Topic: Can my Bitcoin be stolen - page 2. (Read 4481 times)
It's internet money. Of course it can be stolen when it's just sitting on your PC connected to the internet. Silly rabbit.
I just installed a bitcoin client on my PC , a was thinking before i download my wallet from blockchain.info, If someone has access to my PC or if i am infected by a virus will this compromise allow my bitcoin to be stolen?
Always run a virus scan to be sure there is no type of virus that would risk your coins.
If your PC was stolen, I think they can right?
But then again, thats if they have your pw. Not sure how they would, but you have to be a hacker..
But then again, thats if they have your pw. Not sure how they would, but you have to be a hacker..
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
But would you agree with my point - that keys generated using only the numbers 1-6 are not as secure as if they had been generated using the numbers 0-9, never mind the other characters on the keyboard? Would it really take a supercomputer many years to bruteforce 64 numbers in the range 1-6?
I would only agree if the exponent was the same.
10^x > 6^x (10 to the power of x is greater than 6 to the power of x).
Apparently you don't quite understand the power of exponentiation
or you don't understand how basic probabilities work with combinations.
If you roll a die, there's a 1 in 6 chance to roll, say a one.
to roll 2 ones in a row, is 1/36 (6^2)
to roll 3 ones in a row, is 1/216 (6^3)
...and up it goes.
when we look at 6^64, the exponent 64 is much more important than the 6.
in the end its still a huge number of combinations.
You could flip a coin 160 times and get about the same number of combinations.
Its not any less secure because there's "only two" numbers (heads or tails).
To get the same combinations using digits 0-9, you'd have to use 49 digits.
To get the same number of combos using all uppercase letters, all lowercase
letters, plus 10 digits, (62 characters), you only need about 28...
so whether you use 2^160, 6^64 , 10^49 or 62^28, its all the same number
of combinations. And a supercomputer cannot try that many combinations
as I spelled out in one of my previous posts in this thread.
So in a nutshell, if you were in my position, you'd be happy enough with the security of the keys I have generated using the dice rolls?
But would you agree with my point - that keys generated using only the numbers 1-6 are not as secure as if they had been generated using the numbers 0-9, never mind the other characters on the keyboard? Would it really take a supercomputer many years to bruteforce 64 numbers in the range 1-6?
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
What you should understand is that there are "only" 2^160 bitcoin addresses.
So while 58^64 is bigger than 6^64 , you can't make use of the extra security.
(Nor do you need to)
That said, you should do whatever makes you feel most secure :-)
So while 58^64 is bigger than 6^64 , you can't make use of the extra security.
(Nor do you need to)
That said, you should do whatever makes you feel most secure :-)
Although I followed the advice given on another forum & rolled dice, I'd have preferred 64 characters chosen from anywhere on the keyboard, even if they weren't as 'random'. Surely they'd have been harder to bruteforce?
Here's the advice I followed:
http://www.reddit.com/r/BitcoinWallet/comments/1p6y5c/secure_paper_wallet_tutorial/
Here's the advice I followed:
http://www.reddit.com/r/BitcoinWallet/comments/1p6y5c/secure_paper_wallet_tutorial/
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Just curious, do you not trust/understand the math, or do you not believe dice rolls are random enough?
especially keys generated using dice rolls (64 times in my case) with an additional word or 2 added after the 64 numbers.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Perhaps someone here can confirm my "opinion" on the feasibility of brute forcing a properly generated random key.
They were generated offline but I got worried that the keys could be bruteforced.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Generate your keys offline. Do not online computer.
You can also hide a copy of your keys using the open puff software.
You can also hide a copy of your keys using the open puff software.
Wouldn't mind hearing the opinion of others as regards this matter??? My BTC are probably small fry to most people but to me they're a lot & I want them stored as safely as possible.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
Do the math for yourself.
2^128 = (roughly) 3.4 x 10^38
1 trillion = 10^12
A trillion trillion = 10^24
A trillion trillion trillion = 10^36
The fastest supercomputer is the Tianhe-2, which
has over 3 million cores, takes 720 square meters
of space, and was developed by a team of 1300
scientists and engineers.
It theoretically can do 50 petaflops, which is
50 quadrillion calculations per second. You need about
1000 operations to do a SHA-256 hash, so, with this
computer, you could 50 trillion hashes a second.
If you had 20 billion of these computers, you could do
a trillion trillion hashes per second.
You'd still need to run all that computing power for
340 trillion seconds to reach 2^128, nevermind 2^160.
There's 31,536,000 seconds in a year, so that comes
out to: 10.78 million years.
* i dont know if floating point operations are comparable
to integer operations, but its irrelevant.
2^128 = (roughly) 3.4 x 10^38
1 trillion = 10^12
A trillion trillion = 10^24
A trillion trillion trillion = 10^36
The fastest supercomputer is the Tianhe-2, which
has over 3 million cores, takes 720 square meters
of space, and was developed by a team of 1300
scientists and engineers.
It theoretically can do 50 petaflops, which is
50 quadrillion calculations per second. You need about
1000 operations to do a SHA-256 hash, so, with this
computer, you could 50 trillion hashes a second.
If you had 20 billion of these computers, you could do
a trillion trillion hashes per second.
You'd still need to run all that computing power for
340 trillion seconds to reach 2^128, nevermind 2^160.
There's 31,536,000 seconds in a year, so that comes
out to: 10.78 million years.
* i dont know if floating point operations are comparable
to integer operations, but its irrelevant.
That's what I had been told originally by people who seemed to know what they were talking about, but recent posters made me doubt it. Not sure now whether to go ahead & generate new addresses just in case, or leave it as it is.
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
I have now come to the conclusion that there is nothing that I can do to make a secure paper wallet. Surely any combination of numbers/letters/words etc will be guessed by some supercomputer sometime?
Not at all. Combinations grow exponentially large, much too big for supercomputers.
Flip a coin 128 times, you have 2^128.
That's about 340 trillion trillion trillion combinations,
Each of which would have to be checked by doing a complete
Sha256 hash.
No computer could do it in any mortal time frame.
Roughly a billion seconds ago, Jesus walked the earth.
So do you think my 64 dice rolls followed by a few words is sufficient?
-ranochigo
64 dice rolls is 6^64. that's on the order of 2^160. You can't brute force it even if you had a
It has nothing to do with opinions!
That's this many combinations: 1461501637330902918203684832716300000000000000000
Anyone who says you can brute-force that doesn't realize how BIG that really is.
So you really think it would be safer to generate keys by using 'the moving dots' on bitaddress.org etc? In your opinion, is that the safest way?
I would also love to hear someone else's opinion on this.
Unless you can manipulate someone's mouse strokes perfectly for 200 times, then you can hack it. This is theoretically impossible on a computer which will never access the internet. Even if the mouse strokes are recorded, the attacker will not be able to access the mouse stroke recorded.I would also love to hear someone else's opinion on this.
-ranochigo
Why 200 times?
So you really think it would be safer to generate keys by using 'the moving dots' on bitaddress.org etc? In your opinion, is that the safest way?
I would also love to hear someone else's opinion on this.
Unless you can manipulate someone's mouse strokes perfectly for 200 times, then you can hack it. This is theoretically impossible on a computer which will never access the internet. Even if the mouse strokes are recorded, the attacker will not be able to access the mouse stroke recorded.I would also love to hear someone else's opinion on this.
-ranochigo
So you really think it would be safer to generate keys by using 'the moving dots' on bitaddress.org etc? In your opinion, is that the safest way?
I would also love to hear someone else's opinion on this.
I would also love to hear someone else's opinion on this.
Jump to: