kneim
Legendary
Offline
Activity: 1666
Merit: 1000
|
|
December 25, 2012, 01:25:39 PM |
|
Please go on with finding the right owner, with a minimum of effort, of course.
The owner is not necessarily the one that did the mistake. I think of payments from glbse or bitmarket.eu. Help to keep up trust in Bitcoins.
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3486
Merit: 4851
|
|
December 25, 2012, 01:31:24 PM |
|
. . . Still I don't believe this is a collision . . . Assuming the private key is randomly generated . . .
Exactly, assuming the private key was generated using an appropriately random seed. Now, seeing as this is a Vanity Address, do we know what the source of randomness is for generating the keys? If the particular Vanity Address generator used insufficiently random information to generate the key-pair, the chances of a collision could potentially be quite high.
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1724
|
|
December 25, 2012, 01:34:09 PM |
|
Nice Christmas presents you got there, OP
|
Signature space available for rent.
|
|
|
Nyhm
|
|
December 25, 2012, 03:40:13 PM Last edit: December 25, 2012, 07:44:31 PM by Nyhm |
|
It has come to my attention that this Simple Vanity Address Generator was the source of the address in question. I assure you there is nothing intentionally malicious in the code, but it's one of the first Bitcoin applications I had written, and it could have bugs. In fact, I explain exactly that (and even warn against using it since it's closed source) on the page linked above. I think what TheButterZone is doing here is honorable, and I want to do the right thing to. The generator is based on bitcoinj, and if there is any possibility of a collision attack the simple way I'm using it, this could be very important to the Bitcoin community (and bitcoinj developers). (EDIT: Although I think it's really unlikely.) Give me a couple days (holidays) and I'll follow up.
|
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
December 25, 2012, 03:44:25 PM |
|
I think that at least you were lucky that if this is a bug then you found a very honorable forum member to have found it with.
|
|
|
|
LoweryCBS
Sr. Member
Offline
Activity: 364
Merit: 250
firstbits 1LoCBS
|
|
December 25, 2012, 05:09:14 PM |
|
(I understand that we don't know yet what's going on here, and it may or may not be vanity-address generator related) VanityGen https://bitcointalk.org/index.php?topic=25804.0 is open source - does it have any similar issues or know problems?
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1138
All paid signature campaigns should be banned.
|
|
December 25, 2012, 05:27:25 PM |
|
Interesting. So if there is a problem with the randomness of the vanity generator in question then it is totally possible there is a collision. I would then suggest moving the coins in question to another vanity address. How about 1callme... or something like that?
That would get the other owner's attention for sure.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 25, 2012, 06:57:15 PM |
|
(I understand that we don't know yet what's going on here, and it may or may not be vanity-address generator related) VanityGen https://bitcointalk.org/index.php?topic=25804.0 is open source - does it have any similar issues or know problems? no it hasnt, it relys on OpenSSL to generate random entropy for generating key, this system is complex enough to call it "true random". altough note there is no such thing as random in our universe, since this is so complex it just is called random, still its good enough for what its needed (no collisions so far)!
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
GlooBoy
Copper Member
Member
Offline
Activity: 97
Merit: 10
Leave everything to me!
|
|
December 25, 2012, 07:11:15 PM |
|
Heres a interesting twist that may / may not be related.
Someone is giving away bitcoins in OTC to random people.
Maybe a sercet-Santa
|
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4508
Merit: 3419
|
|
December 25, 2012, 07:45:10 PM Last edit: December 26, 2012, 09:31:27 AM by odolvlobo |
|
(I understand that we don't know yet what's going on here, and it may or may not be vanity-address generator related) VanityGen https://bitcointalk.org/index.php?topic=25804.0 is open source - does it have any similar issues or know problems? no it hasnt, it relys on OpenSSL to generate random entropy for generating key, this system is complex enough to call it "true random". altough note there is no such thing as random in our universe, since this is so complex it just is called random, still its good enough for what its needed (no collisions so far)! OpenSSL doesn't "generate" entropy, it obtains it. The quality of the entropy depends on the provider and not on OpenSSL. For example, if two people (using the same vanity address generator) provide OpenSSL with the same entropy and ask for the same public key prefix, they will get the same private key. It is possible to build OpenSSL so that the value 0 is always provided as the entropy. This would not be an unusual bug. A developer might do this for testing or evaluating, and then forget to provide the real entropy in the released version. I have ported OpenSSL to a few devices, but I have not looked at any vanity address generator source. So, this information may not apply this case, but I think it is good to know in general.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns. PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
TheButterZone (OP)
Legendary
Offline
Activity: 3080
Merit: 1032
RIP Mommy
|
|
December 25, 2012, 07:52:56 PM |
|
BTW: When people say chances of collision is low they don't mean 'low' as people use the word in normal everyday life. In reality the chances are infinitely small. The chance of Sol going supernova in the next microsecond is considerably larger then the chance of a collision ever occurring. For a properly generated address, right. But this one came from a closed source vanity address generator of dubious design. The generator I used: http://nyhm.net/bitcoin/vanity/The topic about the generator: https://bitcointalk.org/index.php?topic=76038.0
|
Saying that you don't trust someone because of their behavior is completely valid.
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 25, 2012, 08:37:17 PM |
|
(I understand that we don't know yet what's going on here, and it may or may not be vanity-address generator related) VanityGen https://bitcointalk.org/index.php?topic=25804.0 is open source - does it have any similar issues or know problems? no it hasnt, it relys on OpenSSL to generate random entropy for generating key, this system is complex enough to call it "true random". altough note there is no such thing as random in our universe, since this is so complex it just is called random, still its good enough for what its needed (no collisions so far)! OpenSSL doesn't "generate" entropy, it obtains it. The quality of the entropy depends on the provider and not on OpenSSL. For example, if two people (using the same vanity address generator) provide OpenSSL with the same entropy and ask for the same public key prefix, they will get the same private key. It is possible to build OpenSSL so that the value 0 is always provided as the entropy. This would not be an unusual bug. A developer might do this for testing or evaluating, and then forget to provide the real entropy in the released version. check out the source of vanitygen then u know what im talking about.
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
Otoh
Donator
Legendary
Offline
Activity: 3108
Merit: 1166
|
|
December 25, 2012, 08:39:54 PM Last edit: December 26, 2012, 07:03:09 PM by Otoh |
|
Fascinating indeed, I suspect a FirstBits typo myslef <--- (didn't mean to do that but there you go, so easy) as others have suggested, lots of kudos & good karma* to you for posting about it, maybe someone's offline storage stash address got typo-ed & they haven't been monitoring the balance, or a Casascius coin/savings bar where someone read the FB address incorrectly (quite easy sometimes). I can also see a cool film script though if you mixed this kind of typo with say a 'Bangkok Dangerous' style assassin for hire's remunerations etc now that Swiss banks are so useless (UBS - cough, cough*). Hmmm, some anon just sent me 5k btc again - how strange, oh well back to the news: Reports are just coming in of yet another suspicious death linked to the mysterious ZTT group, the Zeta Taco Triad. edit: possible FB Typos for 1TBZjm ---> 1T8Zjm 1TBZim 1TBZjn 1TB2jm 1TBZmj 1TBZj = nope so far As LoweryCBS found, 1TBZm = https://blockchain.info/address/1TBZm3dGkbz7VggzzPAGaXh4hvHxJZNCJ is most interesting for it's high value TXs & I bet this was the intended recipient, it will be interesting to see how this unfolds. edit: https://blockchain.info/address/1N6sjewYZYu5C3FjEuEYNw8Dop2nFUBGFe Illuminati O_O *karma being, not what happens to you but how you react to what happens to you ~ so far, so good...
|
|
|
|
Nyhm
|
|
December 25, 2012, 08:44:31 PM |
|
BTW: When people say chances of collision is low they don't mean 'low' as people use the word in normal everyday life. In reality the chances are infinitely small. The chance of Sol going supernova in the next microsecond is considerably larger then the chance of a collision ever occurring. For a properly generated address, right. But this one came from a closed source vanity address generator of dubious design. The generator I used: http://nyhm.net/bitcoin/vanity/The topic about the generator: https://bitcointalk.org/index.php?topic=76038.0Note my post above and at the vanity generator topic. One thing I want to make sure I understand: BTC are being sent to your public vanity address, not taken from it, yes? This is, of course, very important. It's a wild leap to go from receiving BTC at an address to considering the possibility of a collision. If BTC is ever taken from the address without your direct intervention, then that's another thing. (Even in that case, it's much more likely your private key was compromised in some way, rather than a collision.) So, I'm keen to follow this very interesting situation, and will assist in any way possible. Here's what folks can do (as will I): Run the vanity generator with the same first bits in question (or the whole thing for that matter). If anyone hits upon the target address, let us know (and prove it). In fact, if you can ever produce any duplicate address, it would be remarkable, and the research would certainly be valuable for the Bitcoin/bitcoinj community (the generator uses the bitcoinj library to produce addresses). (PS I actually have some updates in the works for this utility, but I'll keep the v0.4 version up there for now. Note the clear warnings on the page.) EDIT: There's an (undocumented) command-line switch for non-gui searching. Try this: java -jar VanityAddress-v0.4.jar TBZ --case-sensitive
|
|
|
|
TheButterZone (OP)
Legendary
Offline
Activity: 3080
Merit: 1032
RIP Mommy
|
|
December 25, 2012, 09:07:21 PM Last edit: December 25, 2012, 11:05:25 PM by TheButterZone |
|
BTW: When people say chances of collision is low they don't mean 'low' as people use the word in normal everyday life. In reality the chances are infinitely small. The chance of Sol going supernova in the next microsecond is considerably larger then the chance of a collision ever occurring. For a properly generated address, right. But this one came from a closed source vanity address generator of dubious design. The generator I used: http://nyhm.net/bitcoin/vanity/The topic about the generator: https://bitcointalk.org/index.php?topic=76038.0Note my post above and at the vanity generator topic. One thing I want to make sure I understand: BTC are being sent to your public vanity address, not taken from it, yes? This is, of course, very important. It's a wild leap to go from receiving BTC at an address to considering the possibility of a collision. If BTC is ever taken from the address without your direct intervention, then that's another thing. (Even in that case, it's much more likely your private key was compromised in some way, rather than a collision.) So, I'm keen to follow this very interesting situation, and will assist in any way possible. Here's what folks can do (as will I): Run the vanity generator with the same first bits in question (or the whole thing for that matter). If anyone hits upon the target address, let us know (and prove it). In fact, if you can ever produce any duplicate address, it would be remarkable, and the research would certainly be valuable for the Bitcoin/bitcoinj community (the generator uses the bitcoinj library to produce addresses). (PS I actually have some updates in the works for this utility, but I'll keep the v0.4 version up there for now. Note the clear warnings on the page.) EDIT: There's an (undocumented) command-line switch for non-gui searching. Try this: java -jar VanityAddress-v0.4.jar TBZ --case-sensitiveYep, thanks. 519.704 total was sent to it, and nothing was taken. Since receiving that amount (and 0.1337 BTC inbetween that I won in a "first person to post your address gets free BTC" contest), I split off the 519.704 (minus 1 satoshi) amount to another key, and my own BTC to another key. This way, 1) If someone does have the same private key for 1TBZjmXho6mdGhoESaMV2svtqJXYtWfEp, they can't spend my BTC 2) If they are paying attention to their balances, it will appear their BTC has been stolen, so hopefully they will find this topic 3) Hopefully this will prevent confusion in other ways.
|
Saying that you don't trust someone because of their behavior is completely valid.
|
|
|
grue
Legendary
Offline
Activity: 2058
Merit: 1452
|
|
December 25, 2012, 10:55:15 PM |
|
Developers, is there any way to prevent collisions, so we don't have to put monitors on all our addresses? it's astronomically unlikely that a real collision occurred
|
|
|
|
btctalk
|
|
December 25, 2012, 11:53:49 PM |
|
The probability that a real collision happened is really low, also it's not possible to have that possibility and one more to be the receiving address of BTC500+ ... lol what did you want from santa this year?
|
|
|
|
DoomDumas
Legendary
Offline
Activity: 1002
Merit: 1000
Bitcoin
|
|
December 26, 2012, 03:47:16 AM |
|
I suggest a donation to http://www.videoneat.com/][url]http://www.videoneat.com/[/url] ! They just came up to accept BTC donation because I've suggested them to do so. They did'nt knew about BTC before ! This site is quite good. It host Lectures and Documentary. The site was built by 2 people. 2 people who have spent thousands of hours of work on it over the period of 8 months. This is related to TROM (The Reality Of Me), a must see ! 2 peoples have invest all their time and economy into this effort, for at least 8 month. They are now completely broke. If this came to a lost, it would be such a waste I urge anyone reading this to donate some BTC. If anyone reading gives 1% (or more, or less) of their BTC, they will see the number of donator, and will have some more time to keep it on ! I hope you will take a look at it, and will donate some. Thanks for your time, and please, at least, give some time to look at their awesome work ! Have a nice life !
|
|
|
|
🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
December 26, 2012, 04:38:33 AM |
|
I suggest a donation to [url]http://www.videoneat.com/]http://www.videoneat.com/][url]http://www.videoneat.com/[/url] ! They just came up to accept BTC donation because I've suggested them to do so. They did'nt knew about BTC before ! This site is quite good. It host Lectures and Documentary. The site was built by 2 people. 2 people who have spent thousands of hours of work on it over the period of 8 months. This is related to TROM (The Reality Of Me), a must see ! 2 peoples have invest all their time and economy into this effort, for at least 8 month. They are now completely broke. If this came to a lost, it would be such a waste I urge anyone reading this to donate some BTC. If anyone reading gives 1% (or more, or less) of their BTC, they will see the number of donator, and will have some more time to keep it on ! I hope you will take a look at it, and will donate some. Thanks for your time, and please, at least, give some time to look at their awesome work ! Have a nice life ! .. Are you videoneat?
|
|
|
|
|