Bitcoin Forum

http://reifddd.wix.com/levent (http://reifddd.wix.com/levent)

[I'm a finite character space]

Levent Korkmaz

The finite space of the characters of Bitcoin's account number.

(I'm a cold wallet and all the cold wallets are warm.)

[I'm a finite character space]

We have prepared a new project to use Bitcoin with my team-mates: Anthony Boivin and
Takashi Ohno. I bought reifd.info for our project. I've done research about Bitcoin account
security for the protection of the people who will invest our new projects. My research
results show this frightening security flaw.

I've realized that Bitcoin, Ethereum, Ripple and Ethereum dao have affected by Assets
security flaw. Coin that designed with Chain and the others are being affected. So all of the
Chain technology are under affection of this security flaw. With this security flaw all of the
investors' money can be stolen. Despite of the investor that has performed every security
protection.

I've stopped my reifd.info project for the safety of my investor. I hope that updates will be
done as soon as possible for this security flaw and we present our project safely to the
investor. Honesty and security first, then trading.

*Firstly let's think what we have to do concerning Bitcoin account security like everybody
else does.

I should provide the security of the number of Private key to assure the security of my
Bitcoin and Ethereum accounts. I need to keep my account number's Private key
somewhere safe. I need to use cold wallet. I need to create Multi - Signature with
Electrum. I need to print Private Key and keep it somewhere safe. I need to protect my
wallet with a strong password. I need to transfer my money into several account numbers.
I need to back-
up my wallet.

Now let's ask the questions:

1)Do the security of Private Key's number and the other security precautions provide thesecurity of my money in my account numbers on Bitcoin, Ethereum, Ripple?

In fact, this question doesn't make sense for Ripple. But Ripple also experiences the
security problems that fall to it's share. And of course all the assets(Dao) that created by
Ethereum are also included.

And this question's answer is definetly "no", but why not?

The Bitcoin address with the total 33 characters:
1 “CbtYLQY4jdQhKs3WMweRFqe93MNtPnbPh”

The Ethereum address with the total 40 characters:

0x”Bb97dC9271B097E1568bB4d24BEa7C3a28b76d44”
1234567890A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z

Bitcoin, Ethereum, Rhesap numbers with the 26+26+10= 62 characters space.

The number of the private Key's security can't provide the security of the money in my
Bitcoin, Ethereum and Ripple account numbers because of that we create Bitcoin and
Ethereum account numbers with the infinite space characters( 62 character space).

So we can create account numbers with the finite characters space and this causes
coincidence. Alice and Bob may coincidentally create an exact same account number.

In this case Alice and Bob may have eachother's money without permission.

"All cold wallets in the outer character space are actually alone and warm. There are no
security and protection for money."

In that case Bitcoin and Ethereum that full of money are cold wallets, but the Ripple wallet
acount is warm.

Actually a wallet's being whether hot or cold doesn't make sense for this security flaw.
(All accounts wander in the 62 characters space)

So money in the accounts is idle in the character space because a wallet that created with
the finite characters space is also warm.

In this case Bitcoin that coincidentally belongs to someone else can create Ethereum and
Ripple addresses and the money might be transferred to another account.

"You can make your own special lottery without paying a red cent too. All you need to do is
to create million accounts quickly. Maybe you won't create a full account, but surely one
will be able to build a full account. If you're not a decent person you may hack someone
else's Bitcoin or Ethereum account and you are to ask for God's forgiveness."

In the banking system, IBAN is designed differently for every bank. A bank never gives an
IBAN that registered in it's own database to another bank customer, if that happens a fatal
mistake will be occurred. The bank solves this problem so easily.

2) Can we solve the security problem if we make the Bitcoin, Ethereum and Ripple's
account numbers' length about 1000-character-long?

This one's answer is also "no". But why not?

Ethereum made the generated account numbers' character length 40, too. Ethereum's all
account numbers' consist 40 characters, in that case Alice and Bob coincidentally create
an exact same account number.

(note: Ethereum made account number legth 40 characters for either "Private Key security
or "lack of coincidence".) In both cases 40 characters don't matter.

3)Does expanding the character space provide solution for our security problem?

This one's answer is also "no".

Let's see...
1234567890
A B C D E F G H I J K L M N O P Q R S T U V W X Y Za b c d e f g h i j k l m n o p q r s t u v w x y z

Let's add 1000 chinese kanji characters to this space and we'll have 1062 characters in
total.

You can access the 1000 Chines kanji I've found through the link below.
http://www.jaist.ac.jp/~sjittisa/kanji1000.pdf

4)Does creating Bitcoin and Ethereum account numbers With the total 1000, 5000 or
10.000 kanji characters space make our account number safe?

And this one's answer is also "no", but why not?

- We have a finite character space(10.062 kanji characters in total), and still two different
person can coincidentally create an exact same account number.

A Bitcoin account number that created with 1000 kanji and 62 latin characters space:
1 昼店道発物用 L 商圧誤委委投働 i 鈍毎何今 s 南西北外山雨聞 p 来読戻乱未


So what could be the solution to our security problem?

This kind of account number may slightly meets our requests if we think how this won't
create a confusion or a finite character space problem.

1 昼店道発物用 L 商圧誤委委投働 i 鈍毎何今 s 南西北外山雨聞 p 来読戻乱未

No matter what we do since we'll have a finite character space, the "random case" will be
valid for every character space we'll suggest.

So how can we maintain the security of a Bitcoin account?

"This suggestion is all about putting a checkpoint or creating a sequential account while
creating a Bitcoin account."A suggestion:

All account numbers are creating by The Miners. This stiuaton is not a centralist approach.

In the end, distributed miners will take over this process.

Miners' tasks in the new design are:

1)Confirming the accounts, security(their current task)2)Creating new accounts and adding
them into the chain

3)Maintaining the security of the account chain
4)
5)
6)
7)

"A suggestion"s key aspect is that how the miners will create the account numbers.

The process works like this:

User opens the wallet and clicks on the "create a new account" button and creates a
Bitcoin account or when he/she opens the wallet, the miners will create an account
automatically. The miners scan the account chain in order to know if the account number
that they are going create is already on the account chain and if there's no match to that
account number, they bring the account number into use to the owner of the wallet.


Or the miners create Bitcoin numbers in a sequential manner and they in retrospect don't
check which account numbers have been created.

Are the checkpoints necessary while sequential accounts are being created? "This should
be discussed."

First create six or seven free new accounts and even a little fee is requested from users for
the other Bitcoin accounts to be created. Thus prevents the excessive account number
creation.

An example for the sequential account number:

1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQD
1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQE
1MkhnXC6fkfQ3DvswfnuXXzpdwwP9KaMQF
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484134
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484135
0x3E3D07b8DFbb904ae63Eea9F30aedD099E484136

Of course there will be security aspects such kind of a road map.


Right below, you can see the account number that I've created by coincidence after a
research of mine.

bitcoin adress:
162Ks8Z4rFiAG8XbAG7Z5JMEP37suEPirr

Private key:
5K1y8cA3ewXgbUNXWGGZn2qCmJ1soQ29oc3uBgiUxwfkuDKFz6p

You can see the Bitcoin account number on Bitcoin forum through the link below
https://bitcointalk.org/index.php?topic=156609.450

Of course there's a wallet aspect of this plain. It has no importance of the created wallet
whether is cold or hot.

In order to coincidentally create a Bitcoin account in this way, we have two different
options.

1) We create a wallet and write "create account" command into the console.
2) We create the wallet and repeatedly create accounts using the new group of words.

I've created an account number that belongs to someone else by trying the first option.

Electrum and these kind of wallets create Bitcoin account numbers with a finite words
space too. (q)This stiuation causes coincidence since it can't go beyond the finite
characters space.

Electrum creates new account numbers with english words. English words are finite, so
this causes a coincidence
It'll be entered into another finite words space when it go beyond the english finite words
space. In this case read again starting from (q).

I've been following the development of Cointree for a long time. Peercoin brought a great
innovation with Proof-of-Stake. I believe the big problems will be solved by adding Proof-
of-Stake to Bitcoin.

Example: It can provide solution to 51 attacks and also Peercoin wallet mining can be
done.

If you improve your English the story may become readable ;)

You're going to guess a 70 digit private key? Why don't you start by guessing a 16 digit creditcard number?

TLDR: OP neither understands Base58 encoding nor big numbers (http://everything2.com/title/Thermodynamics+limits+on+cryptanalysis).

Guess a 70 digit private key just to gain access to 1 Address  ;D

This^

OP, you are completely and absolutely wrong. The private keys ARE NOT randomly generated characters. They are actually 256 bit numbers. This means that the total number of possible private keys is 2^256 - 1, which is a ridiculously large amount of possible private keys. Those private keys are converted into the characters that you see through a process known as Base58 Check Encoding (https://en.bitcoin.it/wiki/Base58Check_encoding). You cannot just throw random characters together to get a private key because it will probably fail the Check part of Base58 Check Encoding. The Check is the first four bytes of a SHA256 checksum of the private key.

This is what happens (OPs post) when someone who's neither a programmer or math expert tries to tell the programmers and math experts how to do their job, lol

Note that most Bitcoins are spendable by addresses, not public keys. Addresses are only 160 bits, and any private key whose public key hashes to the same 160 bit address is able to spend the coins at that address.

So for most coins it's "only" a 160 bit search to find a private key that can spend them. You don't need to find the same private key as the proper owner of the coins, you only need to find one which gives the same address.

Of course, a 160 bit search is still impractical to carry out. But it's a lot easier than a 256 bit search.

and in this case:
Bitcoin (cold address)-> person can coincidentally create an exact same  account number (cold address) .

If someone uses something non-random, sure. E.g. "Dog" as a "brain wallet" or a non random PRNG.

Otherwise, no.  Saying otherwise is either FUD or not understanding math etc as Foxpup etc has explained.

new:
can see the Bitcoin account number that I've created by coincidence:


Private key:
5Jf6mGTeCg37iZST1ukHXacwyuhjL3ABvEcpgwCRQX9y9fLGLbD

15eUHuCMKGekXmfH2B5awPWnwY3qVe3Nz1

https://bitcointalk.org/index.php?topic=775881.130;imode

I'm sorry, but the only thing this proves it that either you're an alt of amaclin, or amaclin just posted a bunch of addresses he found, including yours... Or are you really trying to say you brute forced 5Jf6mGTeCg37iZST1ukHXacwyuhjL3ABvEcpgwCRQX9y9fLGLbD and cross-referenced it... Sound rather hard to believe...

Or is it a brain wallet with a weak phrase, or a bad PRNG?

I'm sorry, I found the coincidence
wallet Electrum

Electrum

console :

for x in range(10):wallet.create_new_address()

That's amazing. Not only did you find a private key for an address that had been used already (it was a 1-in-2^160 chance that you would ever find any private key that unlocks that address), but you actually found one with *the same* public key as was used when amaclin generated the address.

It's surprising enough that you found one of the 2^96 private keys that unlocks amaclin's address, but you actually found the same one as him - 1 in 2^256 chance!

I don't believe a word of it, of course. The chance of your claim being true is closer to zero than I can conceive of.

         256 and 160 bits actually does not matter at all
So why?

rt= bitcoin address"1234567890A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z"

    rr
    tt
    rt
    tr
Bitcoin account number with the limited number of characters generated.
coincidence occurs.

a very long string

and a short string the same Bitcoin address can occur

"same Bitcoin address" It could form

Is it worth trying to decipher what OP is talking about? I half expect to see a reference to pyramids and aliens in the next OP update.

I knew there was something fishy with bitcoin
Thanks OP for finding out the vulnerability

This is for you
http://www.royalcourt.no/aim/kongehuset2/files/f/6/e/1cd85e79d26df11c30659e068c28357443af81b109/f6e1cd85e79d26df11c30659e068c28357443af81b109.jpg

OP, please explain your process (step by step) how you are deriving collisions of public keys and obtaining a private key.  Better yet, make a video because it's hard to understand what you are saying in plain English.

What you are describing is a hash collision attack on ripemd-160[sha-256(pk)], which is hard to believe. Extraordinary claims, require extraordinary proof.

Everyone else: Why am I being led into the troll cave?  ???

The (1234567890A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z) system that creates Bitcoin is reduced to (rt)

With Chinese, Japanese, Latin Alphabet, the numbers and a thousand characters number series, only

    (rr) Bitcoin address
    (tt) Bitcoin address
    (rt) Bitcoin address
    (tr) Bitcoin address

       addresses can be created.

In this case when you create a Bitcoin address with a character series(6789012345678901友達彼女雪男),(Llisp),(1234542152695) of  any length, a collision occurs.

Let's consider Bitcoin (tt) as a cold address, in this case someone else can create the cold address.

OP, again, BITCOIN ADDRESSES ARE NOT COMPOSED OF RANDOM CHARACTERS. In fact, there is actually no such thing as a Bitcoin address. On a technical level, there is no such thing as a Bitcoin address. Rather it is a way to represent a 160 bit number, the RIPEMD160 of the SHA256 of a public key. An address is simply an encoding, a way to package the hash of a public key in a manner which allows for some basic error checking and a way to shorten the number of characters that people have to deal with.

It doesn't matter how many or what characters are used for Bitcoin addresses. Increasing the characters used will simply make addresses shorter, they will not remain a fixed length because they must convert back to a 20 byte number. That is what stays constant, not the length nor the character space.

Such logic, much amaze, wow.

So you're saying if I have the target of decimal 10 in binary, 00001010, I could find a collision just by finding A in hexadecimal ?

Let's try a picture for OP....  I'm guessing he's using random alpha characters to generate a bitcoin address and there by searching the internet with his results to product a "hit" on a collision.

Levent: This is how bitcoin addresses are generated:
http://i.stack.imgur.com/N93Nn.png

Thank you, this is actually a very informative diagram. Saving this imagine for use in the future

It's part of a series of similar diagrams. I don't know where to find them now, but they were made by etotheipi I think?

Praise be to google: https://bitcointalk.org/index.php?topic=29416.msg369642#msg369642

cloverme:

(rt) is a theorem for collision
Read (Kurt Gödel ->principia mathematica) and (Douglas R. Hofstadter --> gödel escher bach) for the proof of (rt) theorem.

Please post the collision you have discovered. 

Post the two private keys which correspond to the same bitcoin address. 

Thanks!  :)

On a technical level or not,

I believe Bitcoins greatest vulnerability stands with people who don't understand what the ***CRYPTO***-currency actually is and with the people who come here to make a quick penny.

I'm just assuming you're talking about a brain wallet at this point...

There's a challenge open if you want to try your method to get bitcoins:
https://keybase.io/warp/warp_1.0.8_SHA256_5111a723fe008dbf628237023e6f2de72c7953f8bb4265d5c16fc9fd79384b7a.html

Good luck.

I agree with you.

There's a better challenge open, too: there's over $10 billion worth of Bitcoins secured by "easy-to-collide" private keys. Simply collide a few of the bigger ones and take the money!

The fact that this hasn't happened should be proof enough that OP's system (whatever it is; I can't understand what he is trying to say) doesn't work.

I think we've been trolled, let's say what satoshi has to say:

https://i.imgur.com/9MvNzUk.jpg


Ghost of Satoshi has spoken: "Hmmm.... dubious claim is dubious."

Another method of mirroring

https://www.bitaddress.org

(fX)

 rd rd d d RD rd Rd rdrd rdrd rd

1E38XQRdXVha^fXoAXwSZyoxPQ7R5HtmfrW


17na83aXEao3j^fXJXEN4uuvchgAjg1Mw1S

Can you provide us with the name of your darknet market vendor? That's good shit you're taking.

Imagine me a newbie reading it from top to bottom.  :'( That is a lot of stress and ending up it cant be done. You are saying you guessed some account of a Russian by a mere coincidence? There is a 1/a billion chance I think for this to happen? And you are saying our bitcoin is hackable after how many years of service? Oh crap! My head hurts after reading. Need some rest.

I know it's an old topic, but I think I understood what the OP wanted to say.

The answer I quoted sums it up, in my opinion.

I got here while searching google for the PUBLIC key I created... using the phrase: 12345678901234567890 (brain wallet)

This phrase make a private and public key that apparently have been used for real before.

Private key:
5Jf6mGTeCg37iZST1ukHXacwyuhjL3ABvEcpgwCRQX9y9fLGLbD (thats the same key the OP found/created)

Public key>
15eUHuCMKGekXmfH2B5awPWnwY3qVe3Nz1

used this site to create the keys: https://walletgenerator.net/

What he means, I belive, is: What stops someone to start gessing several keys.. and looking for it in block chain. When you find one that has money, transfer it.

places that I found this key:
https://bitcointalk.org/index.php?topic=156609.450
https://blockchain.info/address/15eUHuCMKGekXmfH2B5awPWnwY3qVe3Nz1

Im a total noob as well... and im starting to learn (a little bi late, i suppose) about this incredible world.

Thanks!

If bitcoin and all cryptocurrencies are this vulnerable, then it should be a simple enough task to prove it to us all by hacking the blockchains and bringing the entire market crashing down to a grinding halt. If, on the other hand, you have no idea of the actual numbers involved and are just saying generally that in an infinite time and universe, anything's possible, you are correct. It still isn't bringing aliens to my doorstep, nor is it making it any easier to hack the blockchain with anything less than a few billion years of computing time. And really, once we have that, aren't we better off trying to hack the Ultimate Answer to Life, the Universe and Everything? Granted, we'll probably discover it's 42, but still.

Yeah I think you got it right.

This basically just means that it is insecure to use bad randomness to generate your Keys. But that's an obvious thing and does not only apply to Bitcoin but to crypto in general.

Damn. Bitcoin has been hacked again! Does that mean, that my brainwallet has been hacked too? 12AKRNHpFhDSBDD9rSn74VAzZSL3774PxQ