Pages:
Author

Topic: This message was too old and has been purged - page 14. (Read 50756 times)

hero member
Activity: 602
Merit: 500
In math we trust.
Oh there seems to be a bit of confusion there.
Hey, are you willing to test an address for me?
member
Activity: 84
Merit: 10
Wait! I have just realised that I have given you an incorrect public key - this is not the one associated with the address I posted!

To correct myself:

Address: 15789MauDKwkkZSvtNFzFZ5A9a9eXsBViM

Public Key: 0476febc1aa26b0c53b08f78dff62b563fdbd40197d7d9c1b00dc659fe3d3eb1b44c39844638258 e6e98be51501b35166862f9a641c175528507faccfb594f88e8

Sorry, I dunno how I managed that - I guess I was not paying attention properly. I apologise.

Rit./
member
Activity: 84
Merit: 10
I'm not sure it's as simple as that.

Evil gave a number (an example?) of 768 rendezvous points on the curve, and said that a weak key will be within a certain distance of these points. We don't know how far from a rendezvous point is considered "easy".

I don't pretend to have much knowledge of elliptical curves, but it seems to me that that distance is what determines how useful this actually is. After all the number of in-use addresses is a microscopic part of the namespace.

I'm interested though Smiley And it has at least inspired me to start reading new stuff if nothing else!

Rit.

EDIT: Yep, sorry Evil - it's 04cb45afa783855907367124413c97e2dc6180a4deddd63a040eec77edc09c87991de58ef830fa0 3515525eea05c8dbf7a1b31ad053819134ea7c9cd7274750250
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
hero member
Activity: 602
Merit: 500
In math we trust.
Why would you sell a program for pennies while it can get you rich?
member
Activity: 84
Merit: 10
Please provide private key for: 15789MauDKwkkZSvtNFzFZ5A9a9eXsBViM

Generated using your script.

Thanks,

Rit.
sr. member
Activity: 280
Merit: 261
New In Town...
I'm off to work, but if this still hasn't been done by the time I get home I'll edit this post with a public key generated in this fashion.
full member
Activity: 140
Merit: 101
So what you are actually claiming is that you have discovered a flaw in ECDSA that narrows the key search space and thus there are not 256 bits to search.
I have to agree, there are very likely flaws in ECDSA and the curve used by bitcoin is one of those that was compromised by the NSA wasn't it?
It's possible Dr Evil here has found something.  Wish he would share with the rest of the class though..  $1600 for a product that is supposedly not to be used for evil purposes is a bit over the top pricing wise.

Gweedo is a good guy Evil also he's a moderator and just looking out for everyones interests. 
Maybe share a copy of your source app/source with him and see what he thinks then.
 
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
sr. member
Activity: 280
Merit: 261
New In Town...
Very interesting.

As far as the debate going on here, why doesn't Gweedo just generate a weak address (not just any address, one that meets to criteria that Evil-Knievel sets out) and post it here.  Evil-Knievel can send a small amount of coins to the address, then crack the address and take his coins back?

Alternatively, and considerably more interestingly in my opinion, you could agree on a third party/escrow to generate a weak address.  Then both Gweedo and Evil-Knievel deposit a set (small) amount of BTC to the address.  Then Evil-Knievel has a set amount of time to break the private key before the Escrow sends all of the coins to Gweedo.

Just sayin'  Wink
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
legendary
Activity: 1498
Merit: 1000
Hey guys,

here you see a proof of concept video.
- I am using a randomly generated bitcoin address (however they are all weak as you see)
- Alone this shows you that there exist many many many weak (almost an infinite number of) bitcoin addresses.
- I am working live on the block chain with real coins (all transactions in the video can be verified on blockchain.info)
- I am cracking the bitcoin address in a few seconds


Sorry for all the cursing but the day has been pretty stressful.  Wink


Show nothing but ok keep thinking you have a program that can crack private keys.
member
Activity: 84
Merit: 10
Waiting with anticipation for the video Smiley

But I am also interested in an answer to that question. Approximately what proportion of the namespace could be regarded as "reasonably crackable" (i.e. within say a month on a home computer)?

Thanks,

Ritual.
newbie
Activity: 59
Merit: 0
What you are describing sounds like it efficiently detects partial collisions with your rendezvous points and then from there you may be close enough to crack it in matter of days.    You have not reduced the overall search space for cracking any random address but you have greatly increased your chances and efficiency of cracking an address mathematically close to one of your Rendezvous points.

So by definition, a so called "weak" address is one that is close to a Rendezvous point


If the entire address space is 2^N,
Let A = Log2(#Rendezvous points)
Let B = Log2(#of Addresses you can brute force in few days around any one Rendezvous point)

Then within this few day time limit, you can crack any address that falls in the "weak" space of size 2^(A+B) and cannot crack any address that falls in the "hard" space of size 2^(N-A-B)

Is that about right?  If not can you describe sizes of the weak space that you can attack.
legendary
Activity: 1498
Merit: 1000
You simply do not understand it.
I wish I had made this topic moderated, then I could delete such trolls and troublemakers like you and keep the thread clean.

I am not trolling LOL I am proving you very much wrong.
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
legendary
Activity: 1498
Merit: 1000
No one has broken the ESCDA public key, if he did he would have taken a lot of money and he hasn't. He didn't take my address and the public key is published since I have done transactions with it. He is probably harboring back to the android flaw or something like that. Nothing to be worried about it.

This is just some FUD nothing serious.

And I do not take your concerns serious. You obviously have no that much ida about cryptography, you have no serious mathematical background, you probably did not even understand a single word of what I was talking about (or at least you prentend). Actually, ECDSA is breakable by nature - the question is just with what complexity. And there are certain tricks to reduce the overall complexity, and there are addresses which complexity is pretty low by nature.

But I think it is wasted time to explain everything to you. And what the hell should I do with your $16 wallet. Have a delicious lunch at McDonald's?  Grin  Cheesy

I have a degree in mathematics so yeah, but don't you want to prove me wrong? I want you to take my money.
legendary
Activity: 1498
Merit: 1000
This is what i was afraid about when i started the other thred https://bitcointalksearch.org/topic/brutforcing-a-wallet-430000

That some evil-genius find a smart algorithm to break it all Wink

How many combinations are there to try when you have the public key?

No one has broken the ESCDA public key, if he did he would have taken a lot of money and he hasn't. He didn't take my address and the public key is published since I have done transactions with it. He is probably harboring back to the android flaw or something like that. Nothing to be worried about it.

This is just some FUD nothing serious.
newbie
Activity: 42
Merit: 0
This is what i was afraid about when i started the other thred https://bitcointalksearch.org/topic/brutforcing-a-wallet-430000

That some evil-genius find a smart algorithm to break it all Wink

How many combinations are there to try when you have the public key?
legendary
Activity: 1498
Merit: 1000
gweedo, as you are talking about math:

If you say something like: "it is impossible to brute force a private key, it would take many many lifetimes"
And I give you a key, that can be bruteforced in 10 seconds, than - by definition - your statement was proven to be wrong.

Stop playing this, let me use your words and twist them you know what I mean. Just generating a key pair is not brute forcing.

You got it wrong. What I mean is, I could generate a key pair, share the public key with you, and you would be able to recover my private key in an instant with any "script kiddy key cracker" in a manner of seconds.  Smiley Alone the existence of such key proves that it does not neccessarily take a lifetime.

That is impossible, so stop lying. If that is true do it on my address https://blockchain.info/address/1GweedoZJYb5CNLfSaBgBBYS2y7BMVb2Wo

He's not saying he can get the privkey for any bitcoin address, it sounds like it can only get the privkeys for certain "weak" addresses and close approximations for others. Some private keys should be MUCH easier to find that others, so this could actually be legit. If it's useful is a different question.

Then he is talking about hacking brain wallets due to the random entropy being a word or something easy.
Pages:
Jump to: