Bitcoin Forum

Is there a tool that is able to brute force the private key, given a full Bitcoin address? I know it's nearly impossible, but want to try just for fun.

https://bitcointalk.org/index.php?topic=25804.0



definitely impossible.

There is no such tool because you won't iterate even a slightest portion of the keyspace in your lifetime. There is nothing to play with.

The closest thing you're looking for is a vanity address miner.  Such generators will generate a private key based on the desired public address.  Usually specifying the first 1-8 characters is done, but adding each additional character increases the time it will take to find a match exponentially.  

If I want to find the private key for an address that  starts with 1coas it might take a few minutes
If I want to find the private key for an address that starts with 1coaster it might take a few hours/days
If I want to find the private key for an address that starts with 1coastermonger I might as well give up because it will be years/decades
If I want to find the private key for the address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a, which contains 111,111 bitcoins, it will take so much time that you will experience the heat death of the universe before finding a match.  Even directing all of the bitcoin network's hashing power to this effort would be fruitless.

That's the problem, people can't even imagine how unlikely it is to find the correct private key without knowing anything about it except the public key(no shortcuts in the algorithm etc.). It's safe to replace the word "unlikely" by "impossible" in this case without altering the sense.

Thinking about low probabilities:

Take your pen and let it fall of your desk. While falling the pen will convert its potential energy to kinetic energy. The air in your room will absorb some of that energy and the rest will be absorbed by your floor when the pen impacts. Now in theory it's possible that the molecules surrounding your pen while it lays on the ground are all moving up and therefore pushing the pen up. But considering the amount of molecules it's very very unlikely one would even say impossible to happen(actually it's so unlikely that the 2nd law of thermodynamics even forbids it). It's much more likely that some molecules from above push it down and some from underneath push it up, same goes for right and left -> it won't move.
Now what would you tell someone who asks to borrow your video camera to film the pen 24/7 to see when it will fly back on the desk because it's theoretically possible?

Don't try to brute force it. Just wait until some bird's shit on your car takes the form of the private key.

Jajajaja, this would be at least a few orders of magnitude more probable.

Sorry, just not possible mathematically :)

Impossible, but if you want to give it a shot, just use vanitygen and specify a full bitcoin address as the search pattern!
EDIT: I see now that someone already posted this :P

Of course it is possible mathematically.

Just calculate all 2^256 possible private keys.

Problem is, it takes 4374632717895743580924578342947135648937456945487362587195637892 years.

The big difference between impossible and improbable. If I just could connect via SSH to the future...

Anyone trying to brute force private keys will not start with the pure mathematics, but with the point at which human beings interact with this mathematics and make a fatal mistake.

there is screensaver for windows that would bruteforce private keys, then check if they had a balance. i don't have the link, but you can always search for it. :)

It's actually quite possible to brute force keys. Simply put: Humans have not put together the right technology to even make a dent in the unimaginably huge amount of keys. Maybe with future technology though.

It requires more than the energy of contained in the Sun to count (yeah, only count) to the maximum private key number
So yeah, not really "quite possible"

Where did you get a silly idea like that?

Absolutely not impossible; you just need to find an address that was generated using Androids flawed RNG, where the coins in question haven't been transferred to a news wallet. Oh, and you'd need have an understanding of how the flaw affected the generation of keys.

I'm not that smart, but surely someone is. Hence, anyone that didn't react to the advisory and left their coins in their android generated wallet is playing with fire.

As for just trying to bruteforce a random address; who knows? Maybe your computer will stumble upon the private key in a day. Or maybe it'll take billions and billions of years. :)

That's not brute forcing.  The question was about brute force.  The answer is: impossible.

Let's not forget the question:

There's no inbetween when you're talking about possibility. Either it is, or it isn't. If something is possible by calculations, then you can't say it's not possible.

And since it isn't possible by calculations, then you can't say that it's possible.

Lol, professional forum troll.

2^160 (OR) 1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 = amount of keys
1 key per second

1/2^160 > 0

1/1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976 > 0

Proved by calculations. Care to argue? Didn't think so.

http://www.youth-basketball-tips.com/images/jordansquareup.jpg

http://www.youtube.com/watch?v=CyMQQajTCHw&t=0m2s

If it is possible, then all the bitcoins will worth nothing

Given one or more monkeys typing random characters, and enough time, you can find almost any private key.

http://en.wikipedia.org/wiki/Infinite_monkey_theorem

 

You need to work on getting a better understanding of the word "possible" (or at least make sure that everyone is using the same understanding before you try to have a conversation).

You've proven that 1/2¹⁶⁰ > 0

You've not proven that brute forcing a bitcoin address is possible.

You've left out a significant number of very important facts and variables resulting in a useless calculation.

Please calculate the total amount of energy in our solar system that we can use for the purposes of brute forcing the bitcoin address. We'll call this value "availableEnergy"

Please keep in mind that if too much energy is removed from the solar system for this purpose, there won't be enough left for the survival of the inhabitants, and that without any inhabitants to operate the brute forcing equipment, brute forcing won't be possible.

Once you've established the total amount of energy available for the task at hand, given a private key please calculate the total absolute physical minimum amount of energy required to calculate a bitcoin address from that private key. We'll call this value "requiredEnergy".

Clearly if 2¹⁶⁰ X requiredEnergy > availableEnergy, then brute forcing a bitcoin address may not be possible.  If it might not be possible, then you can't say that it is possible.

Of course, all these calculations are based on 2¹⁶⁰ which would be fine if the OP asked about brute forcing a bitcoin address.  However, since you seem so keen on the specifics of the situation, it is perhaps worth noticing that the OP actually asked about brute forcing a private key.  If for some reason we want to find the exact private key, then we might be able to simplify the calculation (assuming we know the public key that we are trying to match) which would reduce the value of requiredEnergy quite a bit.  However, we'd have to increase the search space from 2¹⁶⁰ to 2²⁵⁶.

So perhaps the real quuestion to determine possibility is whether or not the following is true:

2²⁵⁶ X requiredEnergy < availableEnergy

Furthermore, if the amount of time required would be larger than the remaining lifespan of the universe, then any equipment being used to attempt the brute force would be destroyed along with the entire existence of the universe prior to completing the brute force attempt.  As such, it would not be possible to brute force the private key.
Let me know when you've proven that it is possible.

I can't believe this thread has devolved into a semantical argument.  A lot of things are technically POSSIBLE in reality without being PROBABLE to happen at all.

This is a case where it's POSSIBLE to brute force a private key but so IMPROBABLE that we make decisions about the future with total disregard to this potentiality.

On the other hand, this is quite likely a case where it is neither possible NOR probable.

This thread?  Again?  Doesn't anyone know how to use the search function?

Can we all agree that it is not physically possible and will never be physically possible to brute force a key and close this 1000th thread on this very same subject?

By physically above I mean "acording to the laws of thermodynamics and physics"

Please read this entire thread:

https://bitcointalk.org/index.php?topic=107172.0

Then if you really want to waste some energy you can run the screen saver mentioned in there and try to do it - even though it is physically not possible.

If it were physically impossible to spontaneously generate my key, my computer wouldn't have done it. There's really nothing but astronomical odds against it stopping another computer from doing it. It is reassuring that possible human error aside the universe will cease to exist before that's likely to happen.

OTOH since you're so completely sure it's physically impossible, I'd like to see your proof that P!=NP. You really should be famous if you're just sitting on that.

Deep Space Vagabond

My favorite tool around here, briliant in any way... just look at the scale of the number 2^256 = .... hold on ...http://www.wolframalpha.com/share/img?i=d41d8cd98f00b204e9800998ecf8427emn0uedi8jd&f=HBQTQYZYGY4TSMZYHEYDQNRRGUYDCMZZMIZDSZRZMFRTANDBGZSQaaaa

anwser to ur question... YES it is possible but highly unlikly ;)

Happy Hashing :)

Yes, there is.  But it was developed by the NSA and is not available to the public.

If you'd like to try to develop your own such tool, go ahead, just be aware that jack-booted thugs will show up at your door and "disappear you" if you are successful.

Estimating things with the lifetime of universe makes no sense besides measuring capabilities of the current technology. Advances in mathematics/computing will make these calculations feasible after decades at most. By the time Bitcoin (in one form or another) will adopt new algorithms.

Did you read the whole thread? It's physically impossible

What calculations?  Brute force?  No, you are mistaken.  Brute force of 256 bit will not be feasible.

In this case: calculations of ECDSA private keys. Most probably by using weakneses in algorithm, not by a blind brute force. The result is what matters.
Do you really believe that after 30-40 years secp256k1 will still be considered secure?

I'm not even a mathematician, just devil's advocating. What about using Shor's algorithm to narrow the timeframe?

The thread is about brute forcing private keys, not about breaking secp256k1

I will try one more time.

This is the algorithm for "bute forcing" a public/private key pair:

    a) Key_public = G, Key_private = 1
    b) Is Key_pubic the key we are looking for?
    c) If yes Key_private is the one you are looking for so quit
    d) else Key_public = Key_pubic + G, Key_private = Key_private + 1
    e) goto b)

Note the following:

The operation Key_pubic + G requires many mathematical steps
If you are looking for a Bitcoin address you have to do even more mathematical steps on each trial to hash the public key three times

Now consider this much easier problem, just Key_private = Key_private + 1

Imagine a physical device which simply counts the numbers from 1 to n where n is the largest possible private key, a simple 256 bit counter.  That is all it does is count.  It is only the simplest part of the algorithm described above.
This counter can be made using any possible future technology, it just has to obey the laws of physics and thermodynamics.

This perfect device will count a fast a physically possible using the lowest physically possible amount of energy to do it.  

How long would it take to just count from 1 to n?  

How much energy would it take?

BTW n = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141  

While we're talking about the impossibility of the probabilities, you guys realize that there is no such thing as a provably fair bitcoin casino in existence.

They are all Probably Fair. Because they don't use provably secure hash algorithms, even though those functions exist. It's much easier to just use SHA-256 or SHA-512 and keep tabs on the 256 to 512 bit number.

But of course, everyone else will just say, no it is provable, you can prove to yourself ... (no, technically, you are relying on collision resistance with such a large bit space.)

Hmm, yeah I know I've been saying this in many posts...
I was answering Nagan who said that breaking secp256k1 would help brute-forcing private keys

I somehow feel that OP meant of having any practical way to compute a private key - and not to feed the semantic trolls :)
So depends on how are you defining the brute-forcing itself.

For any practical purposes, it is empirically probable that:
1. RIPEMD-160 & SHA256 & ECDSA algorithms will weaken in our lifetime due to advancing mathematics or weaknesses in design.
2. Quantum computing will advance. Modified Shor's/Grover's algorithms (or any new ones) will decrease the iteration count. I wonder how much acceleration the current theoretical implementions would give.

The probability for combination of these events in our lifetime (or even 10/5/2 years) can be roughly estimated, so that may show some interesting possibility on having the working tool.

I disagree.

The OP said "brute force"
The OP said "I want to try it just for fun" meaning now, not in the future.

My post addresses the question posted by stating that since it will never be possible to even count from 1 to (about) 2²⁵⁶ by any physical means, let alone count and calculate Key_public = Key_public + G [and hash that result three times] it is obviously currently, and will always be, impossible to find a specific key pair by a brute force algorithm.

Those astronomical odds are the best protection achievable in this physical realm.

with quantum computing in the distant future there is no reason to say it could not happen

with quantum computing in the distant future there is no reason to say travels into the past could not happen

consider the largest number our ancestors had thought of only 500 years ago? 2000 years ago? maybe even a million, but a speck of nothing compared to the longest number we can computate today

You have made an assertion "with quantum computing in the distant future there is no reason to say it could not happen"

Now explain yourself, prove it, give a reference, something.  Otherwise it is just an opinion.

I made the assertion:
Which I can prove and has been proven many times in the past in dozens of other threads just like this one.

ha! dude thats a real awesome way of putting things lol id be buying that bird no doubt

Sorry, did not follow your point here.

if you claim something is impossible when it is not against the laws of physics (and even if it is against those, it may be possible to go to other universe!) you are the one making the claim. i am saying anything that is within the law of physics can happen.

whatever a private key is, i dont even know, a string of characters, yes or no, can it be written on paper? can i computer compute the characters? then it is possible unless you have a reason otherwise

The lesson of this thread is that it's pointless to talk math and physics to people who believe in magic.

Excelllent!  Can we agree to stick to our universe for the time being?  Sticking to this universe I am saying exactly the same thing you are saying:


Only it turns out that within the laws of physics (in this universe) it is not possible.

What exactly are you claiming is possible here?  Be specific.

how so? the only reason given for this i have seen in this thread is the number is too big that we will ever be able to handle it. but that's not a law of physics. and that is completely irrelevant because we are not talking about being able to crack private keys at will, we are talking theoretical possibility to crack it once by complete (1)/(2/\256) luck
what force is preventing me from writing down all the characters of a private key completely randomly, and then entering it into my computer?

nothing, i am claiming nothing, to say that something is technically possible when it is not impossible is to claim nothing

i am saying it is not impossible to write down a string of characters into a computer and they happen to be the ones that are the private key. you are saying it is impossible, unless i misunderstand what a private key is itself. i will go look up that

at what number does it become impossible? at 10/\80? at the number of subatomic particles? at the number of quantum states of all subatomic particles?

ITT: people who don't know what brute-force means

time travel is potentially possible according to what we know... i dont get it

I was going to write this up but it is easier to find it already written up and have you read it there and them come back here for further discussion:

https://bitcointalk.org/index.php?topic=233503.msg2474798#msg2474798

Like I said this has all been discussed before, including trying to agree on a useful definition of the word "impossible" and "never"

What if someone used dictionary words in his private key and then generated the public key using that private key? It could become very probable

Very true!  In fact this very thing has happened many times:

1) Someone creates a "brain wallet" using a simple password.  A brain wallet is defined as Key_private = SHA256(password)
2) They send some BTC to their brain wallet
3) The BTC are instantly taken, never to be recovered!

What is happening is that someone, in fact multiple people, have done the following:

1) Get a huge dictionary of common passwords, millions of them
2) Create brain wallets for every one of these passwords
3) Set up a script that constantly searches new transactions for any transfers to any of these millions of bitcoin addresses
4) If any transfers happen to any of these millions of addresses then instantly "sweep" the funds to one of the thief's other addresses where they collect all the ill gotten booty.

So, the leason here is to only create and use brain wallets if you know exactly what you are doing.
If you do not know and fully understand the concept of password entropy then do not create and use a brain wallet.  Noobs should never use brain wallets.

That is all very interesting and very important to know and I am very glad you brought it up but my statement still stands as that is not a brute force attack on a randomly generated key pair, it is called a rainbow table attack on a brain wallet key pair.

Salting the private key could solve the problem though, the salt could then be exposed to the user as an additional layer of security.

Sure that would help, but the current generation of brain wallets do not do that.

Bitcoin is great but it's ease of use is poor and it's unforgiving nature... Well.. unforgiving.

Recommending Bitcoin to your grandmother would be a truly evil thing, the elderly are already prone to scammers even with the debt system babysitting them.

Totally agree, noobs should not use brainwallets. Gavin Andresen is firmly against (https://gist.github.com/gavinandresen/3840286) brainwallets.

Here is (http://insecurety.net/?p=866) an interesting post probing why brainwallets are a bad idea, the guy indeed made the scrypt (https://github.com/willwharton/pybrainwallet/blob/master/brainwallet.py).

please tell me what you define as 'impossible' as i agree that is likely where our confusion comes from.
we agree that a bruteforcer is not probable and almost certainly our universe would freeze/destroy itself before it could happen. however whether a private key can be cracked... yes it can. it can be typed into a computer by sheer 1/(2/\256) luck. i am not saying it will ever happen, not at all. but 1/2/\256 is a real number, is it not? you are essentially claiming it is not a real number or that when something passes a certain point of low odds, it is impossible. lets say there is a 49.999999999% that event X could occur before our universe destroys itself. do you say it is impossible event x could occur? because that is exactly what you claim with this example exact on a different scale.

impossible

    1.
    not able to occur, exist, or be done.

/\ notice it doesnt say 'extremely unlikely to occur'
do you say it is impossible that i can write a string of characters the length of a private key? do you say it is impossible that these characters could be a private key, even though we know it is possible just highly unlikely? do you say i cannot enter this string into a computer?

time travel to the past is impossible. to the future it is theoretically possible when you move fast enough.

og kush420:

I have already said exactly what I want to say:

If you do not understand what I am saying there or disagree with what I am saying then I no longer care.  Mostly because I am a cranky old fart who believes that if you cannot be bothered to press the damn shift key so that you can properly spell the first person singular pronoun then I (notice the spelling there) cannot be bothered to answer your posts.

As far as randomly selecting a private key that collides with another Bitcoin address goes your odds are better than you think.  There are only 2¹⁶⁰ possible Bitcoin addresses (not 2²⁵⁶) so smoke another bowl of kush 420 and give it a go, you might get lucky.

This is the wrong argument, but I will use it anyway. I agree with Burt that brute forcing a randomly generated private key is impossible. As long as it has not happened yet, I stand by that statement.

Random means true or proper crypto random, not Android-broken-RNG random. (And it wasn't the key, it was the k or p or whatever value of the signature.)

Let me clarify that. Not able to occur, exist, or be done within the next one thousand years. For all practical purposes, truly impossible.

It's a lot easier to use a $5 wrench to extract the password from an unwilling interrogatee. Or to peek from above their should. Or to install malware on his computer. Or ... ... tell grandma that you're a computer repair technician and you got a call from the house to fix their unit.

The "existence" of a possibility and the "likelihood" of a possibility are mutually exclusive properties. 

I'm going to claim that the possibility "exists" that my hands can dance around a keyboard and produce a 51 character, BASE 58, wallet import ready private key that's associated with an existing bitcoin address of my choosing.  5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

I'm also going to claim that the likelihood of such a possibility is so infinitesimally small that I will comfortably keep my bitcoin in a cold storage wallet and not lose a single wink of sleep.

This is fun to read because you are all arguing about, essentially, different things.

Some of you are arguing about semantics, in which possible fits the parameters of the mission.

Some of you are arguing about math, in which the probability approaches zero, such that the positive value above impossible cannot be expressed reasonably.

And still more of you are arguing about science, which I must say, is at least the most interesting of the arguments.

Keep going; I'll be back with a beer.

You ruined the fun

It's possible, but it's not possible in a human time frame.

While we all sit around here arguing semantics, math, physics, etc.  Those of you that think it is possible can just do it.

You can download the program from here:  

https://bitcointalk.org/index.php?topic=107172.0

The download link is back up!

Please report back here when you find your first few collisions and be sure and let us know how many BTC you are able to steal from the addresses you find!

Can't wait for your reports!

I hear this tool first time ever, what is the concept of these tool.

Read this entire thread:

https://bitcointalk.org/index.php?topic=107172.0

It will answer all your questions.

And this is an ideal point to link to The goddamn airplane on the goddamn treadmill (http://blog.xkcd.com/2008/09/09/the-goddamn-airplane-on-the-goddamn-treadmill)

so  its *virtually* impossible to simply keep creating 30-character codes and checking to see if they are existing wallets with balances? I know the odds are slim, but what prevents making a million potential private keys, and checking them all to see if any "click"?

On a CPU, you can do 100 kkeys per second. That's many millions in a minute or in an hour.
On a GPU, you can do 30 mkeys per second. That's billions in a few hours.

Nothing prevents the key making and checking if any "click", but like you said, the odds are slim.

Slim = impossible, for all intents and purposes. Don't argue. You will sound like the guy that says "Soooo.. there is a chance?"

Download this program:

https://bitcointalk.org/index.php?topic=107172.0

and run it.  It does exactly that.  You can do billions or trillions of key pairs.  You will still not guess my key pair.  I am betting on that.

It takes a lot of time that it looks really impossible. If you want to do it just for fun.. I think you won't get the fun that you expect..  :P

truth be told i have lost 2 keys many years ago, due to a RAID SSD failure which could not be rebuilt and even when i sent the drives to samsung for their review, the data was either missing or scrambled beyond use. I do not have those 2/3 drives anymore nor trust SSD based tech even today. i had established the raid due to a spindle failure back in 2011, and thought i had covered my ass when infact if it was spindle would of had a better chance.. the SSD just made things next to FML WTF ARGH ..etc etc.

I mean i remember some aspects about the keys but not the entire numbers.. i see people comment often on the odds of recovery and i sit here and wonder if they have ever lost their own keys, to where its a constant hinderance in their lives.. I lost 40-60million in current values 78xx btc over 2 accounts - granted i never assumed it would be worth this much but in 2013 it mattered never the less.

They were investment and business accounts so i had a partner also be invovled who reviewed it more than me as i was busy.. However i always assumed he made a physical back up as well, he didnt and its my own fault for not checking. So if there is anything even held in private i would love to recover my funds let alone  get the monkey off my back. its a constant thought daily almost.. which i really dont wish that upon anyone its horrid.

I was lucky to pull my money from mtgox before their mess and pulled from another platform as well prior to my loss... out of all the stuff that occured  its the dam raid which got me ... anyways when i read these and see the comments some of them are just snarky to say the least. As i said i bet most of these people didnt lose what amounts to a life change or many good things for alot of people; if i ever am able to recover my funds.. i can prove ownership well the best i can that is in 2013 .

JMO I think recovery is applicable from my own research over the years but im not a programmer and cant put it into practice.....  ps you can request quantum computer time from IBM if you have something you wish to research or run .. just be put on a wait list that inst really long at all..

Also i dont think the creator made this absoutely impossible to where legit people will lose their funds in a  event which is beyond their own control so in essence a back door or nitch needs to exisit.. (if it hasnt been removed by the programmers in recent years with the code revisions) whatever it is, its under lock and key and closely guarded i think.

well if anyone would like to assist or take a crack at it, i wouldnt mind and to me something even half is better than nothing at this point in the game let alone my life...
just wanted to share that i suppose..

anyways lesson learned the hardest way possible.. it has brought me to the conclusion that if there is a god it has to be a woman  *chuckle*
always wirte down your stuff.. or take a pic of it... *sigh*

Mike, sorry to hear about your loss.

We have a service which is helping people recover lost crypto with Brute Force, Dictionary Attacks or through hypnosis (sorry, the last one was a joke)

For keys with no clue about the password, we do run a farm with "a couple of hundred" GPU's which is doing exactly this, scanning a couple of billion keys a second to see if we get a match with public addresses we have the approval from clients to do so. (From a few SATOSHI up to 10.000+ BTC's per address). We know the chance is very very small, but as an answer to above topic, YES, there IS a CHANCE.

If you would be interested to add your two public keys to our list and can confirm ownership, we would gladly have you as a client. We charge 20% if we do a match.

You can also PM me directly keychainX@protonmail.com