Pages:
Author

Topic: This message was too old and has been purged - page 9. (Read 50772 times)

legendary
Activity: 978
Merit: 1001
This thread will go no where unless he proves himself with gmaxwells bounty.
legendary
Activity: 1148
Merit: 1018
So this random addy I grabbed off of blockchain.info currently has BTC15.14013694 in it. Since it has sent BTC before, it's public key is now shown, and thus hackable?

Can you prove it by finding the private key yourself, and moving BTC0.00123456 out and back into the address? I want to see a show. Smiley

Interesting. Let's see what Evil can pull out from this.

legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Maybe some more correct explanation.

[1] - imagine the bitcoin address space is ALL the sand grains on planet earth (it's actually much bigger than that I think but this is easier to visualise)

[2] - imagine someone picks a private key which we assume to be our sandgrain and hides is somewhere on any beach on this planet. Lets further assume this sandgrain is painted blue.

[3] - Searching for this particular sand grain is computationally infeasible. But let us say you have placed a colored tennis ball (each with a different color) on each of the world's beaches.

[4] - now imagine you send out 100.000 people to all the beaches of the world simultaneously. If one of these people finds a blue tennis ball somewhere, you can recover the private key.

How did the private key (blue grain of sand) magically get placed near enough to the blue tennis ball (known point) to be able to be found in a reasonable amount of time?
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
EK, eagerly awaiting you to hack one of the addresses for 50 BTC. ;-)
Don't hold your breath.
sr. member
Activity: 378
Merit: 250
EK, eagerly awaiting you to hack one of the addresses for 50 BTC. ;-)

I don't understand this stuff enough yet to have an opinion whether it's likely, but
fascinated to see what plays out.
sr. member
Activity: 430
Merit: 250
Maybe some more correct explanation.


[1] - imagine the bitcoin address space is ALL the sand grains on planet earth (it's actually much bigger than that I think but this is easier to visualise)

[2] - imagine someone picks a private key which we assume to be our sandgrain and hides is somewhere on any beach on this planet. Lets further assume this sandgrain is painted blue.

[3] - Searching for this particular sand grain is computationally infeasible. But let us say you have placed a colored tennis ball (each with a different color) on each of the world's beaches.

[4] - now imagine you send out 100.000 people to all the beaches of the world simultaneously. If one of these people finds a blue tennis ball somewhere, you can recover the private key.


It's slightly better, but still computationally infeasible.
legendary
Activity: 1260
Merit: 1168
This message was too old and has been purged
sr. member
Activity: 462
Merit: 262
To put this into perspective:

[1] - imagine the bitcoin address space is ALL the sand grains on planet earth (it's actually much bigger than that I think but this is easier to visualise)

[2] - imagine going to a particular spot in some country with a magnifying glass and identifying a particular sand grain

[3] - now move out from that sandgrain and identify the 5 sand grains **touching** the one you spotted with your magnifying glass. These are the "weak address" sandgrains

[4] - now imagine an astronaut orbiting the planet who lands at some random location and picks themselves a random sandgrain at their landing spot

Now you can see that the chance of collision with one of the 'weak addresses' is almost the same as the chance of collision with the primary address = no weakness at all.

Forget about it. The issue is of theoretical interest only.


But the real question is, if you make a special software that would make a big 'rainbow table', how long would it take before you get 0.1% of 'rendez-vous' points mapped? Would that be impossible or just take a good amount of time but still possible.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Calling it a theoretical attack is a stretch.  I would prefer to say he has just "proven" the truism:  If I reduce the private key space enough then, of course, I can find the private keys.
newbie
Activity: 50
Merit: 0
ahh ok, thank you for clearing that up.. so at the minute this is more of a theoretical attack where he has stacked the cards in his favour.

DarthNoodle:

You missed my point.  Evil-Knievel created a weak RNG on purpose to show that if you use his totally weak RNG then he can recover the private key.

If you know that all the private keys you are generating are very near certain points then of course you can find them.  He is cheating.

In other words Evil-Knievel has done nothing and found nothing.

Here is the RNG he is using:

Code:
Pick a random N, [128, 255].
Pick a random M, [1, 20000000].
Spit out 2**N - M as a private key.

That is NOT a secure random number generator - it is barely random at all.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
DarthNoodle:

You missed my point.  Evil-Knievel created a weak RNG on purpose to show that if you use his totally weak RNG then he can recover the private key.

If you know that all the private keys you are generating are very near certain points then of course you can find them.  He is cheating.

In other words Evil-Knievel has done nothing and found nothing.

Here is the RNG he is using:

Code:
Pick a random N, [128, 255].
Pick a random M, [1, 20000000].
Spit out 2**N - M as a private key.

That is NOT a secure random number generator - it is barely random at all.
newbie
Activity: 50
Merit: 0
thanks for the link, so all addresses are affected regardless of the client (due to them being based off the same RNG weakness), has this weakness not been resolved in newer versions of OpenSSL?  if so could it be worth upgrading OpenSSL and recompiling the wallet or have i completely missed the point?

in the mean time, services that use public wallets would have to generate new addresses (to send and receive money periodically?).  whats stopping someone going after the public key of an exchange like cryptsy, what would a service like this do to mitigate this issue?




it would be great to identify whether your key is particularly weak and more susceptible and to also identify the risks of services using the same wallet to send and receive payments.. are they going to have to change their addresses regularly from now own just to avoid this attack?

To put this into perspective:

[1] - imagine the bitcoin address space is ALL the sand grains on planet earth (it's actually much bigger than that I think but this is easier to visualise)

[2] - imagine going to a particular spot in some country with a magnifying glass and identifying a particular sand grain

[3] - now move out from that sandgrain and identify the 5 sand grains **touching** the one you spotted with your magnifying glass. These are the "weak address" sandgrains

[4] - now imagine an astronaut orbiting the planet who lands at some random location and picks themselves a random sandgrain at their landing spot

Now you can see that the chance of collision with one of the 'weak addresses' is almost the same as the chance of collision with the primary address = no weakness at all.

Forget about it. The issue is of theoretical interest only.

legendary
Activity: 3066
Merit: 1188
To put this into perspective:

[1] - imagine the bitcoin address space is ALL the sand grains on planet earth (it's actually much bigger than that I think but this is easier to visualise)

[2] - imagine going to a particular spot in some country with a magnifying glass and identifying a particular sand grain

[3] - now move out from that sandgrain and identify the 5 sand grains **touching** the one you spotted with your magnifying glass. These are the "weak address" sandgrains

[4] - now imagine an astronaut orbiting the planet who lands at some random location and picks themselves a random sandgrain at their landing spot

Now you can see that the chance of collision with one of the 'weak addresses' is almost the same as the chance of collision with the primary address = no weakness at all.

Forget about it. The issue is of theoretical interest only.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
newbie
Activity: 50
Merit: 0
so it is possible to identify weak private keys if they are close to any of the rendezvous points on your eliptic curve.

my questions would be:

Are standard wallets (the addresses generated by the QT client) affected by this?
are there any mitigations that can be used?
will the pub/priv key generation sequence require a new, more secure implementation?

i believe one already has been outlined of moving the coins to a new address/wallet? every few months?  would there be any way in which it is possible to increase the difficulty of the private keys?
legendary
Activity: 1168
Merit: 1000
Well, that was fun while it lasted..    Roll Eyes

Lock it up.
staff
Activity: 4284
Merit: 8808
But how is it known if the fraction of possibly weak keys is non-trivial?  Basically are you saying his approach is totally impossible or are you saying the amount of possibly weak keys he is referring to is too small to matter?
If he has anything at all then he can demonstrate it by cracking any one of the 200,000 keys I posted as a bounty and collect a bunch of coins from me.

What I was responding to was someone asking about testing if a key is "weak"— it's pointless, if any non-infinitesimal fraction is weak (e.g. by being generated from private keys known to an attacker) all keys are weak.
sr. member
Activity: 378
Merit: 250
legendary
Activity: 896
Merit: 1006
First 100% Liquid Stablecoin Backed by Gold
Stupid question - why is the address he chose one character shorter than the preceding ones?

Also, I'm going to assume that the "random" address generator is, in fact, only generating weak addresses.  The question is, can the degree of weakness be detected in a public key?
There is no such thing as a weak key in secp256k1. If any non-trivial fraction of uniformly selected keys are weak then all keys are weak because there is a simple bit of algebra to convert an attack on a non-trivial fraction of random keys into an attack on any specific key.
But how is it known if the fraction of possibly weak keys is non-trivial?  Basically are you saying his approach is totally impossible or are you saying the amount of possibly weak keys he is referring to is too small to matter?
legendary
Activity: 1582
Merit: 1002
HODL for life.
I have an issue with your video.  I am suspicious that your 'rage' is just a diversion from the fact that perhaps you filmed it intentionally with supposed focus and exposure issues.  You were blaming the monitor but clearly the camera was the issue.  Can you please make another video and this time make a greater effort to provide footage that can be verified? Thanks.

Exactly what I was thinking, and why I said what I said in my comment of this.  Something doesn't add up.  His actions in the video were erratic and looked almost Tourrettes-like.  The part where he curses his $2000 computer, and blames the video not focusing on the 28" monitor not being good enough for the video just seems off.  Why is he using a shitty camera phone quality video to disprove the community skepticism, and not a program like fraps or camtasia?

As noted above, at least one verifiable example of this thing doing what you claim it may, would "help" taking the claims any seriously. Otherwise, you are selling a packaging box of HD TV for a full price of TV, without any assurance that the TV is indeed inside.
So, please "plug it in" and show us "Myth Busters" episode.

It's just like the videos of "ASIC" devices hashing away to get pre-order customers, and they end up being vaporware.

My suggestion to EK is to have a reputable member of the Bitcoin community test this program and validate it's legitimacy.

-Fuse
Pages:
Jump to: