Author

Topic: can I get hacked if a Sign Message in bitcoin? (Read 326 times)

full member
Activity: 1022
Merit: 133
December 29, 2019, 11:33:57 AM
#12
No he won't be able to because singing a message is just like providing them with a masked version of your private key which can be verified to know you own the private key but the masked version won't be able to trace the original one. More like server seed and server hash in a gambling site.
legendary
Activity: 2394
Merit: 2223
Signature space for rent
If you are dumb enough to include your private key in your sign message. Who knows? Newbies mostly dumb enough to do stupid things and sometimes
It has happend previously, although I can't remember topic but sometimes scammers use that tricks. Because when they talk with a person they know how this person will recognize.

However, mathematically still not possible hack your bitcoin from sign message. So you are safe for now.

But don't sign message from your private keys if the message provided by someone else. Attacker might attack some way. I have heard similar story previously. I don't know how they did it, but there is something like this hacking possibility. So there is no other way to hack you if they don't know your private keys.
legendary
Activity: 3472
Merit: 10611
the real answer is "it depends".
when we talk about "being hacked", it is not so much about the algorithms but about either users making a mistake or the tool they are using has a bug.

for example when it comes to signing a message, ECDSA on its own has no vulnerabilities so far and to break the 256 bit keys requires millions of years of work with current computing power. so you could say it is impossible to break it.
but that is not the problem. if for example you were using a bad tool (such as an unknown wallet with buggy code, or a website) to sign a message instead of using a good one that is reviewed then you could even reveal your private key! one way would be if the tool was using a bad RNG and/or were reusing k values. in which case your private key could be calculated in a second. and you don't need any long and complicated code for that!

so just make sure you understand what you are doing and always use trusted tools. for example use trusted wallets that are old and popular so that their code was reviewed. eg. Electrum. their cryptography implementation doesn't have any flaws, so you have nothing to worry about.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Make sure the message you are signing is actually just a message, and maybe include the date as well, and the purpose of the message. Include no other details that are irrelevant.

Your message for example can be: "This is irlandescoin and I sign this message as proof I control this address for my friend (insert name here), this December 3 2019."

That way, no one else can use the message and signature to impersonate you for any other purpose.
hero member
Activity: 1106
Merit: 521
a friend told me someone with a long string of computer code could maybe hack the wallet.
Give him this address:    1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC
And this signed message: HZKZGWUXZFBA47D7Y7QXI36RLPYD7NKA
And this signature: G0HDFp3PobYt/ox0loZA/xw3M86+Lwls4xJPaNs+oTacdE3fMdeekdv0eQ86W2zbUcmlEvbE9GHfSL/ox9LvdBA=
There's 53880 Bitcoin in the address. Tell him to give it his best shot and see for himself how secure signing a message is Cheesy

Weird Flex, but okay..................... Wink
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
Just kidding but I want to give a serious reminder (for newbies), guys.

Yes, your bitcoin can be hacked if you sign a message.

If you are dumb enough to include your private key in your sign message. Who knows? Newbies mostly dumb enough to do stupid things and sometimes some stupid things result in serious losses.

I said this because months ago I made a recommendation to include email address (as another proof for account recovery) in a sign message. Then someone gave me a valuable warning that it is a stupid idea that is what I agreed with. I was dumb in the past, as you can see.  Grin
(3) Registered email for specific account.
People wouldn't like to display their emails to the public... Email spammers will just get excited by the thread and just come over to compile lists of emails which they can later spam with scam and phishing links.
Emails that were used for registering accounts at least won't get deleted from the database even when the account changes hands so, it isn't necessary to sign with your email address too

So please don't include your private key in your sign message.
legendary
Activity: 2268
Merit: 18711
a friend told me someone with a long string of computer code could maybe hack the wallet.
Theoretically speaking, the right string of characters could hack your wallet. The right string of characters could also spell out the cure to cancer or perfectly encode a 4K video of Foxpup poledancing. Who knows.

Practically speaking, signing a message is currently completely safe and poses no risk to you whatsoever provide you do it correctly and only provide him with the message and the signature, and make sure you keep the private key you are using to sign, well, private. The only scenario in which this may change is if quantum computing develops to a stage where it can break ECDSA and recover a private key from a public key, but this is going to be decades away, if ever.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
a friend told me someone with a long string of computer code could maybe hack the wallet.
Give him this address:    1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC
And this signed message: HZKZGWUXZFBA47D7Y7QXI36RLPYD7NKA
And this signature: G0HDFp3PobYt/ox0loZA/xw3M86+Lwls4xJPaNs+oTacdE3fMdeekdv0eQ86W2zbUcmlEvbE9GHfSL/ox9LvdBA=
There's 53880 Bitcoin in the address. Tell him to give it his best shot and see for himself how secure signing a message is Cheesy
hero member
Activity: 567
Merit: 502
Hey yo let's go
No, unless he have actual quantum computer with high qubit.

a friend told me someone with a long string of computer code could maybe hack the wallet.

anyway thanks for the answer.
hero member
Activity: 567
Merit: 502
Hey yo let's go
guys,

a friend it is asking me to sign a message to prove i holding the bitcoin address.

my question is: can him use the signature i generated and try hack my wallet? and stole my funds?

thank you.
Jump to: