Title: Vanity Addresses, Last Digits? Post by: eddie13 on November 28, 2020, 07:20:57 PM When I double and triple check what address I pasted to send to, I usually check the first few and last few characters of the address.. I see a lot about vanity addresses in the first few digits, but what about the last digits?
Is it as easy to make addresses with the last digits the same as it is the first? Relating to sending security, if I check the first 5 and last 5 of an address is that pretty safe? Any vanity addresses out there that could quickly copy the first AND last digits of my addresses so I would think they are correct to send, but scam me in the middle? How much of a BTC address do you need to verify is correct before making a send? Is the end also vulnerable? Supposing one of those malware things where it changes the addy when you paste, and it even tries hard to make a similar addy for you to paste to trick you, if that’s even a thing, but could be.. Can you also work on the end digits of an address for vanity? I imagine yes, and security would just come down to the amount of total digits anywhere in the addy.. Eh? Title: Re: Vanity Addresses, Last Digits? Post by: BlackHatCoiner on November 28, 2020, 08:06:55 PM Is it as easy to make addresses with the last digits the same as it is the first? As far as I can imagine, it will be the same. Checksum (https://learnmeabitcoin.com/technical/checksum) is not a problem since vanity programs start from private key and go to address with all the hash algorithms. I'm not sure, but I guess same possibilities.Relating to sending security, if I check the first 5 and last 5 of an address is that pretty safe? Any vanity addresses out there that could quickly copy the first AND last digits of my addresses so I would think they are correct to send, but scam me in the middle? Just look the first 5 chars. Having both 5 first and last characters is pretty impossible for anyone. They're the same possibilities of having the first 10 characters of an address.Can you also work on the end digits of an address for vanity? Yes, you can. I believe there is an option on vanitygen (https://bitcointalk.org/index.php?topic=25804.0). If no, then you can easily code one.Title: Re: Vanity Addresses, Last Digits? Post by: Upgrade00 on November 28, 2020, 08:45:10 PM Is it as easy to make addresses with the last digits the same as it is the first? It gets progressively more difficult when you try to increase the number of the personalized characters in the address. The higher the number, the more difficult it would be to generate them."Vanitygen's search is probabilistic, and the amount of time required to find a given pattern depends on how complex the pattern is, the speed of your computer, and whether you get lucky." Relating to sending security, if I check the first 5 and last 5 of an address is that pretty safe? Any vanity addresses out there that could quickly copy the first AND last digits of my addresses so I would think they are correct to send, but scam me in the middle? That should be pretty safe. I do not think there is such a service which can quickly duplicate 10 characters in a wallet address as they are generated using base58check encodingConsider this table from mastering Bitcoin (https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch04.asciidoc); https://i.imgur.com/YtbTxqf.png Can you also work on the end digits of an address for vanity? Correct me if I'm wrong, but addresses are generated sequentially, so you'd have to determine the first characters before the last, reason why most vanity addresses have prefixes added and not suffixes.I imagine yes, and security would just come down to the amount of total digits anywhere in the addy.. Eh? Title: Re: Vanity Addresses, Last Digits? Post by: xhomerx10 on November 29, 2020, 12:40:16 AM Dudes! That chart is so out of date. Five digits is a cakewalk now.
You can search the entire address for a match so first 5 or last 5 is nearly equally likely excepting that the leading 1 is a given edit This took 50 seconds: Code: PubAddress: 1BEBYj5e1dUTJTXMBEB1CR7Bf6XX2easy This took 10 seconds: Code: PubAddress: 12easyCr2Hgci6jggxDskFYyE2GQmLsRkx Title: Re: Vanity Addresses, Last Digits? Post by: hatshepsut93 on November 29, 2020, 12:46:59 AM You can target any positions with vanity adress generation, because all it does is just generating private keys, deriving public keys and addresses and matching them against the desired pattern, which can be anything.
