Author

Topic: Help mini privkey generator (Read 2360 times)

copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
January 24, 2016, 05:23:42 PM
#17
I think it was like a passphrase to generate privkey .

Thats a brainwallet.
member
Activity: 101
Merit: 11
N.E.E.T
January 24, 2016, 05:14:05 PM
#16
I think it was like a passphrase to generate privkey .
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
January 24, 2016, 06:31:46 AM
#15

253 is possible to attack, maybe not for you, but its possible. Anyway, see my edit, it was not this exact script that was used, but just something like this.

Up to what strength is an attack still possible nowadays (say assuming lots of money) ? Is it something like 2^64?
I tried to google that but could find no clear answer.

Hard to say, it mainly depends on the attacker. 253 is based on someone with two strong gaming GPUs. This someone could be an old bitcoin miner with a high number of now obsolete mining GPUs. If you consider the GPU nodes of one of the top500 machines[1] (e.g. your state or near university trying to get your coins) the GPUs they use (e.g. Titan[2] has 3072[3] Tesla K20s[4] with 2496 cuda cores ea.) should be able to do ~45Mkeys/s[5] each or ~138Gkey/s. If those estimates are correct, they would go through 64 bit in ~4.3 years. That is certainly not feasible to get 3,500 BTC, but it shows who important a strong RNG is with todays technology. None of these estimates assume any weaknesses in the algorithms used, but rather a bad RNG as basis for the keys.

[1] http://www.top500.org/
[2] https://www.olcf.ornl.gov/titan/
[3] https://en.wikipedia.org/wiki/Cray_XK7
[4] https://en.wikipedia.org/wiki/Nvidia_Tesla#Specifications_and_configurations
[5] basis for the estimate are the 1664 cuda cores of my GTX 970 that do ~30Mkey/s with highly optimized software like vanitygen.
full member
Activity: 209
Merit: 148
January 24, 2016, 06:04:21 AM
#14

253 is possible to attack, maybe not for you, but its possible. Anyway, see my edit, it was not this exact script that was used, but just something like this.

Up to what strength is an attack still possible nowadays (say assuming lots of money) ? Is it something like 2^64?
I tried to google that but could find no clear answer.
newbie
Activity: 8
Merit: 0
January 24, 2016, 05:55:59 AM
#13


Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?

impossible.
Mini key keep using SHA256 .

So? If I SHA256 all numbers from 0 to 127 and give you a single hash you could just brute force the number to it. IF - and that was my question - random number generator was indeed insufficient it might be vulnerable to the same attack. The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible.
i think this is out off topic.  Cheesy
are you guessing me trying to brute force ?
I answer yes .  Grin
but , in practice it is still not possible in accordance with that we want to brute force,.
Code:
Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> pow(2,160)
1461501637330902918203684832716283019655932542976L
>>>pow(2,53)
9007199254740992L
>>> pow(2,256)
115792089237316195423570985008687907853269984665640564039457584007913129639936L

253 is possible to attack, maybe not for you, but its possible. Anyway, see my edit, it was not this exact script that was used, but just something like this.
i see.
in this case . The mini private key format offers a simple typo check code. Mini private keys must be generated in a "brute force" fashion, keeping only keys that conform to the format's rules. If a key is well-formed (30 Base58 characters starting with S), but fails the hash check, then it probably contains a typo.
Code:
$ echo -n "S7c64uJjYpFtp2GrEc3RFaVyzJaJoN?" | shasum -a 256
00c7e27df362561ffeffe1653b1c01cc1e44a07e8e547da151773fb5758fc41f *-
If the SHA256 hash of the string followed by '?' doesn't result in something that begins with 0x00, the string is not a valid mini private key.
so not just randoming key to qualify as mini key .they still use SHA256 as a key.

copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
January 24, 2016, 04:06:14 AM
#12


Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?

impossible.
Mini key keep using SHA256 .

So? If I SHA256 all numbers from 0 to 127 and give you a single hash you could just brute force the number to it. IF - and that was my question - random number generator was indeed insufficient it might be vulnerable to the same attack. The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible.
i think this is out off topic.  Cheesy
are you guessing me trying to brute force ?
I answer yes .  Grin
but , in practice it is still not possible in accordance with that we want to brute force,.
Code:
Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> pow(2,160)
1461501637330902918203684832716283019655932542976L
>>>pow(2,53)
9007199254740992L
>>> pow(2,256)
115792089237316195423570985008687907853269984665640564039457584007913129639936L

253 is possible to attack, maybe not for you, but its possible. Anyway, see my edit, it was not this exact script that was used, but just something like this.
newbie
Activity: 8
Merit: 0
January 23, 2016, 08:17:12 PM
#11


Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?

impossible.
Mini key keep using SHA256 .

So? If I SHA256 all numbers from 0 to 127 and give you a single hash you could just brute force the number to it. IF - and that was my question - random number generator was indeed insufficient it might be vulnerable to the same attack. The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible.
i think this is out off topic.  Cheesy
are you guessing me trying to brute force ?
I answer yes .  Grin
but , in practice it is still not possible in accordance with that we want to brute force,.
Code:
Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> pow(2,160)
1461501637330902918203684832716283019655932542976L
>>>pow(2,53)
9007199254740992L
>>> pow(2,256)
115792089237316195423570985008687907853269984665640564039457584007913129639936L
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
January 23, 2016, 02:52:40 PM
#10
-snip-
The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible.
It still practically strong. A Bitcoin address is ripemd(160) which usually results in a 34 character base58-encoded number. The minikey is a 30-character base58 number, and so is a reduction below the full strength entropy possible - it can't possibly generate the full set of bitcoin addresses. Schemes like electrum wallet have used even smaller 128 bit seeds.

I did some reading and this[1] sounds to me like python's random is limited to 253 bit. The use of RIPMD-160 or SHA256 does not really matter in this case. The 1st Casascius series had at least 3,500 coins produced with 1 BTC each. If we assume typical oclvanitygen performance an attacker could generate up to 100million keys/addresses per second[3]. This would allow someone to search the entire 253 bit space in only 2.8 years. With the birthday paradox and the number of coins in mind it sounds like a feasible attack.

Edit: nevermind:

Quote
The random number generator used is the Microsoft secure random number generator in the System.Security.Cryptography namespace of the Microsoft .NET 4.0 Framework.  In addition, the custom application also asks for a "mash" of characters from the keyboard of no fewer than 50 characters, each time the application is run, which is answered with a string of non-memorable characters by "spidering" fingers around the keyboard.  The application generates a second pseudo-random byte stream using the SHA256 hash algorithm on this "mash" plus an incrementing nonce, and this second random number stream is combined with the first one using modular addition before being used as key material.  The "mash" string is never kept.

source: https://www.casascius.com/controls.aspx

[1] https://docs.python.org/2/library/random.html
[2] https://en.bitcoin.it/wiki/Casascius_physical_bitcoins#Original_series_1_BTC_coin
[3] fastest rate reported using 2 GPUs -> https://bitcointalksearch.org/topic/m.13552213
legendary
Activity: 1512
Merit: 1036
January 23, 2016, 02:20:35 PM
#9
It needs one more line at the end to call the "main" function:

GenerateKeys()

Oops, I didn't notice that there is no 'main' function, it's just a library. A pythonesque way of adding that so that the file still remains an importable library is to add at the end:

if __name__ == "__main__":
    GenerateKeys(1)


The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible.
It still practically strong. A Bitcoin address is ripemd(160) which usually results in a 34 character base58-encoded number. The minikey is a 30-character base58 number, and so is a reduction below the full strength entropy possible - it can't possibly generate the full set of bitcoin addresses. Schemes like electrum wallet have used even smaller 128 bit seeds.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
January 23, 2016, 12:42:50 PM
#8


Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?

impossible.
Mini key keep using SHA256 .

So? If I SHA256 all numbers from 0 to 127 and give you a single hash you could just brute force the number to it. IF - and that was my question - random number generator was indeed insufficient it might be vulnerable to the same attack. The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible.
newbie
Activity: 8
Merit: 0
January 23, 2016, 09:20:54 AM
#7


Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?

impossible.
Mini key keep using SHA256 .
newbie
Activity: 8
Merit: 0
January 23, 2016, 07:46:16 AM
#6
it work ,   Smiley
Code:
>>> from key import *
>>> GenerateKeys()

S7c64uJjYpFtp2GrEc3RFaVyzJaJoN
SHA256( ): e505c601b721b32c0b9b13bff24432ced1e8d37173d89de345cbd6a1b3a09605
sha256(?): 00c7e27df362561ffeffe1653b1c01cc1e44a07e8e547da151773fb5758fc41f
Validated.
Thank you to all of you,i was just trying the same way  Cheesy
newbie
Activity: 8
Merit: 0
January 23, 2016, 07:34:46 AM
#5
This is a Python script for generating the "mini" private key used on Casascius coins. The first step is not to use it, as Python's random function is: "is completely unsuitable for cryptographic purposes" (which you can read right above the code snippet on https://en.bitcoin.it/wiki/Mini_private_key_format#Creating_mini_private_keys - you would need someone to harden the crypto in the code first.

Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?

Mini key also has a much smaller keyspace than a full-size private key, and therefore is not as cryptographically strong, although reversing this key space is still hard.

To run it, you just install Python 2 (Mac OSX and Linux will already have python), save the script as a file like "minikey.py", and run it with a command python minikey.py

It needs one more line at the end to call the "main" function:

GenerateKeys()
still not work
Code:
Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import key
>>> GenerateKeys()
Traceback (most recent call last):
  File "", line 1, in
NameError: name 'GenerateKeys' is not defined
sr. member
Activity: 406
Merit: 252
January 23, 2016, 06:10:07 AM
#4
It seems to convert a 51 character private key into a 20-30ish character "Mini Key", all one needs to do is use the SHA256 hash function.

You can try this out on Python. It produces sample 30-character SHA256-based mini private keys in Python:

Code:
import random
import hashlib
 
BASE58 = '23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
 
def Candidate():
    """
    Generate a random, well-formed mini private key.
    """
    return('%s%s' % ('S', ''.join(
        [BASE58[ random.randrange(0,len(BASE58)) ] for i in range(29)])))
 
def GenerateKeys(numKeys = 10):
    """
    Generate mini private keys and output the mini key as well as the full
    private key. numKeys is The number of keys to generate, and
    """
    keysGenerated = 0
    totalCandidates = 0
    while keysGenerated < numKeys:
        try:
            cand = Candidate()
            # Do typo check
            t = '%s?' % cand
            # Take one round of SHA256
            candHash = hashlib.sha256(t).digest()
            # Check if the first eight bits of the hash are 0
            if candHash[0] == '\x00':
                privateKey = GetPrivateKey(cand)
                print('\n%s\nSHA256( ): %s\nsha256(?): %s' %
                      (cand, privateKey, candHash.encode('hex_codec')))
                if CheckShortKey(cand):
                    print('Validated.')
                else:
                    print('Invalid!')
                keysGenerated += 1
            totalCandidates += 1
        except KeyboardInterrupt:
            break
    print('\n%s: %i\n%s: %i\n%s: %.1f' %
          ('Keys Generated', keysGenerated,
           'Total Candidates', totalCandidates,
           'Reject Percentage',
           100*(1.0-keysGenerated/float(totalCandidates))))
 
def GetPrivateKey(shortKey):
    """
    Returns the hexadecimal representation of the private key corresponding
    to the given short key.
    """
    if CheckShortKey(shortKey):
        return hashlib.sha256(shortKey).hexdigest()
    else:
        print('Typo detected in private key!')
        return None
 
def CheckShortKey(shortKey):
    """
    Checks for typos in the short key.
    """
    if len(shortKey) != 30:
        return False
    t = '%s?' % shortKey
    tHash = hashlib.sha256(t).digest()
    # Check to see that first byte is \x00
    if tHash[0] == '\x00':
        return True
    return False

copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
January 23, 2016, 05:23:03 AM
#3
This is a Python script for generating the "mini" private key used on Casascius coins. The first step is not to use it, as Python's random function is: "is completely unsuitable for cryptographic purposes" (which you can read right above the code snippet on https://en.bitcoin.it/wiki/Mini_private_key_format#Creating_mini_private_keys - you would need someone to harden the crypto in the code first.

Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?

Mini key also has a much smaller keyspace than a full-size private key, and therefore is not as cryptographically strong, although reversing this key space is still hard.

To run it, you just install Python 2 (Mac OSX and Linux will already have python), save the script as a file like "minikey.py", and run it with a command python minikey.py

It needs one more line at the end to call the "main" function:

GenerateKeys()
legendary
Activity: 1512
Merit: 1036
January 23, 2016, 03:14:31 AM
#2
This is a Python script for generating the "mini" private key used on Casascius coins. The first step is not to use it, as Python's random function is: "is completely unsuitable for cryptographic purposes" (which you can read right above the code snippet on https://en.bitcoin.it/wiki/Mini_private_key_format#Creating_mini_private_keys - you would need someone to harden the crypto in the code first.

Mini key also has a much smaller keyspace than a full-size private key, and therefore is not as cryptographically strong, although reversing this key space is still hard.

To run it, you just install Python 2 (Mac OSX and Linux will already have python), save the script as a file like "minikey.py", and run it with a command python minikey.py

newbie
Activity: 8
Merit: 0
January 22, 2016, 03:12:18 PM
#1
how it can work for me?
Code:
import random
import hashlib
 
BASE58 = '23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
 
def Candidate():
    """
    Generate a random, well-formed mini private key.
    """
    return('%s%s' % ('S', ''.join(
        [BASE58[ random.randrange(0,len(BASE58)) ] for i in range(29)])))
 
def GenerateKeys(numKeys = 10):
    """
    Generate mini private keys and output the mini key as well as the full
    private key. numKeys is The number of keys to generate, and
    """
    keysGenerated = 0
    totalCandidates = 0
    while keysGenerated < numKeys:
        try:
            cand = Candidate()
            # Do typo check
            t = '%s?' % cand
            # Take one round of SHA256
            candHash = hashlib.sha256(t).digest()
            # Check if the first eight bits of the hash are 0
            if candHash[0] == '\x00':
                privateKey = GetPrivateKey(cand)
                print('\n%s\nSHA256( ): %s\nsha256(?): %s' %
                      (cand, privateKey, candHash.encode('hex_codec')))
                if CheckShortKey(cand):
                    print('Validated.')
                else:
                    print('Invalid!')
                keysGenerated += 1
            totalCandidates += 1
        except KeyboardInterrupt:
            break
    print('\n%s: %i\n%s: %i\n%s: %.1f' %
          ('Keys Generated', keysGenerated,
           'Total Candidates', totalCandidates,
           'Reject Percentage',
           100*(1.0-keysGenerated/float(totalCandidates))))
 
def GetPrivateKey(shortKey):
    """
    Returns the hexadecimal representation of the private key corresponding
    to the given short key.
    """
    if CheckShortKey(shortKey):
        return hashlib.sha256(shortKey).hexdigest()
    else:
        print('Typo detected in private key!')
        return None
 
def CheckShortKey(shortKey):
    """
    Checks for typos in the short key.
    """
    if len(shortKey) != 30:
        return False
    t = '%s?' % shortKey
    tHash = hashlib.sha256(t).digest()
    # Check to see that first byte is \x00
    if tHash[0] == '\x00':
        return True
    return False
Jump to: