Topic: There are 2^256 private keys out there: how big is that number? (Read 2334 times)

This thread seems to have gone horribly off the rails. If you want to have a discussion about particular users, take it to Scam Accusations, Reputation, or Meta. Flame wars are not welcome here.

/Locked

take the pills, you need them

WTF, are people actually defending brainwallets in the development forum?  Did I wander into the newbie forum by mistake?

Fact:  Brainwallets were popularized by a wallet thief, who created the brainwallet-dot-org site to trick people into creating insecure wallets for him to crack.


NotATether, you basically just don’t know what you are talking about here.  The handwavy scheme that you vaguely describe is not what most people call a “brainwallet”, although it is insecure “squish” (to adapt and extend a term from John Denker).  It is in poor taste for you to suggest that you would charge money to create it, when you are wasting my time; I should send you a bill if I need to explain this to you.  Tip address is in my signature.


And you?  You are not a developer.  Your technical skills are nil.  In my experience, you find it too troublesome to verify a PGP signature.  Your disreputable Reputation troll playpen is over this way: → suchmoon demonstrates exemplary professionalism.

---

I strongly disagree with that statement; but I want to assure you that this forum is day by day ever less representative of Bitcoin.

In particular, the “people” who are rationalizing wallet-thievery on grounds of if you find some keys, the money is “legitimately” yours! would be drop-kicked from any Bitcoin Core developer discussion.  Bitcoin Core developers are professionals.  They have a high standard of ethics.  They take seriously their mission to maintain the most secure financial network in the world.

I notice that other than a few exceptions (such as those who are forum staff, and a few others), many Core developers’ forum accounts have been inactive or rarely active for years—and some of the newer leading Core developers do not even seem to have accounts on this forum, insofar as I can ascertain.  That saddens me, for this is Satoshi’s forum; and some excellent-quality technical discussion still happens here.  But seeing these types of discussions amateur-hour dumpster fires, I am not surprised.

If you want to see what Bitcoin development is like, and the character of the people who are building Bitcoin, go lurk in the places where development happens nowadays.

I may reply another time to some of the other things you said; but it is diverging quite far from the topic here.  It converges with some of the things I would otherwise be writing about, if my time were not being wasted here.  Please feel free to watch for my posts elsewhere, if you are curious.

Meanwhile, I cannot help but be amused at the caliber of minds going bonkers here, and evidently projecting their own psychological problems onto me:





It is the only appropriate thing in your post—just not the way that you intended.

Under nooblius doctrine, the fact that you even think of such a horrible crime makes you a thief. Desist at once and report to your local Ministry of Truth office for mandatory brainwashing.

Does anyone want to pay me to build a program that takes all the words posted on this page of the thread, generate a brain wallet on each of them, concatenating duplicate words onto themselves as they are encountered, and proceed to demonstrate that even with this creative way of brute forcing address, you won't happen upon anything, zilch, nada?

Just to demonstrate how large all the avenues are (say, 18 million dictionary words squared)? /sarcasm

Or perhaps I can just take all permutations of all words on this page from 1 word to the entire set, and fry all data centers' computing capacity for the next 1000 years?

Your, bitcoin as a bearer asset, is a plausible legal doctrine; I've frequently used an argument like this to refute both sides in 2016 debate about Craig Wright claims, when it was considered that ownership status of keys for (presumed) Satoshi wallets would be a strong enough evidence to prove or reject his claim, I pointed out that the keys would have nothing to do with identity, the latter being a more sophisticated social problem.

That said,
I need to reiterate my deep concerns about cryptography reign in bitcoin: This wallet theft attempts claiming legitimacy is just a stupid boldness, and you have spotted it just because it is bold, but cryptocult and its reign in bitcoin has more sneaky consequences which are poisoning everything, distracting everyone, including you bro, I'm sorry.

I need to stress more and more, that bitcoin is not crypto it is against crypto! It is anti-crypto! It is live because crypto was not able to go live, it tried for decades but failed to go live.  Am I clear enough? NO? Let's check the same post you quoted from Satoshi:

^*   If it was possible to prove asset ownership with pure cryptography, Bitcoin would be an irrelevant, too complex system a waste of energy.

^** Remember, it is all about double-spends!

But you read this post, more crypto-friendly  because cryptographers have taken over (without any virtue) by poisoning the literature. It is absolutely paradoxical to stay with bitcoin and to put faith in mathemagical crypto tricks. No crypto-trick will ever touch double-spending.

https://en.wikipedia.org/wiki/Pandora%27s_box


still continue in your meaningless actions (for a 2019 posts.... really)
no one forbids you
but when you throw a stone into a pond, it causes changes

honestly if I have to live in a context where any bona fide action has to be blamed by black hats (you don't even know what black hats are apparently, because you are ignorant) then we should live in a constant "witch hunt" tension

do you want this climate in the forum? I do not

I did not expect such behavior from you, for months you have been throwing random red tags, history says so

you are so nervous that you have tagged me for no reason and then as a hypocrite you accuse me of giving red trust at random


bravo!

https://archive.ph/96yDW

---

another symptom that you are sick
Giving merits to a banned account is not normal

you still have time to take the pills

---

https://bitcointalk.org/index.php?action=trust;u=159476;page=trusted&dt
the funny thing is that you gave red to fillippone but not to the creator of the site
that says a lot about your bad faith about it

---

we discover nullius have many alt account for trolling
and for this reason
https://bitcointalksearch.org/topic/--5293050
he lost death_wish account

oh, if we dig MORE we found MORE shit..
https://bitcointalksearch.org/topic/--5293050

---

I dedicate myself above all to the local board Italy
I don't normally visit the international sections

but it was lucky for me that you tagged me, @nullius
thank you

it's a good opportunity to clean up

0. I have no time for this drama.  Why would I want to create a new thread about it?

1. This is not “hijacking”.  Here in the Development & Technical Discussion forum, it is customary to call it out when someone is seeking to steal money while pretending to do otherwise:  Brainwallet promoters, LBC (which fillippone praised in OP here), etc.  The development forum moderators sometimes speak up about that themselves.  As fillippone may not know because he’s not a development-forum regular, there have been massive flamewars here over LBC—sometimes involving one of the moderators; I was tangentially involved with that years ago, via an argument with an LBC shill who also ridiculously claimed that he had found real money by clicking around on one of these “list all bitcoin keys” sites.  (Not keys-dot-lol; a different one.)

By the by, odolvlobo, you have been around for awhile:  What happened to the Bitcoin community whitehats who used to search for keys, for the purpose of securing and returning the money of people with vulnerable wallets?  That is the exact opposite of what fillippone announced in OP he wishes to do.  (That he is laughably incompetent about it is beside the point:  The question here is one of intent.)

But since you want a technical discussion, odolvlobo, I should point out (as I noted earlier) that OP here is inaccurate and misleading in its characterization of Bitcoin’s security.

How I wound up here:  In the Wall Observer, I posted the following.  As you are aware, odolvlobo, I am entirely correct:

[WO] Perennially popular misinformation about Bitcoin keys.

fillippone replied to that (archive) in a manner that seemed to suggest he was arguing with my correct technical information about Bitcoin’s security level, and trying to teach me about the existence of sites that list all Bitcoin keys.  He directed me here.  At first, I just rolled my eyes—well, okay, I have helped to teach plenty of people how this Bitcoin thing actually works.  But then, my jaw hit the floor when I clicked through here and saw that he claimed it would be “legitimate” to take any money he could hypothetically find this way.

He is acting as if money is just floating around in cypherspace, there for the taking if only he can somehow find it—dreaming of anonymously snatching someone’s life savings, without giving a damn if that’s what it is—and nobody pointed this out.  WTF!? 😾

---

Archive: https://archive.ph/5yeFn#selection-4285.0-4423.139

That is quite clearly a retaliatory abuse of the trust system.  And unlike tags, which are entirely discretionary and unmoderated, flags have objective criteria that must be met.  For a Type-1 flag, the criterion is that anyone dealing with a user must be “at a high risk of losing money”, according to a determination “based on concrete red flags which any knowledgeable & reasonable forum user should agree with, and it is not based on the user's opinions.”

For the record, to prevent any possible accusation of retaliatory escalation, I was already considering a Type-1 flag on fillippone.  I did not (yet?) raise one, mostly because seriously:  I have no time for this nonsense.  Claiming that it is “legitimate” to take money (hypothetically) found by searching for other people’s private keys is indubitably a “concrete red flag which any knowledgeable & reasonable forum user should agree with”, indicating “a high risk of losing money” in dealing with a person of such character.

dear child, you are sick
how much are the trusts of a person who randomly throws them around
without any motivation

do not worry, I will act accordingly and not only will I tag you, I will open a flag, because a toxic person like you damages the community

@nullius, how about starting a thread in Scam Accusations instead of hijacking this thread?

It is bad enough that I needed to point out the nature of the Emperor’s New Clothes.  Worse that others are wasting my time arguing about the obvious.

---

@fillippone, in addition to being a wannabe wallet thief, you are a coward.  You are obviously quite well aware of this thread.  Hiding behind others, as your friend babo maliciously tries to turn this into an attack on me:  Despicable.  Perhaps because there is nothing you could say here.

---

@LoyceV (via LoyceMobile) (bottom of page 2), you wholly evaded the substance of the matter.  But the next time that some anonymous “Newbie” account pops up in the development forum to seek help with Brainflayer or a key-cracker, I will be happy to let him know that LoyceV says he’s just showing that Bitcoin is secure.  Do you even realize that you yourself are propounding a popular blackhat argument?

As I remarked in my first post on this thread, this is well beyond Asch.  It is group conformity, plus people reflexively defending someone who is popular.  If the author’s name on OP were not “fillippone”, and if fillippone were not exceptionally popular, then everyone would immediately see that he is a wallet thief (or wants to be ).  Imagine that an anonymous Newbie account very explicitly said that he is trying to get lucky finding and taking other people’s coins, he favourably cited LBC (a wallet-thief project whose author has been red-tagged for years), and he claimed this is “legitimate”.  Classic wallet thief.  Open-and-shut case.

Taking fillippone’s argument in OP to its logical conclusion, there is no such thing as a Bitcoin theft:  If you have the private keys, the money is legitimately yours, period.  Chew on that for a bit.

Whereas a popular and highly-trusted pillar of the community has increased responsibility.  I will not grant fillippone deference for being “fillippone”:  To the contrary, I will hold him to a higher standard than I would apply to some dumb random newbie.

---

@babo, (page 2 and now page 3) beneath response save to note that your tactic of accusing the accuser shows your own dishonourable character.  Defending expressly stated, openly proclaimed wallet-thief intentions by wild insults and personal attacks on the one who properly pointed out the obvious:  Tagged accordingly.

---

@ETFbitcoin, few people have considered the abstract question of Bitcoin ownership in cogent and coherent terms.  I am well on record as characterizing Bitcoin as a bearer asset; please see quotes below (including my disagreement with some Bitcoin Core developers, whom I believe abrogated the concept of Bitcoin as a bearer asset in some development discussions about signmessage).  Insofar as I have seen, I seem to be the only person in the world who has really thought this through.  I should write about that further, if I were not wasting my time pointing out the obvious here.

Consider physical gold coins as an analogy, and take fillippone’s name out of the picture.  Imagine that it were still a popular practice to hide (crypto- < κρυπτός, ‘hidden’) gold coins under one’s mattress.  “Account X” said that he wants to find a way to peek under people’s mattresses, and to discover where they hid their gold coins.  He claimed that if he finds where people hid their gold coins, it is “legitimate” for him to take them.

With physical gold coins, possession rules:  A theft cannot simply be frozen or revoked, like a bank or credit card transaction.  Instead of not your keys, not your coins, the situation is literally not your coins, not your coins.  That is obvious.  However, we would all recognize a theft as a theft.

See also Gregory Maxwell’s condemnation of LBC:


It profiteth us not to apply a—well, let us say, a “creative” interpretation of the word “legitimate”.  The word descends from L. legitimus, ‘lawful’, < lex, ‘law’; and it has stayed close to its original meaning.  In English, it can mean ‘lawful, legal’, or in a non-legal sense, ‘in accord with principles and customs’, among other senses not relevant here.  It is a cognate with Italian legittimo, which is a synonym in Italian with legale, valido, regolare, permesso, concesso, consentito, accettato, approvato, autorizzato.  Thus, fillippone cannot reasonably claim to have made a mistake of foreign language:  In his own mother tongue, he claimed that for him to take any coins he could hypothetically find is legale, valido, regolare, permesso, concesso, consentito, accettato, approvato, autorizzato—and @babo is backing him up on this!

---

@aliashraf, partly agreed and partly disagreed.  Technologists do generally have a tendency to think of technologies in isolation, without considering philosophical, legal, and social aspects.  Please see my discussion above and below about Bitcoin’s nature as a bearer instrument.  However, I also disagree with your characterization of Bitcoin and especially, with your deprecation of cryptography.

Aside...


I have known for the past nine years that zero-knowledge proofs will take over the world.  For nine years, I have yearned to get zero-knowledge proofs into Bitcoin.  Satoshi himself knew that zero-knowledge proofs could improve Bitcoin; he simply didn’t know how to imply them here, and the breakthrough cryptographic advances didn’t happen until 2013–2014.  I was an early adopter, and suffered some bleeding-edge problems around 2017–2018; only in 2022, after many further advances, I am ready to declare the technology mature for general adoption and usage.  I have been making many preparations; and some of my forthcoming posts will be exactly on that topic.  That, which is of world-moving importance, is being delayed and having my time stolen away by this, which is a spectacular failure of community responsibility.

---

@JayJuanGee, although your response is more level-headed than some others here, this is not a case of “shoot first and ask questions later”.  It is an open-and-shut case:  fillippone openly, blatantly proclaimed the intentions of a thief.  This is not even a technical argument, or a n00b “whoopsie”:  It is a matter of basic ethics and honesty of character.

It seems that almost everyone responding on this thread would side with rico666, the author of that LBC project that fillippone praised in OP here:


Whereas even rico666 does not go so far as fillippone:  rico666 expressly claimed that he does not intend to take away people’s money, whereas fillippone claimed that it would be “legitimate” to steal people’s money for himself (!).  If rico666 was widely tagged as a wallet thief (and he used to have a lot more tags for this than I see now), this is indeed an open-and-shut case.  It is ridiculous that anyone is even arguing with me.

As I have repeatedly mentioned, everything that fillippone claimed in OP was “legitimate” applies equally to malicious use of Brainflayer (which works!), or to “key-cracking” tools (which don’t work, but I am speaking to the principle of the matter).

---

---

---

Nullius on Bitcoin as a Bearer Asset

Following is a brief abstract of my prior statement on Bitcoin’s nature as a bearer instrument.  I think that with physical bearer instruments, it would be too obvious to state that a bearer instrument can be stolen.

• Nullius. “Stake addresses, signmessage, ownership, and control.” Bitcoin Forum post. 2020-01-19.
  
  
  Quote from: nullius on January 19, 2020, 10:32:28 AM
  I respectfully disagree with sipa, luke-jr, and others so stating (and I should probably say so on that issue).  I argue strictly that control of the private keys equals title to the Bitcoin, period; and it is dangerous to blur a rule logically inherent in the nature decentralized, trustless, permissionless cryptographic money.
  
  If you are a custodial exchange, etc., then you may be holding title to that Bitcoin as a nominee, or (quite arguably) a bailee, or some other legal concept which may be logical to apply.  However, account-holders at custodial exchanges are not the titular owners of any Bitcoin at all, in my opinion.  If you don’t have the private keys, then it is not your Bitcoin:  It is somebody else’s Bitcoin; and that somebody else, the titular owner of the Bitcoin, has contractually agreed to let you excercise beneficial ownership of some sort.
  
  So many ills of this world result when ownership is divorced from control.  (Aside, don’t get me started on how the separation of ownership, control, and responsibility is a major factor in the widespread corruption of modern corporations.)  Don’t do that with Bitcoin.
  
  In my analysis, ownership is fully congruent with the use of digital signatures to control money in a decentralized, trustless, permissionless system; and legal agreements outside the four corners of Bitcoin script are properly compartmented where they belong, in the realm of legal contracts and the legal enforcement thereof.
  
  (N.b. that the same argument applies to theft:  A thief who uses wrongful means to obtain title is still holding titular ownership, and will continue to do so unless recovery is effectuated by avoiding the improperly obtained title.  By analogy, consider a criminal who uses forgery, coercion, or fraud in the factum to wrongfully obtain a deed to lands—although that deed would probably be adjudged absolutely void, not merely voidable, whereas a Bitcoin transaction is only absolutely void if a blockchain reorg retroactively invalidates it.)
  
• Nullius. “[WO] Bitcoin is a bearer asset!” Bitcoin Forum post. 2020-11-17.
  
  
  Quote from: nullius on November 17, 2020, 10:46:35 AM
  Bitcoin is a bearer asset.  It is a bearer asset by the nature of its design.  [...]
  
  All “KYC/AML” nonsense, including the tracking of the source and destination of funds, attempts to change Bitcoin from a bearer asset into an identity-based asset.
  
  The only way to achieve that is to universally enforce “KYC” via miner blacklisting and transaction censorship, and to make some way to rollback transactions (in the manner of an “irregular state change”) which, to my knowledge, has not been seriously proposed for Bitcoin.
  
• Nullius. “Judge concurs with nullius: Keys = titular ownership (vs. beneficial ownership)”. Bitcoin Forum post. 2020-11-25.
  
  
  Quote from: nullius on November 25, 2020, 04:58:51 PM
  I take the position that Bitcoin is a bearer asset.  [...]
  
  Bearer assets such as cash, gold bullion, or old-fashioned bearer bonds can be held in trust for the benefit (“beneficial ownership”) of another.  This neither changes the nature of the bearer asset, nor absolves the trustee of legally enforceable fiduciary duties to the beneficiary.  Much as I can tell from the above snippet, the judge in this case seems to have imposed a constructive trust on the coins.
  
  The word “beneficial” is key here!  A beneficial owner is not necessarily the titular owner.  [...]
  
  Much though I am sympathetic to this statement in principle, there will always be tension between the desires of those who would govern, and the practical limitations on their power.  Bitcoin directly exploits this tension.  In an era when governments and their owners, the banks have been attempting to replace all bearer assets with identity-based assets, Bitcoin’s nature as a bearer asset pushes us back toward the wiser, freer era of bullion, cash notes, and bearer bonds—with the added benefit that Bitcoin can be transferred around the world with the press of a button.
  
  For better or for worse, courts will attempt to adjudicate disputes over the allegedly proper ownership of bearer assets.  As you say, it comes down to a question of enforceability.
  
  Possession is nine-tenths of the law.  Always has been, always will be!  Possession of the keys equals possession of the coins.  Bearer asset.
  

N.b. that “nine-tenths” is not “ten-tenths”, and that should not be read out of context.  If possession equalled ownership in all aspects, then the whole concept of theft would not exist:  It would be impossible to steal anything, because anything that you possess is legitimately yours.

That is a classic “law of the jungle” argument.  The “law of the jungle” is what fillippone explicitly proclaimed in OP here:  Find money, take it, it is “legitimately” yours.

As a Nietzschean amoralist, I am well aware that all morality is subjective; and I can philosophically contemplate the “law of the jungle” argument, or (mutatis mutandis) various justifications of a Thieves’ Code, without jerking my knee or overly exciting my glands.  However, thievery is incompatible with me and with any society in which I wish to partake.  Accordingly, my morality brands thieves as thieves and criminals; and on the Bitcoin Forum, I tag them accordingly.

Edit:  Reviewing the above quotes, I realize that fillippone’s statements in OP are logically equivalent to extending the “not your keys, not your coins” rule to mean that a centralized exchange has a right to exit-scam users, simply by walking off with the coins.  I don’t think that that’s what any reasonable person means by “not your keys, not your coins”.

Quote from: fillippone on May 26, 2019, 10:10:00 AM

[...] you are actually owner of the private keys, so you are legitimate owner of such balance, and nothing prevents you from transferring to your own wallet.

(End of edit.)

---

The above responses are compressed and not so neatly formatted as usual; for this is suddenly becoming an absurd waste of my time, and a distraction from important tasks.  I should start hourly billing of anyone who expects for me to explain the obvious yet again.

Your summary (Loyce) does seem to fall in line with my assessment too - even though I have been a bit technically baffled about what is going on  and the extent to which there might be malicious intentions regarding actually finding security vulnerabilities (and thus funds from wallets with bad security).  

Of course, red tags can be given at the discretion of the sender, and surely if they somewhat justify their red tag with the support of evidence (and even somewhat logical explanations), then the sender of the red tag is less likely to receive counter-balancing or retaliatory red tags from that member or from other forum members - and maybe in this case, nullius is getting too worked up about his own self-righteous attribution of mal-intent to shoot first and ask questions later, when maybe he should have at least allowed some response or be willing to downgrade such red tag to neutral - potentially if warranted.  

Sure each of us likely have some evil within us and even motivated by self-interest, and bitcoin seems to be designed to grow stronger from such motivations of self-interests - even though surely, each of us are free to beat upon others if we believe that they have loosey-goosie morals... and personally, it seems that I spend a lot of time nit-picking members about some of their language in regards to naysaying bitcoin or supporting seemingly scammy projects that are tangential to bitcoin (aka shitcoins or some other questionable projects), even with all of that, I am having difficulties attributing mal-intent to fillippone based on the way that he has so far discussed this topic of showing, finding and/or potentially exploiting security vulnerabilities, if they were to be able to be discovered..... and surely, it could even be possible that he could consider conceding to nullius in some ways (maybe?) if there might have been some ways in which fillippone might conclude that some of his language might have been misunderstood, misleading and/or even describing malintentions that he had not meant to promote.  

To the extent that I even understand the criticisms against fillippone, I am not even conceding that fillippone had gone too far in the whole context of his attempt to present this matter -  so in that regard, I am not sure whether changing language - or even putting in a disclaimer within OP or some subsequent post(s) would be necessary given the context in which it had seemed that fillippone was attempting to bring up this topic in terms of pointing out various existing or possible bitcoin wallet vulnerabilities.  

Of course, another matter is the discouraging of members of posting potentially controversial material by red-trusting them, and I am pretty well aware that fillippone must put quite a bit of efforts into his various posts, and sure sometimes I find that he gets things wrong and there are all kinds of members, including fillippone, in which sometimes I do not agree with what seems to be their intentions, and even with all of that said, I am having troubles appreciating how fillippones actions in this case rise to the level of warranting red trust in the various ways that nullius has attributed such bad intentions to fillippone, even though I do agree that lack of success in breaking into wallets would not necessarily make the aims less morally repugnant in the event that fillippone did have such malintentions... but still it seems to me that nullius is attributing way more malice to fillippones set of actions than they deserve to the extent that malice can be considered a gradient rather than an absolute.

It is rare that I find myself in total disagreement with you as a wise and well crafted poster in this forum, but sorry, your position looks too cryptographic to me, and yes, it is bad, no matter how many people are bragging with their elementary number theory and cryptography or how trending is zk proof fantasies which are supposed to be the next BIG thing (total madness), bitcoin is not cryptography, believe it or not, it has not been introduced by its inventor as a "cryptocurrency" or any other crypto thing. Average people, fascinated/overwhelmed/mentally-paralyzed by stupid math behind asymmetric cryptographic schemes, which looks like magic to them, mostly forget the fact that it has been around decades before bitcoin, ambitiously and desperately trying to do something about internet money, but it was Satoshi who did it not them, period.

Factually speaking, the elite/gov dominated field of cryptography and its artificial terminology is not hailed in the bitcoin white paper as something of critical or distinguished importance, there was nothing new or disruptive about electronic signatures. The term "crypto" appears just once in the body of the paper, think about it, only one occurence of "crypto"!
 
Don't take these mathemagicians too seriously, they are full of sh*t.  

BTW, Who in the hell made it up in the first place, cryptocurrency?  

Doesn't it depend on how you interpret meaning of word "legitimate"? Based on how @fillippone use that word on sentence, i interpret that as Bitcoin ownership based on knowing it's private key.

I can't insult you, nature has already done this for me
the uselessness of your accusations and your post are there for all to see
I certainly don't have to tell others what to do or what to think about

if you are serious, then I make the right decisions about you

people like you do not bring benefits to the forum or to the people who attend it, as shown by your latest red trusts taken

See the topic title: the intent is to show how secure Bitcoin is. That's why I Merited the post.
If I had a script to find people's private keys, Bitcoin would be worthless. I'm glad I can just tell people to try and find a funded private key, so they can prove to themselves that it won't work.

Question:  Do you, babo, believe that if you had a script that could find people’s private keys, it would be quote-unquote “legitimate” to transfer their bitcoins to your wallet?

The general futility of such an exercise is irrelevant:  What matters here is the intent.  The LBC author duplicitously denies having such an intent as quoted in my prior post; nonetheless, he been tagged for years as a wallet thief.  Anyway, the same would apply to malicious use of Brainflayer; and anyway, fillippone explicitly suggested finding weak keys from buggy wallets.

(Please focus on the above-stated question.  Your nonsense is beneath reply—save to remark that it is inadvisable to insult me, and about as futile as attempting to crack securely created Bitcoin keys.)

I'm here because there is a who triggered me
I don't know if you drank or didn't take your pills

but to allege that a person is a blackhats because he uses such sites is at least imaginative not to say bad taste

maybe you are joking, or maybe you are not kidding, please explain what you mean because I want to know if it's a game or if you are serious

So, this thread contains some substantial inaccuracies—some of which were corrected by a Newbie account that has not posted since 2020.  (Thanks, Elliptic23; please come back.  Anyway, merit sent.)  Beyond that...

Wait a minute.  For the past three years, nobody noticed that fillippone is a wannabe wallet thief?  This is way beyond Asch.

fillippone will never find anything unless someone tells him about Brainflayer, but that is not the point:  He is audaciously proclaiming wallet-thief intentions that rico666 evasively dissimulated with LBC.  rico666 got tagged for that.  Worse, fillippone claims that this is “legitimate” (!).  And he claims that as a trusted pillar of the community, who should be responsible to the highest standards.  Tagged accordingly.

This isn’t a matter of learning about Bitcoin:  To dream of snatching people’s life savings or business funding, and treat it as a lottery winning or money found lying in the street, it is a matter of base character and lack of decency.  At least, an honest blackhat admits a desire to take away other people’s money.  By comparison, I wouldn’t criticize such candid malevolence too much—and why would I bother, when there is this:


That image always annoyed me, too.  If the public key is known, it has a notional 2¹²⁸ security level.

• Bitcoin’s Public-Key Security Level

---

Thank you.  (I am not sure why everyone ignored this account.  Because it’s a “Newbie” account?)

---

The generation is done server-side.  I can’t see the pages, because it throws me a Javascript-requiring CAPTCHA that I refuse to comply with; and the code for the frontend website was apparently un-open-sourced.  But I can see the code for the backend, which is rather embarrassing:

it's not like bigger size curves can just be plucked off a tree. so you probably right.

If we assume that there are ~10⁷⁸ atoms in the Universe, then yes, it's a "little" greater than that. Your chances of finding a collision aren't that many, though. Remember, there are ~2⁹⁶ different private keys for each single-sig address on average. That leaves you with less than 10⁵⁰ different addresses.

Today I discovered another website:

privatekeys.pw/scanner


This website scans private keys, and check balances. I don’t exactly know what it should happen if a positive balance is found, but I suspect you can transfer to your custom address.

I have been running the program for a few hours, and I checked 1,000,000,000 addresses.

Let’s say I can run this program all day and  long 10 times this amount.
 If everyone on the planet would run the same program 24/7 for 100 years, we would get to 3*10^24 tries.


Looks, like a big number!

Remember that the number of private keys are roughly (please, bear some  patience with this one) equal to the number of atoms in the universe?

Look what I found in Quora:
How many grams of water are in 2.31 x 10^24 molecules of water (H2O)?

Not going to spoil the answer.

A re-post, I see.
Perhaps I should edit it as "represented as HEX by most tools" to clear things up, thanks.
That part of the reply is based from Blackhatcoiner's previous post that mistakenly identified the 'private key in hex' as hash because hexadecimal outputs are most likely what he's been seeing in hashing tools.

Not really. A hash is just a number (or perhaps more accurately, a string of bits). Hexadecimal is a way of representing numbers in base-16.  A hash can be represented in many ways because it is just a string of bits. For example, a Bitcoin address is a hash (plus some other things), but you normally see it as base-58, and not hexadecimal. Base-64 is also a common way to represent hashes.

to add to what @nc50lc and to understand "why not all possible combinations" aka 2²⁵⁶ you have to know that in elliptic curve cryptography we are working with a finite group of points. these points are generated by a generator point on curve that can only generate a sub group (again finite group) of points. in other words G can not generate all points on the curve only some of them.
the number of points this generator point (G) can generate is equal to N so we can only have N private keys not any more (a point is private-key*G). and for bitcoin's curve (sekp256k1) value of N is what i posted above in hexadecimal format.

They are not hashes. Public keys are X,Y points on a very large curve which has just under 2^256 points.

He's just nitpicking and explained that it's not actually 2 to the power of 256 but only until the highest valid private key to be exact.

2^256 = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
isn't equal to 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140,
in decimal = 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336

Those aren't hash, 0-F character strings are Hexadecimal (HEX).
Most Hashing algorithms' outputs are just represented as HEX by most tools, that's why it looks the same.

I'm trying to understand it but failed. Why not 2^256? They are hashes right? Like strings. All possible combinations. Where is the mistake? 

I've never liked that image because its misleading.

We already know of ways to crack private keys that dont require 2^256 work.

You don't because the private key is invalid.

LOL.
I see what you did here  

Let's explain:
https://bitcoin.stackexchange.com/questions/65969/invalid-public-key-was-spent-how-was-this-possible

https://keys.lol/ethereum/904625697166532776746648320380374280100293470930272690489102837043110636675



https://etherscan.io/address/0x3f17f1962B36e491b30A40b2405849e597Ba5FB5

I found a private key, how do I get my money 

I was never truly happy with that picture, so your thread got me thinking how to explain the energy requirements in a different way:

"If you had a computer that could do those calculations within a human's lifetime and were the size of the earth or smaller, and you actually somehow had an energy source to power it, as soon as you'd turn it on, you'd turn the earth into a supernova."

More detailed explanation in a more technical thread about it:
https://bitcointalksearch.org/topic/energy-requirements-to-brute-force-sha-256-5216788

that's a different topic though.
if we are talking about collision then it is not just about finding a hash collision in 2¹⁶⁰ range, that would be pointless. we have to find two "private keys" that collide to the same hash result. so the bounds for the loop that is used to choose the keys are from 1 to 2²⁵⁶ instead.

now how many keys should be checked before we find a collision is what you are pointing out here. and in cryptography it usually is half of the final size meaning theoretically after checking 2⁸⁰ keys we may start seeing collisions.

that is a good number but also a bit of an unfair comparison. the hashrate is the result of computing double SHA256 of a mostly fixed 80 bytes message whereas a collision is going to be computing multiple things starting from an elliptic curve multiplication then 1 SHA256 followed by 1 RIPEMD160 of either a 33 byte input or a 65 byte input. most of the optimization that has gone into mining won't work here not to mention that there isn't much room to optimize RIPE-MD algorithm. the result should be a lot less than 2⁹² for this process even if ASICs were made for it.

I know only a cpu program to find an address collision:

https://www.reddit.com/r/Bitcoin/comments/34hjph/generating_partial_address_collisions_using_the/

The BTC network power is quite impressive !
Considering having the same power dedicated to address calculation, it would require few hours to find an address collision (2 private keys with the same address).

Right, my bad
I actually use dice in my examples, i.e. 6^62 ~ 2^160.
That's why I sometimes carry a big bag of dice around


Example from my FAQ (in German, sorry)

62 dice rolls in a row (guaranteed to be random*):
4 2 1 5 1 6 4 3 4 4 3 4 1 3 3 5 5 6 3 4 4 2 4 2 3 3 3 6 4 5 6 5 3 2 3 1 5 6 3 1 5 4 3 3 3 3 3 2 5 5 6 1 2 1 3 4 6 6 5 4 2 6

Or in binary:

*

https://xkcd.com/221/

But:

1) the real measure of how random is an address is 2^160, not 2^256, because there are 2^96 different private keys for the same address

2) if you reveal your public key, it takes only about 2^128 guesses (just to simplify) to steal your bitcoins

At this moment the hash rate of bitcoin network is about 2^67 hashes/s, i.e. about 2^92 hashes/year.

Generating a hash is faster (so far) than generate an address from a private key, it's just to have an idea of what size of numbers we're talking about.

We would need a computation power 2^36 bigger than the current entire network to crack an address in 1 year. It would take 36 consecutive doublings to get that power.

This is actually the point of this whole thread!


After a thoroughful research I can confirm @arulbero result:

No.  You have to divide 160 by 3 or 4.

2^160  = 1461501637330902918203684832716283019655932542976

like 1 with 48 zeroes.

It's actually a little more complicated than that.
There is (AFAIK) no really good answer to how many "guesses" we're talking about in this "game".
There are indeed 2^256 private keys (or slightly less), but they translate to a "mere" 2^160 addresses.
More than one private key translates to one address, but it's not as simple as saying "x private keys translate to one address".
HD wallets have further complicated the question of "how many guesses".
This is why I have settled for the lower boundary of 2^160 whenever I explain the probability of guessing a private key.
This is also why I specifically didn't want to delve into the technical details too much


Here's another snippet of wisdom from when I'm trying to explain the odds of guessing a private key:
Cheat code to convert 2^x to 10^x: reduce the exponent by 3 or 4 (2^3 = 8; 2^4 = 16)

2^160 is (roughly) the same as a 1 with 156 48 zeros.
Now imagine a Billion people, that's a 1 with 9 zeros.
Now imagine each of those people guessing a Billion times.
That's a 1 with 18 zeros guesses.
You've only managed to reduce the original 1 with 156 48 zeros down to a 1 with 138 30 zeros.
The chances of guessing the right number are still 1 in a 1 with 138 30 zeros.

Even that is technically not completely correct, but it gives people a better idea of what size of numbers we're talking about.
It's easy to continue with things like "let them take a billion guesses every second for a billion seconds" etc.

In short: always convert to base 10 numbers when talking to "normal" people.
They don't understand base 2.

Once people understand what it takes to reduce a number with 156 48 zeros down to a manageable size, they usually begin to comprehend why "I'm thinking of a random number" is actually a very safe way to store your Bitcoins.

a good analogy with the "guessing the number" thing, but there is a tiny mistake here. that "number" that we choose in bitcoin (aka private key) is between 1 and a little less than 2²⁵⁶ then that number is "converted" and "compressed" using one way operations to a smaller size (2¹⁶⁰).
in other words when someone is guessing the number they still have to perform those two time consuming operations to a get a result and compare it with yours.

A few basic comments on the LBC.
For starters, I'd like to point out that I personally am convinced that the LBC is a huge waste of time, effort, energy and money.
It has no academic value whatsoever, is unlikely to yield any results that contradict common understanding of cryptography and will not determine any empirically establishable "constants of nature".


When you're using Bitcoin, what you are basically doing is play a game.
The game is "I'm thinking of a random number, if you can guess it, here's a dollar".

To make it easy, I can start with "I'm thinking of a number between one and ten".
Your chances of getting that dollar are 10 per cent.

In a harder game, I'll think of a number between one and one thousand.
To make it a challenge, I'll ask you to donate 1 US cent for every guess to a good cause.
A dollar will yield 100 guesses, so your chances of even making you dollar back are only 10 per cent.

Now, in Bitcoin, I'm thinking of a number between one and 2^160 (in fact, it's a little less, but let's not delve into technical details too much).
For a single guess, I want you to donate a tiny amount of computing power, i.e. electrical energy to, well, thermodynamics (because that energy is obviously wasted).


But in Bitcoin, there are actually more than just two players.
I may ask for a number between one and 2^160, but others just ask for a number between one and ten.
If you guess "nine", your chances of getting their number right are ten per cent, but at the same time, you also have a (much slighter) chance of guessing my number right (I could have used "nine" as well, it's in the space of 2^160, after all).


And that is what the LBC does.
It doesn't guess random numbers in the range of 2^160, but rather numbers in the range of one to ten, then 11 to 100, then 101 to 1000, etc.
All the time, it's obviously also guessing numbers in the wider range of 2^160.
For the LBC to claim that it's guessing numbers in that range is pretty far fetched, though.

Now, the collisions the LBC found so far were all in those much narrower search ranges, they have nothing to do whatsoever with collisions in the wider space of 2^160, other than that they inadvertently lie in that range as well.

Another way to look at  2^256 number:

https://btckeygen.com/


(thread --> https://bitcointalksearch.org/topic/bitcoin-visual-private-key-generator-5187401)

This thread has been translated in Russian by zasad@

2 ^ 256 зaкpытыx ключeй

If you think this thread or any other of my threads is worth being translated in your onw local board, please do! I will be happy to provide assistance!

I am dumb, but I cannot reproduce all the computation with Excel.
 I get right to the point of the last iteration 1000x, then results diverge.
I hope it is excel messing up with exp notations.
Btw I found a nice animation on the same example:
https://www.youtube.com/watch?v=0DSclqnnC2s

Sure, I do hope so. I was only pointing out a very simple yet effective (not efficient, thou) defence against such machine is aldready avaliable: hence the threat from such scenario is not credible.

If someday we "upgrade" bitcoin i don't think it would be to a bigger size curve (which the bigger keys come from) but i suppose it would be a migration to another different asymmetric cryptography algorithm instead of elliptic curve and keep it small at possibly the same 256 bit key size.

Nice, but while building that computer (if ever possibile to do so, it wouldn't be instantaneous, as even the Death Star wasn't built in a day!), Bitcoin could easily upgrade to 512 Bit security.
Satoshi stash would be probably be captured, flooding BTC with 1M "new" bitcoins. That would briefly disrupt the market, but the shock would be widely anticipated and so well absorbed.

If you build a Bremermann computer the size of Earth, you could crack a key in 2 minutes.

https://en.wikipedia.org/wiki/Bremermann%27s_limit

This is one of my old favorite examples which pops up from time to time in a variety of slightly different forms: https://czep.net/weblog/52cards.html. It is used to explain just how large 52! is - the number of possible permutations of shuffling a deck of cards. 52! works out to around 10^67, so several orders of magnitude less than 2^256 (~10^77). It essentially boils down to this:

Start at the equator. Take a single step every billion years. Once you complete the entire circumference, remove a single drop of water from the Pacific Ocean. Continue until the ocean is empty, then place a single piece of paper on the ground, refill the ocean, and start again. Once your stack of paper reaches the sun, throw it away, and start again. Repeat around 3000 times, and 52! seconds will have passed. You'd have to repeat that around 30 trillion times for 2^256 seconds.

Well, this explain why they found so many keys: they weren’t looking for the whole space, but they knew “where to search”.
In the other hand they somewhat evolved, as they claim they are looking for the whole 2^160 addresses.


I know, actually the number reported in the post is not 2^256, but the decimal equivalent of 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140

I doublechecked with this message.
Anyway I edited the OP for clarity. Thanks

that is technically incorrect.
they are not exactly finding private keys with balance, they are solving a puzzle. a long time ago (2015) in order to show the hugeness of the private key space (or maybe just for fun) someone created a "puzzle" where he chose keys in a certain smaller space and sent increasing amounts to each of those keys like this:
2⁰1 send 0.001BTC=$0.2 at the time
2¹2 send 0.002BTC=$0.4 at the time
2²3 send 0.003BTC=$0.6 at the time
and so on.
now, people to this day are still trying to solve that puzzle. so technically if you have a private key (which is impossible by the way) that is in one of those ranges they won't find that because they are only looking to solve that puzzle.

p.s. a bit nitpick-y but there are 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140 private keys which is a little smaller than 2²⁵⁶

Yesterday while browsing down the Bitcoin rabbit hole I stumbled on the infamous keys.lol website

https://keys.lol
(Warning: time sink!)

Basically it’s a website that randomly generates 128 private keys on each page, then checks the balance of the related addresses (compressed and uncompressed) on the blockchain reporting eventual positive balances or past transactions.

Wow!
If you find a positive balance in this client side generated pages, you are actually owner of the private keys, so you are legitimate owner of such balance, and nothing prevents you from transferring to your own wallet.

I spent a few hours on that website, generating thousands of private keys, of course without finding anything, not a single used address, let alone one with a balance.

Then, I started to think I could engineer a little bit the process, and speaking with some fellow users here in the forum, I thought we could have a script generating random private keys, then ask my own bitcoin node the balance in such address and eventually transfer any balance to my own wallet. Working in local should speed up a little bit the process, I thought.

I knew from start the  possibilities to find something were tiny, but I wanted to try because looking for balances and finding nothing, would reassure me that nobody could do the same with my own bitcoin so jealously held in my cold wallet.

While waiting for @babo to disclose his script, I thought to myself “Fillippone only pawn in the game of life”...how come nobody ever thought about that?

Back into the rabbit hole, I quickly discovered the Large Bitcoin Collider.

https://lbc.cryptoguru.org/about

Wow this is a serious project.
Basically thousands of distributed servers generating and checking 26 Trillions (!!!) of private keys on a daily basis.
Over the first three years, they managed to find 7 private keys. That’s a lot! I imagined the odds were much lower., but probably there is some kind of bug in some wallet utilising a suboptimal random number generator to create keys. (Further research needed here!)


Let’s quickly review a few numbers:
Number of private keys theoretically possible: 2^256 or roughly 10^77
Number of bitcoin addresses: 2^160
Number of private keys searched by Bitcoin collider: 2^160
Numbers of atoms in the universe: 10^78 to 10^82
Number of used Bitcoin addresses: 18,000,000

The number of private keys ACTUALLY possible, is a little bit smaller than 2^256, as specified here

Let’s work out a few examples.

• Suppose we have a billion active addresses, each of them with a positive balance: we know this is roughly 10^3 bigger than the actual number.
  Probably the number of atoms in the universe is 10^3 times bigger than the number of addresses, so it is fair to say that finding a private Key with a positive amount is roughly as likely as finding one of those atoms spread all over the whole visible universe.
  How big is a billions of atoms? According to this Quora answer, it’s smaller than an E.Coli bacteria. So guess taking this bacteria, shred at atomic level, distribute it in the universe and trying to find one of those an atoms. Pretty tough, isn’t it?
  
  
• Second example is from this article. Suppose we want to scan all private keys in search of a positive balance and suppose that each inhabitant of the earth has a scanning speed one billion times higher than twice the current computing power of the Bitcoin network, thus:
  * 10 billion people;
  * multiplied by one billion;
  * multiplied by twice the computing power of Bitcoin, about 100 thousand terahash per second;
  we obtain: 1,000,000,000,000*1,000,000,000*100,000*100,0000,000,000 = 10^10*10^9*10^5*10^12 = 10^36
  For simplicity, we rounded down ‘115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336’ to 10^77, and we obtained that, if we checked every single private key, in search of a positive balance, it would take 10^77/10^36 = 10^41 seconds, how many years would it be?
  Since there are about 31557600 seconds in a year, it corresponds to about 10^41/31557600 = 31^33 years, which is more or less 10^23 times the estimated age of the universe (currently estimated at 13.82 billion years), in short
  100,000,000,000,000,000,000,000, i.e. about 100 billion billion times the age of the universe.
  
  
• This video on how much secure is the SHA 256 algorithm.
   https://youtu.be/S9JGmA5_unY
  
  
• All previous example didn’t account for the energy involved in such calculations. Of course all those very powerful machines would need to be powered by some kind of energy. How much energy would be necessary? Well, a lot, according to this infographic:
  
  
  
  Link to Reddit
  
  

Other examples about how much it would take to randomly guess  a private key:

• Reddit: Time and energy required to brute-force a AES-256 encryption
  

Further references:

• This Bitcointalk thread on possible number of bitcoin addresses
  
• Mastering Bitcoin: Keys, Addresses
  

Other vey big numbers:

• 52!:It Starts with a Simple Deck of Playing Cards
  

Here are only a few examples, if you have additional resources or comment, don’t hesitate to post yours below and I will add to the list!

---

If you think this thread or any other of my threads is worth being translated in your onw local board, please do! I will be happy to provide assistance!

Russian Translation by zasad@: 2 ^ 256 зaкpытыx ключeй