|
Title: I have a question about bitaddress.org and sha1. Post by: newsecurity1986 on April 02, 2022, 09:41:09 PM I know that this is already discontinued, but I was curious to know how likely it is that with brute force, and replicating the conditions of the time such as Operating System, date, and the first versions of the code, sha1, using modern power.
Could the private keys of any of those wallets generated with the first versions of bitaddress.org be found? https://i.imgur.com/CGRDjj0.png BTC bc1q9tcs5cam8qhlzyd4rw0q9tdmy4ghzk4gd5rumg Title: Re: I have a question about bitaddress.org and sha1. Post by: nc50lc on April 03, 2022, 03:18:26 AM From which source have you found out that the old version of bitaddress used SHA1 to produce prvKey from the entropy, their changelog?
This: github.com/pointbiz/bitaddress.org/blob/master/CHANGELOG.txt#L108 (https://github.com/pointbiz/bitaddress.org/blob/master/CHANGELOG.txt#L108) ? Quote - hash with SHA256 instead of SHA1. SHA1 hash still provided in package.json. If so, that's only for the checksum of the html file, not the key generation. Title: Re: I have a question about bitaddress.org and sha1. Post by: pooya87 on April 03, 2022, 03:26:17 AM Using SHA1 to produce bitcoin private keys doesn't even make sense since the hash digest is smaller (160 bit) than 256 bit keys.
But even if you use SHA1 you still wouldn't be able to brute force it since SHA1 is only vulnerable to a certain type of attack to find collision. You still can't brute force 160 bit entropy or easily solve ECDLP for a 160 bit key. |