How much characters is "enough" to check will change over time, because as hardware gets more powerful, the more characters can be vanitiygened. I would recommend to check the whole address, but do this programmatically. I personally just wrap both addresses in "", open browser's console, which is a Javascript execution environment, and paste a statement "address1" == "address2". The console will immediately tell true of false, which means addresses match or they don't. Title: Re: Vanity Addresses, Last Digits? Post by: erikoy on November 29, 2020, 01:27:37 AM <snip> which means that you are safe in the way you are doing on how to check bitcoin address before sending. The Vanity address takes time to search for a BTC address that can match your btc address. Besides, anyone whom you will be sending with your btc address is not being manually encoded for it is just being copied and paste so no way you can get confused whether you have input the wrong address or receiving the wrong btc address. Checking it is just to make sure your transaction to become successfully receiving or sending the right address you use.Title: Re: Vanity Addresses, Last Digits? Post by: o_e_l_e_o on November 29, 2020, 02:36:04 AM I would recommend to check the whole address, but do this programmatically. I personally just wrap both addresses in "", open browser's console, which is a Javascript execution environment, and paste a statement "address1" == "address2". Surely if you are concerned regarding clipboard malware, then using the copy and paste function as part of your checking procedure defeats the purpose of the check? If you copy the addresses in to the console and the clipboard malware changes them both, then your statement will return true despite the addresses being modified.I've never really understood all the debate about how many characters is safe enough. Checking the entire address takes 15 seconds. Resize the two windows on your computer or hold your phone up to the screen or whatever to put the two addresses physically next to each other so you can read them both simultaneously. Why take an unnecessary risk, regardless of how small, for the sake of a few seconds? Title: Re: Vanity Addresses, Last Digits? Post by: BlackHatCoiner on November 29, 2020, 07:43:49 AM Dudes! That chart is so out of date. Five digits is a cakewalk now. Most people afraid of buying bitcoin on its high and then selling it on its low. I'm personally afraid of what will be a "cakewalk" after 2 decades.I've never really understood all the debate about how many characters is safe enough. Checking the entire address takes 15 seconds. You're right within certain limits. Checking the address does not take long. Although, if I ever saw anything malicious on my clipboard, I won't even risk to transfer bitcoins from that pc, no matter the "check" I would do to the address' characters. It would be very clear that my pc is not safe. So if I ever see my copy-paste doing its own stuff, I'll simply stop using my wallet.Title: Re: Vanity Addresses, Last Digits? Post by: NotATether on November 29, 2020, 11:08:05 AM Dudes! That chart is so out of date. Five digits is a cakewalk now. You can search the entire address for a match so first 5 or last 5 is nearly equally likely excepting that the leading 1 is a given Did this speed boost have to do with compute speeds on NVIDIA GPUs becoming several times faster over the past few years, or is it because the programs that find them got some optimizations since then? I really don't think it's the latter as the only rewrite of a vanity generator I've seen made recently is VanitySearch. Even that looks like abandonware now as @Jean_Luc was last seen online one month ago, and the last commit to https://github.com/JeanLucPons/VanitySearch was on September 9. I think we can do better than this. Riding on technological advancements from NVIDIA is convenient, but I'm sure there are ways to optimize the programs that make vanity addresses. Title: Re: Vanity Addresses, Last Digits? Post by: Pffrt on November 29, 2020, 11:20:00 AM Any vanity addresses out there that could quickly copy the first AND last digits of my addresses so I would think they are correct to send, but scam me in the middle? If you are going to check & in the first and 5 in the last, it will be total 10 characters which hackers need to find within? Within the time frame you are sending the BTC. So, it looks like he must have to create the address within 2/3 minutes maximum which isn’t that easy as finding 10 characters in vanity isn’t easy at all.Title: Re: Vanity Addresses, Last Digits? Post by: ABCbits on November 29, 2020, 11:35:17 AM Just check the whole address slowly if you don't want lose your Bitcoin or sending to wrong address. But you should be fine with checking some characters on random position (e.g. 5 first, 5 last and 5 starting from 15th position).
Dudes! That chart is so out of date. Five digits is a cakewalk now. You can search the entire address for a match so first 5 or last 5 is nearly equally likely excepting that the leading 1 is a given If you check the chart/table source, it's created with average desktop CPU few years ago, not with dedicated GPU. Title: Re: Vanity Addresses, Last Digits? Post by: NeuroticFish on November 29, 2020, 12:07:07 PM How much of a BTC address do you need to verify is correct before making a send? The best practice I know is to check not only the start and end, which are vulnerable to vanity generators, instead also check something from random position in the middle. I usually pick some sequence I find easy to remember, 4-5 characters in the middle. I find that more important than checking the start and the end. You'd have to be extremely unlucky to find a hacker that impersonates the start, the end and also exactly the sequence you've picked from the middle... Title: Re: Vanity Addresses, Last Digits? Post by: o_e_l_e_o on November 29, 2020, 09:13:44 PM So, it looks like he must have to create the address within 2/3 minutes maximum which isn’t that easy as finding 10 characters in vanity isn’t easy at all. Not necessarily. I remember seeing clipboard malware which had an internal database of 2 million addresses, so it could pick one which more closely resembles the one it is replacing. It is also conceivable that an attacker could host a database of hundreds of millions of possible addresses which the malware could query to find a suitable match.The best practice I know is to check not only the start and end, which are vulnerable to vanity generators, instead also check something from random position in the middle. There is no reason a vanity generator couldn't look for specific characters from the middle of an address either.You'd have to be extremely unlucky to find a hacker that impersonates the start, the end and also exactly the sequence you've picked from the middle... Unlucky yes, but still possible. The only way to guarantee safety is to check the whole address.Title: Re: Vanity Addresses, Last Digits? Post by: eddie13 on November 29, 2020, 10:45:53 PM Nice replies guys thanks..
|