Bitcoin Forum

I know you can create a vanity Bitcoin Address, but is there a way to create a Vanity Bitcoin Private key?

Heh I was under the impression that you can import any private key of the right length, well I might be wrong. At any rate, why would you want to do it? Priv key as the name states , is supposed to be private

How do you trust vanity services I dont really get it!

Sure.  It's typically called a "brainwallet" and it's a really, Really, REALLY bad idea.

The method is called split key generation. You create a private / public key pair. You give the public key to the person creating the vanity address for you. That person combines your public key with other newly generated public keys (ofc they generate private keys and get the public key from that). Out of the combined public key they generate the address and check if it matches your prefix. If it matches your prefix they have a partial private key that will result in the address if combined with your private key. The partial key alone is not enough to find the combined private key and only you know both parts.

A private key is any 256 bit number so yes, you can create any private key you want.

I assume you want the encoded version of the private key to "spell something"

Sure, no problem:  start with what you want it to "say" as a legit encoded string and you are done...

Not very exciting.

As Danny said:  This is a very bad idea.

Brainwallet is just a Passphase, what I wanted to do is have a private key that is

 BitcoinDjs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

Theoretically it is possible, but it probably is not secure. It would have to start with 5, K, or L since those are the WIF prefixes for Bitcoin.

I bet that funds sent to the address corresponding to the privkey deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef will be immediately swiped by some bot. The same might happen with tons of other "vanity private" keys.

The principle is you have to avoid actual words like the plague, a mess of characters, including numbers and special characters, is what's desired, that's why by default Bitcoin addresses are long string of random characters. I think we'll see soon new features that allow us to properly tag and give recognizable names to our addresses and share them in a more user friendly and fashionable way (see the Chris Odom lecture on BIP47).

it's risky, but I am ok with it.

So is there a way (utility) to generate private vanity keys..

Something like

5BitcoinDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

You don't seem to understand that since a private key can be anything you are not constrained to just having the first part "say something" and then be stuck with whatever random characters appear in the rest, like you are with a vanity Bitcoin address.

Theoretically you can have the vast majority of the encoded private key say whatever you want it to say.  It will have to start with the correct characters of course and end with the correct checksum but then after that you can control almost everything else.

The utility you desire is very easy to write.

Basically just do steps 1 - 7 described here in reverse:

https://en.bitcoin.it/wiki/Wallet_import_format

Start with a properly encoded Base58 encoded string:

5 <constrained 2nd character> <A bunch of Base 58 characters YOU CAN PICK> <constrained characters to encode the checksum>

So you can pick almost all of the characters in the string as long as they are in the Base 58 character set.

thanks again, but as I am not a programmer :-\  hard to follow throgh,  but I'll look over it.

would be nice if there is a util to do it.

Think of it like this. The private keys are what protect your bitcoin. They only work properly if they are random. What you are suggesting is that you remove part of the randomness, so the private key looks good. A private key however is nothing to show someone else, so it would only look good to you and you reduce the security for it.

If you want something good looking, that is not a security risk and can be shown around, get a vanity address[1].

[1] full disclosure Im biased on this, I sell them.

To be honest, I don't want it to look good, I wanted to be easily remember.

take the private key I wanted to generate

5BitcoinDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

I want to store this in plain sight but instead I posted it as

5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

Since I only know to Change the 7 Letters back when I need to use my Private key, I can plainly put this on my computer or email me a copy without worrying about people getting hold of my Actual Key

It's similar to breaking down your private key into two parts, but this way, one part is easily remembered and recovered.

Well, you could store a password encrypted version of your private key in plain sight and then when you want to use it you would use the password to decrypt the private key.

In this case the security of your private key would be as good as the security of your password.

You can do this with a password encrypted MS Excel document for example.

Yes you can; For instance I have this priv key:
5cakircakircakircakircakircakircakircakircakircakir
But Bitcoin Core says this is not valid WIF priv key. (Invalid private key encoding (code -5))

Yet;
On blockchain.info I can import it:
5cakircakircakircakircakircakircakircakircakircakir -> 1KpGFJqsLf1Phv7nmHSMDrg5tUA6tNiyLB

Also blockchain.info converts this priv key into this one: 5K648maJ5tmaNNVWTNAjGjBnUq57uPGjW15tREZeuiXGHDuUx54
(this one can be imported into bitcoin core etc.)

Why not use encryption for that with a password as BurtW suggests? Why do you need to remember the raw private key?


Yes, its like revealing half of your password and thus making it less secure, only that you are not revealing half of it, but 44/51 or ~86% (assuming 7 hidden and 51 total).

how's is it still revealing my private key? if I show you my key as

5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

how would you even decode this to my real key?

Because that is the real private key. That is in what is known as Wallet Import Format. You enter this type of string into a wallet in order to import a private key, so it stands to reason that the private key can be derived from this string, and it can. That is actually the private key, just encoded into a certain format. That is the private key encoded in Bitcoin's base58CheckEncoding. Since the actual private key that is encoded is not hashed, it can thus be decoded into the actual key. So sharing your private key like this is actually sharing your private key and will result in your Bitcoin being stolen.

But it isn't the real private key, he has replaced part of the key:
 5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

Hence the " 44/51 or ~86% (assuming 7 hidden and 51 total)" comment by shorena.

It is more of a security by obscurity argument to transform a portion of the key.  It isn't a valid key of course with the substitutions.  

If you are looking for a private key that has a replaceable prefix it decreases the search space dramatically and isn't safe.

edit:  You can obviously do as you wish, but be very careful and be sure to understand the ramifications of what you are doing. 

If you did this (replace the 7 actual characters "Bitcoin" with the junk characters "hutyAew" and you gave me the string 5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D then I could easily write a program to very easily recover the original string "Bitcoin" within a few seconds (just by checking the checksum), crack your private key, and take all of your Bitcoins.

You really do not want to mess with this!

Considering you only need to do sha256d for the check which can be done by old mining GPUs ~500 million times per second (500 MH/s) you probably need longer to write the code than to execute it. If we assume 361 billion englisch words[1] it would take ~12 minutes to try all of them. Keep in mind that we could also eliminate all words with non base58 symbols. The estimate is probably too high, as we cant just "count up" and reloading data takes time.

[1] http://www.npr.org/2010/12/16/132106374/google-book-tool-tracks-cultural-change-with-words

Edit: MH not GH.

This is not my Actual Private Key!  I wanted a way to generate a Private Key like

5BitcoinwDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

so I can print it out on paper as

5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

Yes, I realize that, I misunderstood your question there.

As others pointed out. Those 7 characters is not much protection. It will not take terribly long to brute force what those seven characters are.

those are just a sample

i can replace those 7 letters with 13 letters, or start at the middle

5wDs9BsUh1NivythGuessBitcoinf49VvEzGXpD7ZLtDxdDyXN7D

and have it display as

5wDs9BsUh1NivythjeEsdVnt35saf49VvEzGXpD7ZLtDxdDyXN7D

If you want to print it encrypted use BIP38. If you think your idea will protect your coins, by all means do it. Just dont use that for the coins of others.

I am not asking if it's good to do it, I am asking if there is an util to do it?

There probably is not. Write one yourself or hire someone to. The reason one doesn't exist is because of us a pretty stupid idea and is most likely not safe. If you do write one, please don't advertise it and tell people to use it, or isn't as secure as other options out the.

Most good programmers are intelligent, skilled, and desire to create quality software. Therefore, they really don't have much interest in intentionally creating an insecure, useless, piece of crap program.

Creating a vanity private key would be both insecure and a useless piece of crap.

Therefore, it is unlikely that you'll find any such utility created by an intelligent, skilled programmer.

This means that if such a utility exists at all, it was either created by an unintelligent, unskilled, or criminal programmer.  It will therefore almost certainly be insecure, and a piece of crap.  You'll be very lucky if any such utility that you find doesn't have hidden programming designed to steal your bitcoins from you.

It's a bit like asking if there is a utility somewhere that you can use to collect your own credit card numbers (with security code), social security number, birthdate, and home address without you needing to enter them and then publish them all on a public website.  Such a utility isn't likely to exist, and if it did, there would be no good reason to use it.

Privkeys are meant to be random, so why would you want it to be not-so-random? No one else should be able to know the code. I'm sure it's possible if you modded vanity inner, but there's really no point.

Base58 encoding is similar to the LUHN check. Given the first few digits, you have narrowed down the possible endings. Whilst the numbers are still quite large (depending on your vanity key), you've reduced the space to search drastically.

Again, if this is your private key:

5BitcoinDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

And you to this:

5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

You do not need a tool for it. But the checksum (green) would be wrong.

So you can take the first part of the "obfuscated" key and generate a new checksum. Could be:

5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDakv73DFg

Now you got a valid key again. So no one would see that it's not the real key. This is security by obscurity. But might work for you, until someone knows your "algorithm". The point about real security is, that it is secure even if the attacker knows the algorithm!

So better just use a tool that can encrypt you private key an go with the encrytpred version as others suggested already.

To answer your question: No there is probably not a tool for your usecase, because it's a bad idea!

But for some btc, I could wirte one for you.

He would need to not only memorize the "Bitcoin" part and also memorize the correct check sum part for it to work for what he wants to do...

No he can recalculate the checksum after replacing the "secret part"

With what?  He would then need to have a tool.  He wants to be able to reconstruct the correct private key from memory + the written down wrong key without the use of a computer or tool.

If he is going to have a computer and a tool why not just password encrypt the private key like everyone else does.

The whole problem h0w8rd is that your way of securing privkey is much less secure than you think. Much less secure. Even if it seems like good security. I would try to explain it, because I hope, you want this for yourself and do not want to loose your BTC.

Imagine I am a malevolent hacker.
If you give me 5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D in plain sight, I will first check last part (checksum) of this obfuscated privkey and I will find that it is not correct. Now I know that this privkey is somehow crippled.
So what will I do? I would try these privkeys for start (knowing your nickname):
5HowardwDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5hHowardDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5huHowards9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5hutyHowardBsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
...
...

then I would try some of these:
5h0w8rdwDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5hh0w8rdDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5huh0w8rds9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
5hutyh0w8rdBsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D
...

And the same thing with some common passwords (including capitalizations) such as "Secret", "Superman", "mypassword", "1234576", "qwerty", "QwErTy", ...
I would certainly try "BTC", "bitcoin", "Bitcoin", "BITcoin", "nioctib" pretty soon. On all possible positions.


And now... here is the catch. I can (with computer) easily make ~500 million such guesses (and checks for correctness) per second. Due to you leaving checksum unchanged, these checks are super easy. (But even if you changed checksum also, then recalculating it each time and checking BTC balance of the corresponding address is only a little bit more delay.)
I can take dictionary of common english words. One word in each position with common capitalizations makes about 40*10=400 possibilities. So I can check about 1 million words per second. I would find your real privkey in under a second.
If you use two words (like) GuessBitcoin or h0w8rd123Bitcoin you are a little more secure. Let's say you choose from dictionary (+ Bitcoin specific terminology like "BTC", "Bitcoin", "Satoshi"...) which has 200 000 different words. Then it would take me (with one common GPU) 55 hours to break such privkey. If I am determined hacker with dedicated bruteforcing machine then it will take minutes or even less.

You can complicate situation further, choose three words, four words (still unsecure), choose complicated ungoogleable passphrase with numbers, etc. That way you are closing to the solution with several words (like 12) used as master seed in HD wallets. Or you can just encrypt your privkey with the same strong password.

It depends which level of security is right for you. But I want to stress that basic Bitcoin working (256 bit random privkey is much, much much stronger than any password you will come up with and can meaningfully remember). And your solutions ("one or two replacement words with some tweeks, in secret position") is much much weeker than it seems on the first sight. Not mentioning keyloggers and screen capturers when entering your real privkey somewhere.



And... I do not know about any sowtware that would do such a thing. But it would not be very difficult to make for skilled programmer.

Thank you for the explanation, it help a lot.  Your point is quite right.

My original goal was to be able to print a hard copy of my private key so I can store it, and don't have to worry someone able to use it even if they find it. 

I could password protect the key like some suggested, but then I would have to remember a hard password to decode it.

By getting a vanity private address I can chance my key from

5hutyAewDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXN7D

to

5HowardwDs9BsUqVh1Nivythf49VvEzGXpDYj37ZLtDxdDyXND7

this way, I know how to decode it from memory

You're going about this the wrong way. What you want is to store the long part of the key in an easily-accessible form, but then have a small password that you know that secures it. There's actually a standard way to do this that is secure (well, as secure as your password): BIP38 encryption. Here are some sites that let you generate a BIP38-encrypted key: (I can't vouch for either of them personally, but they look decent enough)

https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-wallet.html
https://bit2factor.com/

BIP38 uses scrypt as a key stretcher (https://en.wikipedia.org/wiki/Key_stretching), so that it's harder to guess your password (still, you should choose a good one, e.g. 8 random characters, not just a word or name).

This has been suggested to him several times.

How many times should we tell someone not to stand underneath the piano that they are trying to hoist up 100 feet before we just turn our back and walk away?