Bitcoin Forum
December 16, 2017, 01:37:36 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: How much time to crack a private key?  (Read 5165 times)
maxcarjuzaa
Full Member
***
Offline Offline

Activity: 183


View Profile
January 29, 2013, 04:43:29 PM
 #1

Actually my question is how much time at 1 TH/s is needed to crack any of the top 10000 holding btc addresses?

what if someone start a pool to crack any of those keys?

someone can "protect" spliting holdings in a few accounts, but if only a key is cracked that  would hurt BTC very bad.

So, how much time is needed to crack any key? not a specific one, supouse The script keeps a bunch of keys in memory and with each iteration tries to brake any of them.

Thank you!

1513431456
Hero Member
*
Offline Offline

Posts: 1513431456

View Profile Personal Message (Offline)

Ignore
1513431456
Reply with quote  #2

1513431456
Report to moderator
1513431456
Hero Member
*
Offline Offline

Posts: 1513431456

View Profile Personal Message (Offline)

Ignore
1513431456
Reply with quote  #2

1513431456
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513431456
Hero Member
*
Offline Offline

Posts: 1513431456

View Profile Personal Message (Offline)

Ignore
1513431456
Reply with quote  #2

1513431456
Report to moderator
1513431456
Hero Member
*
Offline Offline

Posts: 1513431456

View Profile Personal Message (Offline)

Ignore
1513431456
Reply with quote  #2

1513431456
Report to moderator
1513431456
Hero Member
*
Offline Offline

Posts: 1513431456

View Profile Personal Message (Offline)

Ignore
1513431456
Reply with quote  #2

1513431456
Report to moderator
Carlos L.
Legendary
*
Offline Offline

Activity: 952


View Profile
January 29, 2013, 04:44:09 PM
 #2

This question has been answered 999999999999999999999 times.
Gabi
Legendary
*
Offline Offline

Activity: 1092


If you want to walk on water, get out of the boat


View Profile
January 29, 2013, 04:54:43 PM
 #3

More than the universe life.
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
January 29, 2013, 05:00:57 PM
 #4

Quote
If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn’t have the energy left over to perform any useful calculations with this computer. But that’s just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. If all of this energy could be channelled into a single orgy of computation, a 219-bit counter could be cycled through all of its states. These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

Bruce Schneier

conspirosphere.tk
Legendary
*
Offline Offline

Activity: 2226


Revolution will be decentralized


View Profile
January 29, 2013, 05:17:09 PM
 #5

This question has been answered 999999999999999999999 times.


I missed them. However a brute force attack would be much easied by the fact that the private key is a known number of characters. Moreover it would even not have to be really a brute force attack based on power of calculus, but just a check of the greatest number of possible private keys in the shortest time possible.
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
January 29, 2013, 05:20:50 PM
 #6

. . . However a brute force attack would be much easied by the fact that the private key is a known number of characters . . .

Only two characters. It is entirely made up of ones (1) and zeros (0), but there are 256 of them.

. . . just a check of the greatest number of possible private keys in the shortest time possible.

That is what the definition of "brute force attack" is, isn't it?

dancupid
Hero Member
*****
Offline Offline

Activity: 956



View Profile
January 29, 2013, 05:21:59 PM
 #7

Quote
If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn’t have the energy left over to perform any useful calculations with this computer. But that’s just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. If all of this energy could be channelled into a single orgy of computation, a 219-bit counter could be cycled through all of its states. These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

Bruce Schneier

ie about 60 years from now.

Edit: if you believe Ray Kurzweil
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
January 29, 2013, 05:25:22 PM
 #8

Ray Kurzwiel has made futurist predictions but never saw the one about

Quote
[when] computers are built from something other than matter and occupy something other than space
memvola
Hero Member
*****
Offline Offline

Activity: 938


View Profile
January 29, 2013, 05:35:01 PM
 #9

However a brute force attack would be much easied by the fact that the private key is a known number of characters. Moreover it would even not have to be really a brute force attack based on power of calculus, but just a check of the greatest number of possible private keys in the shortest time possible.

I don't understand your comment. If you assume that private keys are NOT totally random (i.e. uniformly distributed), then it's not a brute force attack. I don't know how you can assume that though.

ie about 60 years from now.

Edit: if you believe Ray Kurzweil

I didn't know he was into metaphysics.

P.S. I don't think anyone with a bit of sanity ever made such a prediction.
epetroel
Sr. Member
****
Offline Offline

Activity: 428


View Profile
January 29, 2013, 05:52:21 PM
 #10

Quote
If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2192. Of course, it wouldn’t have the energy left over to perform any useful calculations with this computer. But that’s just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. If all of this energy could be channelled into a single orgy of computation, a 219-bit counter could be cycled through all of its states. These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

Bruce Schneier

He's talking about 256 bit AES keys here, not Public/Private key pairs.  Asymmetric keys are weaker than AES keys in general (which is why they need to be much larger).  I'm not familiar enough with ECDSA though to make a judgement about key strength for bitcoin key pairs in particular.
conspirosphere.tk
Legendary
*
Offline Offline

Activity: 2226


Revolution will be decentralized


View Profile
January 29, 2013, 05:58:19 PM
 #11

I mean that the attack would be easied by the fact that a private key is made of a known, exact number of characters (34 I think), not one more, not one less. That limits much (compared to infinite) the number of possible combinations to test.

However a brute force attack would be much easied by the fact that the private key is a known number of characters.

I don't understand your comment. If you assume that private keys are NOT totally random (i.e. uniformly distributed), then it's not a brute force attack. I don't know how you can assume that though.
maxcarjuzaa
Full Member
***
Offline Offline

Activity: 183


View Profile
January 29, 2013, 06:06:14 PM
 #12

So? I am sure someone come up with an answer.

If i have to crack the private key of a specific address it will take more time than I can care about. But I am asking how long to crack any of the thousands of address with possitive balance.

That should be much more easy.

If there are 2 people in a room the prob. of the 2 people with the same birthday is like 1/365 but if i have 23 in a room the prob of 2 of them having the same birthday is 50,7%

Si the time consumed to someone finding someone's private key should be way to shorter than the age of universe

The question is how much shorter?
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
January 29, 2013, 06:09:33 PM
 #13

It "limits" it to an insanely large number.  A number so large that our star doesn't have sufficient energy reamining to COUNT to 2^256 much less brute forces keys.  Note: this assumes you could build a perfect computer (in the thermodynamic sense), capture the entire energy output of our star (and exterminate all life on our planet in the process), convert that energy with no loss, and build a large enough computer to use that energy, and keep the computer at roughly the background temperature of the universe (perfectly radiating waste heat).  If you did all that you could count to ~2^192 which is about 1/Quintillion of 1% of the way to 2^256.

So the answer is ... no.

However there are some non-brute force attack which (someday) may lead to an exploit.

1) If there is a bias or flaw in RNG that can be exploited it in theory could allow an attacker to narrow the search space.  By knowing the creator didn't use a range of numbers you can exclude them from the search and potentially brute force a much smaller keyspace.  Then again narrowing the search space from 2^256 to 2^190 doesn't really do you any good, even narrowing it down to 2^128 wouldn't be viable.  Still it is a theoretical exploit.  With true hardware and even quantum RNG becoming cheaper and accessible this may not even be possible in the future.

2) If a flaw is discovered in SHA-256 or RIPEMD-160 it "could" allow a faster than brute force attack attempting to force a collision.  The bad news is such flaws tend to take decades to develop from academic curiosity to real world attack vector.

3) Quantum computing potentially could make faster than brute force attacks on ECDSA a reality ... someday.  It would take an huge number of quibits (magnitudes beyond anything we can do today) to make it possible.  This also requires you to know the public key which remains a secret until coins are spent.  Of course funds could be moved to quantum resistant algorithms rendering this attack void.
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
January 29, 2013, 07:34:44 PM
 #14

He's talking about 256 bit AES keys here, not Public/Private key pairs.
Pay closer attention. He's talking about counting from 0 to 2256.  Just counting.  No encryption, no algorithm, no hashing, just counting.

If it is impossible to count to 2256, then clearly it is much more difficult than impossible to actually "crack" a private key via a brute force attempt regardless of whether you are attmpting to "crack" AES, Asymetric, or a simple hash.

Also note that as long as the address hasn't been used to send any bitcoins yet, the public key is unknown, so it isn't enough to brute force ECDSA to find out if the private key is associated with some bitcoins. For each iteration of the brute force attempt you would need to calculate the public key via ECDSA, and then calculate a SHA256 hash, and then calculate a RIPEMD hash, and then compare the result to a list of addresses that have bitcoins in them.

Human minds have a very difficult time comprehending VERY LARGE numbers.  The fact that you are comparing to 1,000, or 10,000 or even 10,000,000 addresses isn't going to make the brute force attempt possible.

DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
January 29, 2013, 07:39:28 PM
 #15

. . . That limits much (compared to infinite) the number of possible combinations to test.
Yep, it limits it to just a bit less than 2256 possible combinations.  Not infinite, but a large enough number that it doesn't matter that it isn't infinite.

Walter Rothbard
Sr. Member
****
Offline Offline

Activity: 476


Bytecoin: 8VofSsbQvTd8YwAcxiCcxrqZ9MnGPjaAQm


View Profile WWW
January 29, 2013, 07:43:41 PM
 #16

So? I am sure someone come up with an answer.

If i have to crack the private key of a specific address it will take more time than I can care about. But I am asking how long to crack any of the thousands of address with possitive balance.

That should be much more easy.

No, it will take more time.

If it takes 1 second to make one attempt to crack one address, then making one attempt to crack 10,000 addresses will presumably take 10,000 seconds.  I can't see why making one attempt to crack two addresses would be quicker than making two attempts to crack one address.  Because you have to make more checks for more addresses, unless there's something I'm misunderstanding.

DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
January 29, 2013, 07:51:32 PM
 #17

So? I am sure someone come up with an answer.

If i have to crack the private key of a specific address it will take more time than I can care about. But I am asking how long to crack any of the thousands of address with possitive balance.

That should be much more easy.

No, it will take more time.

If it takes 1 second to make one attempt to crack one address, then making one attempt to crack 10,000 addresses will presumably take 10,000 seconds.  I can't see why making one attempt to crack two addresses would be quicker than making two attempts to crack one address.  Because you have to make more checks for more addresses, unless there's something I'm misunderstanding.
It depends a bit on the situation.

Imagine for a moment that it takes 10 ms to calculate the address from a given private key.
Imagine also that it takes 0.1 ms to look up that address in a database to see if it is a match.

Calculating 10 iteration of private keys and looking up 1 address each time is (10 x 10ms) + (10 x 0.1 ms) = 100 ms of calculation time + 1 ms of lookup time = 1001 ms
Calculating 1 iteration of private key and looking up 10 addresses is (1 x 10 ms) + (10 x 0.1 ms) = 10 ms of calculation time + 1 ms of lookup time = 11 ms

maxcarjuzaa
Full Member
***
Offline Offline

Activity: 183


View Profile
January 29, 2013, 09:36:00 PM
 #18

I am not sure why some of you say 2^192 and some say 2^256

assuming 2^192

p=1-(2^192/(2^192-1))^n

where

p = probability to find a key in 1 iteration
n = selected key space (the addresses with balance > 0

so
q=1-(1-(2^192/(2^192-1))^n)

q= probability of not finding a key in 1 iteration

j= number of iterations

P=1-(1-(2^192/(2^192-1))^n)^j
P= prob of find a key in j iterations

can someone find the j value to satisfy =
q=0.5
q=0.1
q=0.01
q=0.001
q=0.0001?
AndrewJ
Newbie
*
Offline Offline

Activity: 14



View Profile
January 29, 2013, 09:54:05 PM
 #19

Waste of time trying this..
DannyHamilton
Legendary
*
Online Online

Activity: 2002



View Profile
January 29, 2013, 09:58:34 PM
 #20

I am not sure why some of you say 2^192 and some say 2^256
2192 is the approximate thermodynamic limit of how high a perfect computer could count if it could capture and use up all the energy that the sun will ever produce (leaving nothing for life here on earth).  It is used as an example to demonstrate just how large of a number we are talking about here.  The actual number of possible private keys is a bit less than 2256, demonstrating further how difficult a brute force attack is since 2256 is so much larger than 2192 which uses all the energy the sun will ever produce.

In actuality, there probably isn't a need to iterate through that many private keys.  The bitcoin address space is only 2160 from the RIPEMD-160 hash that is used.  If we can assume that RIPEMD-160 results in an even distribution of addresses, then the number of iterations needed to encounter a collision will be much less than if the address space was 256 bits.  However, we are still talking about a number that is large enough to consider it futile to attempt.

Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!