Original Bitcoin address: 1PPJ5x74KEo9euEiSJKxyBUfHMRQrXKL1f
Fake Bitcoin address: 1PPJ5x74KEo9evEiSJKxyBUfHMRQrXKL1f
Topic: btcaddr.me - Bitcoin Address Identicon (Read 7314 times)
I made another identicon generator: http://jsfiddle.net/Lqfrmao8/
Original Bitcoin address: 1PPJ5x74KEo9euEiSJKxyBUfHMRQrXKL1f
Fake Bitcoin address: 1PPJ5x74KEo9evEiSJKxyBUfHMRQrXKL1f
Original Bitcoin address: 1PPJ5x74KEo9euEiSJKxyBUfHMRQrXKL1f
Fake Bitcoin address: 1PPJ5x74KEo9evEiSJKxyBUfHMRQrXKL1f
I made a simple identicon generator (live demo): http://jsfiddle.net/6khq75d3/
Original Bitcoin address: 1PPJ5x74KEo9euEiSJKxyBUfHMRQrXKL1f
Fake Bitcoin address: 1PPJ5x74KEo9evEiSJKxyBUfHMRQrXKL1f
Original Bitcoin address: 1PPJ5x74KEo9euEiSJKxyBUfHMRQrXKL1f
Fake Bitcoin address: 1PPJ5x74KEo9evEiSJKxyBUfHMRQrXKL1f
Thanks. It appears to be much less sophisticated than other approaches.
Is there any info about the algorithm?
Just found this thread, but the site seems to be down.
What happened?
What happened?
Replying to myself again 
, but just for fun if we disregard prefix we can fairly easily match 32 bits:
1KbhFQVEUk8wMVtiuBURZAQ1PXnsDUqcag
1EEwcrjaJkWLLZDuZA2Rhob3aVM8NwY5tR
or 40 bits:
1NcE7wksPMcydG7bfsGsGdjf2ckzXSfw1R
1H26EaqCrbdHZk2SvqvZDfPHqYGbYqQsJj
Not going to try for 48 bits on the CPU, but with OpenCL code on a GPU it shouldn't be bad either.
, but just for fun if we disregard prefix we can fairly easily match 32 bits:1KbhFQVEUk8wMVtiuBURZAQ1PXnsDUqcag
1EEwcrjaJkWLLZDuZA2Rhob3aVM8NwY5tR
or 40 bits:
1NcE7wksPMcydG7bfsGsGdjf2ckzXSfw1R
1H26EaqCrbdHZk2SvqvZDfPHqYGbYqQsJj
Not going to try for 48 bits on the CPU, but with OpenCL code on a GPU it shouldn't be bad either.
Interesting; I was thinking there probably aren't enough permutations of a default identicon to cover the huge possibility set for Bitcoin addresses, and that pretty much proves it. This sort of attack could be made less likely by modifying the identicon library with some tweaks. Namely, to not allow so many color variations, so an attacker can't just get a purple color close to the other purple (the biggest weakness, I think), but then those bits of the SHA hash have to be re-used as something else.
The default Identicon is a 3x3 grid, but really there's only three different sprites used (corners, edges, and center) and two colors. If you make only the opposing pairs match (top/bottom, left/right, NW/SE, SW/NE, and center), you've got five instead of three, and each pair could have its own color (net gain of 3 colors), without it looking too messy. I need to sit down and figure out how many bits would need to be re-used if the color palette was reduced... I might put my code where my mouth is on this one, since it seems like a fun project to tackle!
nice!
In particular, could this be used to show users a their passwords before they type their passwords in? To confirm they are on a genuine site?
For example, a site saves passwords in a hashed and salted format. When they go to login, they type in their username, uponwhich the site shows an identicon of their password hash. If that identicon matches what they originally saw when they signed up, they know they are on the legitimate website.
Would that work?
There is a problem... an attacker can easily find out the pattern by simply entering the user name into the original site. You would need two passwords to be able to do this. For example, a site saves passwords in a hashed and salted format. When they go to login, they type in their username, uponwhich the site shows an identicon of their password hash. If that identicon matches what they originally saw when they signed up, they know they are on the legitimate website.
Would that work?
I like this "bitaddress mandala" 
In particular, could this be used to show users a their passwords before they type their passwords in? To confirm they are on a genuine site?
For example, a site saves passwords in a hashed and salted format. When they go to login, they type in their username, uponwhich the site shows an identicon of their password hash. If that identicon matches what they originally saw when they signed up, they know they are on the legitimate website.
Would that work?
Interesting idea. I would add another hash round before creating the identicon for safety. That would be a cool feature. For example, a site saves passwords in a hashed and salted format. When they go to login, they type in their username, uponwhich the site shows an identicon of their password hash. If that identicon matches what they originally saw when they signed up, they know they are on the legitimate website.
Would that work?
What if the firstbits are superposed on the picture (normally shown 6 letters or so in the bottom of identicon, without leading 1) to make the match harder? So both reading and abstract pattern recognition is engaged at once.
Replying to myself again , but just for fun if we disregard prefix we can fairly easily match 32 bits:
1KbhFQVEUk8wMVtiuBURZAQ1PXnsDUqcag
1EEwcrjaJkWLLZDuZA2Rhob3aVM8NwY5tR
or 40 bits:
1NcE7wksPMcydG7bfsGsGdjf2ckzXSfw1R
1H26EaqCrbdHZk2SvqvZDfPHqYGbYqQsJj
Not going to try for 48 bits on the CPU, but with OpenCL code on a GPU it shouldn't be bad either.
, but just for fun if we disregard prefix we can fairly easily match 32 bits:1KbhFQVEUk8wMVtiuBURZAQ1PXnsDUqcag
1EEwcrjaJkWLLZDuZA2Rhob3aVM8NwY5tR
or 40 bits:
1NcE7wksPMcydG7bfsGsGdjf2ckzXSfw1R
1H26EaqCrbdHZk2SvqvZDfPHqYGbYqQsJj
Not going to try for 48 bits on the CPU, but with OpenCL code on a GPU it shouldn't be bad either.
In particular, could this be used to show users a their passwords before they type their passwords in? To confirm they are on a genuine site?
For example, a site saves passwords in a hashed and salted format. When they go to login, they type in their username, uponwhich the site shows an identicon of their password hash. If that identicon matches what they originally saw when they signed up, they know they are on the legitimate website.
Would that work?
For example, a site saves passwords in a hashed and salted format. When they go to login, they type in their username, uponwhich the site shows an identicon of their password hash. If that identicon matches what they originally saw when they signed up, they know they are on the legitimate website.
Would that work?
Any Update on this?
This is a cool idea. I had been reading the first and last few characters to make sure the address was right. This is even easier.
If its based on SHA1, does that mean it can be cracked (I have no idea, but I know the current standard is SHA3)
1AgwF965rwYpK6J8N3CbCxfRAdu7nSHt9v
1P7WdPJrZEXTmbjD5bzqNwNtNDuoTqDGu
1Fq6TL3wT4v4tbgW7CaGTyS42hsjmCHPdB
rageface.me lol
1P7WdPJrZEXTmbjD5bzqNwNtNDuoTqDGu
1Fq6TL3wT4v4tbgW7CaGTyS42hsjmCHPdB
rageface.me lol
Its like https for bitcoin adresses
Doing the math on the robohash it looks like it uses 22-24 bits depending on the settings to get an exact match, so roughly equivalent to matching 4 characters of the address. It could add some extra security combined with something else but by itself yes it is fairly trivial to match.
The robohash robot is great. Optionally print out an image of the robot next to the identicon?
Users could check that the identicon maps to the robot and robots are easier to remember than patterns.
The robots would be good branding for bitcoin. It looks like robohash is open source.
Well it does seem that mskwik did just prove robohash to be useless for our purposes.
Not completely, it would be extra hard to find a robot collision AND collide the first few chars.
The robohash robot is great. Optionally print out an image of the robot next to the identicon?
Users could check that the identicon maps to the robot and robots are easier to remember than patterns.
The robots would be good branding for bitcoin. It looks like robohash is open source.
Well it does seem that mskwik did just prove robohash to be useless for our purposes.
Jump to: