Bytas (OP)
|
|
June 13, 2013, 03:10:55 PM |
|
I have this question that has been bugging me lately.
Is it possible to accidentaly generate the same adress twice on 2 different machines? I mean, if you think of it, couldn't it be possible that i make a new adress on my pc to do a payment, and at the exact same time, someone else makes one too. I know the chances are almost infinitely small, but in theory those 2 adresses could be the same right? Does the client check with the network before making one? What about nodes that are disconnected but have empty adresses on them for later use? How does the blockchain deal with that? Is there a safety protocol in place to prevent this? Would those 2 adresses have the same private key as well? Would the blockchain reject one of those adresses, and if so, which one?
I'm trying to understand as much as possible about bitcoin, so if anyone can enlighten me, that would be great!
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
linuxer
Member
Offline
Activity: 98
Merit: 10
Official Troll of bitcointalk,Certified by John K.
|
|
June 13, 2013, 03:14:21 PM |
|
I have this question that has been bugging me lately.
Is it possible to accidentaly generate the same adress twice on 2 different machines? I mean, if you think of it, couldn't it be possible that i make a new adress on my pc to do a payment, and at the exact same time, someone else makes one too. I know the chances are almost infinitely small, but in theory those 2 adresses could be the same right? Does the client check with the network before making one? What about nodes that are disconnected but have empty adresses on them for later use? How does the blockchain deal with that? Is there a safety protocol in place to prevent this? Would those 2 adresses have the same private key as well? Would the blockchain reject one of those adresses, and if so, which one?
I'm trying to understand as much as possible about bitcoin, so if anyone can enlighten me, that would be great!
bitcoin-qt generates 100 address in advance in wallet.dat
|
|
|
|
Rannasha
|
|
June 13, 2013, 03:23:23 PM |
|
The number of possible addresses is so large that you could have every computer on the planet continuously generating addresses for as long as the universe has existed and you would still not expect to see the same address twice.
Yes, it is possible to generate the same address twice. There is nothing in the Bitcoin protocol that enforces that an address you have in your wallet is not also generated by someone else. But the numbers make it so mindbogglingly unlikely that there´s no point in worrying about it.
|
|
|
|
Bobs Yerunkle
Member
Offline
Activity: 90
Merit: 10
Untitled
|
|
June 13, 2013, 03:25:05 PM |
|
https://bitcointalk.org/index.php?topic=62.0;allIf you were to intentionally try to make a collision, it would currently take 2^126 times longer to generate a colliding bitcoin address than to generate a block. You could have got a lot more money by generating blocks.
|
|
|
|
davidpbrown
|
|
June 13, 2013, 03:25:22 PM |
|
It's possible but you're more likely to win the lottery multiple times. I don't know, if the chain could help enforce the first used instance as perhaps it doesn't see enough of the private key to be sure but then the extra effort is probably not worthwhile.
|
฿://12vxXHdmurFP3tpPk7bt6YrM3XPiftA82s
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
June 13, 2013, 03:29:20 PM |
|
Possible but improbable. That can be kind of disconcerting to people but understand this same "issue" existing in all public key cryptography. For example I could just happen to create a private key that would allow me to impersonate your bank's SSL cert. I could just happen to create a PGP private key which unlocks someone else encrypted messages.
It is possible but so improbable as to be considered essentially zero.
|
|
|
|
pand70
|
|
June 13, 2013, 03:38:35 PM |
|
I had the same question once.
The possibility is so low , practically zero , that makes collision the absolute last thing you should worry about in this world.
|
|
|
|
acoindr
Legendary
Offline
Activity: 1050
Merit: 1002
|
|
June 13, 2013, 03:47:20 PM |
|
possible but unlikely
Is it possible for someone to get hit by lightning 10 times in one minute?
Best answer so far.
|
|
|
|
threeip
|
|
June 13, 2013, 04:14:11 PM |
|
It was reported at one conference that someone took a sha256 hash of a common password and used that as a private key for their Bitcoin wallet. The (unconfirmed) report was that someone used a dictionary attack to steal the funds.
1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T is the address for 'correct horse battery staple', and I'm sure there's more than owner for that private key
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
June 13, 2013, 04:19:16 PM |
|
However, since most addresses private keys are not created randomly it may be possible to exploit some flaw in the algorithm that created the addresses.
I wouldn't say "most". Almost all private keys (addresses are never random) created randomly with the small minority being brainwallets. People using brainwallets should understand the security implications and should always add salt to their passphrase. Remember salt is merely to add entropy it doesn't need to be a secret. You can email the salt to yourself (and others) in plaintext. The point of the salt is to prevent an attacker for just doing an attack against all possible keys using a dictionary. If an attacker learns your salt then he can employ a dictionary or brute force attack against your private key however at that point you are no weaker than if you used no salt. SHA256 is also a horribly "fast" algorithm. This is bad in key derivitive functions. One should consider using a function like PBKDF2 or bcrypt to generate the private key. These functions use thousands of iterations and thus the time to attempt one key is greatly increased. Had the person who was brute forced done this: privatekey = PBKDF2("password",8347389412748942,83473) where the first value is the passphrase, the second is the salt, and the third is the number of rounds it is unlikely he would have lost funds. Neither the number of rounds or salt is a secret. It should be stored in multiple locations to ensure it isn't lot.
|
|
|
|
greyhawk
|
|
June 13, 2013, 04:39:07 PM |
|
privatekey = PBKDF2("password",8347389412748942,83473) where the first value is the passphrase, the second is the salt, and the third is the number of rounds it is unlikely he would have lost funds. Neither the number of rounds or salt is a secret. It should be stored in multiple locations to ensure it isn't lot.
What timeframe are we talking about here for the generation of a key with your example?
|
|
|
|
charleshoskinson
Legendary
Offline
Activity: 1134
Merit: 1008
CEO of IOHK
|
|
June 13, 2013, 05:00:51 PM |
|
I have this question that has been bugging me lately.
Is it possible to accidentally generate the same address twice on 2 different machines? Technically, yes. Like winning powerball three times consecutively is possible. I mean, if you think of it, couldn't it be possible that i make a new address on my pc to do a payment, and at the exact same time, someone else makes one too. I know the chances are almost infinitely small, but in theory those 2 addresses could be the same right? They would have the same private key, yes. Does the client check with the network before making one? Most do not. What about nodes that are disconnected but have empty addresses on them for later use? Addresses are only recognized after they have received a transaction. I can have five million addresses in my wallet. Only if someone sends bitcoins to them does the blockchain have a record of their existence. How does the blockchain deal with that? Is there a safety protocol in place to prevent this? There doesn't need to be one. The chances of an address collision are so low that it will likely never happen in a 1,000 human lifetimes. Would those 2 addresses have the same private key as well? Yes Would the blockchain reject one of those addresses, and if so, which one? The blockchain is agnostic to the private keys behind an address. One can even send bitcoins to an address without a known private key effectively destroying the coins until quantum computers can find the private key again. The situation you described would result in two parties having access to the funds. I'm trying to understand as much as possible about bitcoin, so if anyone can enlighten me, that would be great! I hoped this helped.
|
The revolution begins with the mind and ends with the heart. Knowledge for all, accessible to all and shared by all
|
|
|
BTC4Victory
Newbie
Offline
Activity: 40
Merit: 0
|
|
June 13, 2013, 05:11:02 PM |
|
Possible but improbable. That can be kind of disconcerting to people but understand this same "issue" existing in all public key cryptography. For example I could just happen to create a private key that would allow me to impersonate your bank's SSL cert. I could just happen to create a PGP private key which unlocks someone else encrypted messages.
It is possible but so improbable as to be considered essentially zero.
I completely agree, but (referring specifically to the italicized portion), I'd question whether saying it so narrowly might reinforce some layperson's misperception that, at the end of the day, there's something just a little bit (even if almost-infinitessimally) less "secure," "certain," or "real" about public key cryptography and the infrastructure built upon it, when compared to analogs in the everyday physical "real world". But really, you reach a point where the odds of a thing happening become so vanishingly small that it is useful to compare it with the odds of similarly ultra-extremely-remote things happening (like the comments others have made about getting hit by lightning 10 times in a minute, or winning the lottery 3 times in a row). (E.g., imagine a mathematically-skeptical goldbug who says "well, you can't tell me with *absolute 100% certainty* that there won't be a colision allowing someone else to spend my BTCs? Forget that, I'm sticking with my gold bullion bars!" Even setting aside the issues of assaying your gold to make sure it's real, and securing it and guarding it to protect it from being stolen by thieves or washed away in a tsunami or vaporized in a bomb blast, I could respond, "you can't be *absolutely 100% certain* that all of the atoms of gold in those bars won't spontaneously decay into lighter elements and alpha, beta and gamma rays" -- and for a sufficiently high level of computational complexity, the odds of those things may be roughly equal.) No real deep point here, other than -- as seems to have a habit of happening in the Bitcoin world -- when you start to focus on what seems weird or troubling or risky or disconcerting, tahat can have a way of revealing how there's a lot that's equally weird or troubling or risky or disconcertaing about things existing world that you've alwways just taken for granted, in ways that you'd never really thought about ("oh, you mean it's turtles all the way down...?")...
|
|
|
|
threeip
|
|
June 13, 2013, 05:26:30 PM |
|
privatekey = PBKDF2("password",8347389412748942,83473) where the first value is the passphrase, the second is the salt, and the third is the number of rounds it is unlikely he would have lost funds. Neither the number of rounds or salt is a secret. It should be stored in multiple locations to ensure it isn't lot.
What timeframe are we talking about here for the generation of a key with your example? 'Execution time 1.0590908527374 seconds' I made a quick calculator here; http://rackverse.com/pbkdf2/index.php ; (don't use your real passwords etc)
|
|
|
|
greyhawk
|
|
June 13, 2013, 05:50:47 PM |
|
privatekey = PBKDF2("password",8347389412748942,83473) where the first value is the passphrase, the second is the salt, and the third is the number of rounds it is unlikely he would have lost funds. Neither the number of rounds or salt is a secret. It should be stored in multiple locations to ensure it isn't lot.
What timeframe are we talking about here for the generation of a key with your example? 'Execution time 1.0590908527374 seconds' I made a quick calculator here; http://rackverse.com/pbkdf2/index.php ; (don't use your real passwords etc)Christ. That's a nice deterrent.
|
|
|
|
fluidjax
|
|
June 13, 2013, 07:07:23 PM |
|
Changing the user data into a private key with sha256 can be done very quickly, however obtaining the public key from this private key requires ellipitical key multiplications. This takes significantly longer. From my test using OpenSSL on a single cpu core on a reasonably fast machine, it can manage 1000 per second. So a 3 word pass phrase from a set of 10000 words will take 15 years on average to brute form.
The comparison I heard before was the chance of getting duplicate private keys by chance, is the same as getting struck by lightning every minute for the next 60 years.
|
|
|
|
owsleybeatsbigcartel
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 13, 2013, 10:45:07 PM |
|
The number of possible addresses is so large that you could have every computer on the planet continuously generating addresses for as long as the universe has existed and you would still not expect to see the same address twice.
Yes, it is possible to generate the same address twice. There is nothing in the Bitcoin protocol that enforces that an address you have in your wallet is not also generated by someone else. But the numbers make it so mindbogglingly unlikely that there´s no point in worrying about it.
~~~then the weakest computer forces the trade sweet~! ?lol
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
June 13, 2013, 10:47:03 PM |
|
short answer yes, long answer no
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
lunarboy
|
|
June 14, 2013, 12:38:06 PM |
|
Everyone it seems in agreement. Yes its possible but no, it's so unlikely there is no need to worry about it. OK but wouldn't it be fairly simple to have an automatic check within all the clients and a simple prompt .. 'this key pair already exits please try again' Getting Deja-vu on this topic but its nice to rehash once in a while.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
June 14, 2013, 01:49:29 PM |
|
Clients don't know if an address already exists only if it has already been used. Also coding that would be like coding your website to display .... "sorry we are offline because our lead developer was just hit by 12 metorites while being eaten by a shark" just in case that happens.
|
|
|
|
|