Oh there seems to be a bit of confusion there.
Hey, are you willing to test an address for me?
Topic: This message was too old and has been purged - page 14. (Read 50741 times)
Wait! I have just realised that I have given you an incorrect public key - this is not the one associated with the address I posted!
To correct myself:
Address: 15789MauDKwkkZSvtNFzFZ5A9a9eXsBViM
Public Key: 0476febc1aa26b0c53b08f78dff62b563fdbd40197d7d9c1b00dc659fe3d3eb1b44c39844638258 e6e98be51501b35166862f9a641c175528507faccfb594f88e8
Sorry, I dunno how I managed that - I guess I was not paying attention properly. I apologise.
Rit./
To correct myself:
Address: 15789MauDKwkkZSvtNFzFZ5A9a9eXsBViM
Public Key: 0476febc1aa26b0c53b08f78dff62b563fdbd40197d7d9c1b00dc659fe3d3eb1b44c39844638258 e6e98be51501b35166862f9a641c175528507faccfb594f88e8
Sorry, I dunno how I managed that - I guess I was not paying attention properly. I apologise.
Rit./
I'm not sure it's as simple as that.
Evil gave a number (an example?) of 768 rendezvous points on the curve, and said that a weak key will be within a certain distance of these points. We don't know how far from a rendezvous point is considered "easy".
I don't pretend to have much knowledge of elliptical curves, but it seems to me that that distance is what determines how useful this actually is. After all the number of in-use addresses is a microscopic part of the namespace.
I'm interested though
And it has at least inspired me to start reading new stuff if nothing else!
Rit.
EDIT: Yep, sorry Evil - it's 04cb45afa783855907367124413c97e2dc6180a4deddd63a040eec77edc09c87991de58ef830fa0 3515525eea05c8dbf7a1b31ad053819134ea7c9cd7274750250
Evil gave a number (an example?) of 768 rendezvous points on the curve, and said that a weak key will be within a certain distance of these points. We don't know how far from a rendezvous point is considered "easy".
I don't pretend to have much knowledge of elliptical curves, but it seems to me that that distance is what determines how useful this actually is. After all the number of in-use addresses is a microscopic part of the namespace.
I'm interested though
And it has at least inspired me to start reading new stuff if nothing else!Rit.
EDIT: Yep, sorry Evil - it's 04cb45afa783855907367124413c97e2dc6180a4deddd63a040eec77edc09c87991de58ef830fa0 3515525eea05c8dbf7a1b31ad053819134ea7c9cd7274750250
This message was too old and has been purged
Why would you sell a program for pennies while it can get you rich?
Please provide private key for: 15789MauDKwkkZSvtNFzFZ5A9a9eXsBViM
Generated using your script.
Thanks,
Rit.
Generated using your script.
Thanks,
Rit.
I'm off to work, but if this still hasn't been done by the time I get home I'll edit this post with a public key generated in this fashion.
So what you are actually claiming is that you have discovered a flaw in ECDSA that narrows the key search space and thus there are not 256 bits to search.
I have to agree, there are very likely flaws in ECDSA and the curve used by bitcoin is one of those that was compromised by the NSA wasn't it?
It's possible Dr Evil here has found something. Wish he would share with the rest of the class though.. $1600 for a product that is supposedly not to be used for evil purposes is a bit over the top pricing wise.
Gweedo is a good guy Evil also he's a moderator and just looking out for everyones interests.
Maybe share a copy of your source app/source with him and see what he thinks then.
I have to agree, there are very likely flaws in ECDSA and the curve used by bitcoin is one of those that was compromised by the NSA wasn't it?
It's possible Dr Evil here has found something. Wish he would share with the rest of the class though.. $1600 for a product that is supposedly not to be used for evil purposes is a bit over the top pricing wise.
Gweedo is a good guy Evil also he's a moderator and just looking out for everyones interests.
Maybe share a copy of your source app/source with him and see what he thinks then.
This message was too old and has been purged
Very interesting.
As far as the debate going on here, why doesn't Gweedo just generate a weak address (not just any address, one that meets to criteria that Evil-Knievel sets out) and post it here. Evil-Knievel can send a small amount of coins to the address, then crack the address and take his coins back?
Alternatively, and considerably more interestingly in my opinion, you could agree on a third party/escrow to generate a weak address. Then both Gweedo and Evil-Knievel deposit a set (small) amount of BTC to the address. Then Evil-Knievel has a set amount of time to break the private key before the Escrow sends all of the coins to Gweedo.
Just sayin'
As far as the debate going on here, why doesn't Gweedo just generate a weak address (not just any address, one that meets to criteria that Evil-Knievel sets out) and post it here. Evil-Knievel can send a small amount of coins to the address, then crack the address and take his coins back?
Alternatively, and considerably more interestingly in my opinion, you could agree on a third party/escrow to generate a weak address. Then both Gweedo and Evil-Knievel deposit a set (small) amount of BTC to the address. Then Evil-Knievel has a set amount of time to break the private key before the Escrow sends all of the coins to Gweedo.
Just sayin'
This message was too old and has been purged
Hey guys,
here you see a proof of concept video.
- I am using a randomly generated bitcoin address (however they are all weak as you see)
- Alone this shows you that there exist many many many weak (almost an infinite number of) bitcoin addresses.
- I am working live on the block chain with real coins (all transactions in the video can be verified on blockchain.info)
- I am cracking the bitcoin address in a few seconds
Sorry for all the cursing but the day has been pretty stressful.
here you see a proof of concept video.
- I am using a randomly generated bitcoin address (however they are all weak as you see)
- Alone this shows you that there exist many many many weak (almost an infinite number of) bitcoin addresses.
- I am working live on the block chain with real coins (all transactions in the video can be verified on blockchain.info)
- I am cracking the bitcoin address in a few seconds
Sorry for all the cursing but the day has been pretty stressful.
Show nothing but ok keep thinking you have a program that can crack private keys.
Waiting with anticipation for the video
But I am also interested in an answer to that question. Approximately what proportion of the namespace could be regarded as "reasonably crackable" (i.e. within say a month on a home computer)?
Thanks,
Ritual.
But I am also interested in an answer to that question. Approximately what proportion of the namespace could be regarded as "reasonably crackable" (i.e. within say a month on a home computer)?
Thanks,
Ritual.
What you are describing sounds like it efficiently detects partial collisions with your rendezvous points and then from there you may be close enough to crack it in matter of days. You have not reduced the overall search space for cracking any random address but you have greatly increased your chances and efficiency of cracking an address mathematically close to one of your Rendezvous points.
So by definition, a so called "weak" address is one that is close to a Rendezvous point
If the entire address space is 2^N,
Let A = Log2(#Rendezvous points)
Let B = Log2(#of Addresses you can brute force in few days around any one Rendezvous point)
Then within this few day time limit, you can crack any address that falls in the "weak" space of size 2^(A+B) and cannot crack any address that falls in the "hard" space of size 2^(N-A-B)
Is that about right? If not can you describe sizes of the weak space that you can attack.
So by definition, a so called "weak" address is one that is close to a Rendezvous point
If the entire address space is 2^N,
Let A = Log2(#Rendezvous points)
Let B = Log2(#of Addresses you can brute force in few days around any one Rendezvous point)
Then within this few day time limit, you can crack any address that falls in the "weak" space of size 2^(A+B) and cannot crack any address that falls in the "hard" space of size 2^(N-A-B)
Is that about right? If not can you describe sizes of the weak space that you can attack.
You simply do not understand it.
I wish I had made this topic moderated, then I could delete such trolls and troublemakers like you and keep the thread clean.
I wish I had made this topic moderated, then I could delete such trolls and troublemakers like you and keep the thread clean.
I am not trolling LOL I am proving you very much wrong.
This message was too old and has been purged
No one has broken the ESCDA public key, if he did he would have taken a lot of money and he hasn't. He didn't take my address and the public key is published since I have done transactions with it. He is probably harboring back to the android flaw or something like that. Nothing to be worried about it.
This is just some FUD nothing serious.
This is just some FUD nothing serious.
And I do not take your concerns serious. You obviously have no that much ida about cryptography, you have no serious mathematical background, you probably did not even understand a single word of what I was talking about (or at least you prentend). Actually, ECDSA is breakable by nature - the question is just with what complexity. And there are certain tricks to reduce the overall complexity, and there are addresses which complexity is pretty low by nature.
But I think it is wasted time to explain everything to you. And what the hell should I do with your $16 wallet. Have a delicious lunch at McDonald's?
I have a degree in mathematics so yeah, but don't you want to prove me wrong? I want you to take my money.
This is what i was afraid about when i started the other thred https://bitcointalksearch.org/topic/brutforcing-a-wallet-430000
That some evil-genius find a smart algorithm to break it all
How many combinations are there to try when you have the public key?
That some evil-genius find a smart algorithm to break it all
How many combinations are there to try when you have the public key?
No one has broken the ESCDA public key, if he did he would have taken a lot of money and he hasn't. He didn't take my address and the public key is published since I have done transactions with it. He is probably harboring back to the android flaw or something like that. Nothing to be worried about it.
This is just some FUD nothing serious.
This is what i was afraid about when i started the other thred https://bitcointalksearch.org/topic/brutforcing-a-wallet-430000
That some evil-genius find a smart algorithm to break it all
How many combinations are there to try when you have the public key?
That some evil-genius find a smart algorithm to break it all
How many combinations are there to try when you have the public key?
gweedo, as you are talking about math:
If you say something like: "it is impossible to brute force a private key, it would take many many lifetimes"
And I give you a key, that can be bruteforced in 10 seconds, than - by definition - your statement was proven to be wrong.
If you say something like: "it is impossible to brute force a private key, it would take many many lifetimes"
And I give you a key, that can be bruteforced in 10 seconds, than - by definition - your statement was proven to be wrong.
Stop playing this, let me use your words and twist them you know what I mean. Just generating a key pair is not brute forcing.
You got it wrong. What I mean is, I could generate a key pair, share the public key with you, and you would be able to recover my private key in an instant with any "script kiddy key cracker" in a manner of seconds.
Alone the existence of such key proves that it does not neccessarily take a lifetime.That is impossible, so stop lying. If that is true do it on my address https://blockchain.info/address/1GweedoZJYb5CNLfSaBgBBYS2y7BMVb2Wo
He's not saying he can get the privkey for any bitcoin address, it sounds like it can only get the privkeys for certain "weak" addresses and close approximations for others. Some private keys should be MUCH easier to find that others, so this could actually be legit. If it's useful is a different question.
Then he is talking about hacking brain wallets due to the random entropy being a word or something easy.
Jump to: