Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: Fishbones78 on July 30, 2015, 12:05:38 AM



Title: Generating Private Keys From Strings Of Words
Post by: Fishbones78 on July 30, 2015, 12:05:38 AM
Hi.
More people are starting to make their private keys from strings of words. Wallets like MultiBit HD force you to create your private keys from word strings. If Bitcoin grew substantially larger, surely this would present a problem? I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

Is my understanding of Bitcoin correct in this, and if so, surely this could happen if most of the world's population used Bitcoin?


Title: Re: Generating Private Keys From Strings Of Words
Post by: unamis76 on July 30, 2015, 12:07:57 AM
the word combinations are quite big, and when you mix languages they're even bigger. If there was enough people using this method of generating private keys for collision, one just probably had to raise the words limit.,.. :)


Title: Re: Generating Private Keys From Strings Of Words
Post by: Fishbones78 on July 30, 2015, 12:22:56 AM
the word combinations are quite big, and when you mix languages they're even bigger. If there was enough people using this method of generating private keys for collision, one just probably had to raise the words limit.,.. :)
That's very true. I still think it would be possible to collide (in English, probably), especially if you were deliberately trying to collide. It would probably take a long time, but it is possible without a doubt.


Title: Re: Generating Private Keys From Strings Of Words
Post by: achow101 on July 30, 2015, 12:25:58 AM
That is just like bruteforcing a password. While it doesn't seem like too much, it is in fact incredibly difficult and will take much longer than you would think. Think of it as trying to bruteforce a 24 character password. Pretty hard. Now instead of less than 100 characters to choose from for each character, you have hundreds of millions of words to choose from from each "character" That becomes pretty much impossible to brute force in any reasonable amount of time with current technology.


Title: Re: Generating Private Keys From Strings Of Words
Post by: achow101 on July 30, 2015, 12:28:08 AM
the word combinations are quite big, and when you mix languages they're even bigger. If there was enough people using this method of generating private keys for collision, one just probably had to raise the words limit.,.. :)
That's very true. I still think it would be possible to collide (in English, probably), especially if you were deliberately trying to collide. It would probably take a long time, but it is possible without a doubt.
Of course it is possible. So is brute forcing someone's password. But, it is probably more cost effective to do other things with your computer. Remember, running a computer costs money (electricity costs) and it will take several times longer than your lifespan to reliably get a collision.


Title: Re: Generating Private Keys From Strings Of Words
Post by: Kazimir on July 30, 2015, 01:02:00 AM
That's very true. I still think it would be possible to collide (in English, probably), especially if you were deliberately trying to collide. It would probably take a long time, but it is possible without a doubt.
Yes, for sure, this is most definitely possible. It's also possible to buy lotto tickets every week until you win the jackpot. The latter strategy has a much, MUCH bigger chance of success, and will yield results much faster.

If you would somehow manage to have ALL of the world's total computing power at your disposal, the expected time it takes to find your first collision is approximately 19 billion years (that's longer than the current age of the universe).

Keep in mind that those HD Wallet words are (roughly speaking) just a fancy way of representing the 256 bits of a private key.

Also this illustration (https://i.imgur.com/plNHDAd.jpg) is obligatory in a topic like this.

So good luck with that, sir! :)


Title: Re: Generating Private Keys From Strings Of Words
Post by: jbrnt on July 30, 2015, 01:10:44 AM
I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

I suggest you try it. Electrum version 1 wallets uses 12 words, half of Multibit. Create the script and run it for a month. Electrum uses a list of 1626 words, total permutations is 3.4 x 10^38. Have fun with it! You might just be lucky and hit a wallet with balance on the first attempt.  :D

I think there are people who tried it before and some still hacking. I haven't heard of any Electrum users reporting that their coins are mysteriously gone.



Title: Re: Generating Private Keys From Strings Of Words
Post by: jonald_fyookball on July 30, 2015, 01:46:03 AM
I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

I suggest you try it. Electrum version 1 wallets uses 12 words, half of Multibit. Create the script and run it for a month. Electrum uses a list of 1626 words, total permutations is 3.4 x 10^38. Have fun with it! You might just be lucky and hit a wallet with balance on the first attempt.  :D

I think there are people who tried it before and some still hacking. I haven't heard of any Electrum users reporting that there coins are mysteriously gone.



as I mentioned in another thread, you could have 10,000 supercomputers each running 100 petaflops for a whole century and not even get through one percent of one percent of the combinations...oh and that's before electrum's key stretching which makes it  100,000 slower to compute.  it also doesn't include any extra time needed to generate multiple addresses for each seed and check their balances...so....good luck.


Title: Re: Generating Private Keys From Strings Of Words
Post by: valkir on July 30, 2015, 02:43:26 AM
http://www.networkworld.com/article/2226175/microsoft-subnet/top-25-most-commonly-used-and-worst-passwords-of-2013.html

If you try every password on that list, you will see there is a lot of them that already have some coin on it.  :P


Title: Re: Generating Private Keys From Strings Of Words
Post by: Pursuer on July 30, 2015, 02:49:17 AM
Hi.
More people are starting to make their private keys from strings of words. Wallets like MultiBit HD force you to create your private keys from word strings. If Bitcoin grew substantially larger, surely this would present a problem? I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

Is my understanding of Bitcoin correct in this, and if so, surely this could happen if most of the world's population used Bitcoin?

you have to remember that creating a string of random words by a human can not be completely random. so there is a risk of being hacked.


Title: Re: Generating Private Keys From Strings Of Words
Post by: coretechs on July 30, 2015, 02:59:57 AM
Hi.
More people are starting to make their private keys from strings of words. Wallets like MultiBit HD force you to create your private keys from word strings. If Bitcoin grew substantially larger, surely this would present a problem? I could create a program to randomly shuffle words in 24 word strings (the most words MultiBit allows to create a private keys with), to create private keys and check them for a BTC balance on the block chain. If the keys' address had BTC allocated to it, I could simply withdraw it to my own, untraceable wallet.

Is my understanding of Bitcoin correct in this, and if so, surely this could happen if most of the world's population used Bitcoin?

you have to remember that creating a string of random words by a human can not be completely random. so there is a risk of being hacked.

Here's a passphrase generator you can use - https://nxtportal.org/tools/diceware_passphrase.html

Right-click, save-as for offline use.   :)