Btw, can someone expalin to me the difference between the compressed and uncompressed keys? Seems both are accepted by Bitcoin-QT (though uncompressed priv key cannot be used to access compress public or vice-versa). Is one type more secure than the other? In my example, the stfu! compressed version was not compromised, only the uncompressed version was (I channeled the BTC through both bitcoin addresses). The speed (seconds) with which the funds were redirected make it clear it was a bot.
Compressed or uncompressed only applies to public keys, not private keys. All private keys are the same, there is no compressed form. For every private key there is only one public key but the public key can be expressed in two different forms. Each form maps to a different public key address. So, every private key maps to two different public key addresses.
Not a bot, it was just that the address you generated was already set up to sweep to another address long before you generated it - as explained in other posts.
Btw, can someone expalin to me the difference between the compressed and uncompressed keys?
The public key is a 64 byte (512 bit) number derived by ECC algorithm from the private key. It consists of the X and Y coordinates of a point on the curve. However one of these coordinates is redundant, so the compressed key just uses the X coordinate which shortens the public key length by half. In practice both versions are hashed to 160bit hash value in the block chain. If you take a look at the script I linked above, you can see the procedure for generating both the uncompressed and compressed keys/addresses.
I assume they are equally secure (others may correct me). The reason that only the uncompressed stfu! was compromised is (I guess) that most people just use this one and the hacker did not bother to build the rainbow table for the compressed one (lazy hacker as the ECC is the expensive part, so the only cost of having both is storage space).
Hope this helps. (Yup, crosspost, but not on this topic so I'll post anyway)
Almost. For completeness:
Since every X coordinate in the finite prime field corresponds to exactly two Y coordinates in the finite prime field, one positive and one negative, it is possible to define the exact X,Y coordinate of the public key by using the X coordinate and a sign indicator to tell you which of the two possible Y coordinates to use.
Both forms of the public key are equally secure in that a) they both describe exactly the same information and b) given the X,Y coordinates of a point in either form it is equally difficult to calculate the private key used to generate the public key point.
Yes the ECC is the "hard part" of the calculation but going from uncompressed to compressed public key form is trivial and then the extra hashes to calculate the two different public key addresses is also trivial. I expect "lazy hacker" if the compressed form was not compromised.
Thanks, it seems to me then compressed is more secure simply since less people use it so hackers less likely to include it in a rainbow table. Clearly, though, that is not a replacement for a strong passphrase.
Whether you use the compressed or uncompressed
public key to generate the public key address does not matter at all since the issue here is the passphrase used to create the
private key.
Given a very large numer of private keys generated from a very large number of common/simple pass phrases they will simply set up sweeps of both versions of the public key address generated from each private key.
I still think this thread is very useful - I know you feel people who are new and not tech savvy deserve to lose their bitcoins, but that is not an attitude that will lead to widespread adoption. I would be okay changing it to: "If you use Brainwallet.org - MUST READ! - Security Risk!" if you think that is more accurate. My post was not meant to be libel in anyway, it seemed like a security breach to me at the time and it is a vulnerability with brain wallets more people need to be made aware.
Yes, I think that you should (please) change the title to "If you use any brain wallet - MUST READ! - Security Risk!" as this issue of losing your BTC when using a common/simple pass phrase applies to
any brain wallet, not just those from brainwallet.org.
The most important thing new users should learn before using Bitcoin is how to protect their key.
+1
Keep your private keys private
The issue here was that the passphrase for a brain wallet was too simple. Not that the private key was not kept private.