Pages:
Author

Topic: How does private key compromise a wallet? (Read 425 times)

hero member
Activity: 1064
Merit: 500
November 06, 2017, 06:23:40 AM
#21
This is new idea in the field of internet security. In theory you are right. Even different logins don’t make you absolutely self-confident about your account.
But in the practice more effective ways exist to get access to accounts of strangers without choosing a password.
full member
Activity: 251
Merit: 100
November 05, 2017, 09:39:51 AM
#20
Well, the odds of Earth itself existing is so low (http://blogs.discovermagazine.com/d-brief/2016/02/22/earth-is-a-1-in-700-quintillion-kind-of-place/#.Wf8iO2iCyM8) and yet we cannot disregard the possibility that it did happen. Smiley

I am just taking the scientific/mathematical aspect of this and not involving religion here... :p
legendary
Activity: 2240
Merit: 1069
November 05, 2017, 04:14:11 AM
#19
I read it somewhere but I can't find the link. If all computers on earth are supercomputers, and all the stars in the universe is earth, it will still take thousand of years to compute all the private keys. So i think the probability of collission is so low that you can disregard the possibility of it happening.
sr. member
Activity: 533
Merit: 251
Streamity Decentralized cryptocurrency exchange
November 05, 2017, 03:38:35 AM
#18
This makes me remember Rick's word from Rick & Morty: "Answer is: don't think about it"
Similar situation is true for credit cards but I am sure its very very very low chance to think about in current conditions. Even altcoin keys are very hard to find.
full member
Activity: 462
Merit: 100
November 05, 2017, 03:34:06 AM
#17
Forgive me for my poor understanding and allow me what is probably a stupid question.

The private key methodology seems to me to be highly dependent on a a very large pool of random numbers for which it is assumed that there can be no collisions (i.e. the probability of 2 or more people having the same private key is as good as impossible (not impossible, just very low possibility)

Doesn't this mean that a crypto (coin, token) can be the victim of its own success because when more people have wallets for that crypto, the probability of guessing a legitimate private key increases?

 Just for example,  let's say that I have a 1 in 1000000 chance of guessing correctly for 1 wallet user. If there are 2 wallet users, my chances have doubled to 1 in 500000. If there are 4, my chances now are 1 in 250000.

For this example, if the crypto is popular and gets 500000 wallet users, I have a 50 percent chance of randomly guessing a private key!

I'm probably getting something wrong somewhere, so I'm hoping someone could help.

It's simple: You have more chances of getting hit by an asteroid in your head than you have finding a private key by bruteforcing trying to find a collision.

There's a project that constantly tries to get private addresses that surpassed 1000 trillion addresses:

https://lbc.cryptoguru.org/stats

They claim 3 were achieved, with funds on them. I claim this points at wallet bugs rather than a legit collision.

I think you are right, if not, what if this wallet is owned by bitfinex or poloniex? with lots of coins. It is clear that it is impossible to access wallets by this method today. Hackers should look at smart contracts  Embarrassed
full member
Activity: 254
Merit: 100
November 05, 2017, 03:32:17 AM
#16
If someone knows the private key then its literally the key to the wallet and all its funds.
That is if they have the wallet.dat file or if they have access to the wallet information. Most times the private key alone will just be a bunch of code that the average person won't understand.


You don't need the wallet.dat. You can import the private key into the wallet software and that's it - you have access to all coins linked to that private key.
Or did you mean with your comment, that the average user will/can not do that? Maybe if doesn't now what he just found - but I wouldn't count on that.
member
Activity: 168
Merit: 10
HEALTHCARE BEYOND BARRIERS
November 05, 2017, 03:32:09 AM
#15
It's still very impossible even to brute-force the keys because you're dealing with millions of guesses and you'll end up nothing but creating your own wallet and earning tokens as everybody does today.
hero member
Activity: 1008
Merit: 531
November 05, 2017, 03:26:40 AM
#14
Are you saying if bitcoin adoption goes up the chances of someone just randomly guessing a private key with funds in it will go up? If this is what you mean then i think that you're right actually. But then, the chance is going to be so low still that getting hacked is going to be way more likely than your funds being stolen from someone randomly guessing your private keys.

BTC is actually a lot more secure than credit cards, even though there is an illusion of security with most centralized banking services.
full member
Activity: 490
Merit: 100
November 05, 2017, 03:11:22 AM
#13
Private keys is the key to access to the wallet. You would not require the public address for accessing the balance but the private key.
To bruteforce a private key of 12 characters (example), you would need 7.5million hits and trials. Think about the bitcoins 64 character.

Well, MEW has taking your assertion a step further, you could actually check your token balance without having to log in your private key before you could do so. Of course there are limitation of not been able to transact in view mode! On the final analysis, checkimg your balance with your public key  is way better than having to log in your private key everytime you want to do so. Development in ethereum is faster and better than bitcoin at the moment!
full member
Activity: 251
Merit: 100
November 05, 2017, 02:51:02 AM
#12
In a personal (secret) key, so many letters, symbols and signs are used, that the probability of using them is repeatedly negligible and therefore, in my opinion, it is worth not to worry. However, on October 22, someone opened my wallet MyEtherWallet and transferred from there about six thousand IFT coins. The amount is relatively small and, in my opinion, was not worth the effort to select the key. Given that no one could use my key, I do not understand how it could be at all.

Like all things dealing with probability, it is not impossible for someone to successfully guess the private key, just a very, very, very low chance of that happening (but still a chance).
full member
Activity: 406
Merit: 100
▰▰▰ MODULE ▰▰
November 05, 2017, 12:34:14 AM
#11
Forgive me for my poor understanding and allow me what is probably a stupid question.

The private key methodology seems to me to be highly dependent on a a very large pool of random numbers for which it is assumed that there can be no collisions (i.e. the probability of 2 or more people having the same private key is as good as impossible (not impossible, just very low possibility)

Doesn't this mean that a crypto (coin, token) can be the victim of its own success because when more people have wallets for that crypto, the probability of guessing a legitimate private key increases?

 Just for example,  let's say that I have a 1 in 1000000 chance of guessing correctly for 1 wallet user. If there are 2 wallet users, my chances have doubled to 1 in 500000. If there are 4, my chances now are 1 in 250000.

For this example, if the crypto is popular and gets 500000 wallet users, I have a 50 percent chance of randomly guessing a private key!

I'm probably getting something wrong somewhere, so I'm hoping someone could help.

In my own perception its hard that two or more person have a randomly disame number of private key in wallet,that can make a compromise to the owner of other wallet,because before etherwallet make this system they already  debug this kind of error,before they serve this to the bitcoin society.
hero member
Activity: 756
Merit: 500
CryptoTalk.Org - Get Paid for every Post!
November 04, 2017, 11:02:07 PM
#10
If someone knows the private key then its literally the key to the wallet and all its funds.
That is if they have the wallet.dat file or if they have access to the wallet information. Most times the private key alone will just be a bunch of code that the average person won't understand.
full member
Activity: 350
Merit: 122
October 26, 2017, 04:08:47 PM
#9
In a personal (secret) key, so many letters, symbols and signs are used, that the probability of using them is repeatedly negligible and therefore, in my opinion, it is worth not to worry. However, on October 22, someone opened my wallet MyEtherWallet and transferred from there about six thousand IFT coins. The amount is relatively small and, in my opinion, was not worth the effort to select the key. Given that no one could use my key, I do not understand how it could be at all.
There are other means to get/steal  your key...
member
Activity: 99
Merit: 12
October 26, 2017, 04:08:29 PM
#8
If someone knows the private key then its literally the key to the wallet and all its funds.
full member
Activity: 658
Merit: 102
October 26, 2017, 04:01:58 PM
#7
In a personal (secret) key, so many letters, symbols and signs are used, that the probability of using them is repeatedly negligible and therefore, in my opinion, it is worth not to worry. However, on October 22, someone opened my wallet MyEtherWallet and transferred from there about six thousand IFT coins. The amount is relatively small and, in my opinion, was not worth the effort to select the key. Given that no one could use my key, I do not understand how it could be at all.
full member
Activity: 254
Merit: 100
October 26, 2017, 03:25:37 PM
#6

 Just for example,  let's say that I have a 1 in 1000000 chance of guessing correctly for 1 wallet user. If there are 2 wallet users, my chances have doubled to 1 in 500000. If there are 4, my chances now are 1 in 250000.

For this example, if the crypto is popular and gets 500000 wallet users, I have a 50 percent chance of randomly guessing a private key!

I'm probably getting something wrong somewhere, so I'm hoping someone could help.

The key space is just so enormous that it is really really unlikely to get such a collision. You might find this article interesting: http://bitzuma.com/posts/six-things-bitcoin-users-should-know-about-private-keys

This is a quote from the article:
Quote
If you could process one trillion private keys per second, it would take more than one million times the age of the universe to count them all. Even worse, just enumerating these keys would consume more than the total energy output of the sun for 32 years.


full member
Activity: 251
Merit: 100
October 26, 2017, 11:29:22 AM
#5

It's simple: You have more chances of getting hit by an asteroid in your head than you have finding a private key by bruteforcing trying to find a collision.

There's a project that constantly tries to get private addresses that surpassed 1000 trillion addresses:

https://lbc.cryptoguru.org/stats

They claim 3 were achieved, with funds on them. I claim this points at wallet bugs rather than a legit collision.

I like the website you pointed out. It's quite an interesting effort. Mathematically speaking, their odds are getting better everyday when more Bitcoin wallets are opened. Whether "better" has any statistical significance is another matter. 😀
legendary
Activity: 1610
Merit: 1183
October 26, 2017, 10:38:07 AM
#4
Forgive me for my poor understanding and allow me what is probably a stupid question.

The private key methodology seems to me to be highly dependent on a a very large pool of random numbers for which it is assumed that there can be no collisions (i.e. the probability of 2 or more people having the same private key is as good as impossible (not impossible, just very low possibility)

Doesn't this mean that a crypto (coin, token) can be the victim of its own success because when more people have wallets for that crypto, the probability of guessing a legitimate private key increases?

 Just for example,  let's say that I have a 1 in 1000000 chance of guessing correctly for 1 wallet user. If there are 2 wallet users, my chances have doubled to 1 in 500000. If there are 4, my chances now are 1 in 250000.

For this example, if the crypto is popular and gets 500000 wallet users, I have a 50 percent chance of randomly guessing a private key!

I'm probably getting something wrong somewhere, so I'm hoping someone could help.

It's simple: You have more chances of getting hit by an asteroid in your head than you have finding a private key by bruteforcing trying to find a collision.

There's a project that constantly tries to get private addresses that surpassed 1000 trillion addresses:

https://lbc.cryptoguru.org/stats

They claim 3 were achieved, with funds on them. I claim this points at wallet bugs rather than a legit collision.
full member
Activity: 953
Merit: 105
October 26, 2017, 10:33:17 AM
#3
Private keys is the key to access to the wallet. You would not require the public address for accessing the balance but the private key.
To bruteforce a private key of 12 characters (example), you would need 7.5million hits and trials. Think about the bitcoins 64 character.
hero member
Activity: 1065
Merit: 510
October 26, 2017, 10:31:44 AM
#2
Forgive me for my poor understanding and allow me what is probably a stupid question.

The private key methodology seems to me to be highly dependent on a a very large pool of random numbers for which it is assumed that there can be no collisions (i.e. the probability of 2 or more people having the same private key is as good as impossible (not impossible, just very low possibility)

Doesn't this mean that a crypto (coin, token) can be the victim of its own success because when more people have wallets for that crypto, the probability of guessing a legitimate private key increases?

 Just for example,  let's say that I have a 1 in 1000000 chance of guessing correctly for 1 wallet user. If there are 2 wallet users, my chances have doubled to 1 in 500000. If there are 4, my chances now are 1 in 250000.

For this example, if the crypto is popular and gets 500000 wallet users, I have a 50 percent chance of randomly guessing a private key!

I'm probably getting something wrong somewhere, so I'm hoping someone could help.
Collision could really happen but if you do look up on the on how many units do have a certain wallet then it would really takes time for the users to have the same keys with other thinking off even on just capitalization of a certain Letter would already make the differences which we can really presume chances would really be small.
Pages:
Jump to: