Bitcoin Forum

Bitcoin => Bitcoin Technical Support => Topic started by: Satnamakoto on November 28, 2021, 05:58:31 PM



Title: strange bitcoin addresses, algorithms and bruteforce
Post by: Satnamakoto on November 28, 2021, 05:58:31 PM
"Playing" with algorithms in python I made a P2PKH address generator that only generates accounts without numbers,
it catches my attention because the only address that I had seen with these characteristics was this "1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC"
which contains +50000BTC.
I opened the web bitadress and generated batches and batches of addresses and I did not find a single address with those characteristics and
my code makes it effortless.

1BuZfZWqretuiaqGvyTWHFTnpGpGWyJDrw
1PMQEZQhmpqMTxKiiDwtBAEGiDhcBpvkMu
1DVfPvpHLKfrfNcoFFxkiMpdTzVPAtPHim
1JQkNuomDSCuNzfCWxwKwnjwAozEwUvKFZ
1RexbQMbXfZiGmRZfQaMuLZJwUYyhsczN
1PmHuzhduYfVjEsmKtHdCefTuHhPvyPwYR
1KGcjMLuaFXKavvxNjeEUBRevTqWdoWbiV
1DgExfLoPucCTeEkdxUMJEChJGPdubsrUr
1FcdVrQEUcimMeZfiZbNULZDHkPScjAhFL
1JAybccmkWVzpMQHfbyHtmcMwTcyYZtLSf
1CqTkABMdEvzvNjVhVyHHmXKKMWXQMnUpT
1KvXHtTEcZkXuGRgAJwXMVAxZFGAvLTEBt
1AdphDXEdsqdgLdtQwyoHbzaRbuibULMcX
1BKTtqdhhyovYesyksYmCzqmDBqRDfBZqb
1CskFvQZgGhCzzCXwPwoHvgtxPwAkSrDSk
1WBbtbvSpbWHqKjqLUjZNppMsdWMktXqg
1LPczwFBTrxLfgbcjDXtVcjjKLXQeXYmeU
1MxMVVhJqHGTyukSFUDTnMQhRfkhXtdLks
1CaFNNQnMbzsYNSrgEfDnHmPLdeVBUUwpA
1JnpEEVpjUMBdppXcSgTSxVdJZGBetaUCg
1EcyPzVFLkMLRBeYgarQwgFoGkjDEtEVuC



which opens up a series of questions.
1-how many addresses are there with this characteristic?
1- what are the probabilities of finding this type of address?
2- If a brute force code is executed with my code, how many addresses will I find with these characteristics?
3- as these types of addresses are considerably strange and proportionally in less quantity, does my code make them vulnerable?

Does the owner of "1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC" have a strangely vulnerable address? If so, and read this, I hope you move your
money to a more secure address.





If you like my strange but interesting post, comment or you can leave a small donation 3QWcjuY72EyouLmkRY4FbuoM1V7mA6tyqv


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: jackg on November 28, 2021, 06:12:19 PM
The set of addresses that contains just letters is the second biggest set.

You've limited base 58 to be around base 49.

I'm not certain of the range produced from running the hashing algorithm to get addresses but I think the range is quite big still. As I reread this it feels similar to the argument for n-1 character addresses being less secure than n character long addresses - which is false but seems like it might be logical to someone new.

I'd be interested if you could change it to numbers and release the times it takes to generate those addresses though (I think it should take about 49/9=5.44x longer - but I'm not that sure).

Edit: from my calculation above, you could visualise the range of the public keys being produces as if they're in base10 0-9 without 9 or 8.


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: DaveF on November 28, 2021, 08:01:09 PM
This has been discussed before. There is no less security to having addresses with just letters. Yes in theory if you are running any of the brute forcing key cracking software it will get there sooner.
So instead of finding the key after the heat death of the universe, it will happen a week or two before that.
Still long after the sun has gone nova and reduced the earth to a cinder.

-Dave


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: BlackHatCoiner on November 28, 2021, 08:18:56 PM
1-how many addresses are there with this characteristic?
Depends on what you mean

  • The total funded ones?
  • The total they can exist?

1- what are the probabilities of finding this type of address?
Well, that's some tough calculation that I can't do at the moment, I may do it tomorrow. You may get close to the answer if you generate hundreds of thousands of addresses and divide the ones who do not contain numbers in their base58Check with the total ones you generated.



Now, answering to both:

3- as these types of addresses are considerably strange and proportionally in less quantity, does my code make them vulnerable?
Yes in theory if you are running any of the brute forcing key cracking software it will get there sooner.

This is so not true! There's nothing wrong with these addresses. Their base58 encoding just didn't happen to return numbers. They're as secure they all are.

Whether that's 1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC, 1111111111111111111114oLvT2 (lowest) or 1QLbz7JHiBTspS962RLKV8GndWFwi5j6Qr (highest). Remember, they are just RIPEMD-160 hashes represented in a special format.


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: mynonce on November 28, 2021, 10:18:45 PM
...
1BuZfZWqretuiaqGvyTWHFTnpGpGWyJDrw
1PMQEZQhmpqMTxKiiDwtBAEGiDhcBpvkMu
1DVfPvpHLKfrfNcoFFxkiMpdTzVPAtPHim
...
Do you have the private keys?


"Playing" with algorithms ...
Back in 2015 ...
Hi guys,
...
While playing around with my bot, I found out this mysterious transaction:
someone found a bitcoin puzzle. The creator of this set of puzzles didn't mention anything until people solved some. 2 years later, the creator reacted and disappeared.



1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX

no digits either, only uppercase letters

https://bitcoin.stackexchange.com/questions/3730/what-is-the-longest-known-vanity-address-generated (https://bitcoin.stackexchange.com/questions/3730/what-is-the-longest-known-vanity-address-generated)
It belongs to etotheipi, author of the Armory Bitcoin Client, and was found using vanitygen, as he said in a bitcointalk forum post:
Yessir!  I got a little crazy with vanitygen and succeeded.  It should've taken about 70 days of computation time but I got lucky and found it in about a week...  (notice no digits either, only uppercase letters).

Unfortunately, it's so cool that people don't even recognize it as a Bitcoin address :( 

[moderator's note: consecutive posts merged]


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: pooya87 on November 29, 2021, 05:25:51 AM
Does the owner of "1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC" have a strangely vulnerable address?
Nobody can answer this question apart from the owner of that address because the security of it depends on how it was created. Although this may look odd to you but it is perfectly within the realm of possibility that this was created randomly and the owner may not even have realized its characteristics!

the only address that I had seen with these characteristics
And how much have you searched for it? Randomly trying to generate a handful of addresses doesn't count though.

I'm too lazy to download, write some code and process 16 GB file (1,484,589,749 addresses) but you can do it if you like from here: https://bitcointalk.org/index.php?topic=5265993.0 and see if your assessment was correct.


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: odolvlobo on November 29, 2021, 09:02:50 AM
1-how many addresses are there with this characteristic?

Hard to say. Less than 4933 (6.0x1055) because most of those would have an invalid checksum. More like 4927 x (49/58)6, or 1.6x1045 if you assume that the last 6 are the checksum.

1- what are the probabilities of finding this type of address?

In a random address, for each digit, the probability of being a letter is 49/58, so the probability of 33 of them being a letter is (49/58)33, or about 1 out of 261. It is not that rare.

2- If a brute force code is executed with my code, how many addresses will I find with these characteristics?

If you generate addresses at random, 1 out of 261 will have only letters.

3- as these types of addresses are considerably strange and proportionally in less quantity, does my code make them vulnerable?
Does the owner of "1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC" have a strangely vulnerable address? If so, and read this, I hope you move your
money to a more secure address.

No, because there is no way to generate only private keys of addresses with only letters.


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: TheArchaeologist on December 01, 2021, 09:08:28 AM
You make it sound like you found some very special addresses, however as odolvlobo already pointed out this is something that is not rare at all. I generated 10000 addresses at random, which resulted in 28 addresses without any number in it (except for the leading 1 ofcourse). So about 1 in 357 addresses generated:

Code:
1PEABXGPwwmHzLuaMscUbmtbLiLyEEcvok-> L25Nv43gMQ8AkHEugnyaPsgARw6Bojd2bFaqjAqBWaXfCKPpXHM6
1LAYdRcVkKEDcoqhjaLsPFGsPgoAQrdoVV-> Kz9mM8JVtGfZTavha7K7qctWygZZL4cEPqR9tTcKCmbK6nD6tfGy
1PuBftvmFVKqLxpwmruGhhNGRaoZjnWkKL-> L1nPpJYvSHbWmCUpu2TpTT9onNtgt1YZPLDouwgkkJaMF1M9JEm5
1MgjEYTAsCSTQazpeSpcQHaJnaaTbFftiu-> L1VPeMVYhEN3D29CrKZygZQv57sKxVmLARreHYMfXZjzDfdSdJVV
1EXkEnTMnaXCZWEurkDykqkwpmisURectm-> L5KxwozpbnmLmrvnELiDxGLJna3LnqdNf1R99HUjgNSL6ffgdzp2
1vkJzisvFEumfRzRBdKXbhKpNQogkHDfA-> KwsFTJ18xeLAzNo7sKPxhyZwbdmLh1ZunXxvG8Vi2vnfz6dGDgZJ
1PidEiENrQHEnhLuSgUFAvrGvEBbQqochg-> L4qYVee2GRQgV62b65XZdXnuAtmD3aNk511HbcSYrLPazy9kycJe
1EQRuFYuZBJqLqqHXvhzQwMPXiFJAAPxWA-> KxkY2kzycEU6bAYgfecAxi4PXTJTwVUBpdhBmt5rbPbSAPHGeqEB
1DvJoQWCrEVdxPHqDfCTYwBEnprfHESnYQ-> KzwWWt1Mi9kvopjnpAZ9R2hhpZ1LgYMGh5wRmFUZwXgUq4hm6dxN
1EebtNzKzKipCTRqtdjSwwMYyQxshUerZY-> KyJFTyX6KeKhyFayyD8ycBiUht9w8neEkQHYJ9XWhoxFGVMsYpyL
1EENkwXdrZQCxtKJJSQyNPzupqTGkMjqNG-> L22HkcqF6yEDm5jq2E4ov58ATiPviDpKoZdFQzUptXuwnDrWL2kJ
1GGJjyreqPFWBQVTPNQBcdnQXieCnHFvjY-> Kz1LvHGe6b6Zyku26TUowrzZzrPYZ8fCkhmyGZCRjnpH9ps7JeSp
1AFYRCfUhEMKYMdvtqPokBVRRqXhCTvjLM-> L5Dr28WAeJaevbzBmxNy4ecsspTWcmVAx52hjJJqB1AAq28n7JxR
1NRKwkayPpNaJwtaWQvYrMUBKGZPUQWLDb-> KwdWa9V74SXn4BfkyF7aY1Aqt8E2u9mfh3ucZEhz4ki3H12DGmoo
1PbfhKJrBXhUEHeHPtQSLyPqxZqRxrtGsB-> L5du3dik3MAdsKWa8MzqBPVNPDdZa81aecdPUtxEfJ2T4rtTo6QB
1HRLcLhtZrTrLRyGrdgFJSsHrpDBKtDRNt-> L1aQWgpfjSQwymaXmSKHXJdYvi823muoQhsXdpiea9EAKt64dunG
1LidgmhdDHbnofYyBMvGawjPNKhmkkSvMk-> KxuGZLFgsL9eekDKuKyvCMZ7hggoFBjez4KJXMBuRBT6ws2rvn4Z
1HeYPCAMTCnZGcGwpFJxpACNNDQScMpycu-> L22N5BpS93bmR6ACSVcN6kPSD951PRpPyikTqLF95HGrXycbrPwW
1ENofqZSVcWzKdAFpYPjJCpPhYCWtjeKoF-> L4V7BmmgCZNSCkmYeiThLMn8R9ejjoMj7aiX1rg8sRsRXUEuxgYG
1GSaWvnBjCMSuhaLGsviNGSezdGQSJEHai-> KwbkD7r5j6giMd49avbd75XVhxwbqnvDncA9wd92huBCdPfftv7t
1MfpmBbDkcQpzkRzehiPTCJoQhPmFqhTnF-> L1sNpPVKnmPAbSKKSFcbYQzV2KBiq8BFbqRv5wwcZvTnqAVpM2kz
1AqbhwpcqVFdyhPEEdkdFPuMAXXeRdNYxT-> L28L7f56J9tQm62nxC6jDFaCFdwwyY7manmrZ2dCom1mCHX39hmF
1GCDmRnswNsCjsussWeWZYBCesJaraDoDz-> L3atiJZUP7cRB5n25yk5wSsxVdSmEEwhBq9P82eTxMPRArsr41aY
1DgusromDdPJVeSqDcfYRBrywSoSYQzpox-> Kz59x5D9mWktQngaWCksAZkruojgK7udyDs8JvTa1sCofK24TTGf
1AApeTToPHVnsvAmzNwxcdcXyQRfJgnkM-> L1LWwcMcj9XhBxK3a2bUuvQyX7Yccbj3xK87axFQi8oFqd2MWXAM
1CFkFwKzpZMpckfXDnXnwopsgyTGccUXjW-> L1SZiKNq55FUJ9ecaHcNiDPCnLV5HnZm9iSQbggP7YX5N9ZchYz5
1HhvGLdLwjogkCGPgYHeMtcgFkfikdRczT-> L5bVCQRJYyXRrQSQmM4QT2KMb3zmHGvrgqxp9aYtjkciXaNsUGzW
1PKiRUTMcdTkmqCjKbEAFRtKeYWuMXvgjE-> L2Kw28aiVZQZoPmpu3FhMy1RWHrshiKg93AkdpEZGpAwxs2ZoU3s

I included the WIF to prove they are real. Please don't use any of this addresses for real!


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: PawGo on December 01, 2021, 10:31:49 AM
It is nothing else than people's ability to detect patterns. If someone would define Base58 differently (digits at the end?), we would see completely different addresses.
You think that something is 'normal' because it is more probable to observe. I bet you have never seen an address which contains only digits or only one specific character (let's ignore the issue with checksum for a moment). People who play lottery usually don't choose consecutive numbers because they 'feel' there must be gap between numbers, while the chance to hit is exactly the same for both cases.


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: LoyceV on December 01, 2021, 10:32:54 AM
1-how many addresses are there with this characteristic?
If you're talking about funded addresses: you can get the data from List of all Bitcoin addresses with a balance (https://bitcointalk.org/index.php?topic=5254914.0)
If you want to know this for all Bitcoin addresses ever used (https://bitcointalk.org/index.php?topic=5265993.0), I can get you the data, but I still don't have a VPS for it.

Quote
3- as these types of addresses are considerably strange and proportionally in less quantity
You may be interested in Rare address hall of fame (https://bitcointalk.org/index.php?topic=90982.0) :)

Quote
Does the owner of "1LdRcdxfbSnmCYYNdeYpUnztiYzVfBEQeC" have a strangely vulnerable address?
With 3 billion dollars in it, It would have been long gone if it wouldn't be secure. My first assumption was it's an old address and the owner must have lost access, but it was funded in 2014 (https://blockchair.com/bitcoin/transaction/2a29fdb4e188f827da3c3175856b3ed95819b323bb303a46b8036534e78c76db) with (at the time) 31 million dollars. So my new assumption is the owner knew exactly what he was doing, and is just hodling his coins.

Quote
If you like my strange but interesting post, comment or you can leave a small donation
It's better to remove this request, and put the Bitcoin address in your profile (https://bitcointalk.org/index.php?action=profile;u=3413022).

I'd be interested if you could change it to numbers and release the times it takes to generate those addresses though (I think it should take about 49/9=5.44x longer - but I'm not that sure).
My guess it it takes much, much longer than that (5.44^33 times longer sounds about right.). I don't think it's possible to generate a Bitcoin address with only numbers.


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: TheArchaeologist on December 01, 2021, 10:57:26 AM
1-how many addresses are there with this characteristic?
I took a look at all p2pkh addresses (so the ones starting with a '1'). I found over 1.5 million addresses with the characteristics you described which have been funded at least once:

Code:
1AAaaCnWptsdikfLwQKpPAkVvGWwXmcTwH
1AAAakfPsjEpmfMBFzaQHeoGTNDUttSYHB
1AAaALjAYkZxeZfGfGbMowNFgjPgqmjept
1AAaaNhHmHbZvzUzwzwhmeUXviaTAMqDXM
1AAaAqCudRbWniNHeRejejEZszisfELBEd
......
<snip 1.5+ million addresses>
.....
1QLZXYbzXPxpenwCYsbccudSSrHKhKmSnf
1QLZYeftHVptyyjjDVZwfsLvJamRkMhsoS
1QLZyPXavHLGMNZRZWEVcBWjRVRvPeLiGb
1QLZywqbiQobZMpWNPXthyYJtNgfcLRRSV
1QLZzaiyVLvZUfimDNwfJNRxPQMJoLmhbb
1QLZZFCFTZqnnZEorbSjFvbpQefgSpBijg
1QLZZpbdeXkbBSizdymoiPxUxPtHQsCmaW


Update: also checked all the p2sh addresses (so the ones starting with a '3'). There were almost 800,000 addresses matching your characteristics which have been funded at least once:

Code:
3AAAaXsDdNutaLfEPDbNinkctrdtCKaDtw
3AaABBUNLZQBmsvrcuTexhQJYewpEJTwUb
3AaAbtSNECuyZMVwuwyNgAyETWHMxjZsKW
3AAACCpbjcLTVzhHQhpqQmNhYGYyMGpPGc
3AaacfMzHxFZWjeySuHviKBKfEgvkLMeSJ

......
<snip around 800k addresses>
.....
3QZzxzQGQpRfEBjuxTVTdRVzTLfSRodLih
3QzzynSAYfnCWCXjadBAnRKsnfZVTqGbWo
3QzzYNwxFLVsrpFRSdaZeydDewpMCvxaWJ
3QzZywBqiqyxnLhxHJjutYBoCmKLiZXfDK
3QZZyZrBGnvRCZDhpmXzaBzbRmCSghmxbS

So the same conclusion as I had generating random addresses: they are not that special! There around 2.3 million (!) addresses matching your characteristics already in use.


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: NotATether on December 01, 2021, 02:11:16 PM
You can't specifically target addresses that only have letters in them because there's no hint that tells which private key makes a particular address - it's just "plug a privkey in and hope it corresponds to an address of that characteristic".


Title: Re: strange bitcoin addresses, algorithms and bruteforce
Post by: HCP on December 02, 2021, 03:21:44 AM
It's only "strange" because we generally consider Bitcoin addresses to be a mix of all the Base58Check characters... but it's really no different to addresses missing a given set of characters. For example: addresses missing the characters [b, B, i, t, T, c, C, o, i, n, N].

Basically, it is impossible for all addresses to contain all the characters... so there are always likely to be groups of addresses that are missing a given set of characters (assuming that set is relatively small).