Topic: Why are private keys safe? - page 4. (Read 4950 times)
It sounds more like blockchain.info fucked up your account more than you had some 1 / 10^160 chance collision
I do not believe any more in private key safety. As two days ago I realize someone is in posses of my private key...
And what is funny - I believe they stole it from Blockchain.info due to those attacks from 1/28/2014.
And Blockchain.info support is not really helping in my case.
a private key is only private until you tell someone it..
blockchain.info is a third party.
as someone else said
if you do not have sole possession of the private key's bitcoin......... you have no bitcoin
have a private key for your wealth that is not on any third party server based wallet. have it as either paper wallet or bitcoin QT.
only trust pocket money / daily amounts to be used on server based wallets.
hotwallet and cold wallet concepts are not just for businesses, bt for individuals
imagine it this way. paper wallet is your bank. server wallet is the banknotes that you only withdraw a daily limit of, then you wont get robbed of your life savings.
bitcoin economy is the inverse of government economy.
government bank notes are safer in third party services, compared to hanging out of your back pocket
bitcoins are safer in your control, compared to hanging around non insured webservers
That is what they told me too. But it looks not like this. It looks like RIPEMD-160 collision .... I am telling you ... as Nothing was stolen from my wallet, just another public address wwas created without letting me know, and someone is using it's private key, as I can see his transactions ... and even this second person with same pvt key was keeping here for example 0.1 BTC for less than a day, I could just transfer it to another address ... so you think some hackers would be so stupid? We will see. I think it might be due to RIPEMD-160 collision and if I am right - this will be huge case.
Now I'm confused. Are you saying that someone else has created a new address inside your blockchain.info online web wallet and it's being used by someone else? Are you sure it's just not a change address of some sort?
legendary
Activity: 1302
Merit: 1004
Core dev leaves me neg feedback #abuse #political
If I use my private key to make a transaction, the network needs to match this private key to the public key (which is derived from the private key). Doesn't this mean that all the private keys are stored on the network? And how safe is this? Why can the network easily verify the private keys but can't someone else look into them? And can't someone simply "listen" to the network and pick up those private keys?
No. a cryptographic hash is a one-way function.
A simplified example of how this works is a password for a website.
The website's database has a HASH of your password..when you enter
the password, it hashes your input, compares it to the stored hash,
and if its correct, it lets you in.
It can never determine the original password from the hash itself.
If you forgot your password, you'll get a password reset (Not a password reminder).
Yes. But...
The probability that you hit an existing private key is so small that the time and energy invested into finding one key would cost more than the total market cap of bitcoin (in fact, as Gabi has pointed out, more than the available energy output of our sun over its entire lifetime).
This is pretty similar to a lottery where you buy all the tickets - of course you will win the lottery, but it's not really cost-effective, and in the case of bitcoin, you can't buy enough tickets to even get a chance of winning a little bit...
Onkel Paul
Actually, there's a small exception to this rule: If you look at deterministic keys generated from a passphrase instead of random keys, and the passphrase can be guessed, it's much easier of course.
Example: There's a private key generated from "correct horse battery staple" (corresponding public key is 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T) which is a passphrase that wasn't too hard to guess (actually, if xkcd had kept its mouth shut, it would be pretty hard to guess...). Everybody can spend contents of this address, which is why its balance is almost always zero...
The probability that you hit an existing private key is so small that the time and energy invested into finding one key would cost more than the total market cap of bitcoin (in fact, as Gabi has pointed out, more than the available energy output of our sun over its entire lifetime).
This is pretty similar to a lottery where you buy all the tickets - of course you will win the lottery, but it's not really cost-effective, and in the case of bitcoin, you can't buy enough tickets to even get a chance of winning a little bit...
Onkel Paul
Actually, there's a small exception to this rule: If you look at deterministic keys generated from a passphrase instead of random keys, and the passphrase can be guessed, it's much easier of course.
Example: There's a private key generated from "correct horse battery staple" (corresponding public key is 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T) which is a passphrase that wasn't too hard to guess (actually, if xkcd had kept its mouth shut, it would be pretty hard to guess...). Everybody can spend contents of this address, which is why its balance is almost always zero...
OK, I get that. Chances you hit a private key are too small. And if people are smart enough to store their balances in small amounts over multiple private keys its even less effective for hackers.
But I have another question.
If I use my private key to make a transaction, the network needs to match this private key to the public key (which is derived from the private key). Doesn't this mean that all the private keys are stored on the network? And how safe is this? Why can the network easily verify the private keys but can't someone else look into them? And can't someone simply "listen" to the network and pick up those private keys?
And if I make a wallet address with the QT client, does the cliënt generate a private key? And is I encrypt my wallet, what does that mean? Does that mean my passphrase is the new private key?
Please take cryptography 101
https://www.khanacademy.org/search?page_search_query=cryptography
thanks
We will see. I think it might be due to RIPEMD-160 collision and if I am right - this will be huge case.
You aren't.
Of course it is very easy to prove.
Supply the tx id and YOUR public key (PubKey) for the address in question. If there is a PubKeyHash collision the tx will be signed by a pubkey which is different than yours (i.e spending tx signed with PubKey A and you provide PubKey B and both of them hash to the same PubKeyHash.
Since a 160 bit hash collision would be incredible news (beyond just bitcoin) and you have all the information to prove it publicly you of course will do so promptly right?
Hint: here is the part where you makeup reasons as to why you can't do that.
If there were a list of private keys they would not be private keys.
This.
A private key is only private if only you know it. There is no such thing as a private key that everyone knows (but promises not to use because it doesn't belong to them).
The super simplified version is that there is a mathematical relationship between private key and public key such that a message signed with a private key can be verified with the public key.
Just replace email with bitcoin transaction and the process (at a high level) is similar.
I do not believe any more in private key safety. As two days ago I realize someone is in posses of my private key...
And what is funny - I believe they stole it from Blockchain.info due to those attacks from 1/28/2014.
And Blockchain.info support is not really helping in my case.
It's because you stored a backup of your blockchain wallet in your email or dropbox, or you entered your info into one of the fake blockchain websites.
So the private key you use to sign the transaction isn't compared to some list of private keys which are on the network to verify if it is an existing private key?
Bitcoin uses ECDSA to cryptographically sign transactions.This is also the reason why you can keep your private keys offline, and sign transaction on a dedicated offline system, to keep them completely off the internet and have exactly ZERO risk of your keys being stolen (even if that machine would be infect with malware). For example Electrum and Armory offer this feature.
Works like this:
1. setup the transaction (you need internet access for this, it involves getting the history for the involved addresses from the blockchain)
2. sign the transction (this can be done entirely offline, it only requires the data from step 1 + your private key, no blockchain or internet or connection involved) and save it on a USB flash drive or something
3. push the signed transaction from step 2 on the network (this requires a connection of course)
Note that creating the data in step 2 requires the private key, but the result does NOT include the key in any way.
Even if ALL machines would be infected by malware, there is still no risk: the offline system which contains your private keys can't send or leak the keys, and the online system (which you use to setup and push the transaction) can't modify the transaction without the signature becoming invalid.
Thanks everyone!
I promise I will do more research myself
I promise I will do more research myself
You should have stopped at the first question, the answer to that answer the other too 
The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem! 
The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem! So the private key you use to sign the transaction isn't compared to some list of private keys which are on the network to verify if it is an existing private key?
The network just uses the public key and match it against the signed transaction, that confirms that yes, the transaction was signed with that private key. "signing" a transaction=get the transaction and make some operations on it with the private key, the output is the "signed" transaction. From a signed output you CANNOT get the private key so it is secure.
You should have stopped at the first question, the answer to that answer the other too The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem!
The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem! So the private key you use to sign the transaction isn't compared to some list of private keys which are on the network to verify if it is an existing private key?
mvdheuvel,
You can find the answers to your questions much more quickly by doing some research rather than waiting for people to answer them. Try this site: https://en.bitcoin.it/wiki/
So the private key you use to sign the transaction isn't compared to some list of private keys which are on the network to verify if it is an existing private key?
If there were a list of private keys they would not be private keys.
It's really easier to learn crypto basics by reading some introductory texts on the net.
Do you know how to google? Enter "private key signature" into the search bar. Don't come back before you've read and understood at least 5 of the pages that come up
Onkel Paul
You should have stopped at the first question, the answer to that answer the other too The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem!
The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem! So the private key you use to sign the transaction isn't compared to some list of private keys which are on the network to verify if it is an existing private key?
You should have stopped at the first question, the answer to that answer the other too The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem!
The transaction is SIGNED by using the private key, this means that anyone can prove it is valid but no one can get the private key. So, no problem! Yes. But...
The probability that you hit an existing private key is so small that the time and energy invested into finding one key would cost more than the total market cap of bitcoin (in fact, as Gabi has pointed out, more than the available energy output of our sun over its entire lifetime).
This is pretty similar to a lottery where you buy all the tickets - of course you will win the lottery, but it's not really cost-effective, and in the case of bitcoin, you can't buy enough tickets to even get a chance of winning a little bit...
Onkel Paul
Actually, there's a small exception to this rule: If you look at deterministic keys generated from a passphrase instead of random keys, and the passphrase can be guessed, it's much easier of course.
Example: There's a private key generated from "correct horse battery staple" (corresponding public key is 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T) which is a passphrase that wasn't too hard to guess (actually, if xkcd had kept its mouth shut, it would be pretty hard to guess...). Everybody can spend contents of this address, which is why its balance is almost always zero...
The probability that you hit an existing private key is so small that the time and energy invested into finding one key would cost more than the total market cap of bitcoin (in fact, as Gabi has pointed out, more than the available energy output of our sun over its entire lifetime).
This is pretty similar to a lottery where you buy all the tickets - of course you will win the lottery, but it's not really cost-effective, and in the case of bitcoin, you can't buy enough tickets to even get a chance of winning a little bit...
Onkel Paul
Actually, there's a small exception to this rule: If you look at deterministic keys generated from a passphrase instead of random keys, and the passphrase can be guessed, it's much easier of course.
Example: There's a private key generated from "correct horse battery staple" (corresponding public key is 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T) which is a passphrase that wasn't too hard to guess (actually, if xkcd had kept its mouth shut, it would be pretty hard to guess...). Everybody can spend contents of this address, which is why its balance is almost always zero...
OK, I get that. Chances you hit a private key are too small. And if people are smart enough to store their balances in small amounts over multiple private keys its even less effective for hackers.
But I have another question.
If I use my private key to make a transaction, the network needs to match this private key to the public key (which is derived from the private key). Doesn't this mean that all the private keys are stored on the network? And how safe is this? Why can the network easily verify the private keys but can't someone else look into them? And can't someone simply "listen" to the network and pick up those private keys?
And if I make a wallet address with the QT client, does the cliënt generate a private key? And is I encrypt my wallet, what does that mean? Does that mean my passphrase is the new private key?
This is asked every two days. Please search before you ask
Yes. But...
The probability that you hit an existing private key is so small that the time and energy invested into finding one key would cost more than the total market cap of bitcoin (in fact, as Gabi has pointed out, more than the available energy output of our sun over its entire lifetime).
This is pretty similar to a lottery where you buy all the tickets - of course you will win the lottery, but it's not really cost-effective, and in the case of bitcoin, you can't buy enough tickets to even get a chance of winning a little bit...
Onkel Paul
Actually, there's a small exception to this rule: If you look at deterministic keys generated from a passphrase instead of random keys, and the passphrase can be guessed, it's much easier of course.
Example: There's a private key generated from "correct horse battery staple" (corresponding public key is 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T) which is a passphrase that wasn't too hard to guess (actually, if xkcd had kept its mouth shut, it would be pretty hard to guess...). Everybody can spend contents of this address, which is why its balance is almost always zero...
The probability that you hit an existing private key is so small that the time and energy invested into finding one key would cost more than the total market cap of bitcoin (in fact, as Gabi has pointed out, more than the available energy output of our sun over its entire lifetime).
This is pretty similar to a lottery where you buy all the tickets - of course you will win the lottery, but it's not really cost-effective, and in the case of bitcoin, you can't buy enough tickets to even get a chance of winning a little bit...
Onkel Paul
Actually, there's a small exception to this rule: If you look at deterministic keys generated from a passphrase instead of random keys, and the passphrase can be guessed, it's much easier of course.
Example: There's a private key generated from "correct horse battery staple" (corresponding public key is 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T) which is a passphrase that wasn't too hard to guess (actually, if xkcd had kept its mouth shut, it would be pretty hard to guess...). Everybody can spend contents of this address, which is why its balance is almost always zero...
Here is why
nice one.
I'm no cryptography expert myself, but I believe what you describe is known as 'rainbow 'tables'.
In short, there's no use in trying to generate rainbow tables for SHA-256 (the hash algorithm Bitcoin uses) as it would take way too much computing power and storage space.
In short, there's no use in trying to generate rainbow tables for SHA-256 (the hash algorithm Bitcoin uses) as it would take way too much computing power and storage space.
Jump to: