Pages:
Author

Topic: Same Address generated by 2 Clients (Read 2091 times)

hero member
Activity: 798
Merit: 1000
April 10, 2014, 10:33:19 AM
#43
I think this video summarizes the conversation:

https://www.youtube.com/watch?v=KX5jNnDMfxA



I take my hat off to you, sir. That video is just awesome.
legendary
Activity: 4522
Merit: 3426
April 10, 2014, 09:28:25 AM
#42
I think this video summarizes the conversation:

https://www.youtube.com/watch?v=KX5jNnDMfxA

legendary
Activity: 3472
Merit: 4801
April 09, 2014, 08:21:05 AM
#41
Thanks. Can you also explain how VanityGen works then? It can calculate private keys for specified addresses, but it is nearly impossible to do so. (Unless the specified part is short)

VanityGen just generates lots of random addresses as fast as it can.  It compares each random address to the string of characters that you supply.  If they don't match, it ignores the address and keeps on generating more.  If they do match, then it gives you the private key and the address.


The longer the string of characters that you are trying to match, the less likely that vanityGen will ever randomly end up with a match.
hero member
Activity: 798
Merit: 1000
April 09, 2014, 08:08:17 AM
#40
Let's say I build an offline software where I can type in the address manually (not sure if this is possible)
Then I come to this forum and see all those people who type in their Bitcoin address under their names. I copy one of them and paste it in my software and create a wallet.
What's going to happen?

If you type in an address (without the private key), you will be able to see all of the bitcoins that are received at that address, and you will be able to see all of the transactions that are signed by the private key of that address.  You will not be able to see the private key of the address, only the signatures.

It is not possible to create a valid signature unless you have the private key, and it is not possible to send a transaction without a valid signature.  Therefore, you will not be able to spend any of the bitcoins that are received at that address.

There is currently no known way to calculate a private key from a bitcoin address.  Some day in the future, it is possible that mathematicians may find weaknesses in the SHA-256, RIPEMD-160, and ECDSA calculations.  If they find such weaknesses, it might become possible to determine a private key from a bitcoin address.  It would also break much of the electronic security used by services all over the world (such as internet banking, and credit card processing).  Fortunately to calculate a private key from an address it is necessary to break all three algorithms.  Just breaking one or two of them isn't enough.  It is rather unlikely that a single person will suddenly discover weaknesses in all 3 algorithms simultaneously entirely on their own.  Generally such cryptographic weaknesses are discovered in just one algorithm and the weaknesses don't immediately completely break the algorithm, they simply make it slightly less secure.  This will provide bitcoin with plenty of time to switch to a new algorithm if a small weakness is discovered in one or two of the algorithms.

Thanks. Can you also explain how VanityGen works then? It can calculate private keys for specified addresses, but it is nearly impossible to do so. (Unless the specified part is short)
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
April 08, 2014, 10:21:48 PM
#39
It's also possible for everyone named Bob to simultaneously be hit with lightning.  Better start worrying about that, too.
donator
Activity: 1218
Merit: 1079
Gerald Davis
April 08, 2014, 10:02:59 PM
#38
Couldn't coins just implement a fix for this? Like maybe create a few servers that manage address generation?

Also, I imagine that if walmart or Amazon started accepting a cryptocurrency they would likely get insurance coverage to protect them against any kind of computer failure/error including this.

Amazon should get "asteroids capable of killing all life on the planet" insurance coverage as the odds of that happening are quadrillions of times more likely than a 160 bit random collision.

I didn't say they should get insurance specifically for that issue I'm saying that I'm sure they would have some kind of insurance clause that covers a wide array of random computer glitch type issues.

I don't think any insurance company is going to write a policy for "losing" coins which can never be definitively proven as lost.

This isn't a "computer glitch" it is a fundamental characteristic of how ALL public key cryptographic systems work.  SSL, TLS, PGP/GPG, DSA, etc they all work on the concept that creating a duplicate private key is infeasible (but not theoretically impossible).
full member
Activity: 182
Merit: 100
April 08, 2014, 09:57:43 PM
#37
Couldn't coins just implement a fix for this? Like maybe create a few servers that manage address generation?

Also, I imagine that if walmart or Amazon started accepting a cryptocurrency they would likely get insurance coverage to protect them against any kind of computer failure/error including this.

Amazon should get "asteroids capable of killing all life on the planet" insurance coverage as the odds of that happening are quadrillions of times more likely than a 160 bit random collision.

I didn't say they should get insurance specifically for that issue I'm saying that I'm sure they would have some kind of insurance clause that covers a wide array of random computer glitch type issues.
legendary
Activity: 3472
Merit: 4801
April 08, 2014, 09:53:13 PM
#36
Couldn't coins just implement a fix for this? Like maybe create a few servers that manage address generation?

No.  If they did, they wouldn't be a decentralized trustless system.  It would then require someone to run the servers and trust in whoever was running the servers.  
donator
Activity: 1218
Merit: 1079
Gerald Davis
April 08, 2014, 09:53:03 PM
#35
Couldn't coins just implement a fix for this? Like maybe create a few servers that manage address generation?

Also, I imagine that if walmart or Amazon started accepting a cryptocurrency they would likely get insurance coverage to protect them against any kind of computer failure/error including this.

Amazon should get "asteroids capable of killing all life on the planet" insurance coverage as the odds of that happening are quadrillions of times more likely than a 160 bit random collision.
full member
Activity: 182
Merit: 100
April 08, 2014, 09:48:38 PM
#34
Couldn't coins just implement a fix for this? Like maybe create a few servers that manage address generation?

Also, I imagine that if walmart or Amazon started accepting a cryptocurrency they would likely get insurance coverage to protect them against any kind of computer failure/error including this.
legendary
Activity: 3472
Merit: 4801
April 08, 2014, 10:35:36 AM
#33
That also explains where the 2^160 came from as it is for the private key (not the address, since the address is shorter).

No.  The private key is a random 256 bit number (2256) which is much larger than the range of bitcoin addresses (which are the result of a 160 bit hash from RIPEMD-160). The 2160 is from the maximum number of possible addresses that can be calculated from the pool of possible private keys.
newbie
Activity: 42
Merit: 0
April 08, 2014, 10:24:26 AM
#32
Ok Danny, here is a question:
Does the entropy method in any website generate the key first then the address (in a random or related matter?) or the address then the key (in a random or related matter?) or both at the same time (in a random matter?)

It is impossible to generate a key from an address.  If that wasn't true, we could all generate keys that would work for everyone else's addresses.

The private key is just a random number between 1 and 1.1579209e+77.

Then the private key is used to calculate the bitcoin address:

https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses
  • Use point multiplication on the Secp256k1 curve to calculate the ECDSA public key
  • Perform SHA-256 hashing on the public key
  • Perform RIPEMD-160 hashing on the result of SHA-256
  • Add version byte in front of RIPEMD-160 hash
  • Perform SHA-256 hash on the extended RIPEMD-160 result
  • Perform SHA-256 hash on the result of the previous SHA-256 hash
  • Take the first 4 bytes of the second SHA-256 hash. This is the address checksum
  • Add the 4 checksum bytes from stage 7 to the end of extended RIPEMD-160 hash from stage 4. This is the 25-byte binary Bitcoin Address
  • Convert the result from a byte string into a base58 string using Base58Check encoding. This is the most commonly used Bitcoin Address format
Let's say I build an offline software where I can type in the address manually (not sure if this is possible)
Then I come to this forum and see all those people who type in their Bitcoin address under their names. I copy one of them and paste it in my software and create a wallet.
What's going to happen?

If you type in an address (without the private key), you will be able to see all of the bitcoins that are received at that address, and you will be able to see all of the transactions that are signed by the private key of that address.  You will not be able to see the private key of the address, only the signatures.

It is not possible to create a valid signature unless you have the private key, and it is not possible to send a transaction without a valid signature.  Therefore, you will not be able to spend any of the bitcoins that are received at that address.

There is currently no known way to calculate a private key from a bitcoin address.  Some day in the future, it is possible that mathematicians may find weaknesses in the SHA-256, RIPEMD-160, and ECDSA calculations.  If they find such weaknesses, it might become possible to determine a private key from a bitcoin address.  It would also break much of the electronic security used by services all over the world (such as internet banking, and credit card processing).  Fortunately to calculate a private key from an address it is necessary to break all three algorithms.  Just breaking one or two of them isn't enough.  It is rather unlikely that a single person will suddenly discover weaknesses in all 3 algorithms simultaneously entirely on their own.  Generally such cryptographic weaknesses are discovered in just one algorithm and the weaknesses don't immediately completely break the algorithm, they simply make it slightly less secure.  This will provide bitcoin with plenty of time to switch to a new algorithm if a small weakness is discovered in one or two of the algorithms.

Let's say I build an offline software where I can type in the address manually (not sure if this is possible)
Then I come to this forum and see all those people who type in their Bitcoin address under their names. I copy one of them and paste it in my software and create a wallet.
What's going to happen?




You cannot type in an address in your software and create a wallet. But u can type in your private key to create an address. In this forum everyone is sharing the address and not the private key. So again your chance of getting their private key becomes 1/(2^160) Smiley

Sorry to reply a question meant for Danny Wink

Now that really answers the whole question, wish if you explained that from start.
Basically you can't generate the address, you have to generate the private key and the private key generates and the address.
That also explains where the 2^160 came from as it is for the private key (not the address, since the address is shorter).
It is also worthless to type in the address cause you will only see transactions but nothing more, unless you like to watch how much people are dealing with.
And that leave us with the only = almost 0% chance to generate the key, which also off course we will have to remember that wallets will be born but also at the same time there are wallets will be destroyed.

Thank you all for everything, I just needed to feel more secure about the system before I decide to invest more in it.
legendary
Activity: 2394
Merit: 1216
The revolution will be digital
April 08, 2014, 10:19:16 AM
#31
      Time and again I am getting this clause "completely random sources with sufficient entropy". I feel secured with the no. 2^160. But to reach that I need to make sure I am protected by sufficient entropy. How do I make sure that my lappy has sufficient entropy to make the Bitcoin-QT happy?

      Well, you could trust the creators of your operating system (which is what most people do).

      Or you could provide your own entropy.  There are several threads in this forum on how to do exactly that.

      Just a few of the methods of generating a private key from your own source of entropy that have been discussed here at bitcointalk:
      • Roll dice
      • Flip coins
      • Measure radioactive decay



      I guess u r referring to https://bitcointalksearch.org/topic/i-am-going-to-build-a-true-random-number-generator-560733. 90% of bitcoiners are not going to do this and will trust on OS generated random number. Does a Bitcoin-QT depend on CryptGenRandom implementation of Windows ?[/list][/list]
      sr. member
      Activity: 434
      Merit: 250
      April 08, 2014, 10:06:03 AM
      #30
      There is REALLY REALLy small chance, i didn't happen yet and cryptocoins are here for few years already.
      legendary
      Activity: 3472
      Merit: 4801
      April 08, 2014, 10:03:21 AM
      #29
      Let's say I build an offline software where I can type in the address manually (not sure if this is possible)
      Then I come to this forum and see all those people who type in their Bitcoin address under their names. I copy one of them and paste it in my software and create a wallet.
      What's going to happen?

      If you type in an address (without the private key), you will be able to see all of the bitcoins that are received at that address, and you will be able to see all of the transactions that are signed by the private key of that address.  You will not be able to see the private key of the address, only the signatures.

      It is not possible to create a valid signature unless you have the private key, and it is not possible to send a transaction without a valid signature.  Therefore, you will not be able to spend any of the bitcoins that are received at that address.

      There is currently no known way to calculate a private key from a bitcoin address.  Some day in the future, it is possible that mathematicians may find weaknesses in the SHA-256, RIPEMD-160, and ECDSA calculations.  If they find such weaknesses, it might become possible to determine a private key from a bitcoin address.  It would also break much of the electronic security used by services all over the world (such as internet banking, and credit card processing).  Fortunately to calculate a private key from an address it is necessary to break all three algorithms.  Just breaking one or two of them isn't enough.  It is rather unlikely that a single person will suddenly discover weaknesses in all 3 algorithms simultaneously entirely on their own.  Generally such cryptographic weaknesses are discovered in just one algorithm and the weaknesses don't immediately completely break the algorithm, they simply make it slightly less secure.  This will provide bitcoin with plenty of time to switch to a new algorithm if a small weakness is discovered in one or two of the algorithms.
      legendary
      Activity: 3472
      Merit: 4801
      April 08, 2014, 09:50:21 AM
      #28
      Ok Danny, here is a question:
      Does the entropy method in any website generate the key first then the address (in a random or related matter?) or the address then the key (in a random or related matter?) or both at the same time (in a random matter?)

      It is impossible to generate a key from an address.  If that wasn't true, we could all generate keys that would work for everyone else's addresses.

      The private key is just a random number between 1 and 1.1579209e+77.

      Then the private key is used to calculate the bitcoin address:

      https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses
      • Use point multiplication on the Secp256k1 curve to calculate the ECDSA public key
      • Perform SHA-256 hashing on the public key
      • Perform RIPEMD-160 hashing on the result of SHA-256
      • Add version byte in front of RIPEMD-160 hash
      • Perform SHA-256 hash on the extended RIPEMD-160 result
      • Perform SHA-256 hash on the result of the previous SHA-256 hash
      • Take the first 4 bytes of the second SHA-256 hash. This is the address checksum
      • Add the 4 checksum bytes from stage 7 to the end of extended RIPEMD-160 hash from stage 4. This is the 25-byte binary Bitcoin Address
      • Convert the result from a byte string into a base58 string using Base58Check encoding. This is the most commonly used Bitcoin Address format
      legendary
      Activity: 2394
      Merit: 1216
      The revolution will be digital
      April 08, 2014, 09:49:07 AM
      #27

      Let's say I build an offline software where I can type in the address manually (not sure if this is possible)
      Then I come to this forum and see all those people who type in their Bitcoin address under their names. I copy one of them and paste it in my software and create a wallet.
      What's going to happen?




      You cannot type in an address in your software and create a wallet. But u can type in your private key to create an address. In this forum everyone is sharing the address and not the private key. So again your chance of getting their private key becomes 1/(2^160) Smiley

      Sorry to reply a question meant for Danny Wink
      newbie
      Activity: 42
      Merit: 0
      April 08, 2014, 09:28:45 AM
      #26
          Time and again I am getting this clause "completely random sources with sufficient entropy". I feel secured with the no. 2^160. But to reach that I need to make sure I am protected by sufficient entropy. How do I make sure that my lappy has sufficient entropy to make the Bitcoin-QT happy?

          Well, you could trust the creators of your operating system (which is what most people do).

          Or you could provide your own entropy.  There are several threads in this forum on how to do exactly that.

          Just a few of the methods of generating a private key from your own source of entropy that have been discussed here at bitcointalk:
          • Roll dice
          • Flip coins
          • Measure radioactive decay


          Or how do I know the coinbase or blockchain.info server have sufficient entropy to avoid address collission?

          Ok Danny, here is a question:
          Does the entropy method in any website generate the key first then the address (in a random or related matter?) or the address then the key (in a random or related matter?) or both at the same time (in a random matter?)


          Blockchain.info servers don't generate private keys.  They just store them.  Blockchain.info uses javascript running in the browser on your computer to generate your private keys and encrypt them with your password.  Then they send the encrypted private keys to their servers to be stored.  They don't have access to your password, and they don't have access to your decrypted private keys (which is why they can't help you if you forget your password).

          As for coinbase?  You don't know.  They could just be running a huge scam.  For some reason, a lot of people have chosen to trust them.  I don't know why.  It appears to be some sort of mass mental illness.[/list][/list]
          legendary
          Activity: 3472
          Merit: 4801
          April 08, 2014, 09:16:58 AM
          #25
              Time and again I am getting this clause "completely random sources with sufficient entropy". I feel secured with the no. 2^160. But to reach that I need to make sure I am protected by sufficient entropy. How do I make sure that my lappy has sufficient entropy to make the Bitcoin-QT happy?

              Well, you could trust the creators of your operating system (which is what most people do).

              Or you could provide your own entropy.  There are several threads in this forum on how to do exactly that.

              Just a few of the methods of generating a private key from your own source of entropy that have been discussed here at bitcointalk:
              • Roll dice
              • Flip coins
              • Measure radioactive decay


              Or how do I know the coinbase or blockchain.info server have sufficient entropy to avoid address collission?

              Blockchain.info servers don't generate private keys.  They just store them.  Blockchain.info uses javascript running in the browser on your computer to generate your private keys and encrypt them with your password.  Then they send the encrypted private keys to their servers to be stored.  They don't have access to your password, and they don't have access to your decrypted private keys (which is why they can't help you if you forget your password).

              As for coinbase?  You don't know.  They could just be running a huge scam.  For some reason, a lot of people have chosen to trust them.  I don't know why.  It appears to be some sort of mass mental illness.[/list][/list]
              newbie
              Activity: 42
              Merit: 0
              April 08, 2014, 08:11:22 AM
              #24
              Danny,

              Again, I do understand what you are saying. My ignorance in how Bitcoin works can limit my ability to process everything, which is why I use simple examples, and my bad english can make that worse. I haven't looked into math long time ago since my college needed no math.

              However, the math and 0% ...etc is not the real question here.
              https://en.bitcoin.it/wiki/Address  this link explains a lot.
              Also the link says that offline addresses can be generated and " The network starts tracking an address when it is first seen in a valid payment transaction."

              Don't be upset with me just because I am trying to learn something here, after all it is a beginner forum!

              Let's say I build an offline software where I can type in the address manually (not sure if this is possible)
              Then I come to this forum and see all those people who type in their Bitcoin address under their names. I copy one of them and paste it in my software and create a wallet.
              What's going to happen?


              Pages:
              Jump to: