I have a question about bitaddress.org and sha1.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

If you're looking for possible vulnerability on older version of bitaddress.org, check these discussion instead.
1. https://bitcointalksearch.org/topic/is-or-was-bitaddress-affected-by-this-bug-5152601.
2. https://github.com/pointbiz/bitaddress.org/issues/35

pooya87

legendary

Activity: 3472

Merit: 10611

Using SHA1 to produce bitcoin private keys doesn't even make sense since the hash digest is smaller (160 bit) than 256 bit keys.
But even if you use SHA1 you still wouldn't be able to brute force it since SHA1 is only vulnerable to a certain type of attack to find collision. You still can't brute force 160 bit entropy or easily solve ECDLP for a 160 bit key.

nc50lc

legendary

Activity: 2646

Merit: 6681

Self-proclaimed Genius

From which source have you found out that the old version of bitaddress used SHA1 to produce prvKey from the entropy, their changelog?
This: github.com/pointbiz/bitaddress.org/blob/master/CHANGELOG.txt#L108 ?

Quote

- hash with SHA256 instead of SHA1. SHA1 hash still provided in package.json.

If so, that's only for the checksum of the html file, not the key generation.

newsecurity1986

newbie

Activity: 4

Merit: 0

I know that this is already discontinued, but I was curious to know how likely it is that with brute force, and replicating the conditions of the time such as Operating System, date, and the first versions of the code, sha1, using modern power.

Could the private keys of any of those wallets generated with the first versions of bitaddress.org be found?
https://i.imgur.com/CGRDjj0.png

BTC bc1q9tcs5cam8qhlzyd4rw0q9tdmy4ghzk4gd5rumg

Topic: I have a question about bitaddress.org and sha1. (Read 102 times)