guwfwkz (OP)
Newbie
Offline
Activity: 8
Merit: 0
|
|
January 22, 2016, 08:12:18 PM |
|
how it can work for me? import random import hashlib BASE58 = '23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' def Candidate(): """ Generate a random, well-formed mini private key. """ return('%s%s' % ('S', ''.join( [BASE58[ random.randrange(0,len(BASE58)) ] for i in range(29)]))) def GenerateKeys(numKeys = 10): """ Generate mini private keys and output the mini key as well as the full private key. numKeys is The number of keys to generate, and """ keysGenerated = 0 totalCandidates = 0 while keysGenerated < numKeys: try: cand = Candidate() # Do typo check t = '%s?' % cand # Take one round of SHA256 candHash = hashlib.sha256(t).digest() # Check if the first eight bits of the hash are 0 if candHash[0] == '\x00': privateKey = GetPrivateKey(cand) print('\n%s\nSHA256( ): %s\nsha256(?): %s' % (cand, privateKey, candHash.encode('hex_codec'))) if CheckShortKey(cand): print('Validated.') else: print('Invalid!') keysGenerated += 1 totalCandidates += 1 except KeyboardInterrupt: break print('\n%s: %i\n%s: %i\n%s: %.1f' % ('Keys Generated', keysGenerated, 'Total Candidates', totalCandidates, 'Reject Percentage', 100*(1.0-keysGenerated/float(totalCandidates)))) def GetPrivateKey(shortKey): """ Returns the hexadecimal representation of the private key corresponding to the given short key. """ if CheckShortKey(shortKey): return hashlib.sha256(shortKey).hexdigest() else: print('Typo detected in private key!') return None def CheckShortKey(shortKey): """ Checks for typos in the short key. """ if len(shortKey) != 30: return False t = '%s?' % shortKey tHash = hashlib.sha256(t).digest() # Check to see that first byte is \x00 if tHash[0] == '\x00': return True return False
|
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1036
|
|
January 23, 2016, 08:14:31 AM |
|
This is a Python script for generating the "mini" private key used on Casascius coins. The first step is not to use it, as Python's random function is: "is completely unsuitable for cryptographic purposes" (which you can read right above the code snippet on https://en.bitcoin.it/wiki/Mini_private_key_format#Creating_mini_private_keys - you would need someone to harden the crypto in the code first. Mini key also has a much smaller keyspace than a full-size private key, and therefore is not as cryptographically strong, although reversing this key space is still hard. To run it, you just install Python 2 (Mac OSX and Linux will already have python), save the script as a file like "minikey.py", and run it with a command python minikey.py
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
January 23, 2016, 10:23:03 AM |
|
This is a Python script for generating the "mini" private key used on Casascius coins. The first step is not to use it, as Python's random function is: "is completely unsuitable for cryptographic purposes" (which you can read right above the code snippet on https://en.bitcoin.it/wiki/Mini_private_key_format#Creating_mini_private_keys - you would need someone to harden the crypto in the code first. Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used? Mini key also has a much smaller keyspace than a full-size private key, and therefore is not as cryptographically strong, although reversing this key space is still hard. To run it, you just install Python 2 (Mac OSX and Linux will already have python), save the script as a file like "minikey.py", and run it with a command python minikey.pyIt needs one more line at the end to call the "main" function: GenerateKeys()
|
Im not really here, its just your imagination.
|
|
|
Indianacoin
|
|
January 23, 2016, 11:10:07 AM |
|
It seems to convert a 51 character private key into a 20-30ish character "Mini Key", all one needs to do is use the SHA256 hash function. You can try this out on Python. It produces sample 30-character SHA256-based mini private keys in Python: import random import hashlib BASE58 = '23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' def Candidate(): """ Generate a random, well-formed mini private key. """ return('%s%s' % ('S', ''.join( [BASE58[ random.randrange(0,len(BASE58)) ] for i in range(29)]))) def GenerateKeys(numKeys = 10): """ Generate mini private keys and output the mini key as well as the full private key. numKeys is The number of keys to generate, and """ keysGenerated = 0 totalCandidates = 0 while keysGenerated < numKeys: try: cand = Candidate() # Do typo check t = '%s?' % cand # Take one round of SHA256 candHash = hashlib.sha256(t).digest() # Check if the first eight bits of the hash are 0 if candHash[0] == '\x00': privateKey = GetPrivateKey(cand) print('\n%s\nSHA256( ): %s\nsha256(?): %s' % (cand, privateKey, candHash.encode('hex_codec'))) if CheckShortKey(cand): print('Validated.') else: print('Invalid!') keysGenerated += 1 totalCandidates += 1 except KeyboardInterrupt: break print('\n%s: %i\n%s: %i\n%s: %.1f' % ('Keys Generated', keysGenerated, 'Total Candidates', totalCandidates, 'Reject Percentage', 100*(1.0-keysGenerated/float(totalCandidates)))) def GetPrivateKey(shortKey): """ Returns the hexadecimal representation of the private key corresponding to the given short key. """ if CheckShortKey(shortKey): return hashlib.sha256(shortKey).hexdigest() else: print('Typo detected in private key!') return None def CheckShortKey(shortKey): """ Checks for typos in the short key. """ if len(shortKey) != 30: return False t = '%s?' % shortKey tHash = hashlib.sha256(t).digest() # Check to see that first byte is \x00 if tHash[0] == '\x00': return True return False
|
|
|
|
guwfwkz (OP)
Newbie
Offline
Activity: 8
Merit: 0
|
|
January 23, 2016, 12:34:46 PM |
|
This is a Python script for generating the "mini" private key used on Casascius coins. The first step is not to use it, as Python's random function is: "is completely unsuitable for cryptographic purposes" (which you can read right above the code snippet on https://en.bitcoin.it/wiki/Mini_private_key_format#Creating_mini_private_keys - you would need someone to harden the crypto in the code first. Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used? Mini key also has a much smaller keyspace than a full-size private key, and therefore is not as cryptographically strong, although reversing this key space is still hard. To run it, you just install Python 2 (Mac OSX and Linux will already have python), save the script as a file like "minikey.py", and run it with a command python minikey.pyIt needs one more line at the end to call the "main" function: GenerateKeys()still not work Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32 Type "help", "copyright", "credits" or "license" for more information. >>> import key >>> GenerateKeys() Traceback (most recent call last): File "<stdin>", line 1, in <module> NameError: name 'GenerateKeys' is not defined
|
|
|
|
guwfwkz (OP)
Newbie
Offline
Activity: 8
Merit: 0
|
|
January 23, 2016, 12:46:16 PM |
|
it work , >>> from key import * >>> GenerateKeys()
S7c64uJjYpFtp2GrEc3RFaVyzJaJoN SHA256( ): e505c601b721b32c0b9b13bff24432ced1e8d37173d89de345cbd6a1b3a09605 sha256(?): 00c7e27df362561ffeffe1653b1c01cc1e44a07e8e547da151773fb5758fc41f Validated.
Thank you to all of you,i was just trying the same way
|
|
|
|
guwfwkz (OP)
Newbie
Offline
Activity: 8
Merit: 0
|
|
January 23, 2016, 02:20:54 PM |
|
Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?
impossible. Mini key keep using SHA256 .
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
January 23, 2016, 05:42:50 PM |
|
Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?
impossible. Mini key keep using SHA256 . So? If I SHA256 all numbers from 0 to 127 and give you a single hash you could just brute force the number to it. IF - and that was my question - random number generator was indeed insufficient it might be vulnerable to the same attack. The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible.
|
Im not really here, its just your imagination.
|
|
|
deepceleron
Legendary
Offline
Activity: 1512
Merit: 1036
|
|
January 23, 2016, 07:20:35 PM |
|
It needs one more line at the end to call the "main" function:
GenerateKeys()
Oops, I didn't notice that there is no 'main' function, it's just a library. A pythonesque way of adding that so that the file still remains an importable library is to add at the end: if __name__ == "__main__": GenerateKeys(1)
The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible.
It still practically strong. A Bitcoin address is ripemd(160) which usually results in a 34 character base58-encoded number. The minikey is a 30-character base58 number, and so is a reduction below the full strength entropy possible - it can't possibly generate the full set of bitcoin addresses. Schemes like electrum wallet have used even smaller 128 bit seeds.
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
January 23, 2016, 07:52:40 PM Last edit: January 23, 2016, 08:12:12 PM by shorena |
|
-snip- The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible.
It still practically strong. A Bitcoin address is ripemd(160) which usually results in a 34 character base58-encoded number. The minikey is a 30-character base58 number, and so is a reduction below the full strength entropy possible - it can't possibly generate the full set of bitcoin addresses. Schemes like electrum wallet have used even smaller 128 bit seeds. I did some reading and this[1] sounds to me like python's random is limited to 2 53 bit. The use of RIPMD-160 or SHA256 does not really matter in this case. The 1st Casascius series had at least 3,500 coins produced with 1 BTC each. If we assume typical oclvanitygen performance an attacker could generate up to 100million keys/addresses per second[3]. This would allow someone to search the entire 2 53 bit space in only 2.8 years. With the birthday paradox and the number of coins in mind it sounds like a feasible attack. Edit: nevermind: The random number generator used is the Microsoft secure random number generator in the System.Security.Cryptography namespace of the Microsoft .NET 4.0 Framework. In addition, the custom application also asks for a "mash" of characters from the keyboard of no fewer than 50 characters, each time the application is run, which is answered with a string of non-memorable characters by "spidering" fingers around the keyboard. The application generates a second pseudo-random byte stream using the SHA256 hash algorithm on this "mash" plus an incrementing nonce, and this second random number stream is combined with the first one using modular addition before being used as key material. The "mash" string is never kept.
source: https://www.casascius.com/controls.aspx[1] https://docs.python.org/2/library/random.html[2] https://en.bitcoin.it/wiki/Casascius_physical_bitcoins#Original_series_1_BTC_coin[3] fastest rate reported using 2 GPUs -> https://bitcointalk.org/index.php?topic=25804.msg13552213#msg13552213
|
Im not really here, its just your imagination.
|
|
|
guwfwkz (OP)
Newbie
Offline
Activity: 8
Merit: 0
|
|
January 24, 2016, 01:17:12 AM |
|
Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?
impossible. Mini key keep using SHA256 . So? If I SHA256 all numbers from 0 to 127 and give you a single hash you could just brute force the number to it. IF - and that was my question - random number generator was indeed insufficient it might be vulnerable to the same attack. The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible. i think this is out off topic. are you guessing me trying to brute force ? I answer yes . but , in practice it is still not possible in accordance with that we want to brute force,. Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32 Type "help", "copyright", "credits" or "license" for more information. >>> pow(2,160) 1461501637330902918203684832716283019655932542976L >>>pow(2,53) 9007199254740992L >>> pow(2,256) 115792089237316195423570985008687907853269984665640564039457584007913129639936L
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
January 24, 2016, 09:06:14 AM |
|
Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?
impossible. Mini key keep using SHA256 . So? If I SHA256 all numbers from 0 to 127 and give you a single hash you could just brute force the number to it. IF - and that was my question - random number generator was indeed insufficient it might be vulnerable to the same attack. The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible. i think this is out off topic. are you guessing me trying to brute force ? I answer yes . but , in practice it is still not possible in accordance with that we want to brute force,. Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32 Type "help", "copyright", "credits" or "license" for more information. >>> pow(2,160) 1461501637330902918203684832716283019655932542976L >>>pow(2,53) 9007199254740992L >>> pow(2,256) 115792089237316195423570985008687907853269984665640564039457584007913129639936L
2 53 is possible to attack, maybe not for you, but its possible. Anyway, see my edit, it was not this exact script that was used, but just something like this.
|
Im not really here, its just your imagination.
|
|
|
guwfwkz (OP)
Newbie
Offline
Activity: 8
Merit: 0
|
|
January 24, 2016, 10:55:59 AM |
|
Was it this exact script? Wouldnt that make Casascius coins vulnerable to a brute force attack if a insufficient entropy source was used?
impossible. Mini key keep using SHA256 . So? If I SHA256 all numbers from 0 to 127 and give you a single hash you could just brute force the number to it. IF - and that was my question - random number generator was indeed insufficient it might be vulnerable to the same attack. The range would obviously be bigger, but the question is if its big enough to make an attack unfeasible. i think this is out off topic. are you guessing me trying to brute force ? I answer yes . but , in practice it is still not possible in accordance with that we want to brute force,. Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32 Type "help", "copyright", "credits" or "license" for more information. >>> pow(2,160) 1461501637330902918203684832716283019655932542976L >>>pow(2,53) 9007199254740992L >>> pow(2,256) 115792089237316195423570985008687907853269984665640564039457584007913129639936L
2 53 is possible to attack, maybe not for you, but its possible. Anyway, see my edit, it was not this exact script that was used, but just something like this. i see. in this case . The mini private key format offers a simple typo check code. Mini private keys must be generated in a "brute force" fashion, keeping only keys that conform to the format's rules. If a key is well-formed (30 Base58 characters starting with S), but fails the hash check, then it probably contains a typo. $ echo -n "S7c64uJjYpFtp2GrEc3RFaVyzJaJoN?" | shasum -a 256 00c7e27df362561ffeffe1653b1c01cc1e44a07e8e547da151773fb5758fc41f *-
If the SHA256 hash of the string followed by '?' doesn't result in something that begins with 0x00, the string is not a valid mini private key. so not just randoming key to qualify as mini key .they still use SHA256 as a key.
|
|
|
|
RoxxR
|
|
January 24, 2016, 11:04:21 AM |
|
253 is possible to attack, maybe not for you, but its possible. Anyway, see my edit, it was not this exact script that was used, but just something like this.
Up to what strength is an attack still possible nowadays (say assuming lots of money) ? Is it something like 2^64? I tried to google that but could find no clear answer.
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
January 24, 2016, 11:31:46 AM |
|
253 is possible to attack, maybe not for you, but its possible. Anyway, see my edit, it was not this exact script that was used, but just something like this.
Up to what strength is an attack still possible nowadays (say assuming lots of money) ? Is it something like 2^64? I tried to google that but could find no clear answer. Hard to say, it mainly depends on the attacker. 2 53 is based on someone with two strong gaming GPUs. This someone could be an old bitcoin miner with a high number of now obsolete mining GPUs. If you consider the GPU nodes of one of the top500 machines[1] (e.g. your state or near university trying to get your coins) the GPUs they use (e.g. Titan[2] has 3072[3] Tesla K20s[4] with 2496 cuda cores ea.) should be able to do ~45Mkeys/s[5] each or ~138Gkey/s. If those estimates are correct, they would go through 64 bit in ~4.3 years. That is certainly not feasible to get 3,500 BTC, but it shows who important a strong RNG is with todays technology. None of these estimates assume any weaknesses in the algorithms used, but rather a bad RNG as basis for the keys. [1] http://www.top500.org/[2] https://www.olcf.ornl.gov/titan/[3] https://en.wikipedia.org/wiki/Cray_XK7[4] https://en.wikipedia.org/wiki/Nvidia_Tesla#Specifications_and_configurations[5] basis for the estimate are the 1664 cuda cores of my GTX 970 that do ~30Mkey/s with highly optimized software like vanitygen.
|
Im not really here, its just your imagination.
|
|
|
vlamer
Member
Offline
Activity: 101
Merit: 11
N.E.E.T
|
|
January 24, 2016, 10:14:05 PM |
|
I think it was like a passphrase to generate privkey .
|
|
|
|
shorena
Copper Member
Legendary
Offline
Activity: 1498
Merit: 1540
No I dont escrow anymore.
|
|
January 24, 2016, 10:23:42 PM |
|
I think it was like a passphrase to generate privkey .
Thats a brainwallet.
|
Im not really here, its just your imagination.
|
|
|
|