Brute force private key tool?

[madmadmax]

What if someone used dictionary words in his private key and then generated the public key using that private key? It could become very probable

Very true!  In fact this very thing has happened many times:

1) Someone creates a "brain wallet" using a simple password.  A brain wallet is defined as Key_private = SHA256(password)
2) They send some BTC to their brain wallet
3) The BTC are instantly taken, never to be recovered!

What is happening is that someone, in fact multiple people, have done the following:

1) Get a huge dictionary of common passwords, millions of them
2) Create brain wallets for every one of these passwords
3) Set up a script that constantly searches new transactions for any transfers to any of these millions of bitcoin addresses
4) If any transfers happen to any of these millions of addresses then instantly "sweep" the funds to one of the thief's other addresses where they collect all the ill gotten booty.

So, the leason here is to only create and use brain wallets if you know exactly what you are doing.
If you do not know and fully understand the concept of password entropy then do not create and use a brain wallet.  Noobs should never use brain wallets.

That is all very interesting and very important to know and I am very glad you brought it up but my statement still stands as that is not a brute force attack on a key pair, it is called a rainbow table attack.

Salting the private key could solve the problem though, the salt could then be exposed to the user as an additional layer of security.

[1715297133]

1715297133

[1715297133]

1715297133

[BurtW]

Sure that would help, but the current generation of brain wallets do not do that.

[madmadmax]

Sure that would help, but the current generation of brain wallets do not do that.

Bitcoin is great but it's ease of use is poor and it's unforgiving nature... Well.. unforgiving.

Recommending Bitcoin to your grandmother would be a truly evil thing, the elderly are already prone to scammers even with the debt system babysitting them.

[fran2k]

What if someone used dictionary words in his private key and then generated the public key using that private key? It could become very probable

Very true!  In fact this very thing has happened many times:

1) Someone creates a "brain wallet" using a simple password.  A brain wallet is defined as Key_private = SHA256(password)
2) They send some BTC to their brain wallet
3) The BTC are instantly taken, never to be recovered!

What is happening is that someone, in fact multiple people, have done the following:

1) Get a huge dictionary of common passwords, millions of them
2) Create brain wallets for every one of these passwords
3) Set up a script that constantly searches new transactions for any transfers to any of these millions of bitcoin addresses
4) If any transfers happen to any of these millions of addresses then instantly "sweep" the funds to one of the thief's other addresses where they collect all the ill gotten booty.

So, the leason here is to only create and use brain wallets if you know exactly what you are doing.
If you do not know and fully understand the concept of password entropy then do not create and use a brain wallet.  Noobs should never use brain wallets.

That is all very interesting and very important to know and I am very glad you brought it up but my statement still stands as that is not a brute force attack on a randomly generated key pair, it is called a rainbow table attack on a brain wallet key pair.

Totally agree, noobs should not use brainwallets. Gavin Andresen is firmly against brainwallets.

Here is an interesting post probing why brainwallets are a bad idea, the guy indeed made the scrypt.

[og kush420]

I was going to write this up but it is easier to find it already written up and have you read it there and them come back here for further discussion:

https://bitcointalk.org/index.php?topic=233503.msg2474798#msg2474798

Like I said this has all been discussed before, including trying to agree on a useful definition of the word "impossible" and "never"

please tell me what you define as 'impossible' as i agree that is likely where our confusion comes from.
we agree that a bruteforcer is not probable and almost certainly our universe would freeze/destroy itself before it could happen. however whether a private key can be cracked... yes it can. it can be typed into a computer by sheer 1/(2/\256) luck. i am not saying it will ever happen, not at all. but 1/2/\256 is a real number, is it not? you are essentially claiming it is not a real number or that when something passes a certain point of low odds, it is impossible. lets say there is a 49.999999999% that event X could occur before our universe destroys itself. do you say it is impossible event x could occur? because that is exactly what you claim with this example exact on a different scale.

impossible

    1.
    not able to occur, exist, or be done.

/\ notice it doesnt say 'extremely unlikely to occur'
do you say it is impossible that i can write a string of characters the length of a private key? do you say it is impossible that these characters could be a private key, even though we know it is possible just highly unlikely? do you say i cannot enter this string into a computer?

[600watt]

- snip -
Advances in mathematics/computing will make these calculations feasible after decades at most.
- snip -

What calculations?  Brute force?  No, you are mistaken.  Brute force of 256 bit will not be feasible.

with quantum computing in the distant future there is no reason to say it could not happen

with quantum computing in the distant future there is no reason to say travels into the past could not happen

time travel is potentially possible according to what we know... i dont get it

time travel to the past is impossible. to the future it is theoretically possible when you move fast enough.

[BurtW]

og kush420:

I have already said exactly what I want to say:

My post addresses the question posted by stating that since it will never be possible to even count from 1 to (about) 2²⁵⁶ by any physical means, let alone count and calculate Key_public = Key_public + G [and hash that result three times] it is obviously currently, and will always be, impossible to find a specific key pair by a brute force algorithm.

If you do not understand what I am saying there or disagree with what I am saying then I no longer care.  Mostly because I am a cranky old fart who believes that if you cannot be bothered to press the damn shift key so that you can properly spell the first person singular pronoun then I (notice the spelling there) cannot be bothered to answer your posts.

As far as randomly selecting a private key that collides with another Bitcoin address goes your odds are better than you think.  There are only 2¹⁶⁰ possible Bitcoin addresses (not 2²⁵⁶) so smoke another bowl of kush 420 and give it a go, you might get lucky.

[Dabs]

impossible

    1.
    not able to occur, exist, or be done.

This is the wrong argument, but I will use it anyway. I agree with Burt that brute forcing a randomly generated private key is impossible. As long as it has not happened yet, I stand by that statement.

Random means true or proper crypto random, not Android-broken-RNG random. (And it wasn't the key, it was the k or p or whatever value of the signature.)

Let me clarify that. Not able to occur, exist, or be done within the next one thousand years. For all practical purposes, truly impossible.

It's a lot easier to use a $5 wrench to extract the password from an unwilling interrogatee. Or to peek from above their should. Or to install malware on his computer. Or ... ... tell grandma that you're a computer repair technician and you got a call from the house to fix their unit.

[coastermonger]

- snip -,
this is quite likely
- snip -.

The "existence" of a possibility and the "likelihood" of a possibility are mutually exclusive properties. 

I'm going to claim that the possibility "exists" that my hands can dance around a keyboard and produce a 51 character, BASE 58, wallet import ready private key that's associated with an existing bitcoin address of my choosing.  5Kb8kLf9zgWQnogidDA76MzPL6TsZZY36hWXMssSzNydYXYB9KF

I'm also going to claim that the likelihood of such a possibility is so infinitesimally small that I will comfortably keep my bitcoin in a cold storage wallet and not lose a single wink of sleep.

[Jumpy]

This is fun to read because you are all arguing about, essentially, different things.

Some of you are arguing about semantics, in which possible fits the parameters of the mission.

Some of you are arguing about math, in which the probability approaches zero, such that the positive value above impossible cannot be expressed reasonably.

And still more of you are arguing about science, which I must say, is at least the most interesting of the arguments.

Keep going; I'll be back with a beer.

[jackjack]

This is fun to read because you are all arguing about, essentially, different things.

Some of you are arguing about semantics, in which possible fits the parameters of the mission.

Some of you are arguing about math, in which the probability approaches zero, such that the positive value above impossible cannot be expressed reasonably.

And still more of you are arguing about science, which I must say, is at least the most interesting of the arguments.

Keep going; I'll be back with a beer.

You ruined the fun

[crazy_rabbit]

Absolutely not impossible; you just need to find an address that was generated using Androids flawed RNG, where the coins in question haven't been transferred to a news wallet. Oh, and you'd need have an understanding of how the flaw affected the generation of keys.

That's not brute forcing.  The question was about brute force.  The answer is: impossible.

It's possible, but it's not possible in a human time frame.

[BurtW]

This is fun to read because you are all arguing about, essentially, different things.

Some of you are arguing about semantics, in which possible fits the parameters of the mission.

Some of you are arguing about math, in which the probability approaches zero, such that the positive value above impossible cannot be expressed reasonably.

And still more of you are arguing about science, which I must say, is at least the most interesting of the arguments.

Keep going; I'll be back with a beer.

While we all sit around here arguing semantics, math, physics, etc.  Those of you that think it is possible can just do it.

You can download the program from here:  

https://bitcointalk.org/index.php?topic=107172.0

The download link is back up!

Please report back here when you find your first few collisions and be sure and let us know how many BTC you are able to steal from the addresses you find!

Can't wait for your reports!

[crescendo]

I hear this tool first time ever, what is the concept of these tool.

[BurtW]

I hear this tool first time ever, what is the concept of these tool.

Read this entire thread:

https://bitcointalk.org/index.php?topic=107172.0

It will answer all your questions.

[J35st3r]

This is fun to read because you are all arguing about, essentially, different things.
Some of you are arguing about semantics, in which possible fits the parameters of the mission.
Some of you are arguing about math, in which the probability approaches zero, such that the positive value above impossible cannot be expressed reasonably.
And still more of you are arguing about science, which I must say, is at least the most interesting of the arguments.
Keep going; I'll be back with a beer.

And this is an ideal point to link to The goddamn airplane on the goddamn treadmill

[klondike_bar]

so  its *virtually* impossible to simply keep creating 30-character codes and checking to see if they are existing wallets with balances? I know the odds are slim, but what prevents making a million potential private keys, and checking them all to see if any "click"?

[Dabs]

so  its *virtually* impossible to simply keep creating 30-character codes and checking to see if they are existing wallets with balances? I know the odds are slim, but what prevents making a million potential private keys, and checking them all to see if any "click"?

On a CPU, you can do 100 kkeys per second. That's many millions in a minute or in an hour.
On a GPU, you can do 30 mkeys per second. That's billions in a few hours.

Nothing prevents the key making and checking if any "click", but like you said, the odds are slim.

Slim = impossible, for all intents and purposes. Don't argue. You will sound like the guy that says "Soooo.. there is a chance?"

[BurtW]

so  its *virtually* impossible to simply keep creating 30-character codes and checking to see if they are existing wallets with balances? I know the odds are slim, but what prevents making a million potential private keys, and checking them all to see if any "click"?

Download this program:

https://bitcointalk.org/index.php?topic=107172.0

and run it.  It does exactly that.  You can do billions or trillions of key pairs.  You will still not guess my key pair.  I am betting on that.

[shuttleclock]

It takes a lot of time that it looks really impossible. If you want to do it just for fun.. I think you won't get the fun that you expect..