Topic: Every wallet address has just one private key which can be generated again? (Read 409 times)
June 20, 2018, 02:32:14 AM
And just to be super confusing... apparently the new Trezor T defaults to just a 12 word seed
June 18, 2018, 04:49:08 AM
They are not to be confused with the seed words used by HD wallets [2], based on the BIP-0039 wordlist [3]. For this standard most wallets use 24 words and upwards, which should be sufficiently secure for the foreseeable future.
Minor correction... BIP39 specifies that:The mnemonic must encode entropy in a multiple of 32 bits. With more entropy security is improved but the sentence length increases. We refer to the initial entropy length as ENT. The allowed size of ENT is 128-256 bits.
As it must be in multiples of 32 bits, this equates to a mnemonic sentence length between 12-24 words in 3 word "steps"... so 12, 15, 18, 21 or 24 words.Ah, good catch, thank you for correcting me.
I was thinking about hardware wallets and for some reason I misremembered Ledger using 32 seed words as opposed to Trezor's 24 seed words Turns out Ledger also uses 24 seed words and it's just the custom passphrase that is longer than Trezor's (100 characters [1] vs 50 characters [2]).
[1] https://support.ledgerwallet.com/hc/en-us/articles/115005214529-Advanced-Passphrase-options
[2] https://blog.trezor.io/hide-your-trezor-wallets-with-multiple-passphrases-f2e0834026eb
June 17, 2018, 11:45:45 PM
They are not to be confused with the seed words used by HD wallets [2], based on the BIP-0039 wordlist [3]. For this standard most wallets use 24 words and upwards, which should be sufficiently secure for the foreseeable future.
Minor correction... BIP39 specifies that:The mnemonic must encode entropy in a multiple of 32 bits. With more entropy security is improved but the sentence length increases. We refer to the initial entropy length as ENT. The allowed size of ENT is 128-256 bits.
As it must be in multiples of 32 bits, this equates to a mnemonic sentence length between 12-24 words in 3 word "steps"... so 12, 15, 18, 21 or 24 words. June 17, 2018, 05:37:30 AM
[...]
There are many people work on resolving and emptying the used wallets.
Especially they claim that addresses which start with "1" and addresses generated with secret words (thus brain wallet) are not secure at all. I'm not familiar with the details that much but this seems dangerous to me, because almost every system generates addresses using brain wallet method with 7-8 words. This makes the most addresses weak. There are really good DEFCON briefs in youtube about this subject if anyone is interested.
There are many people work on resolving and emptying the used wallets.
Especially they claim that addresses which start with "1" and addresses generated with secret words (thus brain wallet) are not secure at all. I'm not familiar with the details that much but this seems dangerous to me, because almost every system generates addresses using brain wallet method with 7-8 words. This makes the most addresses weak. There are really good DEFCON briefs in youtube about this subject if anyone is interested.
Not quite. Addresses starting with "1" merely indicate P2PKH (Pay-to-PubkeyHash) addresses [1], the format used for single-sig, pre-SegWit addresses.
[1] https://en.bitcoin.it/wiki/Address
Brain wallets are a type of address that in which the private key is directly derived from a secret word or phrase. Their insecurity stems from people's inherent disability to generate and remember phrases that are random and long enough as to outwit automatized approaches. Brain wallets are usually P2PKH addresses because most of them were generated long before SegWit. In theory one should be able to generate a SegWit P2SH or Bech32 as well, meaning the address type has little to do with whether the corresponding private key is generated randomly or within a human mind.
They are not to be confused with the seed words used by HD wallets [2], based on the BIP-0039 wordlist [3]. For this standard most wallets use 24 words and upwards, which should be sufficiently secure for the foreseeable future.
[2] https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
[3] https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md
Okay, this is something new to me. I only thought there were private keys. What are these public keys?
Read up on public-key cryptocgraphy, also known as asymetric cryptography:
https://en.wikipedia.org/wiki/Public-key_cryptography
TLDR; For cryptocurrencies this means that public keys are what enables people to verify people's coins while not being able to steal them.
June 17, 2018, 12:31:27 AM
Every private key has its own public key, which is basically your address. You can search for 'public private key cryptography' to find more info about this, there are many good, pictured, explanations available.
Public key is not the address -- the address is a HASH of the public key. June 17, 2018, 12:19:37 AM
Okay, this is something new to me. I only thought there were private keys. What are these public keys?
Every private key has its own public key, which is basically your address. You can search for 'public private key cryptography' to find more info about this, there are many good, pictured, explanations available.
June 16, 2018, 10:55:09 PM
Okay, this is something new to me. I only thought there were private keys. What are these public keys?
June 16, 2018, 11:33:39 AM
Now I understand this suggestion more deeply. Actually brain wallets have low randomness and should be avoided for security reasons.
Which address generation tool do you recommend? It should not a brain-wallet and should use hardware random generator of the computer.
Bitaddress.org, bip38.org or Electrum. Generating anything with only a passphrase to access it is incredibly insecure. If you really do want to use something like Brainwallet but more secure, try going to keybase.io/warp/. You are to select your own secure passphrase and add an email with your salt. I wouldn't say that its super secure but its definitely more secure than typical brainwallet since the attack has to be specific at you. Which address generation tool do you recommend? It should not a brain-wallet and should use hardware random generator of the computer.
June 16, 2018, 11:16:40 AM
Is there any prevention method agains random address generation?
Make sure your address is truly generated randomly. /thread.Which address generation tool do you recommend? It should not a brain-wallet and should use hardware random generator of the computer.
June 16, 2018, 06:05:37 AM
Especially they claim that addresses which start with "1" and addresses generated with secret words (thus brain wallet) are not secure at all. I'm not familiar with the details that much but this seems dangerous to me, because almost every system generates addresses using brain wallet method with 7-8 words. This makes the most addresses weak.
No, you misunderstood this.
A private key is a 256 bit random number. And the hash function SHA-256 does produce a 'random-looking' output (depending on the input).
So quite a few people came to the idea to hash a 'password' to generate a 'random looking' number.
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 <-- This may look random. But it is the output of sha256('password').
So people started using passwords to generate private keys (thefore 'brain wallet').
Then smarter people started to program bots who create hashes of the most common passwords, most common prases, books, etc... to collect all the money stored in such 'brain wallets'.
While you think you may be able to find a 'random' input, it will always be less random than using a machines entropy pool. A human brain is very very far away from 'random'.
Now wallets nowadays do use entropy to achieve randomness. A random seed is generated, which is then being encoded into 12/24 words (this makes it easier for user to backup / memorize the seed and it is less error-prone when typing).
Those are NOT brain wallets. And NEITHER can they be bruteforced or hacked.
It is just a differend form of representing the random seed which is used to derive all of the public-/private- keypairs.
June 16, 2018, 05:25:43 AM
Every public key has one private key. EDIT : this is wrong : There is actually 2^96 private key that corresponds to an address.
This actually is TRUE.Each public key only corresponds to ONE private key.
There are many people work on resolving and emptying the used wallets.
Especially they claim that addresses which start with "1" and addresses generated with secret words (thus brain wallet) are not secure at all. I'm not familiar with the details that much but this seems dangerous to me, because almost every system generates addresses using brain wallet method with 7-8 words. This makes the most addresses weak. There are really good DEFCON briefs in youtube about this subject if anyone is interested.
June 15, 2018, 05:14:50 AM
Can someone post the article to this image? I would like to have it with a better resolution, it's hard to read the text.
Back to the topic, I think the only way is to bruteforce the private key, which is according to the description above nearly impossible.
Drag and drop it to a new tab or window to view full screen, (after checking) that image has 1920x1200 dimensions which is pretty big to blur.Back to the topic, I think the only way is to bruteforce the private key, which is according to the description above nearly impossible.
Here's a link of the full screen version: Right Click->Open Link New Tab
You can try using Vanitygen or Oclavanitygen to waste your electricity, time and dignity; but the chance to bruteforce a loaded address is almost impossible.
You can't forbid someone to pick a random number, can you ?
Yes, of course. Anyone can pick a random number manually even without a computer. June 15, 2018, 12:33:38 AM
The probability is really small but there is a chance.
You should worry about dying from a random heart attack or from a lightning strike, or even a meteor wiping our the planet before you worry about collisions.
Make sure your address is truly generated randomly. /thread.
This.Can someone post the article to this image? I would like to have it with a better resolution, it's hard to read the text.
Back to the topic, I think the only way is to bruteforce the private key, which is according to the description above nearly impossible.
June 14, 2018, 10:02:06 AM
A private key is just a random generated number. This number is then hashed using SHA256.
The private key is NOT being hashed.
The private key is used to calculate the public key through multiplication on the elliptic curve.
This public key is afterwards being SHA-256 hashed and afterwards RIPEMD160 hashed to get the address.
Mining, on the other hand, does rely on double-SHA256-hashing a block with a nonce which does result in a hash below the given target.
June 14, 2018, 08:45:51 AM
Make sure your address is truly generated randomly. /thread.
Yes, this is the most important.
A private key is just a random generated number. This number is then hashed using SHA256.
But you can hash words, phrases, small numbers and this will generate valid private keys. Just put these hashes in bitaddress.org and you will get the public keys too.
If you want to find a collision, the best way is to try to find poorly generated private keys.
If you try to hash some words like "wallet" "satoshi" "bitcoin" you will find some addresses which doesn't have balances now, but they used to have. I tried many already, but manually. Never had any luck.
Maybe if you can make a program that can try millions of inputs per second, hash those inputs and check the balance of them, you may have some luck.
You will only find poorly generated private keys this way.
Edit: I read a post by butka few months ago about this, couldn´t find it now
June 14, 2018, 07:57:20 AM
This means, if there is a software (I know actually this exists) which generates random addresses and checks their balance, there is little possibility to find a wallet with balance in it.
---snip---
Is there any prevention method agains random address generation?
---snip---
Is there any prevention method agains random address generation?
You can't forbid someone to pick a random number, can you ?
@tesla80 maybe you should ask differently on the 'random address generation' matter
something like, "Is there any guarantee the software (generator) would generate completely random address everytime?"
we depend on machine algorithm to randomize and so far I think it's (randomness) quite strong
June 14, 2018, 07:21:52 AM
There are bitcoin wallet addresses which are actually public keys, right?
No. The address is derived from the public key. It is the RIPEMD160 hash of the SHA-256 hash of the public key.
Every public key has one private key. EDIT : this is wrong : There is actually 2^96 private key that corresponds to an address.
This actually is TRUE.
Each public key only corresponds to ONE private key.
296 private keys (2256 / 2160) do result in the same address (Note that address do NOT exist on a technical level) and this is NOT a security threat).
There are bitcoin address generator programs which generates random addresses.
They generate random private-/public- keys and derive the address, yes.
There is very little possibility to generate a public and private key of an already used wallet, correct?
Pretty much impossible (if there are no implementation errors).
When a user wants to create a bitcoin address, the same addres generator generates a pair of public & private keys. If another user wants to create a random bitcoin addres, the same generator algorithm can generate previous public & private keys once more.
Such a 'generator' either uses a seed to derive private keys or generates private keys itself.
A private key basically is just a really really big (random) number.
This means, if there is a software (I know actually this exists) which generates random addresses and checks their balance, there is little possibility to find a wallet with balance in it.
Practically no chance.
This can be another bitcoin stealing algorithm, right?
Something like a 'bitcoin stealing algorithm' doesn't exist.
Is there any prevention method agains random address generation?
You can't forbid someone to pick a random number, can you ?
June 14, 2018, 07:01:43 AM
You are correct in saying that it's possible. Whoever, the chances of a colission are astronomically low.
Quote
The odds in colliding with a specific address is 1 in 2^160.
If there are a billion users and each have one million active addresses (1 quadrillion funded addresses in the blockchain) the odds in colliding with any address would be roughly 1 in 2^110 (1*10^33).
Vanitygen can produce 20 million keypairs per second. Lets say you build a super ASIC on 12nm (4 generations ahead of current tech) process that could create, validate, and steal one trillion keypairs per second (1 TK/s). That would be about 50,000x more powerful than faster GPU today. Lets also say you built a thousand of them and ran them continually with no downtime 24/7/365. In 1 year you could brute force 3*10^28 possible addresses.
If there are 1 quadrillion funded addresses you would still have a ~1% chance of colliding with a random funded address in the next 1,000 years.
https://bitcointalksearch.org/topic/m.1143828 If there are a billion users and each have one million active addresses (1 quadrillion funded addresses in the blockchain) the odds in colliding with any address would be roughly 1 in 2^110 (1*10^33).
Vanitygen can produce 20 million keypairs per second. Lets say you build a super ASIC on 12nm (4 generations ahead of current tech) process that could create, validate, and steal one trillion keypairs per second (1 TK/s). That would be about 50,000x more powerful than faster GPU today. Lets also say you built a thousand of them and ran them continually with no downtime 24/7/365. In 1 year you could brute force 3*10^28 possible addresses.
If there are 1 quadrillion funded addresses you would still have a ~1% chance of colliding with a random funded address in the next 1,000 years.
June 14, 2018, 07:00:53 AM
The probability is really small but there is a chance.
You should worry about dying from a random heart attack or from a lightning strike, or even a meteor wiping our the planet before you worry about collisions.
Make sure your address is truly generated randomly. /thread.
This. June 14, 2018, 06:58:13 AM
There are bitcoin wallet addresses which are actually public keys, right?
The addresses are the hash of the public key.Every public key has one private key.
There is actually 2^96 private key that corresponds to an address.There is very little possibility to generate a public and private key of an already used wallet, correct?
Yes. Of an address that is generated by someone else already.When a user wants to create a bitcoin address, the same addres generator generates a pair of public & private keys. If another user wants to create a random bitcoin addres, the same generator algorithm can generate previous public & private keys once more.
This means, if there is a software (I know actually this exists) which generates random addresses and checks their balance, there is little possibility to find a wallet with balance in it.
This can be another bitcoin stealing algorithm, right?
That's like finding a needle in an ocean of haysack. You can generate the same addresses again if your RNG is flawed and it isn't random. There are easier ways to steal coins than this.This means, if there is a software (I know actually this exists) which generates random addresses and checks their balance, there is little possibility to find a wallet with balance in it.
This can be another bitcoin stealing algorithm, right?
I don't understand how we can sure that our bitcoins are safe in our wallets in such situation?
The probability is really small but there is a chance.
Am I correct?
Yes. Most people don't get the concept of the possibility. If something is possible, it doesn't mean that its remotely likely to happen. Its more likely for me to get struck by a lightning multiple times in consecutive years while sitting on a toilet bowl than anyone ever generating a collision of an address that is generated securely.The probability is really small but there is a chance.
Am I correct?
Is there any prevention method agains random address generation?
Make sure your address is truly generated randomly. /thread. Jump to: