Topic: Vanity Private Key (Read 3289 times)

How many times should we tell someone not to stand underneath the piano that they are trying to hoist up 100 feet before we just turn our back and walk away?

This has been suggested to him several times.

You're going about this the wrong way. What you want is to store the long part of the key in an easily-accessible form, but then have a small password that you know that secures it. There's actually a standard way to do this that is secure (well, as secure as your password): BIP38 encryption. Here are some sites that let you generate a BIP38-encrypted key: (I can't vouch for either of them personally, but they look decent enough)

https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-wallet.html
https://bit2factor.com/

BIP38 uses scrypt as a key stretcher, so that it's harder to guess your password (still, you should choose a good one, e.g. 8 random characters, not just a word or name).

Thank you for the explanation, it help a lot.  Your point is quite right.

My original goal was to be able to print a hard copy of my private key so I can store it, and don't have to worry someone able to use it even if they find it. 

I could password protect the key like some suggested, but then I would have to remember a hard password to decode it.

By getting a vanity private address I can chance my key from

5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

to

5HowardwDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXND7

this way, I know how to decode it from memory

The whole problem h0w8rd is that your way of securing privkey is much less secure than you think. Much less secure. Even if it seems like good security. I would try to explain it, because I hope, you want this for yourself and do not want to loose your BTC.

Imagine I am a malevolent hacker.
If you give me 5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D in plain sight, I will first check last part (checksum) of this obfuscated privkey and I will find that it is not correct. Now I know that this privkey is somehow crippled.
So what will I do? I would try these privkeys for start (knowing your nickname):
5HowardwDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5hHowardDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5huHowards9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5hutyHowardBsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
...
...

then I would try some of these:
5h0w8rdwDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5hh0w8rdDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5huh0w8rds9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5hutyh0w8rdBsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
...

And the same thing with some common passwords (including capitalizations) such as "Secret", "Superman", "mypassword", "1234576", "qwerty", "QwErTy", ...
I would certainly try "BTC", "bitcoin", "Bitcoin", "BITcoin", "nioctib" pretty soon. On all possible positions.


And now... here is the catch. I can (with computer) easily make ~500 million such guesses (and checks for correctness) per second. Due to you leaving checksum unchanged, these checks are super easy. (But even if you changed checksum also, then recalculating it each time and checking BTC balance of the corresponding address is only a little bit more delay.)
I can take dictionary of common english words. One word in each position with common capitalizations makes about 40*10=400 possibilities. So I can check about 1 million words per second. I would find your real privkey in under a second.
If you use two words (like) GuessBitcoin or h0w8rd123Bitcoin you are a little more secure. Let's say you choose from dictionary (+ Bitcoin specific terminology like "BTC", "Bitcoin", "Satoshi"...) which has 200 000 different words. Then it would take me (with one common GPU) 55 hours to break such privkey. If I am determined hacker with dedicated bruteforcing machine then it will take minutes or even less.

You can complicate situation further, choose three words, four words (still unsecure), choose complicated ungoogleable passphrase with numbers, etc. That way you are closing to the solution with several words (like 12) used as master seed in HD wallets. Or you can just encrypt your privkey with the same strong password.

It depends which level of security is right for you. But I want to stress that basic Bitcoin working (256 bit random privkey is much, much much stronger than any password you will come up with and can meaningfully remember). And your solutions ("one or two replacement words with some tweeks, in secret position") is much much weeker than it seems on the first sight. Not mentioning keyloggers and screen capturers when entering your real privkey somewhere.



And... I do not know about any sowtware that would do such a thing. But it would not be very difficult to make for skilled programmer.

With what?  He would then need to have a tool.  He wants to be able to reconstruct the correct private key from memory + the written down wrong key without the use of a computer or tool.

If he is going to have a computer and a tool why not just password encrypt the private key like everyone else does.

No he can recalculate the checksum after replacing the "secret part"

He would need to not only memorize the "Bitcoin" part and also memorize the correct check sum part for it to work for what he wants to do...

Again, if this is your private key:

5BitcoinDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

And you to this:

5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

You do not need a tool for it. But the checksum (green) would be wrong.

So you can take the first part of the "obfuscated" key and generate a new checksum. Could be:

5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDakv73DFg

Now you got a valid key again. So no one would see that it's not the real key. This is security by obscurity. But might work for you, until someone knows your "algorithm". The point about real security is, that it is secure even if the attacker knows the algorithm!

So better just use a tool that can encrypt you private key an go with the encrytpred version as others suggested already.

To answer your question: No there is probably not a tool for your usecase, because it's a bad idea!

But for some btc, I could wirte one for you.

Base58 encoding is similar to the LUHN check. Given the first few digits, you have narrowed down the possible endings. Whilst the numbers are still quite large (depending on your vanity key), you've reduced the space to search drastically.

Privkeys are meant to be random, so why would you want it to be not-so-random? No one else should be able to know the code. I'm sure it's possible if you modded vanity inner, but there's really no point.

Most good programmers are intelligent, skilled, and desire to create quality software. Therefore, they really don't have much interest in intentionally creating an insecure, useless, piece of crap program.

Creating a vanity private key would be both insecure and a useless piece of crap.

Therefore, it is unlikely that you'll find any such utility created by an intelligent, skilled programmer.

This means that if such a utility exists at all, it was either created by an unintelligent, unskilled, or criminal programmer.  It will therefore almost certainly be insecure, and a piece of crap.  You'll be very lucky if any such utility that you find doesn't have hidden programming designed to steal your bitcoins from you.

It's a bit like asking if there is a utility somewhere that you can use to collect your own credit card numbers (with security code), social security number, birthdate, and home address without you needing to enter them and then publish them all on a public website.  Such a utility isn't likely to exist, and if it did, there would be no good reason to use it.

There probably is not. Write one yourself or hire someone to. The reason one doesn't exist is because of us a pretty stupid idea and is most likely not safe. If you do write one, please don't advertise it and tell people to use it, or isn't as secure as other options out the.

I am not asking if it's good to do it, I am asking if there is an util to do it?

If you want to print it encrypted use BIP38. If you think your idea will protect your coins, by all means do it. Just dont use that for the coins of others.

those are just a sample

i can replace those 7 letters with 13 letters, or start at the middle

5wDs9BsUh1NivythGuessBitcoinf49VvEzGXpD7ZLtDxdDyXN7D

and have it display as

5wDs9BsUh1NivythjeEsdVnt35saf49VvEzGXpD7ZLtDxdDyXN7D

Yes, I realize that, I misunderstood your question there.

As others pointed out. Those 7 characters is not much protection. It will not take terribly long to brute force what those seven characters are.

This is not my Actual Private Key!  I wanted a way to generate a Private Key like

5BitcoinwDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

so I can print it out on paper as

5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

Considering you only need to do sha256d for the check which can be done by old mining GPUs ~500 million times per second (500 MH/s) you probably need longer to write the code than to execute it. If we assume 361 billion englisch words[1] it would take ~12 minutes to try all of them. Keep in mind that we could also eliminate all words with non base58 symbols. The estimate is probably too high, as we cant just "count up" and reloading data takes time.

[1] http://www.npr.org/2010/12/16/132106374/google-book-tool-tracks-cultural-change-with-words

Edit: MH not GH.

If you did this (replace the 7 actual characters "Bitcoin" with the junk characters "hutyAew" and you gave me the string 5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D then I could easily write a program to very easily recover the original string "Bitcoin" within a few seconds (just by checking the checksum), crack your private key, and take all of your Bitcoins.

You really do not want to mess with this!