Vanity Addresses, Last Digits?

[eddie13]

When I double and triple check what address I pasted to send to, I usually check the first few and last few characters of the address.. I see a lot about vanity addresses in the first few digits, but what about the last digits?

Is it as easy to make addresses with the last digits the same as it is the first?

Relating to sending security, if I check the first 5 and last 5 of an address is that pretty safe? Any vanity addresses out there that could quickly copy the first AND last digits of my addresses so I would think they are correct to send, but scam me in the middle?

How much of a BTC address do you need to verify is correct before making a send?
Is the end also vulnerable?

Supposing one of those malware things where it changes the addy when you paste, and it even tries hard to make a similar addy for you to paste to trick you, if that’s even a thing, but could be..

Can you also work on the end digits of an address for vanity?
I imagine yes, and security would just come down to the amount of total digits anywhere in the addy..
Eh?

[BlackHatCoiner]

Is it as easy to make addresses with the last digits the same as it is the first?

As far as I can imagine, it will be the same. Checksum is not a problem since vanity programs start from private key and go to address with all the hash algorithms. I'm not sure, but I guess same possibilities.

Relating to sending security, if I check the first 5 and last 5 of an address is that pretty safe? Any vanity addresses out there that could quickly copy the first AND last digits of my addresses so I would think they are correct to send, but scam me in the middle?

Just look the first 5 chars. Having both 5 first and last characters is pretty impossible for anyone. They're the same possibilities of having the first 10 characters of an address.

Can you also work on the end digits of an address for vanity?

Yes, you can. I believe there is an option on vanitygen. If no, then you can easily code one.

[Upgrade00]

Is it as easy to make addresses with the last digits the same as it is the first?

It gets progressively more difficult when you try to increase the number of the personalized characters in the address. The higher the number, the more difficult it would be to generate them.
"Vanitygen's search is probabilistic, and the amount of time required to find a given pattern depends on how complex the pattern is, the speed of your computer, and whether you get lucky."

Relating to sending security, if I check the first 5 and last 5 of an address is that pretty safe? Any vanity addresses out there that could quickly copy the first AND last digits of my addresses so I would think they are correct to send, but scam me in the middle?

That should be pretty safe. I do not think there is such a service which can quickly duplicate 10 characters in a wallet address as they are generated using base58check encoding

Consider this table from mastering Bitcoin;

Can you also work on the end digits of an address for vanity?
I imagine yes, and security would just come down to the amount of total digits anywhere in the addy..
Eh?

Correct me if I'm wrong, but addresses are generated sequentially, so you'd have to determine the first characters before the last, reason why most vanity addresses have prefixes added and not suffixes.

[xhomerx10]

Dudes!  That chart is so out of date.  Five digits is a cakewalk now.

You can search the entire address for a match so first 5 or last 5 is nearly equally likely excepting that the leading 1 is a given

edit
 This took 50 seconds:

Code:

PubAddress: 1BEBYj5e1dUTJTXMBEB1CR7Bf6XX2easy
PubAddress: 1Q9cYhy125Pqfi74Fp6rEwrNU8rdY2easy
PubAddress: 1JtbsA3WVUBn7pHMacHpori9AcNtk2easy
PubAddress: 16CzNEm5yHV9XH6CA2vxuFkgByPCK2easy
PubAddress: 1Mef9Sa3WcGFoDme4MFHLvchBs1tU2easy
PubAddress: 1JvqJD6hC5tRkhWAUvayU4ZCfUAxv2easy
PubAddress: 18J4mCnrMGpKESt4J4eLTzy42tMRE2easy
PubAddress: 15EYnfXiAgKDf3pvuJHrFeWULGuXR2easy
PubAddress: 1EMCH1Pdfw87ZrStsN34HDSSiQkrC2easy
PubAddress: 1Q3eReUGo3TqG17CyZ71pNCY4wG2b2easy
PubAddress: 143rCD8kLRJqKjNCCq3M55VrAsxfX2easy
PubAddress: 1P9KDjD7Ksd1U6FjVvntyvUBbHnwV2easy

 This took 10 seconds:

Code:

PubAddress: 12easyCr2Hgci6jggxDskFYyE2GQmLsRkx
PubAddress: 12easyZo8Xr1eoGYQksAwG1jJHf25DuMVJ
PubAddress: 12easyo66J9nDgSyHHUYSqFDXnY1zvj89Q
PubAddress: 12easynNCRzuz5ZMt2q4PBL9DJCAnTU7So
PubAddress: 12easyiyqdWtJfWcJAxkFTBea4vq76VkmB
PubAddress: 12easyWv2JKVbvrudrj3xp7Uy3W45ANnVc
PubAddress: 12easybqHdB2wZSH3F4wCm41ECwavrTHNQ
PubAddress: 12easyr9Byv3eriZaECP7hCaXmPCri9nvf
PubAddress: 12easyXP2nDyzjShHGvKiQTgs2yquoh9az
PubAddress: 12easyma2xtvyUoAP2ir4acTjfJyWw9pJN
PubAddress: 12easyC99TMtdaxJxEy4f67NmR4wuvaN1e
PubAddress: 12easyjdmZe1EVJzA7Wc1pQWwyrU22YTGs
PubAddress: 12easyZin4YyMYgAWSbToQUKQcANRoCykz
PubAddress: 12easyxVXLeemvtDWDiiigQBtsWyWzFkvQ
PubAddress: 12easy2k81XjyQUxjgsbKP75jRFkkrDpeF
PubAddress: 12easyDqf5rWvKbhGmtNrtvUK5xin69cHm
PubAddress: 12easyum2Jm9C2G8BkLPNeq5yJnS98gopp
PubAddress: 12easyZLPwfzJLcZZGoVWVgUxHGpZViCty
PubAddress: 12easyugAJzv3qTr6FZZw99sruocMHezwn
PubAddress: 12easyM7uNpAZvoN6UL3GLu8DbqdLxp6MR
PubAddress: 12easybgDqMaCe5wfAzVougMnByZqJJVEK
PubAddress: 12easyj1B8hYm6WZ8xGv8kSvHNCjsMezFa
PubAddress: 12easy7LWfihDckB7Q1jz32ZS2jWMrQyn2
PubAddress: 12easy8nobiL9gxigPKy6smVqFFrLr7Ftb
PubAddress: 12easyANUjEBh7Crtr1X24nHEBTKW2BNAr
PubAddress: 12easyucSWncSYFritgTmYZDG3S7uRjHaB
PubAddress: 12easyCjc4gQ4vfCLUxnbHHV2bHjTn2Mkq
PubAddress: 12easy4bcEogeL1Xs7Qt8vYUhn7hJHvxN3
PubAddress: 12easyH1szHejp9ZsKNtf9TQX3F4E3stSm
PubAddress: 12easyXk4JHd1FjR8XMrzxS2CgD2JraAs9
PubAddress: 12easymykZUQk7bLtHT6zVxTbMWz4vbkcy
PubAddress: 12easyyXi9QYyLsTgApXehk22KFXTneiFL
PubAddress: 12easy5EFU22hra5AGS22gwxUQvUS7g4V4
PubAddress: 12easyC3Rz8weYKGJgVvPE58j6gCDEmSvC
PubAddress: 12easymK7RQc5bNZXdTDr2GXv5wV2etzvd
PubAddress: 12easyBCexaE64sUhVp75s6d5G469sxeFd
PubAddress: 12easytzaMmdBd1FknYEkc65zKDCwBktwT
PubAddress: 12easynAZtSUwGquWPtdTsiHhHfgSEqbJ2
PubAddress: 12easyggGPKotuHeQ89sZn2GaJyeHddDBi
PubAddress: 12easyBW4XUaacGjmieqvZtmUHj4oaVuoC
PubAddress: 12easyEE7PpowrSCvvCbQVJXd6bUxmWdu1
PubAddress: 12easyEKxXCiC62TTNwBjij37NAqo4Zw7q
PubAddress: 12easyxsRgPieUkARgYzM58cEfLFNrBgV2
PubAddress: 12easyitAwN5wN4vxsMfVTPik7CCbZXUuW
PubAddress: 12easyqexGcafYF6dnxh9pqd1kj6KY9PCk
PubAddress: 12easyP9tv1g3ewazNyzBgNojNTtTs8R4x
PubAddress: 12easyxguTPxmuKB4VXidbfwg7FChPptRL
PubAddress: 12easyYcMiUpUt5FWHojUgnxLFooEJ9RFu
PubAddress: 12easyH4srxmc3UUi7tDpjThg3UppfXjDY
PubAddress: 12easyDshtPAd47yBVjMP81L9yjmYMeDSZ
PubAddress: 12easym28YU18pDaLZWJXaTW1TDK14PpuG
PubAddress: 12easyKPdWSyCUZazSm1J32mraTtEbSBXn
PubAddress: 12easyRix8os6tZ7ghMA9jt344Z23JtLf5
PubAddress: 12easyL72XLNiHF7hdewrPiZUHBSTGTsRB
PubAddress: 12easy4ju38R4f3WrqYjs5zpH1ZGdpRyfk
PubAddress: 12easyCXx6Q7hQXYKUBENMs7GWGAxDbPGx
PubAddress: 12easyp8cQvFew69i6uzzgpqWv9SCDBbxh
PubAddress: 12easyqxJ29eRhUTx1jQwyD6S12rjWqmDz
PubAddress: 12easyCb6FNgzHKjHkSNdC6b8Sk9JFKCbV
PubAddress: 12easybyyGb6dJrBeKDByJvEQjaZaK7gfb
PubAddress: 12easyTrGVoPTXVYKkztgyqadbMbAP8QVB
PubAddress: 12easyikAqXspm3gbW3TUveUJYUay9ZZKH
PubAddress: 12easyYRUdyNcNVwpBU64kQffBm3fpUM2L
PubAddress: 12easyhiWfgW9qjE9NM97jf8JNn81bfPT1
PubAddress: 12easyuPBRR6ihG1JganeGra1o6qyuViSQ
PubAddress: 12easyMpxbcy2oEiH6Uq5jfCWEk6iFHx6R
PubAddress: 12easyuQvMgXjQFF34rn7NPopxXw6yq8YE
PubAddress: 12easyFr53Jpz2ZREo86wVkNX8iNYLH7Va
PubAddress: 12easytGWqMYqH4nwdjFj2txAzDkqxJSt7
PubAddress: 12easyKUArZh5989ptqxV9eBgyELCJjfbW

[hatshepsut93]

You can target any positions with vanity adress generation, because all it does is just generating private keys, deriving public keys and addresses and matching them against the desired pattern, which can be anything.

How much characters is "enough" to check will change over time, because as hardware gets more powerful, the more characters can be vanitiygened.

I would recommend to check the whole address, but do this programmatically. I personally just wrap both addresses in "", open browser's console, which is a Javascript execution environment, and paste a statement "address1" == "address2". The console will immediately tell true of false, which means addresses match or they don't.

[erikoy]

<snip>

which means that you are safe in the way you are doing on how to check bitcoin address before sending. The Vanity address takes time to search for a BTC address that can match your btc address. Besides, anyone whom you will be sending with your btc address is not being manually encoded for it is just being copied and paste so no way you can get confused whether you have input the wrong address or receiving the wrong btc address. Checking it is just to make sure your transaction to become successfully receiving or sending the right address you use.

[o_e_l_e_o]

I would recommend to check the whole address, but do this programmatically. I personally just wrap both addresses in "", open browser's console, which is a Javascript execution environment, and paste a statement "address1" == "address2".

Surely if you are concerned regarding clipboard malware, then using the copy and paste function as part of your checking procedure defeats the purpose of the check? If you copy the addresses in to the console and the clipboard malware changes them both, then your statement will return true despite the addresses being modified.

I've never really understood all the debate about how many characters is safe enough. Checking the entire address takes 15 seconds. Resize the two windows on your computer or hold your phone up to the screen or whatever to put the two addresses physically next to each other so you can read them both simultaneously.

Why take an unnecessary risk, regardless of how small, for the sake of a few seconds?

[BlackHatCoiner]

Dudes!  That chart is so out of date.  Five digits is a cakewalk now.

Most people afraid of buying bitcoin on its high and then selling it on its low. I'm personally afraid of what will be a "cakewalk" after 2 decades.

I've never really understood all the debate about how many characters is safe enough. Checking the entire address takes 15 seconds.

You're right within certain limits. Checking the address does not take long. Although, if I ever saw anything malicious on my clipboard, I won't even risk to transfer bitcoins from that pc, no matter the "check" I would do to the address' characters. It would be very clear that my pc is not safe. So if I ever see my copy-paste doing its own stuff, I'll simply stop using my wallet.

[NotATether]

Dudes!  That chart is so out of date.  Five digits is a cakewalk now.

You can search the entire address for a match so first 5 or last 5 is nearly equally likely excepting that the leading 1 is a given

Did this speed boost have to do with compute speeds on NVIDIA GPUs becoming several times faster over the past few years, or is it because the programs that find them got some optimizations since then?

I really don't think it's the latter as the only rewrite of a vanity generator I've seen made recently is VanitySearch. Even that looks like abandonware now as @Jean_Luc was last seen online one month ago, and the last commit to https://github.com/JeanLucPons/VanitySearch was on September 9.

I think we can do better than this. Riding on technological advancements from NVIDIA is convenient, but I'm sure there are ways to optimize the programs that make vanity addresses.

[Pffrt]

Any vanity addresses out there that could quickly copy the first AND last digits of my addresses so I would think they are correct to send, but scam me in the middle?

If you are going to check & in the first and 5 in the last, it will be total 10 characters which hackers need to find within? Within the time frame you are sending the BTC. So, it looks like he must have to create the address within 2/3 minutes maximum which isn’t that easy as finding 10 characters in vanity isn’t easy at all.

[ABCbits]

Just check the whole address slowly if you don't want lose your Bitcoin or sending to wrong address. But you should be fine with checking some characters on random position (e.g. 5 first, 5 last and 5 starting from 15th position).

Dudes!  That chart is so out of date.  Five digits is a cakewalk now.

You can search the entire address for a match so first 5 or last 5 is nearly equally likely excepting that the leading 1 is a given

If you check the chart/table source, it's created with average desktop CPU few years ago, not with dedicated GPU.

[NeuroticFish]

How much of a BTC address do you need to verify is correct before making a send?

The best practice I know is to check not only the start and end, which are vulnerable to vanity generators, instead also check something from random position in the middle.
I usually pick some sequence I find easy to remember, 4-5 characters in the middle.
I find that more important than checking the start and the end.

You'd have to be extremely unlucky to find a hacker that impersonates the start, the end and also exactly the sequence you've picked from the middle...

[o_e_l_e_o]

So, it looks like he must have to create the address within 2/3 minutes maximum which isn’t that easy as finding 10 characters in vanity isn’t easy at all.

Not necessarily. I remember seeing clipboard malware which had an internal database of 2 million addresses, so it could pick one which more closely resembles the one it is replacing. It is also conceivable that an attacker could host a database of hundreds of millions of possible addresses which the malware could query to find a suitable match.

The best practice I know is to check not only the start and end, which are vulnerable to vanity generators, instead also check something from random position in the middle.

There is no reason a vanity generator couldn't look for specific characters from the middle of an address either.

You'd have to be extremely unlucky to find a hacker that impersonates the start, the end and also exactly the sequence you've picked from the middle...

Unlucky yes, but still possible. The only way to guarantee safety is to check the whole address.

[eddie13]

Nice replies guys thanks..