This message was too old and has been purged

[Yogafan00000]

To be absolutely safe, you are absolutely correct. You should not reuse addresses, because as you do your public key gets broadcasted.
However, if you only store a few thousand bucks in your wallet, you are not likely to because a target of the "bruteforcers" as they will probably aim for higher accounts.

However, yes: Not reusing the address will make you safe.

I believe the first time a brute-forcer breaks a large bitcoin wallet he will inadvertently or by intent, also break Bitcoin and by extension crypto-currencies.  Confidence in this budding technology is already precarious.  Any notion that one's coins are insecure will not be met well by the masses.

These findings of weakness in the blockchain should be brought to the developers attention and we should be calling for some solution to this issue as soon as possible.

[itod]

Disclaimer:
This project is for research purpose only, or to recover lost private keys. It may not be used for any illegal activities and I cannot be held responsible for anything you do with it.

You say it's for research only, but at the end of your video you say the bitcoins in the address are "stolen".  You little comic shows your true intention of just stealing people's coins.  If you were going to do this, why would you announce it?  Wouldn't you just quietly steal all the bitcoins you could find?  It makes no sense. 

And then to top it off, if it really is for research, why wouldn't you just donate the knowledge to the development team to help fix the security hole that you're claiming exists?  You have the possibility of earning more money in donations from the community by providing a fix for what you're trying to prove is a security flaw.  Hell, I'd donate bitcoin to you if you were doing this for the good of the community.  But 2BTC for a copy... it makes no sense.  If it did what you say it does, and it could have very well be proven in the profanity-laced and almost tourettes-like video, why wouldn't you be charging more for it.  2BTC is chump change if this is legit.

Something doesn't add up.  Just my $0.02.

-Fuse

He is writing the paper, so the research will be published eventually. There is no security hole, and nothing can be fixed by the development team at this moment until more research is done to investigate these phenomenons. The good of the community and the good of the collective knowledge are not the same things, and at this moment Evil-Knievel is doing this for the knowledge that can be gained, if the community will benefit or not is another matter.

[noob2001]

.

[Evil-Knievel]

This message was too old and has been purged

[noob2001]

.

[Evil-Knievel]

This message was too old and has been purged

[noob2001]

.

[FiatKiller]

All horseshit aside, to clarify all of this:

It seems that any reused Bitcoin address is potentially vulnerable to attack because right now there is no way to know if it's close to a rendezvous point?

But addresses that haven't been reused are safe, but only because the public key for that address has not been broadcast yet?  As soon as the public key is broadcast by spending from an address it becomes vulnerable?

I've been noticing rumblings of this before from a privacy point of view, but it seems now we have even more reason to stop reusing addresses.

Since this is very important, can you define "reused"? Do you mean accept incoming funds, but don't transmit any funds out except to drain the address??  thanks

[Sonny]

All horseshit aside, to clarify all of this:

It seems that any reused Bitcoin address is potentially vulnerable to attack because right now there is no way to know if it's close to a rendezvous point?

But addresses that haven't been reused are safe, but only because the public key for that address has not been broadcast yet?  As soon as the public key is broadcast by spending from an address it becomes vulnerable?

I've been noticing rumblings of this before from a privacy point of view, but it seems now we have even more reason to stop reusing addresses.

Since this is very important, can you define "reused"? Do you mean accept incoming funds, but don't transmit any funds out except to drain the address??  thanks

When bitcoin is sent out of an address, the public key of that address will be known to the world.

[Evil-Knievel]

This message was too old and has been purged

[FiatKiller]

Thanks much! This should be in the Bitcoin 101 course. I will put this into practice immediately. I did recently divide-up my hoard into 3 wallets and the two new wallets have not been used for any outgoings transactions. Whew.

[Chimsley]

Copied from my posting in the development thread.

On re-use of addresses.

I can think of a few scenarios where one must re-use addresses.  Lets say for example Wikipedia decides to accept donations in Bitcoin.  They put up a donation address.  Should they generate a new donation address every time someone visits the donation link?  They probably should from a security point of view.  Seems inconvenient for donators that have saved the address in their address book. 

Our own Bitcoin Foundation re-uses its donation address as well.  https://blockchain.info/address/1BTCorgHwCg6u2YSAWKgS17qUad6kHmtQW There it is on blockchain.info 556 transactions at the time of this posting. Looks like address re-use to me. I wonder how many people who are either members or donators to the foundation tell people in the forums not to re-use addressess.

All of you who have an address in your signature for tips and such are also guilty of address re-use.  Basically any address that is publicly advertised for business/charity or what have you will be re-used.  This goes for all those that generated vanity addresses specifically to have a visually unique address for personal or business use.

If the solution is don't re-use addresses then this makes things inconvenient.  Does anyone really think that the masses are going to stick with one address per use?

Can someone tell me where I am going wrong here?  I can't see stopping address re-use as a solution to this potential threat.

[solomon]

You don't need a new address for every user, just a new address whenever you sweep it. A bigger entity accepting bitcoin could just empty the account periodically and put a new address up. They may only empty the address once every 6 months.

[prezbo]

To be absolutely safe, you are absolutely correct. You should not reuse addresses, because as you do your public key gets broadcasted.
However, if you only store a few thousand bucks in your wallet, you are not likely to because a target of the "bruteforcers" as they will probably aim for higher accounts.

However, yes: Not reusing the address will make you safe.

I believe the first time a brute-forcer breaks a large bitcoin wallet he will inadvertently or by intent, also break Bitcoin and by extension crypto-currencies.  Confidence in this budding technology is already precarious.  Any notion that one's coins are insecure will not be met well by the masses.

These findings of weakness in the blockchain should be brought to the developers attention and we should be calling for some solution to this issue as soon as possible.

They do not pose any realistic threat. When you consider the probabilities, it's all the same, either you need sqrt(n) tries (currently best known algorithm that solves the discrete logarithm problem in general) for 100% chance or sqrt(n)/100 tries for 1% chance of success.

[mufa23]

So this random addy I grabbed off of blockchain.info currently has BTC15.14013694 in it. Since it has sent BTC before, it's public key is now shown, and thus hackable?

Can you prove it by finding the private key yourself, and moving BTC0.00123456 out and back into the address? I want to see a show.

[gmaxwell]

So you claim you can crack some random keys provided by people on the forum? Oh really.

Well here, I'll make it very profitable for you then:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


I, Greg Maxwell, do hereby promise to pay 50 BTC to the first person that
provides the discrete log of _any_ of the following randomly generated
200,000 secp256k1 public keys. This offer is open until 2014-04-01.

None of the below public keys have been used on the Bitcoin blockchain as
of the time of the creation of this offer.

04abb9239d3a5131de45b977807c62bf879119b05c3da33e37d8e7be0901985ce73b6ca6dff5b97 34d1225ce0120bbe023066669c29e23d3ea82de9a57dd259b63

Full message at https://people.xiph.org/~greg/keysfun.asc

Surely if you can crack a single key provided by a person in the thread cracking any one of 200k keys should be a cinch.

[mufa23]

So you claim you can crack some random keys provided by people on the forum? Oh really.

Well here, I'll make it very profitable for you then:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


I, Greg Maxwell, do hereby promise to pay 50 BTC to the first person that
provides the discrete log of _any_ of the following randomly generated
200,000 secp256k1 public keys. This offer is open until 2014-04-01.

None of the below public keys have been used on the Bitcoin blockchain as
of the time of the creation of this offer.

04abb9239d3a5131de45b977807c62bf879119b05c3da33e37d8e7be0901985ce73b6ca6dff5b97 34d1225ce0120bbe023066669c29e23d3ea82de9a57dd259b63

Full message at https://people.xiph.org/~greg/keysfun.asc

Surely if you can crack a single key provided by a person in the thread cracking any one of 200k keys should be a cinch.

Quoted. (is the april fools date intentional?)

Show us what you can do, Knievel.

[gmaxwell]

Quoted. (is the april fools date intentional?)

Nah, coincidental. The only reason I put a limit at all is so I wouldn't feel ethically obligated to hold onto 50 BTC beyond that point in time.

[mufa23]

Quoted. (is the april fools date intentional?)

Nah, coincidental. The only reason I put a limit at all is so I wouldn't feel ethically obligated to hold onto 50 BTC beyond that point in time.

Duly noted.

[binaryFate]

This cracker is BS. Demonstrating one successful "brute-forcing" is straighforward if the address is generated on purpose very close to a rendez-vous point. There is no weakness here whatsoever, the regions around rendez-vous points are just tiny compared to the whole search space.

Consider that it is basically the same thing as iterating over possible private keys starting from 1, then 2, etc... then saying "uh-oh! I found some addresses that are weak and can crack them quickly!". Of course it will be true for all addresses whose private key is between 1 and few millions... But it is still nothing considering the whole search space.

Do not buy that.