Generating Private Keys From Strings Of Words

coretechs

donator

Activity: 362

Merit: 250

Quote from: Pursuer on July 29, 2015, 09:49:17 PM

Quote from: Fishbones78 on July 29, 2015, 07:05:38 PM

Hi.
More people are starting to make their private keys from strings of words. Wallets like MultiBit HD force you to create your private keys from word strings. If Bitcoin grew substantially larger, surely this would present a problem? I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

Is my understanding of Bitcoin correct in this, and if so, surely this could happen if most of the world's population used Bitcoin?

you have to remember that creating a string of random words by a human can not be completely random. so there is a risk of being hacked.

Here's a passphrase generator you can use - https://nxtportal.org/tools/diceware_passphrase.html

Right-click, save-as for offline use.

Pursuer

legendary

Activity: 1638

Merit: 1163

Where is my ring of blades...

Quote from: Fishbones78 on July 29, 2015, 07:05:38 PM

Hi.
More people are starting to make their private keys from strings of words. Wallets like MultiBit HD force you to create your private keys from word strings. If Bitcoin grew substantially larger, surely this would present a problem? I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

Is my understanding of Bitcoin correct in this, and if so, surely this could happen if most of the world's population used Bitcoin?

you have to remember that creating a string of random words by a human can not be completely random. so there is a risk of being hacked.

valkir

legendary

Activity: 1484

Merit: 1004

http://www.networkworld.com/article/2226175/microsoft-subnet/top-25-most-commonly-used-and-worst-passwords-of-2013.html

If you try every password on that list, you will see there is a lot of them that already have some coin on it. Tongue

jonald_fyookball

legendary

Activity: 1302

Merit: 1008

Core dev leaves me neg feedback #abuse #political

Quote from: jbrnt on July 29, 2015, 08:10:44 PM

Quote from: Fishbones78 on July 29, 2015, 07:05:38 PM

I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

I suggest you try it. Electrum version 1 wallets uses 12 words, half of Multibit. Create the script and run it for a month. Electrum uses a list of 1626 words, total permutations is 3.4 x 10^38. Have fun with it! You might just be lucky and hit a wallet with balance on the first attempt. Cheesy

I think there are people who tried it before and some still hacking. I haven't heard of any Electrum users reporting that there coins are mysteriously gone.

as I mentioned in another thread, you could have 10,000 supercomputers each running 100 petaflops for a whole century and not even get through one percent of one percent of the combinations...oh and that's before electrum's key stretching which makes it 100,000 slower to compute. it also doesn't include any extra time needed to generate multiple addresses for each seed and check their balances...so....good luck.

jbrnt

hero member

Activity: 672

Merit: 500

Quote from: Fishbones78 on July 29, 2015, 07:05:38 PM

I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

I suggest you try it. Electrum version 1 wallets uses 12 words, half of Multibit. Create the script and run it for a month. Electrum uses a list of 1626 words, total permutations is 3.4 x 10^38. Have fun with it! You might just be lucky and hit a wallet with balance on the first attempt. Cheesy

I think there are people who tried it before and some still hacking. I haven't heard of any Electrum users reporting that their coins are mysteriously gone.

Kazimir

legendary

Activity: 1176

Merit: 1011

Quote from: Fishbones78 on July 29, 2015, 07:22:56 PM

That's very true. I still think it would be possible to collide (in English, probably), especially if you were deliberately trying to collide. It would probably take a long time, but it is possible without a doubt.

Yes, for sure, this is most definitely possible. It's also possible to buy lotto tickets every week until you win the jackpot. The latter strategy has a much, MUCH bigger chance of success, and will yield results much faster.

If you would somehow manage to have ALL of the world's total computing power at your disposal, the expected time it takes to find your first collision is approximately 19 billion years (that's longer than the current age of the universe).

Keep in mind that those HD Wallet words are (roughly speaking) just a fancy way of representing the 256 bits of a private key.

Also this illustration is obligatory in a topic like this.

So good luck with that, sir!

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

Quote from: Fishbones78 on July 29, 2015, 07:22:56 PM

Quote from: unamis76 on July 29, 2015, 07:07:57 PM

the word combinations are quite big, and when you mix languages they're even bigger. If there was enough people using this method of generating private keys for collision, one just probably had to raise the words limit.,..

That's very true. I still think it would be possible to collide (in English, probably), especially if you were deliberately trying to collide. It would probably take a long time, but it is possible without a doubt.

Of course it is possible. So is brute forcing someone's password. But, it is probably more cost effective to do other things with your computer. Remember, running a computer costs money (electricity costs) and it will take several times longer than your lifespan to reliably get a collision.

achow101

staff

Activity: 3458

Merit: 6793

Just writing some code

That is just like bruteforcing a password. While it doesn't seem like too much, it is in fact incredibly difficult and will take much longer than you would think. Think of it as trying to bruteforce a 24 character password. Pretty hard. Now instead of less than 100 characters to choose from for each character, you have hundreds of millions of words to choose from from each "character" That becomes pretty much impossible to brute force in any reasonable amount of time with current technology.

Fishbones78

sr. member

Activity: 462

Merit: 250

Quote from: unamis76 on July 29, 2015, 07:07:57 PM

the word combinations are quite big, and when you mix languages they're even bigger. If there was enough people using this method of generating private keys for collision, one just probably had to raise the words limit.,..

That's very true. I still think it would be possible to collide (in English, probably), especially if you were deliberately trying to collide. It would probably take a long time, but it is possible without a doubt.

unamis76

legendary

Activity: 1512

Merit: 1012

the word combinations are quite big, and when you mix languages they're even bigger. If there was enough people using this method of generating private keys for collision, one just probably had to raise the words limit.,..

Fishbones78

sr. member

Activity: 462

Merit: 250

Hi.
More people are starting to make their private keys from strings of words. Wallets like MultiBit HD force you to create your private keys from word strings. If Bitcoin grew substantially larger, surely this would present a problem? I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

Is my understanding of Bitcoin correct in this, and if so, surely this could happen if most of the world's population used Bitcoin?

Topic: Generating Private Keys From Strings Of Words (Read 591 times)