Show Posts
|
Pages: « 1 [2] 3 4 5 6 »
|
I read the posts. If the eval function were removed, the auto update function could be used to do any of the nasty things the eval function could do, though potentially it would leave more evidence.
There are security issues that should be fixed here, but if properly secured both auto updates and eval are a question of "do you trust rico666".
|
|
|
You should either replace the FTP-based update code with something that uses HTTPS, or sign the files - preferably both. Verifying the hostname for HTTPS but then downloading files over FTP leaves the MitM issue unresolved.
|
|
|
Few ideas for some more typical bitcoin address : Is it possible to have a bitcoin address with no alphabets ? If not what is the possible minimum count for alphabets like this addy 1111111111111111111114oLvT2
- address with no alphabets 1nnnnnnnnnnnnnnnnnnnnnn - address with minimum alphabets at the end : 1nnnnnnnnnnnnnnnnnnnnAa - address with minimum alphabets at the beginning : 1aAnnnnnnnnnnnnnnnnnnnn ('n' can be any number).
In principal, it's possible to generate a bitcoin address that is all numeric, but the compute cost would be trillions of dollars. An address with 17 leading digits has been done (I have 15375934619214243fGk3c5abbwcyVsBVM, for example), and I suspect making one that's at least 23 digits total (with some letters interspersed) is possible.
|
|
|
This should probably be watched by anyone who wants to use a brainwallet: DEF CON 23 - Ryan Castellucci - Cracking CryptoCurrency Brainwallets. He even posted an update (not entirely sure if the account is genuine): Ryan Castellucci 6 days ago The current release of brainflayer is much faster than what I released at DEFCON. Currently, it's only $40 to check 1 trillion passphrases on AWS, which works out to 25 billion per dollar.
Yes, that youtube comment is from me. a trillion pass phrases. thats only: 9 alphabet characters deep 8 alphanumeric characters deep 7 alphanumericsymbol characters deep
When cracking passwords, exhaustive search with a character set is the last thing one tries. Breaking weak passwords and passphrases dozens or characters long or more is common with the proper tools.
|
|
|
Here is my public key: 04E7A468104D5EF535DFC4519E414DE208826D073DDF3F63B5D79E0F9DED32D7CD60CE8BE9A1F355B5D057079373191367E06BD4AFA597CCF054958DF9B0219E77 and would like to ask for a uppercase and a lowercase both. If you use both, do not import them into different wallets. PrivPart (WIF): KzN3jy9UcWZ6Tox6y7Shmfx6cHJUnsdRvzN5cWHog3ggTa3vozhu Address (WIF): 1DW35YNCSBVXRDJU6LWZWER87K8R7RTZ94
PrivPart (WIF): L1vbzLPUCu3Y4RyWugs8gMpYFpR4z55wBPJXaHLEUYNPs25Q1yK8 Address (WIF): 18czvpo7iwy8eeb4w4wgtkf7pndg8k54k3
|
|
|
hello can you make me one address for all upper here the public key 04A362CF469C642A4A87EE2061D2B3285A1D9AEA20DF69A7D10B2737E183E52A3431CD9605518AF803E9427747FEFB71B813C436DED9FFDFD7A653804FFE016457 PrivPart (WIF): KwHNMDZQzt4Pa9Ho4gjphNY615t6BUkZ9amkJafZcCBKS7jCSqhb Address (WIF): 1MQLYYMD47L7U3UJMJAM3JNEQGQ1QBK9QQ
|
|
|
I guess I will satisfy myself with an uppercase address then. No need if you are trying to make it ready just that I had requested. Anyway curious about the software you developed. Also mind telling me what is the difficulty of such addresses ( I mean one you are doing it right now) and power you are having.
The difficulty for all lowercase, no numbers except for the leading 1 is about 1.16x10 13, and for all uppercase, no numbers except for the leading 1 is about 2.81x10 12. I do the computation on AWS. The software is based on libsecp256k1. The free addresses will all have numbers mixed in. I am not sure what the difficulty is for the addresses with numbers mixed in, but it generally takes me under a minute to create those.
|
|
|
Can you do me an address without no. and has all lowercase letters included just like you have for donation? That kind of address takes a lot of processing power to generate, so you'd have to pay for that. I'm not quite ready to do that yet, but when I am it will be several hundred dollars worth of BTC. If you're interested, I can PM you when I'm ready.
|
|
|
So you are taking from $200 up to $500 just for an address including no numbers except the 1 at the beginning? then we must do a large transaction for it to worth the money lol. I want an address with prefix ImHash and will get it from loyce for free.
Some people like such things. If you don't, that's fine by me.
|
|
|
048A5A61AF738926A080B59D17EB17B7F89B539FA5BDD2AA90E536970D8560C85C393B15ACAB7C2 97003FAE6D18CED548E226D37BC236AAA4FC66276ECAA05C65D
hm... both types are cool but I would prefer uppercase
is it possible to buy all lowercase, too? If yes how much?
Here you go. Please be aware if you use both of these addresses, the private key for one can be computed from the other. I don't recommend importing them into different wallets. PrivPart (WIF): KzSLbfZCV1Phcd58c1uPn6zHvcEyfptVWgDeaADxWA4G1KVCafB1 Address (WIF): 1L2WSWYRALLLHH2VE7363W26CPLGA9514N
PrivPart (WIF): L2eqKpHUnDVzDiYEdNMiJSDEe2Cy8H1H9nNmys7vu1kMXM9NA6Mh Address (WIF): 1yj8aucj7sbpdm2spfbj7v984sh4revfr
|
|
|
Thank you, sorry If i sound like a noob but I am getting another address, I pasted the private key in the first field and in the second field the part PrivPart generated from you. Vanity Bitcoin Address: 1LJ4mCnxas7SZUfSLVQYprpeE6FAfxLxJP, there is something wrong but I can't find where.
The Vanity Wallet tool generates "uncompressed" addresses, but I'm finding "compressed" addresses because it's a little faster and they result in smaller transactions with lower fees. You have to convert to compressed format using steps 8 and 9.
|
|
|
Hey, I'm willing to test this. My public key: 04876C28C1D75F373D26CF2C58CCAA822528C0428AA6B81686DDCAFDCD477E449BBED6F149ACDF912304E76CD538E78955CF5B016D58CA3E387ED79C30A39B5CB0
I'd like no uppercase if possible. Great service, thanks Enjoy: PrivPart (WIF): L3FjLMHdrhXpyay2tVWVsd9VrRGdA6VsWBKFTjDDupWH44cm3bA5 Address (WIF): 14o4jqes322wpeogy6vedg8h6g8e3akxxe
|
|
|
Thank you for this great offer to our community, I would take an all uppercase address, my public key generated is: 04B978A391BB32F6132E1E45AAC3422E9C52ADE06FFC9B6FD9E0EAE0FC87728CEFC30A7DC9586FEDD1C2A29DF44ABFDAD97E20EE06CB8420E125F44845E6FFAD7D Here you go - note that free addresses include numbers. PrivPart (WIF): L2efeyFyo9GSLx4nMAaGvFZfHzSjteji2mKW37F1xMtQMsD6TttU Address (WIF): 18N4ZDALQKXM3ZJM5MN9SDLAN68H62B5YV
|
|
|
I'll take an all uppercase address. Here is my step1 public key: 04E9FAC8DE731A020C6ED543F3ECB05858D4837C521EA216BD00751B605D77FD742D8CB833F57FAFA3C41E95766BC7614C4C04DBC89276117DDA3B8B74768CBD2D Edit: Any chance I could get an all uppercase & and all lowercase? Per the free offer, these do have numbers sprinkled in: PrivPart (WIF): KzhVUATVxF2F8tbEu9Czv11goAxu7JTRTdeN3W4zg4acsC8hzujT Address (WIF): 1KT1C2KR3B5JP5GPL3MUEYN8RX8HWQ59L5
PrivPart (WIF): L3gJUkoM97hvbMX9Co7mouRQfjjMMwp6ebTsa2veUoEici94LP3s Address (WIF): 1942t5fx93in6emv9ibdd4cz9xcnt4ewrk
Please note that the full private key for either address can be used to compute the private key for the other. Any idea roughly what it would cost for an all lowercase/uppercase letter address? I might be interested.
Probably the BTC equivalent of $100-$200 for all uppercase except for the leading 1 and $300-$500 for all lowercase except for the leading 1. Those prices are estimates based on testing I did (which is where my donation address came from), I would need to actually do the math on my costs before taking orders.
|
|
|
What?Want an address that has no upper case letters (e.g. 184wwh1dtg8xv858d1n1ktj2cpvvbjugft) or no lower case letters (e.g. 1GNGTB96XPDHQ47Y6SNP8KN3YNPLFUP6B8)? I can do that - for free. I have some custom software that lets me do this a lot faster than vanitygen. Is this safe?Yes. I do split-key address generation, which prevents me from ever seeing your private key. InstructionsThese are based on ones provided by LoyceV and shorena. 1) Go to https://www.bitaddress.org/ move your mouse/type in the field until it shows 100%, then wait a few seconds. Optionally (but recommended), you can download the code, verify the signature, and run it offline. 2) Click " Vanity Wallet", then click the " generate" button to make a keypair. 3) Save your private key somewhere safe. 4) Reply to this thread with your public key, and whether you want "all letters uppercase" or "all letters lowercase". Addresses will still include numbers. 5) I'll reply with your " part private key". 6) Go back to the " Vanity Wallet" screen on https://www.bitaddress.org/. 7) Under Step 2, paste your private key in the first field and the part private key in the second, then click " Calculate Vanity Wallet". 8 ) Copy your " Vanity Private Key". 9) Click " Wallet Details", then paste your " Vanity Private Key" into the box and click " View Details". Your address will be under " Bitcoin Address Compressed" and your final private key under " Private Key WIF Compressed". Import it into your wallet. Can I choose a prefix?No. I may offer this for a fee in the future. Why is this free?I'd like to offer some high end address generation services, such as all upper case and all lower case letters (except the leading 1) in the future (please PM me if interested). Before I do that, I want to make sure there are no issues with the process. DisclaimerI may stop or change the terms of this giveaway at any time, and I reserve the right to refuse service to anyone for any reason. This service is offered without warranty of any kind. Donations1woukheyeacxfpxtpkxjqxureevdkbywj
|
|
|
George, I do Bitcoin research that involves attempting to crack keys that were generated with non-standard tools (e.g. http://fc16.ifca.ai/preproceedings/36_Vasek.pdf). I am curious as to your opinion on the following: * What law(s), if any, would be broken if I were to used cracked private keys to take the Bitcoin for myself? To be clear, I don't believe this would be ethical, and wouldn't do it even if it didn't break any laws, but I'm nonetheless interested in the legal aspects. * Would it be legal to create a transaction with the coins in an attempt to alert the owner, provided I paid the fees for such a transaction myself and the transaction kept the coins in the same address? If not, what law do you believe this would violate? * Would it be legal to move the coins into an address I control, then make a good faith effort to find the rightful owner? If so, what would be appropriate to require in terms of verification? What happens if the rightful owner cannot be found for a long time? * Is there any way to get standing to have a court to rule on any of this without exposing myself to criminal prosecution? My current MO is not to touch any coins I find private keys for and avoid publishing the keys, and I'm not going to change that unless I get a really solid opinion from a lawyer in my state that says I can.
|
|
|
You can't fix stupid, not even with key-stretching.
True, but you can mitigate it, at least to some extent. I probably should try getting WarpWallet to accept my patches again.
|
|
|
1GjjGLYR7UhtM1n6z7QDpQskBicgmsHW9kSomeone put 250 BTC on that address, that was hacked by a white hat hacker, who tried to warn the owner (and did not simply take the coins, yes, people like this exist) by adding more and taking it back, but the owner did not notice, so the hacker traced the owner to a mining pool, and found the owner's phone number, and called to explain...this lengthy story was presented during a DEFCON conference. That was me. I think brain wallets should be strengthened by salting, and by using key-stretching, as in BIP38, this would make hacking all but the weakest passphrases totally impractical. With this post, I request from software developers to include a new brain wallet generator, with separate boxes for passphrase and salt, and with some heavy key-stretching to slow down those hackers. Something like this: key=GenerateKey[scrypt[Hash[passphrase]||Hash[salt]]]
WarpWallet does something like that. Using it with a salt and six diceware words (use actual dice!) should be sufficient unless you're Satoshi. I still strongly recommend against coming up with your own password or passphrase, and BIP39 + BIP32 is better for a number of other reasons.
|
|
|
|