Bitcoin Forum>Other>Beginners & Help
Author

Topic: What prevents a private key from being stolen? (Read 892 times)

DannyHamilton
legendary
Activity: 3514
Merit: 4895
What prevents a private key from being stolen?
November 26, 2013, 08:49:38 PM
#8
Quote from: Bill Bisco on November 26, 2013, 08:32:38 PM
3. Getting a mold of the lock and creating a key that will fit in it.

What prevents someone from doing #3 in a digital sense?

Only the fact that there is no known mathematical way to calculate a private key from the public key. Fortunately most bitcoin balances are protected by three algorithms. So, even if a weakness is someday discovered in ECDSA, the bitcoins will be protected by SHA-256 & RIPEMD-160 until a new signature algorithm is implemented.
DannyHamilton
legendary
Activity: 3514
Merit: 4895
Re: What prevents a private key from being stolen?
November 26, 2013, 08:41:22 PM
#7
Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
1. Privatekeys are normally stored in the medium that generated the Bitcoin address? i.e. if I make a new wallet in Multibit, that private key is stored there.

Correct.

Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
If I make a new wallet on Mtgox, then the private key is stored there?

Since those private keys belong to MtGox, they get to decide how they are created and where they are stored.

Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
2.  One private key is integral to moving funds for an address.

Yes.

Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
How does the Elliptic Curve Digital Signature Algorithm, know that only that address works?

It verifies the digital signature with the public key.

Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
Is it theoretically possible for other private keys to work as well to move funds?

Theoretically? Yes. But the odds are astronomically small. For all intents and purposes you can consider it impossible.

Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
3.  If I have a private key, and I don't know the public key, can I still make transactions?

Yes. The public key can be calculated from the private key.

Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
If so, does anything prevent someone from randomly accessing potential private keys and hope to steal someone's money?

Yes. The same thing that prevents all the air in the room from gathering together in one corner and suffocating you. Specifically, astronomical odds against the possibilty.

Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
4. I'm told to keep my bitwallets in an unconnected device.  How am I supposed to spend them though?

For the safest possible long term storage, offline is recommended. A system must be connected to transmit transactions. The private keys can be kept offline and just the signed transaction can be brought to the online system. This is how Armory works.
Automatic
full member
Activity: 238
Merit: 109
Re: What prevents a private key from being stolen?
November 26, 2013, 08:34:47 PM
#6
Quote from: Bill Bisco on November 26, 2013, 08:32:38 PM
5. Do passwords on bitwallets mean anything?  If one had the private key, the wallet password would be meaningless no?

Once again, depends on the wallet. Normally any wallet that requests a password to be set and is popularly used is used to encrypt the file on your HDD, so, if a virus were to steal the file, they'd then have you crack your password. If someone had the private key, password or not, it'd be useless.

EDIT:-
Quote from: Bill Bisco on November 26, 2013, 08:32:38 PM
What I mean by in #2 is that how does the encryption software know that that private key is correct?  Essentially, you can get through a locked door, by
1. Finding the right key
2. Copying the right key
3. Getting a mold of the lock and creating a key that will fit in it.

Private keys never change, so, you wouldn't have to create a "copy", just use the exact same private key, and, if they have your private key, once again, nothing stops them from spending your money. That's why protecting your private key is such a big thing.
Bill Bisco
member
Activity: 109
Merit: 10
Re: What prevents a private key from being stolen?
November 26, 2013, 08:32:38 PM
#5
What I mean by in #2 is that how does the encryption software know that that private key is correct?  Essentially, you can get through a locked door, by
1. Finding the right key
2. Copying the right key
3. Getting a mold of the lock and creating a key that will fit in it.

What prevents someone from doing #3 in a digital sense?

5. Do passwords on bitwallets mean anything?  If one had the private key, the wallet password would be meaningless no?
Automatic
full member
Activity: 238
Merit: 109
Re: What prevents a private key from being stolen?
November 26, 2013, 08:31:49 PM
#4
Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
1. Privatekeys are normally stored in the medium that generated the Bitcoin address? i.e. if I make a new wallet in Multibit, that private key is stored there.  If I make a new wallet on Mtgox, then the private key is stored there?

Yes. If you chose to 'export' them, they normally show you the private key, so, you can go do that if you wish.

Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
2.  One private key is integral to moving funds for an address.  How does the Elliptic Curve Digital Signature Algorithm, know that only that address works?  Is it theoretically possible for other private keys to work as well to move funds?

What do you mean "That that address works"?

Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
3.  If I have a private key, and I don't know the public key, can I still make transactions?  If so, does anything prevent someone from randomly accessing potential private keys and hope to steal someone's money?

Nothing stops someone from doing that, it's just an insanely low probability they'll ever get a single valid used address. Go for it, you can do it yourself, generate a bunch of addresses!

Quote from: Bill Bisco on November 26, 2013, 08:24:10 PM
4. I'm told to keep my bitwallets in an unconnected device.  How am I supposed to spend them though?

Depends on the wallet, some require you to go online to broadcast, some use a medium such as a flash drive to move between the online and offline devices.
Bill Bisco
member
Activity: 109
Merit: 10
Re: What prevents a private key from being stolen?
November 26, 2013, 08:24:10 PM
#3
So,

Help me understand.

1. Privatekeys are normally stored in the medium that generated the Bitcoin address? i.e. if I make a new wallet in Multibit, that private key is stored there.  If I make a new wallet on Mtgox, then the private key is stored there?

2.  One private key is integral to moving funds for an address.  How does the Elliptic Curve Digital Signature Algorithm, know that only that address works?  Is it theoretically possible for other private keys to work as well to move funds?

3.  If I have a private key, and I don't know the public key, can I still make transactions?  If so, does anything prevent someone from randomly accessing potential private keys and hope to steal someone's money?

4. I'm told to keep my bitwallets in an unconnected device.  How am I supposed to spend them though?

5. Do passwords on bitwallets mean anything?  If one had the private key, the wallet password would be meaningless no?
DannyHamilton
legendary
Activity: 3514
Merit: 4895
Re: What prevents a private key from being stolen?
November 26, 2013, 06:25:08 PM
#2
Quote from: Bill Bisco on November 26, 2013, 03:57:41 PM
Dear all,

I have read a lot about private keys.

Apparently not enough.  If you want to understand private and publick keys, you need to get a better understanding the the ECDSA digital signature algorithm.

Quote from: Bill Bisco on November 26, 2013, 03:57:41 PM
However, what I don't get, is how does having a private key prevent hackers from stealing it?  For example, let's say that my private key was Sup3rMonk3yDud3.  How does the Bitcoin system recognize that Sup3rMonk3yDud3 is the private key for my account and that that is the correct key to use?

First of all, Sup3rMonk3yDud3 is not a private key.  It's a passphrase, and a relatively weak one. A private key is random 256 bit number.  That would be a number between 0 and 1.1579209x1077.

Secondly, the "bitcoin system" doesn't know or care about your private key.  It doesn't "recognize" the private key for your account (or rather for your bitcoin address).

Instead you use your private key to calculate a digital signature using the ECDSA algorithm.  Then the "bitcoin system" uses your public key to verify that the provided signature is valid.  If you don't have the private key, then you are unable to calculate a signature that can be verified with the public key.

Quote from: Bill Bisco on November 26, 2013, 03:57:41 PM
What prevents a hacker deep diving into the Public Bitcoin codework to find out that Sup3rMonk3yDud3 is my passkey and steal my account from me?

Your private keys are not stored in the "Public Bitcoin codework" so there is nothing for a hacker to find if they "deep dive into the Public Bitcoin codework".
Bill Bisco
member
Activity: 109
Merit: 10
Re: What prevents a private key from being stolen?
November 26, 2013, 03:57:41 PM
#1
Dear all,

I have read a lot about private keys.  However, what I don't get, is how does having a private key prevent hackers from stealing it?  For example, let's say that my private key was Sup3rMonk3yDud3.  How does the Bitcoin system recognize that Sup3rMonk3yDud3 is the private key for my account and that that is the correct key to use?  What prevents a hacker deep diving into the Public Bitcoin codework to find out that Sup3rMonk3yDud3 is my passkey and steal my account from me?

Thanks,

Bill
Bitcoin Forum>Other>Beginners & Help
Jump to: