Why this is risky? (bump)
So user can try http injection attack to know wallet's secret key?
When user click that [generate address] button?
Topic: How exchanges make wallet adresses? - page 2. (Read 801 times)
Where are these private keys kept? If they are created on the fly, it must be generated online and the keys stored online? This in my opinion is very risky.
Why this is risky? So if daemon is running on exchange's server, then it means that daemon's private key is also exist in daemon? So you means it is risky?
If hacker come in server, then he can know that daemon's private key?
See the following link to learn how to compute an address from a public key:
https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses
Thanks much!https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses
So, ./bitcoind (now ./bitcoin-cli ?) does not provide simple one function to make Address?
As ranchigo explained, you can just make a request to the client if you prefer, but it is not necessary to install and run a full client just to create addresses if you don't want to.
Some people use the client. Some people prefer to write their own software that is faster and less complicated.
Where are these private keys kept? If they are created on the fly, it must be generated online and the keys stored online? This in my opinion is very risky.
The other alternative of generating it offline and storing only the public address in a online database, makes more sense. I know my local exchange does not allow for the signing of any address, so they are maintaining a high level of security with these private keys. < I still prefer to manage my own private keys, but if you have to use exchanges, you then have no choice>
It must be a massive and risky endeavour to extract all the forked coins from these millions of private keys for the bigger exchanges?
The other alternative of generating it offline and storing only the public address in a online database, makes more sense. I know my local exchange does not allow for the signing of any address, so they are maintaining a high level of security with these private keys. < I still prefer to manage my own private keys, but if you have to use exchanges, you then have no choice>
It must be a massive and risky endeavour to extract all the forked coins from these millions of private keys for the bigger exchanges?
See the following link to learn how to compute an address from a public key:
https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses
Thanks much!https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses
So, ./bitcoind (now ./bitcoin-cli ?) does not provide simple one function to make Address?
As ranchigo explained, you can just make a request to the client if you prefer, but it is not necessary to install and run a full client just to create addresses if you don't want to.
Some people use the client. Some people prefer to write their own software that is faster and less complicated.
Thanks much!
So, ./bitcoind (now ./bitcoin-cli ?) does not provide simple one function to make Address?
It does. The command is getnewaddress.So, ./bitcoind (now ./bitcoin-cli ?) does not provide simple one function to make Address?
See the following link to learn how to compute an address from a public key:
https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses
Thanks much!https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses
So, ./bitcoind (now ./bitcoin-cli ?) does not provide simple one function to make Address?
Can you show some example of that small script? Is it just like below?
for(x=0; x<100,000;x++){
GetAddressFromDaemonOfSomeAltcoin();
}
for(x=0; x<100,000;x++){
GetAddressFromDaemonOfSomeAltcoin();
}
Pseudocode? Sure...
It may be slightly different for each altcoin, since some of them have implemented their own algorithms (and there will be some variations for different address versions) , but if you want to compute a version 1 address for anything that works like Bitcoin does...
Code:
constant ECDSA_BASE_POINT =0x0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 // See parameters of secp256k1 ECDSA curve.
for(x=0; x<100,000;x++){
privateKey[x] = generateCrypographicallySecureRandomNumber() // Range of values is governed by the secp256k1 ECDSA standard.
publicKey[x] = ellipticCurvePointMultiply(ECDSA_BASE_POINT, privateKey[x]) // Use ECDSA point multiplication to multiply the base point by the private key.
bitcoinAddress[x] = computeAddressFromPubKey(publicKey[x]) //
}
You'll probably need some sort of "big number" library for working with 256 bit integers. You'll also probably want to find an ECDSA library to handle the point multiplication (unless you really want to try to write that yourself). It would be smart NOT to write your own random number generator, but to make sure that the random number generator that you do use is well accepted as being "cryptographically secure".
See the following link to learn how to compute an address from a public key:
https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses
Can you show some example of that small script? Is it just like below?
for(x=0; x<100,000;x++){
GetAddressFromDaemonOfSomeAltcoin();
}
for(x=0; x<100,000;x++){
GetAddressFromDaemonOfSomeAltcoin();
}
Something like this would be an option.
But you don't have to connect to a daemon.
You can create private-/public- keys yourself.
You need to know how to mathematically create private and public keys.
This can be read in any documentation regarding your coin.
They are running full nodes of the cryptocurrencies and generating addresses on their online wallet. But a background process checks online wallets in each period and transfers the amount to offline wallet. So your funds are safe...
In the top right corner there is a button that says "Create Wallet" and "Import or restore wallet". Click "create Wallet". Enter a wallet name and a description. You can then enter a passphrase for the wallet. You should right this down too in a safe spot. To view your bitcoin address open up "Receive Bitcoins" or "Send Bitcoins".
You should take a look this video: https://youtu.be/pLJQy0B5OKo
Bitcoin address prefix: 0x00
Litecoin address prefix: 0x30
Dash address prefix: 0x4c
Doge address prefix: 0x1E
Bitcoin address prefix: 0x00
Litecoin address prefix: 0x30
Dash address prefix: 0x4c
Doge address prefix: 0x1E
The easiest probably would be to use a small script to generate private-/public- keypairs.
It is important to pick a script (or better: write one yourself) with good entropy. Any bug/vulnerability/mistake in implementation could make your private keys 'guessable' and therefore unsafe.
Thanks.It is important to pick a script (or better: write one yourself) with good entropy. Any bug/vulnerability/mistake in implementation could make your private keys 'guessable' and therefore unsafe.
Can you show some example of that small script? Is it just like below?
for(x=0; x<100,000;x++){
GetAddressFromDaemonOfSomeAltcoin();
}
How to apply this to alt-coin?
Depends of your altcoin (especially the address prefix, which is 0x00 for bitcoin). Change prefix, recompile, should work.
How to apply this to alt-coin?
Depends of your altcoin (especially the address prefix, which is 0x00 for bitcoin). Change prefix, recompile, should work.
So then, how to pregenerate addresses like 100,000 numbers at once without click [Request payment] button in wallet program 100,000 times?
The easiest probably would be to use a small script to generate private-/public- keypairs.
It is important to pick a script (or better: write one yourself) with good entropy. Any bug/vulnerability/mistake in implementation could make your private keys 'guessable' and therefore unsafe.
And so this means, exchange generate whole address for users with exchange his own private key, exchange can access whole user's addresses?
Of course.
An (deposit-)address from an exchange is always in full control of the exchange itself.
You (as a customer) are depositing to the exchange. From this moment on the exchange is in control of your funds.
In return they give you 'credits' which match your deposited amount/crypto. Those are just assigned numbers in their database.
Only after withdrawing (after transaction got confirmed) you are in control of your cryptos again.
There are more than one approach to this possible.
The two most common would be:
1) Generate an address 'on demand'.
This requires your online service to have a connection to your daemon. This might (in some circumstances) be a possible attack vector.
2) Generate bulk addresses in advance (in an offline environment)
Then, each time someone wants to deposit, you can easily assign one of these addresses to your customer in your database.
This is considered the 'safer' option, since your private keys don't touch your online system at any time.
And so this means, exchange generate whole address for users with exchange his own private key, exchange can access whole user's addresses? The two most common would be:
1) Generate an address 'on demand'.
This requires your online service to have a connection to your daemon. This might (in some circumstances) be a possible attack vector.
2) Generate bulk addresses in advance (in an offline environment)
Then, each time someone wants to deposit, you can easily assign one of these addresses to your customer in your database.
This is considered the 'safer' option, since your private keys don't touch your online system at any time.
Thanks. So that "vanitygen" file generate after compile at ubuntu? I can't find vanitygen file in source at bitcoin github.
You should try google: https://en.bitcoin.it/wiki/Vanitygen and on github
Thanks. So that "vanitygen" file generate after compile at ubuntu? I can't find vanitygen file in source at bitcoin github.
You should try google: https://en.bitcoin.it/wiki/Vanitygen and on github
So then, how to pregenerate addresses like 100,000 numbers at once without click [Request payment] button in wallet program 100,000 times?
You can generate a lot of addresses using Vanitygen:
Code:
$ ./vanitygen -k 1|awk '/Address|Privkey/{if($1 == "Address:") {pub = $2} else {if($1 == "Privkey:") {print pub ":" $2}}}'
Difficulty: 1
16ZCL3fKK7hQuRsGK48CGWmqx5rDyv83bm:5J3HRp9RNztekPfKYFjzvzLSSnBN3iy4kPP4sbogWYzctnMdXqi
176zZHK28BgvFZw2Dmv3P7Xy3Vh9CbYnef:5HqDqkxiBKxXvCJnc6Bv9LcveKX9rnZjRfrsyj86jNFtQZ6MxSH
17fZ41JSmTZt9WHAtoAG9PwZVEqrwPmhQa:5K3hma9ePqxdgpVgQc8Nu7m46WLSKsvc1YcEWV1zyGmmYHz1bs2
1AEgJx5F9Y9eBbnmQQeBREbT5zcyvuNz3e:5JGfQHWvLZQCx1UKV8NY6U1K54JYPKVHpTJYUjWBLENgM4hDrEM
...
Jump to: