Are vanity addresses less secure than "normal", randomly generated addresses?

[Chironexxx]

Hi!

Over the weekend, I have played around with the generation of vanity addresses like:

1ChiroJ92Yw9w7PbUfpQP48WudsVSGSoTg

or

1NoFiATRDk51BUWDmkLSUNChuw2qc7GCco

or

16666XmGSgnfkiCT5vnCy8Ynei6HkPy1iD


And now I'm wondering if this way of generating addresses is less safe (i.e. more predictable) than truly randomly generated addresses? My intuition says no, mainly, because of the unidirectional way, how hash functions work, but I could be totally off...

If I understand it correctly, the generator does nothing else, than generate thousands of addresses per second and look for the desired motive because there is no other way of doing it...

One disclaimer: I obviously understand that you should never, ever use online generated addresses from third party services...I am talking about addresses found with my own computer, offline...

Cheers, Chiro

[andrew1carlssin]

What kind of hardware you generating your private key ?

[Chironexxx]

Sorry, I should have mentiond this! I just ran vanitygen on my computer...here is the tuturial (Option #3): https://99bitcoins.com/how-to-get-a-custom-bitcoin-address/

[Eternu]

As far as I know, neither of those are responsible for your wallet security. There are several option from which you can chose to secure your wallet, and most common is Private key.
So even if you randomly generate your address, what you get is symbols that represent where your coins would go.
Even if someone know your address, that doesn't necessary mean your in danger. Only if you are not careful enough with your important wallet information (like Private key), in that case you will be in danger.

[BTCforJoe]

Seeing that you've generated your own address on your own computer, your private key was likely never stored anywhere. I don't believe that it's less safe to use a vanity address. Besides, brute force attacks would target your private key, not your hashed public key (your address), so I really don't think it matters what your bitcoin address is when it comes to safety.

For anyone else reading this and wanting to generate their own keys, http://bitcoinvanitygen.com has been generating custom vanity BTC addresses for years, and as much as I wish I could clearly state that there is no risk involved with using that site, no one knows for sure if your address and private key are stored on their servers or not. I have a few vanity addresses that I've generated using their site, but I only use them as hot wallets that are imported into my Blockchain wallet, which I then use to send to my cold-storage wallet or a mixer. I don't store any bitcoin in any of my vanity address wallets.

[justine11]

Hi!

Over the weekend, I have played around with the generation of vanity addresses like:

1ChiroJ92Yw9w7PbUfpQP48WudsVSGSoTg

or

1NoFiATRDk51BUWDmkLSUNChuw2qc7GCco

or

16666XmGSgnfkiCT5vnCy8Ynei6HkPy1iD


And now I'm wondering if this way of generating addresses is less safe (i.e. more predictable) than truly randomly generated addresses? My intuition says no, mainly, because of the unidirectional way, how hash functions work, but I could be totally off...

If I understand it correctly, the generator does nothing else, than generate thousands of addresses per second and look for the desired motive because there is no other way of doing it...

One disclaimer: I obviously understand that you should never, ever use online generated addresses from third party services...I am talking about addresses found with my own computer, offline...

Cheers, Chiro

You are still safe there are 2¹⁶⁰ addresses still out there so, if you are worried about someone can still get your private key through a vanitygen or other bitcoin address generating tools don't worry collisions are very rare to happen you can win a lottery jackpot many times before you can get a collision and fortunately there no cases of address collision happened.

I'll just paste here the link of the odds getting an address collision:
https://bitcointalk.org/index.php?topic=104461.msg1143787#msg1143787

[Zeeks]

As long as you generate the addresses yourself your fine, don't use those scam websites.

[andrew1carlssin]

Seeing that you've generated your own address on your own computer, your private key was likely never stored anywhere. I don't believe that it's less safe to use a vanity address. Besides, brute force attacks would target your private key, not your hashed public key (your address), so I really don't think it matters what your bitcoin address is when it comes to safety.

For anyone else reading this and wanting to generate their own keys, http://bitcoinvanitygen.com has been generating custom vanity BTC addresses for years, and as much as I wish I could clearly state that there is no risk involved with using that site, no one knows for sure if your address and private key are stored on their servers or not. I have a few vanity addresses that I've generated using their site, but I only use them as hot wallets that are imported into my Blockchain wallet, which I then use to send to my cold-storage wallet or a mixer. I don't store any bitcoin in any of my vanity address wallets.

indeed
automatic cryptography seeds works fine for the majority of uses (and it is indeed the safety path)

for dysfunctional paranoiac bipolar schizophrenic people nah

[bitart]

Sorry, I should have mentiond this! I just ran vanitygen on my computer...here is the tuturial (Option #3): https://99bitcoins.com/how-to-get-a-custom-bitcoin-address/

Is it possible to generate a SegWit enabled vanity address? (starting with '3').
All the addresses I can see starts with '1' which means legacy addresses and now everything is about moving to a SegWit address.
I found some hints on reddit but I'm not 100% sure if they are OK, so please let me know if you know a reliable SegWit address generator which is offline and which is not a scam.

[LTU_btc]

Not sure how vanity address can be less secure. Private key is responsible for security, symbols of your wallet address doesn't matters

For anyone else reading this and wanting to generate their own keys, http://bitcoinvanitygen.com has been generating custom vanity BTC addresses for years, and as much as I wish I could clearly state that there is no risk involved with using that site, no one knows for sure if your address and private key are stored on their servers or not. I have a few vanity addresses that I've generated using their site, but I only use them as hot wallets that are imported into my Blockchain wallet, which I then use to send to my cold-storage wallet or a mixer. I don't store any bitcoin in any of my vanity address wallets.

Are you sure about it? There are full of negative reviews about this website. People who generated addresses on Bitcoinvanitygen.com lost their BTC. I think it's terrible idea to use online generator tool to create vanity address. You should do that on your own software. There is a thread with more details about it:
https://bitcointalk.org/index.php?topic=25804.0

[BTCforJoe]

Not sure how vanity address can be less secure. Private key is responsible for security, symbols of your wallet address doesn't matters

For anyone else reading this and wanting to generate their own keys, http://bitcoinvanitygen.com has been generating custom vanity BTC addresses for years, and as much as I wish I could clearly state that there is no risk involved with using that site, no one knows for sure if your address and private key are stored on their servers or not. I have a few vanity addresses that I've generated using their site, but I only use them as hot wallets that are imported into my Blockchain wallet, which I then use to send to my cold-storage wallet or a mixer. I don't store any bitcoin in any of my vanity address wallets.

Are you sure about it? There are full of negative reviews about this website. People who generated addresses on Bitcoinvanitygen.com lost their BTC. I think it's terrible idea to use online generator tool to create vanity address. You should do that on your own software. There is a thread with more details about it:
https://bitcointalk.org/index.php?topic=25804.0

So we're not in disagreement then. If you re-read what I wrote, I'm saying that I cannot clearly state that there is no risk with the website version. And then I go on to say that I personally do not store any bitcoin in any of my vanity address wallets that were generated on the site.

[Pan Troglodytes]

Sorry, I should have mentiond this! I just ran vanitygen on my computer...here is the tuturial (Option #3): https://99bitcoins.com/how-to-get-a-custom-bitcoin-address/

Is it possible to generate a SegWit enabled vanity address? (starting with '3').
All the addresses I can see starts with '1' which means legacy addresses and now everything is about moving to a SegWit address.
I found some hints on reddit but I'm not 100% sure if they are OK, so please let me know if you know a reliable SegWit address generator which is offline and which is not a scam.

Of course it is possible. I am not sure if the publicly available tools exist to do this, but calculting the public address from the private key is a straightforward procedure. You can code it easily yourself, if you have basic codeing skills or a tutorial available. That approach has the advantage that you know what your code does and you are 100% sure your private keys are not disclosed to anybody.

Basicaly what needs to be done is the following: you need to be generating random private keys, from them you need to be calculating the public addresses and if the prefix of the address matches your string - voila!

The longer the required prefix, the longer it takes to find a match.

[shulio]

Vanity addresses and randomly generated addresses are the same. They have the same security level. You can use it without concern.

[bitart]

Sorry, I should have mentiond this! I just ran vanitygen on my computer...here is the tuturial (Option #3): https://99bitcoins.com/how-to-get-a-custom-bitcoin-address/

Is it possible to generate a SegWit enabled vanity address? (starting with '3').
All the addresses I can see starts with '1' which means legacy addresses and now everything is about moving to a SegWit address.
I found some hints on reddit but I'm not 100% sure if they are OK, so please let me know if you know a reliable SegWit address generator which is offline and which is not a scam.

Of course it is possible. I am not sure if the publicly available tools exist to do this, but calculting the public address from the private key is a straightforward procedure. You can code it easily yourself, if you have basic codeing skills or a tutorial available. That approach has the advantage that you know what your code does and you are 100% sure your private keys are not disclosed to anybody.

Basicaly what needs to be done is the following: you need to be generating random private keys, from them you need to be calculating the public addresses and if the prefix of the address matches your string - voila!

The longer the required prefix, the longer it takes to find a match.

Thanks, that's clear now. So after the private key and the public address was found, I have to double check if the private key really works or not.
If I don't want to send any coins to the new address before I check if the key and the address works, is it possible to check the private key with signing a message? I assume I have to check it with an airgapped PC. So I mean that I prepare a message on an Internet enabled PC, and transfer it with a USB drive to the airgapped PC, sign it, and try to check the signature on the internet enabled PC?
Or, it's easier to send 0.000001 bitcoin to the address, and try to spend it with nearly 0 fees? (e.g. 1 sat/B)

[LoyceV]

16666XmGSgnfkiCT5vnCy8Ynei6HkPy1iD

Try mine: 166666666LyMNrkpwwNCdUPzvDTh2tNDLu

And now I'm wondering if this way of generating addresses is less safe (i.e. more predictable) than truly randomly generated addresses?

Vanity addresses are also truly randomly generated. You just generated a few billion/trillion of them, and only pick the one you like.

For anyone else reading this and wanting to generate their own keys, http://bitcoinSCAMSITEvanitygen.com has been generating custom vanity BTC addresses for years, and as much as I wish I could clearly state that there is no risk involved with using that site, no one knows for sure if your address and private key are stored on their servers or not. I have a few vanity addresses that I've generated using their site, but I only use them as hot wallets that are imported into my Blockchain wallet, which I then use to send to my cold-storage wallet or a mixer. I don't store any bitcoin in any of my vanity address wallets.

Please remove the link to this scamsite, every link to the site increases the chance of people losing their money. Have a look at Velkro's trust ratings:

There are many scam accusations on this forum against that site. Please don't promote it.

You should never trust a private key created by someone else!

If you're interested in secure vanity addresses, I do offer a secure Pretty Addy Giveaway - part 2 service to get you a vanity address. It uses split key, so I'll never see your private key.

[Pan Troglodytes]

Is it possible to generate a SegWit enabled vanity address? (starting with '3').
All the addresses I can see starts with '1' which means legacy addresses and now everything is about moving to a SegWit address.
I found some hints on reddit but I'm not 100% sure if they are OK, so please let me know if you know a reliable SegWit address generator which is offline and which is not a scam.

Of course it is possible. I am not sure if the publicly available tools exist to do this, but calculting the public address from the private key is a straightforward procedure. You can code it easily yourself, if you have basic codeing skills or a tutorial available. That approach has the advantage that you know what your code does and you are 100% sure your private keys are not disclosed to anybody.

Basicaly what needs to be done is the following: you need to be generating random private keys, from them you need to be calculating the public addresses and if the prefix of the address matches your string - voila!

The longer the required prefix, the longer it takes to find a match.

Thanks, that's clear now. So after the private key and the public address was found, I have to double check if the private key really works or not.
If I don't want to send any coins to the new address before I check if the key and the address works, is it possible to check the private key with signing a message? I assume I have to check it with an airgapped PC. So I mean that I prepare a message on an Internet enabled PC, and transfer it with a USB drive to the airgapped PC, sign it, and try to check the signature on the internet enabled PC?
Or, it's easier to send 0.000001 bitcoin to the address, and try to spend it with nearly 0 fees? (e.g. 1 sat/B)

I was rather thinking of using a code like in https://stackoverflow.com/questions/48349090/generating-a-segwit-address-and-private-key-with-bitcoinj-paper-wallet
Additionally, you need to put the code inside a loop. You would be generating randomly private keys in a loop until the corresponding public key matches your desired prefix.

The code in the link provided works for legacy addresses. It is surprisingly difficult to find the corresponding information on SegWit addresses. I will try to find a link for you and update that post.

As you can see, the DIY approach has the code which is very simple and straightforward, it is by no means rocket science, and the advantage over using some publicly available third-party software or online service is that you are 100% sure you are on a safe side.

To reverify that the private key is really good for your public address before you send your founds there, you can use https://www.bitaddress.org/ service, but make sure you bring your computer offline to do that (again, to be on a safe side)