Author

Topic: Idea: Vanity addresses used for safety (Read 934 times)

hero member
Activity: 815
Merit: 1000
October 13, 2012, 05:28:23 AM
#3
The issue (attempted to be) addressed here is key and wallet security.

Any key/address you make will be uncrackable as long as they are not created by flawed software.
No... the whole point of my post was dealing with flawed software and still creating safe keys with it. Using vanity addresses DOES increase security since they take longer time to generate.

The question was whether the increase could be enough to eliminate the need for code trust.
Maybe someone who actually knows cryptography could answer?


Let's say I make a poisoned normal gen:
1. At least the first 10.000 installs would need different starting generation points (think 1.. 2.. 3...) or address collision would happen too often and oust my malevolent code.
2. Each generator would also need to generate at least 1000 addresses before cycling back to #1 to avoid address repetition ousting the malevolent code.

This gives a total brute forcing chance of 1/10.000.000, which is laughably bad. My laptop computer could generate ALL my users keys, check for BTC on the blockchain and empty the addresses in tops 1-5 hours.
How do you know YOUR favorite generator programmer is not about to do this right this second? Unless you personally checked every program line of your generator all your fancy-pants paper wallets could be empty in the next 10 secs.

Now lets try again but with vanity addresses:
1. We already have the maximum brute force chance of 1/10.000.000 from before.
2. Now you spend 1 hour to generate your key - possibly millions or billions of attempts on today's hardware.

Now the malevolent programmer would need 10.000.000 hours, not tries, to generate ALL his users keys. In case you are wondering that is ~1141 years.

So not too shaby huh?

However our malevolent programmer is smart so he will now change the program so that vanity addresses only have 10 different starting points and a cycle of 5 (so generating for the same vanity phrase will only ever yield maximum 50 unique addresses).
It would then take the malevolent programmer 50 hours to generate all his users keys.

So okay 50 hours is more than 5, but still not that good.
However if you increase your generation time to the full 8 hours of sleep he would now have to generate ~16 days.
Still not that good.

Still that is at least 80 times safer than a regular poisoned generator.

Does anyone have a program that checks if a generator is really generating different addresses each time? Then only ONE programmer has to trustworthy out of 2 or more.
legendary
Activity: 1512
Merit: 1036
October 12, 2012, 04:31:47 PM
#2
The issue (attempted to be) addressed here is key and wallet security. The answer has nothing to do with whether the addresses are "vanity" addresses or not.

Many people have used live cd with printouts of keys in a diskless station to make offline addresses (see casascius paper wallet, it's just been generated from a non-storage system and the paper is the only record of the address/private key pair). This prevents the hacker or trojan horse software from getting to your savings because the private key information has never been stored on a computer.

Any key/address you make will be uncrackable as long as they are not created by flawed software. It is keeping the private keys out of other people's hands that will keep your bitcoins secure.
hero member
Activity: 815
Merit: 1000
October 09, 2012, 03:23:24 PM
#1
Okay so maybe someone can tell me whether this idea would work or not:

Obviously generating keys yourself with your own code on your own offline computer is safest, but lets say people don't know how to code..

In this case they need a generator that they can be reasonably sure is not code-poisoned ie. spitting out pre-determined and easily calculable keys.

My idea is using a vanity generator and then getting it to generate for something requiring like an hour on a offline Ubuntu live USB (perhaps while you sleep).

Why does this increase security you ask? Well lets assume a poisoned vanity generator:
1. You know the generator is offline so it cannot possibly convey the key/address generated.
2. Even knowing the fake randomize function the attacker has to generate for minimum 1 hour or whatever you chose.
3. He can only do this in 1 hour IF he KNOWS your vanity phrase - since there is NO way for him to know if a given blockchain address is from his poisoned generator he would have to try on all blockchain addresses for 1 hour.
4. Your "vanity" phrase could be random numbers to make it harder for the attacker to brute force just obvious vanity addresses.
5. Now to avoid immediate detection his fake generator would HAVE to seem somewhat random, even 100 preset addresses would quickly be ousted by the naked eye or normal use - this variability would have to be multiplied by the 1 hour YOU used to get your vanity address. So even with a ridiculous 5 preset "key-types" and a 1 hour vanity address it would take the attacker 5 hours to crack it even if he KNEW the address was from his gen.

A live USB can be bought and setup easily for ~10 bucks, but what do you guys think; is this an old idea? Would it reasonably protect small amounts of BTC for "newbies"?
Jump to: