I read the posts. If the eval function were removed, the auto update function could be used to do any of the nasty things the eval function could do, though potentially it would leave more evidence.

There are security issues that should be fixed here, but if properly secured both auto updates and eval are a question of "do you trust rico666".

You should either replace the FTP-based update code with something that uses HTTPS, or sign the files - preferably both. Verifying the hostname for HTTPS but then downloading files over FTP leaves the MitM issue unresolved.

18 leading digits, a new record. I actually found this several months ago but didn't notice, lol.


-----BEGIN BITCOIN SIGNED MESSAGE-----
2017-01-16 controlled by ryanc
-----BEGIN SIGNATURE-----
144187999121393192DxViqQKPPrghj9M3
H1t3t0ZE+/QayD0S7/2RfMUvz9Qsh/9cFW8obuc4K3VDTkTJF+30ZRcW97TrdW3iNfEonx8BfqiSrfYAcYIIeDU=
-----END BITCOIN SIGNED MESSAGE-----

In principal, it's possible to generate a bitcoin address that is all numeric, but the compute cost would be trillions of dollars.

An address with 17 leading digits has been done (I have 15375934619214243fGk3c5abbwcyVsBVM, for example), and I suspect making one that's at least 23 digits total (with some letters interspersed) is possible.

Yes, that youtube comment is from me.


When cracking passwords, exhaustive search with a character set is the last thing one tries. Breaking weak passwords and passphrases dozens or characters long or more is common with the proper tools.

If you use both, do not import them into different wallets.


PrivPart (WIF): KzN3jy9UcWZ6Tox6y7Shmfx6cHJUnsdRvzN5cWHog3ggTa3vozhu
Address (WIF):  1DW35YNCSBVXRDJU6LWZWER87K8R7RTZ94

PrivPart (WIF): L1vbzLPUCu3Y4RyWugs8gMpYFpR4z55wBPJXaHLEUYNPs25Q1yK8
Address (WIF):  18czvpo7iwy8eeb4w4wgtkf7pndg8k54k3

I don't recommend using more than one address that's been generated with split-key using the same public key, but in general this is quite safe. People have been using it to securely generate vanity addresses for years.

There's a link describing this in my post - repeating it here for convenience: https://en.bitcoin.it/wiki/Split-key_vanity_address#Address_generation_outsourcing

A few other references:

https://bitcoin.stackexchange.com/questions/3853/can-one-safely-buy-vanity-addresses-from-a-third-party-without-risking-ones-coi

https://bitcointalk.org/index.php?topic=81865.msg901491#msg901491

The difficulty for all lowercase, no numbers except for the leading 1 is about 1.16x10¹³, and for all uppercase, no numbers except for the leading 1 is about 2.81x10¹². I do the computation on AWS. The software is based on libsecp256k1. The free addresses will all have numbers mixed in.

I am not sure what the difficulty is for the addresses with numbers mixed in, but it generally takes me under a minute to create those.

That kind of address takes a lot of processing power to generate, so you'd have to pay for that. I'm not quite ready to do that yet, but when I am it will be several hundred dollars worth of BTC. If you're interested, I can PM you when I'm ready.

Some people like such things. If you don't, that's fine by me.

Here you go. Please be aware if you use both of these addresses, the private key for one can be computed from the other. I don't recommend importing them into different wallets.


PrivPart (WIF): KzSLbfZCV1Phcd58c1uPn6zHvcEyfptVWgDeaADxWA4G1KVCafB1
Address (WIF):  1L2WSWYRALLLHH2VE7363W26CPLGA9514N

PrivPart (WIF): L2eqKpHUnDVzDiYEdNMiJSDEe2Cy8H1H9nNmys7vu1kMXM9NA6Mh
Address (WIF):  1yj8aucj7sbpdm2spfbj7v984sh4revfr

The Vanity Wallet tool generates "uncompressed" addresses, but I'm finding "compressed" addresses because it's a little faster and they result in smaller transactions with lower fees. You have to convert to compressed format using steps 8 and 9.

Enjoy:

PrivPart (WIF): L3FjLMHdrhXpyay2tVWVsd9VrRGdA6VsWBKFTjDDupWH44cm3bA5
Address (WIF):  14o4jqes322wpeogy6vedg8h6g8e3akxxe

Here you go - note that free addresses include numbers.


PrivPart (WIF): L2efeyFyo9GSLx4nMAaGvFZfHzSjteji2mKW37F1xMtQMsD6TttU
Address (WIF):  18N4ZDALQKXM3ZJM5MN9SDLAN68H62B5YV

Per the free offer, these do have numbers sprinkled in:


PrivPart (WIF): KzhVUATVxF2F8tbEu9Czv11goAxu7JTRTdeN3W4zg4acsC8hzujT
Address (WIF):  1KT1C2KR3B5JP5GPL3MUEYN8RX8HWQ59L5

PrivPart (WIF): L3gJUkoM97hvbMX9Co7mouRQfjjMMwp6ebTsa2veUoEici94LP3s
Address (WIF):  1942t5fx93in6emv9ibdd4cz9xcnt4ewrk


Please note that the full private key for either address can be used to compute the private key for the other.


Probably the BTC equivalent of $100-$200 for all uppercase except for the leading 1 and $300-$500 for all lowercase except for the leading 1. Those prices are estimates based on testing I did (which is where my donation address came from), I would need to actually do the math on my costs before taking orders.

What?
Want an address that has no upper case letters (e.g. 184wwh1dtg8xv858d1n1ktj2cpvvbjugft) or no lower case letters (e.g. 1GNGTB96XPDHQ47Y6SNP8KN3YNPLFUP6B8)? I can do that - for free. I have some custom software that lets me do this a lot faster than vanitygen.

Is this safe?
Yes. I do split-key address generation, which prevents me from ever seeing your private key.

Instructions
These are based on ones provided by LoyceV and shorena.

1) Go to https://www.bitaddress.org/ move your mouse/type in the field until it shows 100%, then wait a few seconds. Optionally (but recommended), you can download the code, verify the signature, and run it offline.
2) Click "Vanity Wallet", then click the "generate" button to make a keypair.
3) Save your private key somewhere safe.
4) Reply to this thread with your public key, and whether you want "all letters uppercase" or "all letters lowercase". Addresses will still include numbers.
5) I'll reply with your "part private key".
6) Go back to the "Vanity Wallet" screen on https://www.bitaddress.org/.
7) Under Step 2, paste your private key in the first field and the part private key in the second, then click "Calculate Vanity Wallet".
8) Copy your "Vanity Private Key".
9) Click "Wallet Details", then paste your "Vanity Private Key" into the box and click "View Details". Your address will be under "Bitcoin Address Compressed" and your final private key under "Private Key WIF Compressed". Import it into your wallet.

Can I choose a prefix?
No. I may offer this for a fee in the future.

Why is this free?
I'd like to offer some high end address generation services, such as all upper case and all lower case letters (except the leading 1) in the future (please PM me if interested). Before I do that, I want to make sure there are no issues with the process.

Disclaimer
I may stop or change the terms of this giveaway at any time, and I reserve the right to refuse service to anyone for any reason. This service is offered without warranty of any kind.

Donations
1woukheyeacxfpxtpkxjqxureevdkbywj

George,

I do Bitcoin research that involves attempting to crack keys that were generated with non-standard tools (e.g. http://fc16.ifca.ai/preproceedings/36_Vasek.pdf). I am curious as to your opinion on the following:

* What law(s), if any, would be broken if I were to used cracked private keys to take the Bitcoin for myself? To be clear, I don't believe this would be ethical, and wouldn't do it even if it didn't break any laws, but I'm nonetheless interested in the legal aspects.

* Would it be legal to create a transaction with the coins in an attempt to alert the owner, provided I paid the fees for such a transaction myself and the transaction kept the coins in the same address? If not, what law do you believe this would violate?

* Would it be legal to move the coins into an address I control, then make a good faith effort to find the rightful owner? If so, what would be appropriate to require in terms of verification? What happens if the rightful owner cannot be found for a long time?

* Is there any way to get standing to have a court to rule on any of this without exposing myself to criminal prosecution?

My current MO is not to touch any coins I find private keys for and avoid publishing the keys, and I'm not going to change that unless I get a really solid opinion from a lawyer in my state that says I can.

True, but you can mitigate it, at least to some extent. I probably should try getting WarpWallet to accept my patches again.

That was me.


WarpWallet does something like that. Using it with a salt and six diceware words (use actual dice!) should be sufficient unless you're Satoshi. I still strongly recommend against coming up with your own password or passphrase, and BIP39 + BIP32 is better for a number of other reasons.