Pages:
Author

Topic: This message was too old and has been purged - page 10. (Read 50756 times)

staff
Activity: 4284
Merit: 8808
Stupid question - why is the address he chose one character shorter than the preceding ones?

Also, I'm going to assume that the "random" address generator is, in fact, only generating weak addresses.  The question is, can the degree of weakness be detected in a public key?
There is no such thing as a weak key in secp256k1. If any non-trivial fraction of uniformly selected keys are weak then all keys are weak because there is a simple bit of algebra to convert an attack on a non-trivial fraction of random keys into an attack on any specific key.
full member
Activity: 238
Merit: 100
Stupid question - why is the address he chose one character shorter than the preceding ones?

Also, I'm going to assume that the "random" address generator is, in fact, only generating weak addresses.  The question is, can the degree of weakness be detected in a public key?
full member
Activity: 144
Merit: 100
As noted above, at least one verifiable example of this thing doing what you claim it may, would "help" taking the claims any seriously. Otherwise, you are selling a packaging box of HD TV for a full price of TV, without any assurance that the TV is indeed inside.
So, please "plug it in" and show us "Myth Busters" episode.
legendary
Activity: 1512
Merit: 1036
This cracker is BS. Demonstrating one successful "brute-forcing" is straighforward if the address is generated on purpose very close to a rendez-vous point. There is no weakness here whatsoever, the regions around rendez-vous points are just tiny compared to the whole search space.

Consider that it is basically the same thing as iterating over possible private keys starting from 1, then 2, etc... then saying "uh-oh! I found some addresses that are weak and can crack them quickly!". Of course it will be true for all addresses whose private key is between 1 and few millions... But it is still nothing considering the whole search space.

Do not buy that.

This is kind of what I was thinking reading earlier in the thread, although I haven't looked through the obfuscated in one line "generate the weak address this way" code show here: https://bitcointalksearch.org/topic/m.4746108

"my HD7970 is at the moment capable of doing 150 MEGAKEYS per second" says the OP.
If the code actually is: Here's a generator that will generate a private key within a million of 1000 weak points: 2 billion possible keys to search; 50% probability with 1 billion brute forces with no special math.
hero member
Activity: 602
Merit: 500
myBitcoin.Garden
Maybe you have some major computer (or perception) issues as the video clearly shows that it (contrary to your claim no address can be cracked easily) is in fact cracking a private key in seconds. More precisely, the private key of a randomly generated address.

Hi EK forgive my cynicism but here goes..,

You didn't crack the private key of a randomly generated address as stated in the above quote.  By your own admission you were generating 'weak' addresses only and cracked one of those.  This prompts the question, what is the estimated number of weak addresses that exist over non weak addresses?

I have an issue with your video.  I am suspicious that your 'rage' is just a diversion from the fact that perhaps you filmed it intentionally with supposed focus and exposure issues.  You were blaming the monitor but clearly the camera was the issue.  Can you please make another video and this time make a greater effort to provide footage that can be verified? Thanks.

legendary
Activity: 1050
Merit: 1004
I guess we'll see how this pans out. http://stargate.bitwarrant.com/science/
newbie
Activity: 2
Merit: 0
...as long as you don't reuse addresses (Don't keep sending stuff from the same address) your public key is never published and then he can't even try to run his program on your public address. You have a better chance of getting a virus and having you BTC stolen off your machine this way.

I understand that, and I'm not concerned about my own security.  I want to understand the difference between what Evil is claiming and a claim to have cracked some part of RSA generally.
sr. member
Activity: 378
Merit: 250
(last message wasn't posted - maybe since I'm new it's awaiting moderation or something?)

Help me out here - is Evil claiming that he has essentially cracked RSA (ie, that given a public key, hey can ascertain its private key)?

If not, what is specific to Bitcoin about this attack?

No. Given a public key he might (can't) find the private key to the address. Or at least from what I have been reading. The chances of your BTC being stolen are .000000000001% (randomly low percentage) higher than they were before he wrote this program from my understanding. Also as long as you don't reuse addresses (Don't keep sending stuff from the same address) your public key is never published and then he can't even try to run his program on your public address. You have a better chance of getting a virus and having you BTC stolen off your machine this way.
newbie
Activity: 2
Merit: 0
(last message wasn't posted - maybe since I'm new it's awaiting moderation or something?)

Help me out here - is Evil claiming that he has essentially cracked RSA (ie, that given a public key, hey can ascertain its private key)?

If not, what is specific to Bitcoin about this attack?
legendary
Activity: 1512
Merit: 1012
Still wild and free
This cracker is BS. Demonstrating one successful "brute-forcing" is straighforward if the address is generated on purpose very close to a rendez-vous point. There is no weakness here whatsoever, the regions around rendez-vous points are just tiny compared to the whole search space.

Consider that it is basically the same thing as iterating over possible private keys starting from 1, then 2, etc... then saying "uh-oh! I found some addresses that are weak and can crack them quickly!". Of course it will be true for all addresses whose private key is between 1 and few millions... But it is still nothing considering the whole search space.

Do not buy that.
legendary
Activity: 1022
Merit: 1001
I'd fight Gandhi.
Quoted. (is the april fools date intentional?)
Nah, coincidental. The only reason I put a limit at all is so I wouldn't feel ethically obligated to hold onto 50 BTC beyond that point in time.
Duly noted.
staff
Activity: 4284
Merit: 8808
Quoted. (is the april fools date intentional?)
Nah, coincidental. The only reason I put a limit at all is so I wouldn't feel ethically obligated to hold onto 50 BTC beyond that point in time.
legendary
Activity: 1022
Merit: 1001
I'd fight Gandhi.
So you claim you can crack some random keys provided by people on the forum? Oh really.

Well here, I'll make it very profitable for you then:

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


I, Greg Maxwell, do hereby promise to pay 50 BTC to the first person that
provides the discrete log of _any_ of the following randomly generated
200,000 secp256k1 public keys. This offer is open until 2014-04-01.

None of the below public keys have been used on the Bitcoin blockchain as
of the time of the creation of this offer.

04abb9239d3a5131de45b977807c62bf879119b05c3da33e37d8e7be0901985ce73b6ca6dff5b97 34d1225ce0120bbe023066669c29e23d3ea82de9a57dd259b63

Full message at https://people.xiph.org/~greg/keysfun.asc

Surely if you can crack a single key provided by a person in the thread cracking any one of 200k keys should be a cinch.

Quoted. (is the april fools date intentional?)

Show us what you can do, Knievel.
staff
Activity: 4284
Merit: 8808
So you claim you can crack some random keys provided by people on the forum? Oh really.

Well here, I'll make it very profitable for you then:

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


I, Greg Maxwell, do hereby promise to pay 50 BTC to the first person that
provides the discrete log of _any_ of the following randomly generated
200,000 secp256k1 public keys. This offer is open until 2014-04-01.

None of the below public keys have been used on the Bitcoin blockchain as
of the time of the creation of this offer.

04abb9239d3a5131de45b977807c62bf879119b05c3da33e37d8e7be0901985ce73b6ca6dff5b97 34d1225ce0120bbe023066669c29e23d3ea82de9a57dd259b63

Full message at https://people.xiph.org/~greg/keysfun.asc

Surely if you can crack a single key provided by a person in the thread cracking any one of 200k keys should be a cinch.
legendary
Activity: 1022
Merit: 1001
I'd fight Gandhi.
So this random addy I grabbed off of blockchain.info currently has BTC15.14013694 in it. Since it has sent BTC before, it's public key is now shown, and thus hackable?

Can you prove it by finding the private key yourself, and moving BTC0.00123456 out and back into the address? I want to see a show. Smiley
sr. member
Activity: 430
Merit: 250
To be absolutely safe, you are absolutely correct. You should not reuse addresses, because as you do your public key gets broadcasted.
However, if you only store a few thousand bucks in your wallet, you are not likely to because a target of the "bruteforcers" as they will probably aim for higher accounts.

However, yes: Not reusing the address will make you safe.

I believe the first time a brute-forcer breaks a large bitcoin wallet he will inadvertently or by intent, also break Bitcoin and by extension crypto-currencies.  Confidence in this budding technology is already precarious.  Any notion that one's coins are insecure will not be met well by the masses.

These findings of weakness in the blockchain should be brought to the developers attention and we should be calling for some solution to this issue as soon as possible.
They do not pose any realistic threat. When you consider the probabilities, it's all the same, either you need sqrt(n) tries (currently best known algorithm that solves the discrete logarithm problem in general) for 100% chance or sqrt(n)/100 tries for 1% chance of success.
full member
Activity: 120
Merit: 100
You don't need a new address for every user, just a new address whenever you sweep it. A bigger entity accepting bitcoin could just empty the account periodically and put a new address up. They may only empty the address once every 6 months.
newbie
Activity: 75
Merit: 0
Copied from my posting in the development thread.

Quote
On re-use of addresses.

I can think of a few scenarios where one must re-use addresses.  Lets say for example Wikipedia decides to accept donations in Bitcoin.  They put up a donation address.  Should they generate a new donation address every time someone visits the donation link?  They probably should from a security point of view.  Seems inconvenient for donators that have saved the address in their address book. 

Our own Bitcoin Foundation re-uses its donation address as well.  https://blockchain.info/address/1BTCorgHwCg6u2YSAWKgS17qUad6kHmtQW There it is on blockchain.info 556 transactions at the time of this posting. Looks like address re-use to me. I wonder how many people who are either members or donators to the foundation tell people in the forums not to re-use addressess.

All of you who have an address in your signature for tips and such are also guilty of address re-use.  Basically any address that is publicly advertised for business/charity or what have you will be re-used.  This goes for all those that generated vanity addresses specifically to have a visually unique address for personal or business use.

If the solution is don't re-use addresses then this makes things inconvenient.  Does anyone really think that the masses are going to stick with one address per use?

Can someone tell me where I am going wrong here?  I can't see stopping address re-use as a solution to this potential threat.

sr. member
Activity: 378
Merit: 250
Thanks much! This should be in the Bitcoin 101 course. I will put this into practice immediately. I did recently divide-up my hoard into 3 wallets and the two new wallets have not been used for any outgoings transactions. Whew.
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
Pages:
Jump to: