Shouldn't we start using safer keys from now instead of waiting for problems?

[deus-ex-machina]

. . . Already had my wallet emptied from a brute-force.

How do you know that?

 

Because I know who did it. Same stalker as the one I had years ago. Finally found me again.

[1713480006]

1713480006

[1713480006]

1713480006

[DeathAndTaxes]

. . . Already had my wallet emptied from a brute-force.

How do you know that?

 

Because I know who did it. Same stalker as the one I had years ago. Finally found me again.

brute-force

[deus-ex-machina]

I know what it means. Trying every possible combination.

[DannyHamilton]

. . . Already had my wallet emptied from a brute-force.

How do you know that?

Because I know who did it. Same stalker as the one I had years ago. Finally found me again.

Sounds a bit paranoid, and a lot like an unlikely assumption.

It is not possible to try every possible combination to "brute-force" a private key.  The fact that you think someone did this doesn't make it true.

[deus-ex-machina]

I mean I know her personally. She brags about this stuff and the fact that she knew I was empty before I did is still weird.

[DannyHamilton]

If you told me she gained unauthorized access to your computer, I'd believe that.
If you told me she hacked into your computer and gained access to your wallet, I'd believe that.
If you told me that she brute-forced the password you set on your wallet (and your password was weak), I'd believe that.
If you told me she figured out the password on your wallet based on the things she knows about you, I'd believe that.
If you told me that you imported a private key that you generated from a passphrase, and that she figured out your passphrase based on the things she knows about you, I'd believe that.

But, regardless of what she has told you, she did not brute-force the necessary private key to spend/steal the bitcoins.

[payb.tc]

. . . Already had my wallet emptied from a brute-force.

How do you know that?

 

Because I know who did it. Same stalker as the one I had years ago. Finally found me again.

either that, or because your password was 12345 (same as my luggage).

[Spaceman_Spiff]

The global currency supply (M0) is roughly $5T

Then why does this Zerohedge post quote PIMCO (no small fry) saying there is 12.5 trillion $ in currency reserves around the world?
Are they not talking about M0?

http://www.zerohedge.com/news/2012-10-01/pimco-gold-simple-facts

[DannyHamilton]

The global currency supply (M0) is roughly $5T

Then why does this Zerohedge post quote PIMCO (no small fry) saying there is 12.5 trillion $ in currency reserves around the world?
Are they not talking about M0?

http://www.zerohedge.com/news/2012-10-01/pimco-gold-simple-facts

M0 generally only includes "Notes and coins (currency) in circulation".

If you are looking for a measurement that includes things like personal bank accounts and various electronic records of money then you are looking at something more like MB (includes Federal Reserve Bank credit) or M1 (includes traveler's checks of non-bank issuers, demand deposits, credit union share draft accounts, and other checkable deposits).

Quote from your linked site:

Globally there are roughly $12.5 trillion in physical and electronic currency reserves.

[Spaceman_Spiff]

M0 generally only includes "Notes and coins (currency) in circulation".

If you are looking for a measurement that includes things like personal bank accounts and various electronic records of money then you are looking at something more like MB (includes Federal Reserve Bank credit) or M1 (includes traveler's checks of non-bank issuers, demand deposits, credit union share draft accounts, and other checkable deposits).

Oh, ok, thanks!

[DeathAndTaxes]

As Danny pointed out it is M1 vs M0.  M1 is probably a better metric as under the extreme (and for the record highly implausible) scenario of Bitcoin replacing all currencies in the world not everyone is going to want to retain person local possession of their coins.  Banks holding Bitcoin reserves would emerge so if BTC replaced all global currencies we are likely talking about M1 not just M0.  Still not sure where the $12.5T comes from because M1 is closer to $50T.  Maybe they have some other metric they are using which is looser than M0 and tighter than M1.  Who knows.  For this purpose it doesn't really matter. $5T, $12.5T, $50T.  Bitcoin would do just fine.  It will be legal, social, and political challenges not technical issues that prevent this scenario.

[notme]

I mean I know her personally. She brags about this stuff and the fact that she knew I was empty before I did is still weird.

Perhaps she meant she hacked your system.  If she gained access to the computer with your wallet she could steal your funds.

[caveden]

As Danny pointed out it is M1 vs M0.  M1 is probably a better metric as under the extreme (and for the record highly implausible) scenario of Bitcoin replacing all currencies in the world not everyone is going to want to retain person local possession of their coins.  Banks holding Bitcoin reserves would emerge so if BTC replaced all global currencies we are likely talking about M1 not just M0.  

In that case maybe you shouldn't use the 21M BTC limit any longer, since the total "bitcoin" supply could be higher due to fiduciary inflation.
I think it's more reasonable to compare the 21M limit with the monetary base, since that's what it represents.

[scrybe]

I know the military can't break the laws of physics and I know you have no idea the scale you are talking about.  We aren't talking about "wow this GPU is 3x as fast as last years" we are talking about energy usage on the scale of sending an intersteller spacecraft to another star system to begin a human colony.  

At the thermodynamic limit (the limit of efficiency in storing information imposed by the laws of the universe) it would require an amount of energy more than 100,000 times greater than the global energy usage of the entire human last year just to count to 2^160.  160 bit can't be brute forced today, tomorrow, next century, and likely not anytime until material sciences become so advanced that they will threaten what you propose we upgrade to as well.

Given that k = 1.38×10-16 erg/°Kelvin, and that the ambient temperature of the universe is 3.2°Kelvin, an ideal computer running at 3.2°K would consume 4.4×10-16ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

To count to 2^160 (just count 1,2,3 ... 2^160) using a perfect computer would require 6.43x10^32 ergs.  To convert to a unit of power which is better known that is 1.78x10^16 kWh.  A next generation nuclear reactor (1500 MW, 90% capacity factor) can produce 4.257*10^13 kWh annually.  That means even if magical aliens gave us a perfect computer it would require ~420,000 reactor years to produce the energy necessary for it to count from 0 to 2^160.  Remember this is merely counting to the number 2^160.  To perform a brute force attack would require tens of thousands of operations per attempt.  So lets ballpark it to say ~50,000 brand new nuclear reactors constructed and running continually to power nothing but this non-existent alien tech perfect computer for the next 10,000 years .... and it would still only have less than a 10% chance of brute forcing a Bitcoin address.

So yes I know 160 bit keys won't be brute forced in the next 20 years.

This quote applies to 256 bit keys but to a lesser extent it applies to 160bit hashes as well.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

http://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html

+2^160

Let me google that for you.... ah, here's a nice chart:
  http://dollardaze.org/blog/?post_id

There is about 5 trillion dollars in currency in the world.

Are you sure this calculations are correct ?
Also, does "other currencies" contain gold & silver bullions + diamonds ?

Even if these calculations are correct then we have roughly 5,000,000,000,000,000 (5 quadrillions in US scale or 5 trillions in normal scale) units of dollars in circulation. If you add 2 more zeros for penny, then we have

=5,000,000,000,000,000,00 units of dollars vs
21,000,000,000,000,000 units of bitcoin

So no, as you can see - it isn't enough. At least 2 zeros (or better 3) are missing from this picture.

FYI, the fed does publish reports... http://www.federalreserve.gov/releases/h6/20121108/

Look over here ----->

Thousand = 1,000
Million = 1,000,000
Billion = 1,000,000,000
Trillion = 1,000,000,000,000
USA M1 (9/12) = 2,352,600,000,000
USA M2 (9/12) = 10,126,800,000,000
Quadrillion = 1,000,000,000,000,000
Satoshis = 2,100,000,000,000,000

There are NOT 5 Quadrillion Dollars, try again.

[chriswilmer]

We can calculate the minimum unit from following algorithm:

Code:

# [Total value] = all Dollars in circulation + Euros in circulation + Yens in circulation + CNY in circulation + all the other currencies
# Convert [Total value] to amount of smallest units/fractions of the earth's cheapest currency (*excluding* internet currencies and currencies of countries with hyperinflation)
# Add one or 2 zeros.

There you have it. The humanity will probably never require more units of Bitcoin than that, even if Bitcoin becomes #1 World currency and everybody on the world starts using Bitcoin instead of other currencies.

Currently, total amount of the smallest units of Bitcoin is 2,100,000,000,000,000 which is just over 2 thousands of trillions (USA scale). Is it enough according to the equation above ? I highly doubt so.

Let me google that for you.... ah, here's a nice chart:
  http://dollardaze.org/blog/?post_id

There is about 5 trillion dollars in currency in the world.

So 2.1 thousand trillion satoshis is PLENTY.

My 2 cents on this subject is that one of the advantages of Bitcoin today is the seemingly infinitely divisible nature of it. Once we get to the point where a satoshi worth a few pennies, Bitcoin will just start to feel kind of granular. Also, I don't understand how we would be able to buy something worth 10 cents without the transaction fee taking up a significant fraction of the purchase.

In any case, my larger confusion about these discussions is whether we think we are ever going to do a hard fork for any reason ever again. If the answer is yes (maybe in 5-10 years), then we can always address this problem later when and if it is relevant. If the answer is no, err... then I don't know.

[ercolinux]

We can calculate the minimum unit from following algorithm:

Code:

# [Total value] = all Dollars in circulation + Euros in circulation + Yens in circulation + CNY in circulation + all the other currencies
# Convert [Total value] to amount of smallest units/fractions of the earth's cheapest currency (*excluding* internet currencies and currencies of countries with hyperinflation)
# Add one or 2 zeros.

There you have it. The humanity will probably never require more units of Bitcoin than that, even if Bitcoin becomes #1 World currency and everybody on the world starts using Bitcoin instead of other currencies.

Currently, total amount of the smallest units of Bitcoin is 2,100,000,000,000,000 which is just over 2 thousands of trillions (USA scale). Is it enough according to the equation above ? I highly doubt so.

Let me google that for you.... ah, here's a nice chart:
  http://dollardaze.org/blog/?post_id

There is about 5 trillion dollars in currency in the world.

So 2.1 thousand trillion satoshis is PLENTY.

My 2 cents on this subject is that one of the advantages of Bitcoin today is the seemingly infinitely divisible nature of it. Once we get to the point where a satoshi worth a few pennies, Bitcoin will just start to feel kind of granular. Also, I don't understand how we would be able to buy something worth 10 cents without the transaction fee taking up a significant fraction of the purchase.

In any case, my larger confusion about these discussions is whether we think we are ever going to do a hard fork for any reason ever again. If the answer is yes (maybe in 5-10 years), then we can always address this problem later when and if it is relevant. If the answer is no, err... then I don't know.

And must not be forgotten that if a sathosi will be valued more than 1/2cent  and a change to the protocol where too expensive to implement at some point of the story can be created a new coin (let's call them smallcoin) tied to bitcoin but worthing 1 sathoshi with 8 decimals (just to say a number) to be used for everyday expenses: so we can move bitcoins for big players (in that scenario a bitcon could worth from a little more than 50 milions of $ to as high of 5 quadrilions of $ and still rappresent less than 0,5cents). It's anyway a really unlikely scenario

[DeanC]

Also because a Bitcoin address is a combination of ECDSA with RIPEMD then provided that you don't re-use addresses (so yes vanitygen addresses are not the best and I am well aware of my own sig) then even if ECDSA (in terms of the particular version being used by Bitcoin) is broken by some future QC machine (which I seriously doubt will exist for a very long time from all that I've read so far about this technology) you will not lose your bitcoins (as *both* ECDSA and RIPEMD would have to be broken for this to occur).

Isn't RIPEMD broken yet?
"In August 2004, a collision was reported for the original RIPEMD."
http://en.wikipedia.org/wiki/RIPEMD

[DannyHamilton]

Isn't RIPEMD broken yet?
"In August 2004, a collision was reported for the original RIPEMD."
http://en.wikipedia.org/wiki/RIPEMD

From your same source:

The 128-bit version was intended only as a drop-in replacement for the original RIPEMD, which was also 128-bit, and which had been found to have questionable security

So, it sounds like the original RIPEMD may have had a weakness, but a replacement was created that hasn't yet been demonstrated to to have a similar weakness.

[ShadowOfHarbringer]

Let me google that for you.... ah, here's a nice chart:
  http://dollardaze.org/blog/?post_id

There is about 5 trillion dollars in currency in the world.

Are you sure this calculations are correct ?
Also, does "other currencies" contain gold & silver bullions + diamonds ?

Even if these calculations are correct then we have roughly 5,000,000,000,000,000 (5 quadrillions in US scale or 5 trillions in normal scale) units of dollars in circulation. If you add 2 more zeros for penny, then we have

=5,000,000,000,000,000,00 units of dollars vs
21,000,000,000,000,000 units of bitcoin

So no, as you can see - it isn't enough. At least 2 zeros (or better 3) are missing from this picture.

FYI, the fed does publish reports... http://www.federalreserve.gov/releases/h6/20121108/

Look over here ----->

Thousand = 1,000
Million = 1,000,000
Billion = 1,000,000,000
Trillion = 1,000,000,000,000
USA M1 (9/12) = 2,352,600,000,000
USA M2 (9/12) = 10,126,800,000,000
Quadrillion = 1,000,000,000,000,000
Satoshis = 2,100,000,000,000,000

There are NOT 5 Quadrillion Dollars, try again.

According your source (http://www.federalreserve.gov/releases/h6/20121108/) :

10122.6 billions (i assume that it's US short-scale billions) = 10126.8 x 1,000,000,000 = 10 126 800 000 000
=====================      10,126,800,000,000 + 00 (pennys)
Quadrillion (US short scale) = 1,000,000,000,000,000
(Current M2 With pennys) == 1,012,680,000,000,000 total currency units

EDIT:
So you are NOT correct.  It is quadrillions.

And also, we were NOT talking about dollars, but ALL MONEY IN EXISTENCE. So first read with understanding and then discuss.

[scrybe]

According your source (http://www.federalreserve.gov/releases/h6/20121108/) :

10122.6 billions (i assume that it's US short-scale billions) = 10126.8 x 1,000,000,000 = 10 126 800 000 000
=====================      10,126,800,000,000 + 00 (pennys)
Quadrillion (US short scale) = 1,000,000,000,000,000
(Current M2 With pennys) == 1,012,680,000,000,000 total currency units

EDIT:
So you are NOT correct.  It is quadrillions.

And also, we were NOT talking about dollars, but ALL MONEY IN EXISTENCE. So first read with understanding and then discuss.

Wait 6 days and then go all big bold typing ballistic, nice. I know how long bad math can survive on this forum now. Thanks for pointing it out, I guess.

I made a mistake when lining up my zeros, sorry about that. The exercise AND the link were both relevant to the conversion, but nobody was linking to ANY FREAKING DATA, they were pulling numbers out of thin air far as I could tell. I suppose I also should have said FRB M1 instead of USA.

If you have links to any more relevant data or opinions it would be great, I'll fix my post and update my comments to reflect the correct math.

EDIT: Wait a minute!

1 Bn (1,000,000,000) times 10,000 is 10,000,000,000,000, or 10 thousand billion , or 10 million million. You would have to have 10 million billion (10,000,000,000,000,000) before you got to a 10 Quadrillion.

Please double-check this, but I think you got an extra set of zeros in yours.

If you want to go up to a global M1 number it is still in the Trillions scale, I doubt the planet has had a money explosion (in USD value) since 2008 to put it too much higher than the $19.2 Tn number from this article: http://dollardaze.org/blog/?post_id=00565

Global M2 is estimated at $45 Tn in the same link. So unless the global economy grew 100X without us noticing it, the $5 Qn is either BS or a far future money supply. (let's not debate on the time scale, it's more than 10 years and less than 10,000 most likely before we see $5Qn.)