just throw random characters together to get a private key because it will probably fail the Check part of Base58 Check Encoding. The Check is the first four bytes of a SHA256 checksum of the private key.

Note that most Bitcoins are spendable by addresses, not public keys. Addresses are only 160 bits, and any private key whose public key hashes to the same 160 bit address is able to spend the coins at that address.

So for most coins it's "only" a 160 bit search to find a private key that can spend them. You don't need to find the same private key as the proper owner of the coins, you only need to find one which gives the same address.

Of course, a 160 bit search is still impractical to carry out. But it's a lot easier than a 256 bit search.


and in this case:
Bitcoin (cold address)-> person can coincidentally create an exact same  account number (cold address) .
legendary
Activity: 2940
Merit: 1333
June 18, 2016, 07:39:20 PM
#7
OP, you are completely and absolutely wrong. The private keys ARE NOT randomly generated characters. They are actually 256 bit numbers. This means that the total number of possible private keys is 2^256 - 1, which is a ridiculously large amount of possible private keys. Those private keys are converted into the characters that you see through a process known as Base58 Check Encoding (https://en.bitcoin.it/wiki/Base58Check_encoding). You cannot just throw random characters together to get a private key because it will probably fail the Check part of Base58 Check Encoding. The Check is the first four bytes of a SHA256 checksum of the private key.

Note that most Bitcoins are spendable by addresses, not public keys. Addresses are only 160 bits, and any private key whose public key hashes to the same 160 bit address is able to spend the coins at that address.

So for most coins it's "only" a 160 bit search to find a private key that can spend them. You don't need to find the same private key as the proper owner of the coins, you only need to find one which gives the same address.

Of course, a 160 bit search is still impractical to carry out. But it's a lot easier than a 256 bit search.
full member
Activity: 164
Merit: 100
Gone for a minute now back again
June 18, 2016, 10:10:21 AM
#6
TLDR: OP neither understands Base58 encoding nor big numbers.
This^

OP, you are completely and absolutely wrong. The private keys ARE NOT randomly generated characters. They are actually 256 bit numbers. This means that the total number of possible private keys is 2^256 - 1, which is a ridiculously large amount of possible private keys. Those private keys are converted into the characters that you see through a process known as Base58 Check Encoding (https://en.bitcoin.it/wiki/Base58Check_encoding). You cannot just throw random characters together to get a private key because it will probably fail the Check part of Base58 Check Encoding. The Check is the first four bytes of a SHA256 checksum of the private key.

This is what happens (OPs post) when someone who's neither a programmer or math expert tries to tell the programmers and math experts how to do their job, lol
staff
Activity: 3458
Merit: 6793
Just writing some code
June 18, 2016, 09:17:36 AM
#5
TLDR: OP neither understands Base58 encoding nor big numbers.
This^

OP, you are completely and absolutely wrong. The private keys ARE NOT randomly generated characters. They are actually 256 bit numbers. This means that the total number of possible private keys is 2^256 - 1, which is a ridiculously large amount of possible private keys. Those private keys are converted into the characters that you see through a process known as Base58 Check Encoding (https://en.bitcoin.it/wiki/Base58Check_encoding). You cannot just throw random characters together to get a private key because it will probably fail the Check part of Base58 Check Encoding. The Check is the first four bytes of a SHA256 checksum of the private key.
legendary
Activity: 1624
Merit: 2481
June 18, 2016, 06:05:52 AM
#4
If you improve your English the story may become readable Wink

The finite space of the characters of Bitcoin's account number.
You're going to guess a 70 digit private key? Why don't you start by guessing a 16 digit creditcard number?

Guess a 70 digit private key just to gain access to 1 Address  Grin
legendary
Activity: 4522
Merit: 3183
Vile Vixen and Miss Bitcointalk 2021-2023
June 18, 2016, 05:53:58 AM
#3
TLDR: OP neither understands Base58 encoding nor big numbers.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
June 18, 2016, 02:54:13 AM
#2
If you improve your English the story may become readable Wink

The finite space of the characters of Bitcoin's account number.
You're going to guess a 70 digit private key? Why don't you start by guessing a 16 digit creditcard number?
member
Activity: 63
Merit: 10
June 18, 2016, 02:50:08 AM
#1
http://reifddd.wix.com/levent

[I'm a finite character space]

Levent Korkmaz

The finite space of the characters of Bitcoin's account number.

(I'm a cold wallet and all the cold wallets are warm.)

[I'm a finite character space]

We have prepared a new project to use Bitcoin with my team-mates: Anthony Boivin and
Takashi Ohno. I bought reifd.info for our project. I've done research about Bitcoin account
security for the protection of the people who will invest our new projects. My research
results show this frightening security flaw.

I've realized that Bitcoin, Ethereum, Ripple and Ethereum dao have affected by Assets
security flaw. Coin that designed with Chain and the others are being affected. So all of the
Chain technology are under affection of this security flaw. With this security flaw all of the
investors' money can be stolen. Despite of the investor that has performed every security
protection.

I've stopped my reifd.info project for the safety of my investor. I hope that updates will be
done as soon as possible for this security flaw and we present our project safely to the
investor. Honesty and security first, then trading.

*Firstly let's think what we have to do concerning Bitcoin account security like everybody
else does.

I should provide the security of the number of Private key to assure the security of my
Bitcoin and Ethereum accounts. I need to keep my account number's Private key
somewhere safe. I need to use cold wallet. I need to create Multi - Signature with
Electrum. I need to print Private Key and keep it somewhere safe. I need to protect my
wallet with a strong password. I need to transfer my money into several account numbers.
I need to back-
up my wallet.

Now let's ask the questions:

1)Do the security of Private Key's number and the other security precautions provide thesecurity of my money in my account numbers on Bitcoin, Ethereum, Ripple?

In fact, this question doesn't make sense for Ripple. But Ripple also experiences the
security problems that fall to it's share. And of course all the assets(Dao) that created by
Ethereum are also included.

And this question's answer is definetly "no", but why not?

The Bitcoin address with the total 33 characters:
1 “CbtYLQY4jdQhKs3WMweRFqe93MNtPnbPh”

The Ethereum address with the total 40 characters:

0x”Bb97dC9271B097E1568bB4d24BEa7C3a28b76d44”
1234567890A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z

Bitcoin, Ethereum, Rhesap numbers with the 26+26+10= 62 characters space.

The number of the private Key's security can't provide the security of the money in my
Bitcoin, Ethereum and Ripple account numbers because of that we create Bitcoin and
Ethereum account numbers with the infinite space characters( 62 character space).

So we can create account numbers with the finite characters space and this causes
coincidence. Alice and Bob may coincidentally create an exact same account number.

In this case Alice and Bob may have eachother's money without permission.

"All cold wallets in the outer character space are actually alone and warm. There are no
security and protection for money."

In that case Bitcoin and Ethereum that full of money are cold wallets, but the Ripple wallet
acount is warm.

Actually a wallet's being whether hot or cold doesn't make sense for this security flaw.
(All accounts wander in the 62 characters space)

So money in the accounts is idle in the character space because a wallet that created with
the finite characters space is also warm.

In this case Bitcoin that coincidentally belongs to someone else can create Ethereum and
Ripple addresses and the money might be transferred to another account.

"You can make your own special lottery without paying a red cent too. All you need to do is
to create million accounts quickly. Maybe you won't create a full account, but surely one
will be able to build a full account. If you're not a decent person you may hack someone
else's Bitcoin or Ethereum account and you are to ask for God's forgiveness."

In the banking system, IBAN is designed differently for every bank. A bank never gives an
IBAN that registered in it's own database to another bank customer, if that happens a fatal
mistake will be occurred. The bank solves this problem so easily.

2) Can we solve the security problem if we make the Bitcoin, Ethereum and Ripple's
account numbers' length about 1000-character-long?

This one's answer is also "no". But why not?

Ethereum made the generated account numbers' character length 40, too. Ethereum's all
account numbers' consist 40 characters, in that case Alice and Bob coincidentally create
an exact same account number.

(note: Ethereum made account number legth 40 characters for either "Private Key security
or "lack of coincidence".) In both cases 40 characters don't matter.

3)Does expanding the character space provide solution for our security problem?

This one's answer is also "no".

Let's see...
1234567890
A B C D E F G H I J K L M N O P Q R S T U V W X Y Za b c d e f g h i j k l m n o p q r s t u v w x y z

Let's add 1000 chinese kanji characters to this space and we'll have 1062 characters in
total.

You can access the 1000 Chines kanji I've found through the link below.
http://www.jaist.ac.jp/~sjittisa/kanji1000.pdf

4)Does creating Bitcoin and Ethereum account numbers With the total 1000, 5000 or
10.000 kanji characters space make our account number safe?

And this one's answer is also "no", but why not?

- We have a finite character space(10.062 kanji characters in total), and still two different
person can coincidentally create an exact same account number.

A Bitcoin account number that created with 1000 kanji and 62 latin characters space:
1 昼店道発物用 L 商圧誤委委投働 i 鈍毎何今 s 南西北外山雨聞 p 来読戻乱未


So what could be the solution to our security problem?

This kind of account number may slightly meets our requests if we think how this won't
create a confusion or a finite character space problem.

1 昼店道発物用 L 商圧誤委委投働 i 鈍毎何今 s 南西北外山雨聞 p 来読戻乱未

No matter what we do since we'll have a finite character space, the "random case" will be
valid for every character space we'll suggest.

So how can we maintain the security of a Bitcoin account?

"This suggestion is all about putting a checkpoint or creating a sequential account while
creating a Bitcoin account."A suggestion:

All account numbers are creating by The Miners. This stiuaton is not a centralist approach.

In the end, distributed miners will take over this process.

Miners' tasks in the new design are:

1)Confirming the accounts, security(their current task)2)Creating new accounts and adding
them into the chain

3)Maintaining the security of the account chain
4)
5)
6)
7)

"A suggestion"s key aspect is that how the miners will create the account numbers.

The process works like this:

User opens the wallet and clicks on the "create a new account" button and creates a
Bitcoin account or when he/she opens the wallet, the miners will create an account
automatically. The miners scan the account chain in order to know if the account number
that they are going create is already on the account chain and if there's no match to that
account number, they bring the account number into use to the owner of the wallet.


Or the miners create Bitcoin numbers in a sequential manner and they in retrospect don't
check which account numbers have been created.

Are the checkpoints necessary while sequential accounts are being created? "This should
be discussed."

First create six or seven free new accounts and even a little fee is requested from users for
the other Bitcoin accounts to be created. Thus prevents the excessive account number
creation.

An example for the sequential account number:

1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQD
1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQE
1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQF
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484134
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484135
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484136

Of course there will be security aspects such kind of a road map.


Right below, you can see the account number that I've created by coincidence after a
research of mine.

bitcoin adress:
162Ks8Z4rFiAG8XbAG7Z5JMEP37suEPirr

Private key:
5K1y8cA3ewXgbUNXWGGZn2qCmJ1soQ29oc3uBgiUxwfkuDKFz6p

You can see the Bitcoin account number on Bitcoin forum through the link below
https://bitcointalk.org/index.php?topic=156609.450

Of course there's a wallet aspect of this plain. It has no importance of the created wallet
whether is cold or hot.

In order to coincidentally create a Bitcoin account in this way, we have two different
options.

1) We create a wallet and write "create account" command into the console.
2) We create the wallet and repeatedly create accounts using the new group of words.

I've created an account number that belongs to someone else by trying the first option.

Electrum and these kind of wallets create Bitcoin account numbers with a finite words
space too. (q)This stiuation causes coincidence since it can't go beyond the finite
characters space.

Electrum creates new account numbers with english words. English words are finite, so
this causes a coincidence
It'll be entered into another finite words space when it go beyond the english finite words
space. In this case read again starting from (q).

I've been following the development of Cointree for a long time. Peercoin brought a great
innovation with Proof-of-Stake. I believe the big problems will be solved by adding Proof-
of-Stake to Bitcoin.

Example: It can provide solution to 51 attacks and also Peercoin wallet mining can be
done.
Pages:
Jump to: