Bitcoin Forum
November 12, 2024, 02:44:49 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Private Key cracker apparently demonstrated  (Read 9599 times)
Chimsley (OP)
Newbie
*
Offline Offline

Activity: 75
Merit: 0



View Profile
January 28, 2014, 08:34:17 PM
 #1

Please see this https://bitcointalk.org/index.php?topic=421842.0

Towards the end of page 4 of this topic is apparently proof this guy derived the private key matching the public key submitted in a previous post.  Can any developers comment on this.  Not sure if this is an elaborate troll or the guy is on to something.
Chimsley (OP)
Newbie
*
Offline Offline

Activity: 75
Merit: 0



View Profile
January 28, 2014, 08:36:50 PM
 #2

oh lol. he is selling his secret and not stealing coins?  Roll Eyes

So it seems.  I am more interested in the technical aspects of what he is claiming rather than his motives.
piotr_n
Legendary
*
Offline Offline

Activity: 2055
Merit: 1359


aka tonikt


View Profile WWW
January 28, 2014, 10:02:58 PM
 #3

I love this guy - he's smart, prompt and funny.

Bitcoin definitely needs more people like this, who would be exposing any possible threats in the digital signatures which we use to protect our money.
Especially that the core devs apparently don't give much shit about such a minor details.

From all the works I have seen, Evil-Knievel has done the best job - not only theoretical, but also (most important) practical.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
GoldenWings91
Full Member
***
Offline Offline

Activity: 141
Merit: 100


View Profile
January 28, 2014, 10:10:45 PM
 #4

PUBLIC key cracker

Don't reuse addresses.

Support The Bitcoin Network By Running A Full Node
Node Stats     GPG Key-ID: 0x445DF2D8     Monetary Freedom Is A Basic Human Right
Chimsley (OP)
Newbie
*
Offline Offline

Activity: 75
Merit: 0



View Profile
January 28, 2014, 10:58:29 PM
 #5

On re-use of addresses.

I can think of a few scenarios where one must re-use addresses.  Lets say for example Wikipedia decides to accept donations in Bitcoin.  They put up a donation address.  Should they generate a new donation address every time someone visits the donation link?  They probably should from a security point of view.  Seems inconvenient for donators that have saved the address in their address book.  

Our own Bitcoin Foundation re-uses its donation address as well.  https://blockchain.info/address/1BTCorgHwCg6u2YSAWKgS17qUad6kHmtQW There it is on blockchain.info 556 transactions at the time of this posting. Looks like address re-use to me. I wonder how many people who are either members or donators to the foundation tell people in the forums not to re-use addressess.

All of you who have an address in your signature for tips and such are also guilty of address re-use.  Basically any address that is publicly advertised for business/charity or what have you will be re-used.  This goes for all those that generated vanity addresses specifically to have a visually unique address for personal or business use.

If the solution is don't re-use addresses then this makes things inconvenient.  Does anyone really think that the masses are going to stick with one address per use?

Can someone tell me where I am going wrong here?  I can't see stopping address re-use as a solution to this potential threat.

***Edited for punctuation***
Sonny
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
January 28, 2014, 11:13:05 PM
 #6


To motivate people participating in this, I am paying BTC for participating in this study. However, the BTC have to come from somewhere and it is hard to get some scientific funding.


This sounds a bit strange to me...
So, you are "co-operating" with others to crack the keys and share the proceeds?
eightcylinders
Sr. Member
****
Offline Offline

Activity: 434
Merit: 254


View Profile
January 28, 2014, 11:23:08 PM
 #7

I have not looked to far into the Satoschi wallet code, but am I correct that each public BTC address in Satoshi's wallet has a unique private key?  Or is there one private key and many public keys? 

This is relevant because if I (or anyone) wants to participate, you would want to use a wallet (private/public key combo) that does not risk exposing the private key(s) where you actually have substantial BTC holdings.  Create a whole new separate wallet versus creating a new public BTC address ... that is the question?


My BTC Addres: 1PMEJCY6ofqmnAdYbdQqToZ7MNSAz35w7v
=>Buy the world's first hardware wallet.   Safer than paper and easier to use than smartphones.  If you use Bitcoin you need this: Buy Trezor!!
cp1
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Stop using branwallets


View Profile
January 28, 2014, 11:30:14 PM
 #8

On re-use of addresses.

I can think of a few scenarios where one must re-use addresses.  Lets say for example Wikipedia decides to accept donations in Bitcoin.  They put up a donation address.  Should they generate a new donation address every time someone visits the donation link?  They probably should from a security point of view.  Seems inconvenient for donators that have saved the address in their address book.  

Cash out every week? month? to coinbase and change the donation address at that time.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
Chimsley (OP)
Newbie
*
Offline Offline

Activity: 75
Merit: 0



View Profile
January 28, 2014, 11:39:13 PM
 #9

On re-use of addresses.

I can think of a few scenarios where one must re-use addresses.  Lets say for example Wikipedia decides to accept donations in Bitcoin.  They put up a donation address.  Should they generate a new donation address every time someone visits the donation link?  They probably should from a security point of view.  Seems inconvenient for donators that have saved the address in their address book.  

Cash out every week? month? to coinbase and change the donation address at that time.

That is certainly an option though its inconvenient.  And the entity in this example would still need to hold onto that address and probably sweep it periodically because someone somewhere is going to send to the old address that they saved in the address book as "Wikipedia donation address".

I suppose one would have to sweep at a very high frequency because anyone else that uses the tool in question to get the private key would also be sweeping that address.  Whoever gets there first gets the prize.
kwest
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
January 28, 2014, 11:41:53 PM
 #10

This seriously needs to get fixed. Although Mike Hearn did say that they are scrapping the address system altogether eventually, right? Will that solve this problem?
Sonny
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
January 28, 2014, 11:43:18 PM
 #11

Although Mike Hearn did say that they are scrapping the address system altogether eventually, right?

Could you share a link to it? Thanks.
kwest
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
January 28, 2014, 11:48:59 PM
 #12

Although Mike Hearn did say that they are scrapping the address system altogether eventually, right?

Could you share a link to it? Thanks.

Here:

https://bitcointalk.org/index.php?topic=428777.0

Quote
Time to scrap addresses. They are too limited and problematic.
The Payment Protocol to replace addresses. Supports refunds, memos, receipts, proof-of-purchase, and digital signature.
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4270
Merit: 8805



View Profile WWW
January 29, 2014, 12:07:03 AM
 #13

Analysis of Bitcoin Address Distribution Around Certain Rendezvous Points on the Elliptic Curve
http://bitprobing.com/
This is indistinguishable from a ECC cracking tool.

After reading the source code, it appears to me that you're using this crap as a cover to try to trick people into performing computation for you in an attempt to crack a couple thousand selected keys.

Unfortunately its impossible to determine which keys you're attempting to crack because its possible to cryptographically blind the cracking process (e.g. the matches are against key + s*G for some s known only to you).

It's pointless and a waste of time, but I guess you figure so long as other people are doing the computation for you that its worth doing.

It's doubly hilarious that you claim to have (and offer to sell) a GPU tool that can compute keys a "terra-tries per second", and yet you'd ask people to waste their time crunching with this rubbish python EC implementation.
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4270
Merit: 8805



View Profile WWW
January 29, 2014, 12:37:11 AM
 #14

So you claim you can crack some random keys provided by people on the forum? Oh really.

Well here, I'll make it very profitable for you then:

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


I, Greg Maxwell, do hereby promise to pay 50 BTC to the first person that
provides the discrete log of _any_ of the following randomly generated
200,000 secp256k1 public keys. This offer is open until 2014-04-01.

None of the below public keys have been used on the Bitcoin blockchain as
of the time of the creation of this offer.

04abb9239d3a5131de45b977807c62bf879119b05c3da33e37d8e7be0901985ce73b6ca6dff5b97 34d1225ce0120bbe023066669c29e23d3ea82de9a57dd259b63

Full message at https://people.xiph.org/~greg/keysfun.asc

Surely if you can crack a single key provided by a person in the thread cracking any one of 200k keys should be a cinch.
mufa23
Legendary
*
Offline Offline

Activity: 1022
Merit: 1001


I'd fight Gandhi.


View Profile
January 29, 2014, 12:43:35 AM
 #15

So you claim you can crack some random keys provided by people on the forum? Oh really.

Well here, I'll make it very profitable for you then:

Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


I, Greg Maxwell, do hereby promise to pay 50 BTC to the first person that
provides the discrete log of _any_ of the following randomly generated
200,000 secp256k1 public keys. This offer is open until 2014-04-01.

None of the below public keys have been used on the Bitcoin blockchain as
of the time of the creation of this offer.

04abb9239d3a5131de45b977807c62bf879119b05c3da33e37d8e7be0901985ce73b6ca6dff5b97 34d1225ce0120bbe023066669c29e23d3ea82de9a57dd259b63

Full message at https://people.xiph.org/~greg/keysfun.asc

Surely if you can crack a single key provided by a person in the thread cracking any one of 200k keys should be a cinch.

Quoted.

Positive rep with: pekv2, AzN1337c0d3r, Vince Torres, underworld07, Chimsley, omegaaf, Bogart, Gleason, SuperTramp, John K. and guitarplinker
Sonny
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
January 29, 2014, 01:06:12 AM
 #16

Although Mike Hearn did say that they are scrapping the address system altogether eventually, right?

Could you share a link to it? Thanks.

Here:

https://bitcointalk.org/index.php?topic=428777.0

Quote
Time to scrap addresses. They are too limited and problematic.
The Payment Protocol to replace addresses. Supports refunds, memos, receipts, proof-of-purchase, and digital signature.

Thanks a lot.
I totally miss it. Cheesy
prezbo
Sr. Member
****
Offline Offline

Activity: 430
Merit: 250


View Profile
January 29, 2014, 01:07:16 AM
 #17

So you claim you can crack some random keys provided by people on the forum? Oh really.

Fwiw I haven't seen him claim that anywhere in his thread, and honestly think he's well enough versed in math to know he will not be able to crack an address with any amount of bitcoins in it in the foreseeable feature. I don't really know what he's trying to achieve, though.
gmaxwell
Moderator
Legendary
*
expert
Offline Offline

Activity: 4270
Merit: 8805



View Profile WWW
January 29, 2014, 01:13:02 AM
 #18

Fwiw I haven't seen him claim that anywhere in his thread, and honestly think he's well enough versed in math to know he will not be able to crack an address with any amount of bitcoins in it in the foreseeable feature. I don't really know what he's trying to achieve, though.
The thread has several instances of newbie accounts providing single pubkeys which evil claims to crack e.g: https://bitcointalk.org/index.php?topic=421842.msg4800547#msg4800547

prezbo
Sr. Member
****
Offline Offline

Activity: 430
Merit: 250


View Profile
January 29, 2014, 01:19:28 AM
 #19

Fwiw I haven't seen him claim that anywhere in his thread, and honestly think he's well enough versed in math to know he will not be able to crack an address with any amount of bitcoins in it in the foreseeable feature. I don't really know what he's trying to achieve, though.
The thread has several instances of newbie accounts providing single pubkeys which evil claims to crack e.g: https://bitcointalk.org/index.php?topic=421842.msg4800547#msg4800547
Ah, I see, my apologies.

edit: he's saying the addresses need to be "generated completely as to the manual" though... I'm pretty sure that means being close to the step in his baby-step-giant-step algorithm he's using.
stompix
Legendary
*
Offline Offline

Activity: 3066
Merit: 6631


Leading Crypto Sports Betting & Casino Platform


View Profile
January 29, 2014, 01:22:02 AM
 #20

Fwiw I haven't seen him claim that anywhere in his thread, and honestly think he's well enough versed in math to know he will not be able to crack an address with any amount of bitcoins in it in the foreseeable feature. I don't really know what he's trying to achieve, though.
The thread has several instances of newbie accounts providing single pubkeys which evil claims to crack e.g: https://bitcointalk.org/index.php?topic=421842.msg4800547#msg4800547
Ah, I see, my apologies.

edit: he's saying the addresses need to be "generated completely as to the manual" though...

So , I generate an address , send him the private key and then he can crack it? =))))))))))))0


..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!