Is bitcoin System Vulnerable ?

[Roboabhishek]

You didn't got me did you ?
I meant if someone gets the database by brute force like " http://directory.io "

Then he can Search the database like he's searching Note pad and can easily find a particular Private key of an address.

For Example a website is giving facility to find your address on " http://directory.io " With your Private key.

It's " https://bitcoin-checker.appspot.com/ "

What will happen if Instead of Private key it search the website ( http://directory.io ) with Bitcoin Address and trace Private key ?

[RkVza]

Its vulnerable if it hits by trojan or keylogger

[Coding Enthusiast]

You didn't got me did you ?
I meant if someone gets the database by brute force like " ♯♯♯ "
Then he can Search the database like he's searching Note pad and can easily find a particular Private key of an address.

What will happen if Instead of Private key it search the website ( ♯♯♯ ) with Bitcoin Address and trace Private key ?

Your problem is that you think directory[dot]io is a database. well it is not a database.

It is a very simple code that generates private keys on the go. Which means when you click on a page it generates private keys based on the number of the page you are in.

And also it is because you are seeing the private keys in WIF format (https://en.bitcoin.it/wiki/Wallet_import_format) which makes you confused. In fact the first page of directory[dot]io looks like this:
0000000000000000000000000000000000000000000000000000000000000001 : 5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf  
0000000000000000000000000000000000000000000000000000000000000002 : 5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAvUcVfH  
and so on. It starts from value 1 and goes up from there.

You can easily make a code yourself and start creating private keys based on 1 to 1,000,000,...........

For Example a website is giving facility to find your address on " ♯♯♯ " With your Private key.
It's " ♯♯bitcoin-checker♯♯appspot♯♯♯com♯♯ "

This site will steal your private keys. It does not search
You would be a fool to go here an insert your private keys to check. Because sites like this don't search with bitcoin address (pubkey) but with private key instead in other words you enter your private key and they empty it for you

[Roboabhishek]

You didn't got me did you ?
I meant if someone gets the database by brute force like " ♯♯♯ "
Then he can Search the database like he's searching Note pad and can easily find a particular Private key of an address.

What will happen if Instead of Private key it search the website ( ♯♯♯ ) with Bitcoin Address and trace Private key ?

your problem is that you think directory[dot]io is a database. well it is not.

it is a very simple code that generates private keys on the go. which means when you click on a page it generates private keys based on the number of the page you are in.

and also it is because you are seeing the private keys in WIF format which makes you confused. in fact the first page of directory[dot]io looks like this:
private key for value 1 : 5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf 
private key for value 2 : 5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAvUcVfH 
and so on.

you can easily make a code yourself and start creating private keys based on 1 to 1,000,000,...........

For Example a website is giving facility to find your address on " ♯♯♯ " With your Private key.
It's " ♯♯bitcoin-checker♯♯appspot♯♯♯com♯♯ "

you would be a fool to go here an insert your private keys to check. because sites like this don't search with bitcoin address (pubkey) but with private key instead in other words you enter your private key and they empty it for you

Take a look at the bot of the page you will find " It took a lot of computing power to generate this database. "
Think again dude.

[franky1]

Take a look at the bot of the page you will find " It took a lot of computing power to generate this database. "
Think again dude.

its not a database. the webmaster put that there as a scare tactic/prank to make people things its a searchable database.
its not.

but anyway. feel free to spend the rest of your life, your great great great great great great great great great great great grand childrens lives
trying to search it.

[Coding Enthusiast]

♯♯
Take a look at the bot of the page you will find " It took a lot of computing power to generate this database. "
Think again dude.

I tried to explain it the best I can so if you want to ignore facts and believe it is a "database" when it clearly IS NOT that would be your choice.

[jacktheking]

I may like technology but I am not as tech-savvy as those guys (and girls) who develop Bitcoin. However, if there is really a vulnerability in the Bitcoin system, I do not think these tech-savvy people will still continue to develop Bitcoin.

[Noctis Connor]

This question is arising in my mind after i did some research.
What will happen if someone brute Force Private keys in Base58 Format ?

And he succeeds then I think he will get admin access to all the wallets and can ruin the Bitcoin.
I know it's very hard to go through the database but It's not impossible either.

Tell me what you guys think about this.

i think no bitcoin is like money right its money from the internet that we are using too but if we are going to convert it into fiat then it more be realistic because of some activities that we are going to do and i think in this bitcoin wallet are vulnerable into ddos attack and thats all.

[franky1]

It's " https://bitcoin-checker.appspot.com/ "

that website is a scam.
it asks for people to put their private keys in.. (literally stealing any funds stored as soon as you hit submit)
it does not check any database (because there is no database)

it does not even ask for a public key.
it is just a private key funds stealer.. dont try it.

note
it has now become obvious why the OP started this topic. he wanted to play dumb thinking noobs will then be scared enough to reveal their private keys by typing them into his "checker".(stealer)

bait. directory.io.... switch privkey stealer..
nice try but epic fail

never hand a private key over to anyone.

[talkbitcoin]

directory.io is like a bad joke from at least 4-5 years ago and every couple of months i see a new user around here saying the same thing (this time it is Full Member).

* if you have some small amount of bitcoin knowledge you can see how wrong you are

* if you don't have that, but if you are not too lazy to search you can find out how wrong your are again (this question has been asked a thousand times and explained 10 thousand times)

* if you don't want to use any of the above, then if you have a brain do some calculations: this site was created a long time ago, if it really contained all the private keys don't you think people have emptied each other wallets a million times by now?!!!!

[prabowo96]

Maybe in the future, supercomputers can crack something, if one isn't enough, you can put 10-100 working togheter... But why? Just to prove it? Because if they stolen all bitcoin, it will still have value? I don't think so.

[levent]

Bitcoin greatest vulnerability

https://bitcointalk.org/index.php?topic=1516755.msg15262075;topicseen#msg15262075

[Xenophoto]

You didn't got me did you ?
I meant if someone gets the database by brute force like " http://directory.io "

Then he can Search the database like he's searching Note pad and can easily find a particular Private key of an address.

For Example a website is giving facility to find your address on " http://directory.io " With your Private key.

It's " https://bitcoin-checker.appspot.com/ "

What will happen if Instead of Private key it search the website ( http://directory.io ) with Bitcoin Address and trace Private key ?

"easily"? I don't think you really want to use that word when searching for a particular address in the entire Bitcoin addresses possible. If that can "easily" be done, then people would just be stealing Bitcoins away from each other. Explore the directory.io a little and you'll see the amount of Bitcoin addresses that is in there.

Do you honestly think if you press CTRL + F in your notepad, you can easily see a particular address? That's a lot of waiting to do, your computer might even overheat just because of that. Even just importing all the info in directory.io into a .txt file would take some time even if you're using a certain script to do the work.

[Solidsnake2016]

Quantum Computers will cause the demise of Bitcoin. That's my fear.  

[Roboabhishek]

You didn't got me did you ?
I meant if someone gets the database by brute force like " http://directory.io "

Then he can Search the database like he's searching Note pad and can easily find a particular Private key of an address.

For Example a website is giving facility to find your address on " http://directory.io " With your Private key.

It's " https://bitcoin-checker.appspot.com/ "

What will happen if Instead of Private key it search the website ( http://directory.io ) with Bitcoin Address and trace Private key ?

"easily"? I don't think you really want to use that word when searching for a particular address in the entire Bitcoin addresses possible. If that can "easily" be done, then people would just be stealing Bitcoins away from each other. Explore the directory.io a little and you'll see the amount of Bitcoin addresses that is in there.

Do you honestly think if you press CTRL + F in your notepad, you can easily see a particular address? That's a lot of waiting to do, your computer might even overheat just because of that. Even just importing all the info in directory.io into a .txt file would take some time even if you're using a certain script to do the work.

I know it's not easy even if you use script because there are more than billions of pages with more than 50 Address per page.
I also know this if it's that easy then everyone will steal btc from one another.

[cyrixcer]

ok lets worse case scenario this.

lets imagine all possible private keys at binary level
from
00000000-00000000-00000000-00000000-00000000-00000000-00000000-00000000-00000000-00000000-00000000-00000000-00000000-00000000-
00000000-00000000-00000000-00000000-00000000-00000000
to
11111111-11111111-11111111-11111111-11111111-11111111-11111111-11111111-11111111-11111111-11111111-11111111-11111111-11111111-
11111111-11111111-11111111-11111111-11111111-11111111

you may think that 20 bytes looks small but its not the case of changing a bit 160 times. its instead progressively more changes as you go through it.

EG lets start with 3 bits its not
000   001   011   111   done
its
000   001   010   011   100   101   110   111   done

adding another bit is not just one extra change, but double
0000   0001   0010   0011   0100   0101   0110   0111  1000   1001   1010   1011   1100   1101   1110   1111   done
another bit, again double

even with the 160bit limitations it is 1461501637330900000000000000000000000000000000000 combinations
imagine you processed 1000 combinations a second
thats only 31536000000 combinations a year.
meaning you will process all combinations in
46343912903694300000000000000000000000 years

lets say you could do 1trillian combinations a second
thats only 31536000000000000000 combinations a year.
meaning you will process all combinations in
46343912903694300000000000000 years


remember a person only lives ~99 years and has become a grandparent (3rd generation) in that time
so to get to 999 years your descendants need to hand your project down the lineage of offspring 20 times
the next digit (9,999 years) is passing it down your lineage 4000 times
the next digit (99,999 years) is passing it down your lineage 80000 times
in short even if a caveman done 1trillian combinations a second, their modern day ancestor would not have got that far.

Comprehensive knowledge about bitcoin indeed, bitcoin system is theoretically proven secure and safe, reliable system, so at least in our age, we won't see it collapse.

[odolvlobo]

You didn't got me did you ?
I meant if someone gets the database by brute force like " http://directory.io "

Then he can Search the database like he's searching Note pad and can easily find a particular Private key of an address.

For Example a website is giving facility to find your address on " http://directory.io " With your Private key.

It's " https://bitcoin-checker.appspot.com/ "

What will happen if Instead of Private key it search the website ( http://directory.io ) with Bitcoin Address and trace Private key ?

Consider the size of a database necessary to do what you suggest, i.e search for private key based on bitcoin address.

A minimum-sized database would simply be a list of private keys -- one for each bitcoin address. This database would require 32 bytes per bitcoin address, and there are 2¹⁶⁰ addresses, so the database would have to be at least 2¹⁶⁵ bytes in size.

How big is 2¹⁶⁵ bytes?

According to this article in 2011:

For anyone that's ever wondered about the world's data storage capacity, scientists have come up with a nice little number: 295 exabytes.

295 exabytes is about 2⁶⁸ bytes, so a database with 2¹⁶⁵ bytes would be 2⁹⁷ (about 160,000,000,000,000,000,000,000,000,000) times the current storage capacity of the entire world.


How long would it take to generate this database?

First, you need to generate addresses for at least 2¹⁶⁰ private keys to generate the entire database. Let's use that number to simplify things.

A top-of-the-line PC can generate nearly 64 million (2²⁶) addresses per second (https://en.bitcoin.it/wiki/Vanitygen#Expected_keysearch_rate). At that rate it would take about 2¹³⁴ seconds, or 6.9x10³⁰ (6,900,000,000,000,000,000,000,000,000,000) centuries to generate the database. There are about 2 billion PCs in the world (https://www.reference.com/technology/many-computers-world-e2e980daa5e128d0). If every PC in the world was a top-of-the-line PC and was working on this database, then you could cut it down to only 3,500,000,000,000,000,000,000 centuries.

Go for it!

[bitbunnny]

At the moment there is no 100% "malware proof" system so I guess Bitcoin system is vulnerable too. The question is how.much is realy vulnerable and how likely is for something like this to happen. Having in mind the Bitcoin system structure there is no much chance for such security breach, at least not at the moment.

[Patatas]

This question is arising in my mind after i did some research.
What will happen if someone brute Force Private keys in Base58 Format ?

Brute Forcing Base58 ? What is the probability of that happening as a successful attack ? There goes a failed one,followed by many https://github.com/Marclass/BritExploit/blob/master/src/bruteForcer/BruteForce.java

This dude has put it in brief,most simple and to the point information I found so far

http://blog.richardkiss.com/?p=371

And he succeeds then I think he will get admin access to all the wallets and can ruin the Bitcoin.
I know it's very hard to go through the database but It's not impossible either.

That is absurd.There is literally no specific database as such.Bitcoin wouldn't be as successful if they put it all in a static database. 

[calkob]

everything is possible to do, there just isnt a person alive with the time left to do it, and there never will be.