Author

Topic: Generating Private Keys From Strings Of Words (Read 594 times)

donator
Activity: 362
Merit: 250
Hi.
More people are starting to make their private keys from strings of words. Wallets like MultiBit HD force you to create your private keys from word strings. If Bitcoin grew substantially larger, surely this would present a problem? I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

Is my understanding of Bitcoin correct in this, and if so, surely this could happen if most of the world's population used Bitcoin?

you have to remember that creating a string of random words by a human can not be completely random. so there is a risk of being hacked.

Here's a passphrase generator you can use - https://nxtportal.org/tools/diceware_passphrase.html

Right-click, save-as for offline use.   Smiley
legendary
Activity: 1638
Merit: 1163
Where is my ring of blades...
Hi.
More people are starting to make their private keys from strings of words. Wallets like MultiBit HD force you to create your private keys from word strings. If Bitcoin grew substantially larger, surely this would present a problem? I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

Is my understanding of Bitcoin correct in this, and if so, surely this could happen if most of the world's population used Bitcoin?

you have to remember that creating a string of random words by a human can not be completely random. so there is a risk of being hacked.
legendary
Activity: 1484
Merit: 1004
http://www.networkworld.com/article/2226175/microsoft-subnet/top-25-most-commonly-used-and-worst-passwords-of-2013.html

If you try every password on that list, you will see there is a lot of them that already have some coin on it.  Tongue
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

I suggest you try it. Electrum version 1 wallets uses 12 words, half of Multibit. Create the script and run it for a month. Electrum uses a list of 1626 words, total permutations is 3.4 x 10^38. Have fun with it! You might just be lucky and hit a wallet with balance on the first attempt.  Cheesy

I think there are people who tried it before and some still hacking. I haven't heard of any Electrum users reporting that there coins are mysteriously gone.



as I mentioned in another thread, you could have 10,000 supercomputers each running 100 petaflops for a whole century and not even get through one percent of one percent of the combinations...oh and that's before electrum's key stretching which makes it  100,000 slower to compute.  it also doesn't include any extra time needed to generate multiple addresses for each seed and check their balances...so....good luck.
hero member
Activity: 672
Merit: 500
I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

I suggest you try it. Electrum version 1 wallets uses 12 words, half of Multibit. Create the script and run it for a month. Electrum uses a list of 1626 words, total permutations is 3.4 x 10^38. Have fun with it! You might just be lucky and hit a wallet with balance on the first attempt.  Cheesy

I think there are people who tried it before and some still hacking. I haven't heard of any Electrum users reporting that their coins are mysteriously gone.

legendary
Activity: 1176
Merit: 1011
That's very true. I still think it would be possible to collide (in English, probably), especially if you were deliberately trying to collide. It would probably take a long time, but it is possible without a doubt.
Yes, for sure, this is most definitely possible. It's also possible to buy lotto tickets every week until you win the jackpot. The latter strategy has a much, MUCH bigger chance of success, and will yield results much faster.

If you would somehow manage to have ALL of the world's total computing power at your disposal, the expected time it takes to find your first collision is approximately 19 billion years (that's longer than the current age of the universe).

Keep in mind that those HD Wallet words are (roughly speaking) just a fancy way of representing the 256 bits of a private key.

Also this illustration is obligatory in a topic like this.

So good luck with that, sir! Smiley
staff
Activity: 3458
Merit: 6793
Just writing some code
the word combinations are quite big, and when you mix languages they're even bigger. If there was enough people using this method of generating private keys for collision, one just probably had to raise the words limit.,.. Smiley
That's very true. I still think it would be possible to collide (in English, probably), especially if you were deliberately trying to collide. It would probably take a long time, but it is possible without a doubt.
Of course it is possible. So is brute forcing someone's password. But, it is probably more cost effective to do other things with your computer. Remember, running a computer costs money (electricity costs) and it will take several times longer than your lifespan to reliably get a collision.
staff
Activity: 3458
Merit: 6793
Just writing some code
That is just like bruteforcing a password. While it doesn't seem like too much, it is in fact incredibly difficult and will take much longer than you would think. Think of it as trying to bruteforce a 24 character password. Pretty hard. Now instead of less than 100 characters to choose from for each character, you have hundreds of millions of words to choose from from each "character" That becomes pretty much impossible to brute force in any reasonable amount of time with current technology.
sr. member
Activity: 462
Merit: 250
the word combinations are quite big, and when you mix languages they're even bigger. If there was enough people using this method of generating private keys for collision, one just probably had to raise the words limit.,.. Smiley
That's very true. I still think it would be possible to collide (in English, probably), especially if you were deliberately trying to collide. It would probably take a long time, but it is possible without a doubt.
legendary
Activity: 1512
Merit: 1012
the word combinations are quite big, and when you mix languages they're even bigger. If there was enough people using this method of generating private keys for collision, one just probably had to raise the words limit.,.. Smiley
sr. member
Activity: 462
Merit: 250
Hi.
More people are starting to make their private keys from strings of words. Wallets like MultiBit HD force you to create your private keys from word strings. If Bitcoin grew substantially larger, surely this would present a problem? I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

Is my understanding of Bitcoin correct in this, and if so, surely this could happen if most of the world's population used Bitcoin?
Jump to: