La le soft on sait pas vraiment comment il s'assure que les adresses calculées sont distribuées de manière satisfaisante.
Je m'etait jamais pose la question.
j'ai trouve ca :
Yes it's safe. The generator uses OpenSSL to generate secure random keys. Lines: 1961-1963 in oclengine.c
pbatchinc = EC_POINT_new(pgroup);
poffset = EC_POINT_new(pgroup);
pseek = EC_POINT_new(pgroup);
And 75-90 in vanitygen.c
soucre :
https://www.reddit.com/r/Bitcoin/comments/20d2cx/is_vanity_gen_safe/Sur le BTC wiki il n'y a pas beaucoup d'explication :
Using vanitygen you might think that you would be able to find the private key for a given address. In practice, this is considered impossible. Given that the difficulty increases exponentially the longer your vanity is, so does the average time required to find that vanity. The example table below shows how an increasingly complex vanity affects the difficulty and average time required to find a match only for that vanity, let alone the full address, for a machine capable of looking through 1 million keys per second.
https://en.bitcoin.it/wiki/VanitygenSinon le post de Samr7 (celui qui possède le github repo) donne de bonne explication aussi quant a la sécurité du Vanitygen
How secure are the addresses generated by this program? Will someone be able to guess the private key and steal my BTC?Vanitygen uses the OpenSSL random number generator. This is the same RNG used by bitcoin and a good number of HTTPS servers. It is regarded as well-scrutinized. On Linux, the RNG will be seeded from /dev/urandom. Guessing the private key of an address found by vanitygen will be no easier than guessing a private key created by bitcoin itself. Nonetheless, if you feel the default RNG is unable to provide numbers that are sufficiently difficult to guess, vanitygen can be directed to seed the RNG from an external file using the
-s option.
To speed up address generation, vanitygen uses the RNG to choose a private key, and literally increments the private key in a loop searching for a match. As long as the starting point is not disclosed, if a match is found, the private key will not be any easier to guess than if every private key tested were taken from the RNG. Vanitygen will also reload the private key from the RNG after 10,000,000 unsuccessful searches (100M for oclvanitygen), or when a match is found and multiple patterns are being searched for.
What security measures should I take?- Secure any systems used to generate addresses. Don't run web browsers on them. Keep malware and unauthorized individuals out.
- Ensure that any private keys reported by vanitygen are stored and transmitted securely.
- The command line method of importing private keys into bitcoin requires you to enter your private key on the command line. Bitcoin takes a long time to perform an import, and while it is running, your private key will be visible in the output of "ps," so be careful! Also, the private key may be leaked to your shell history file. Kill your shell and shred your shell history file after importing.