cp1
|
|
March 25, 2014, 03:52:36 PM |
|
It sounds more like you stole his private key than the other way around.
|
|
|
|
amspir
Member
Offline
Activity: 112
Merit: 10
|
|
March 25, 2014, 05:48:58 PM |
|
I do not believe any more in private key safety. As two days ago I realize someone is in posses of my private key... And what is funny - I believe they stole it from Blockchain.info due to those attacks from 1/28/2014.
And Blockchain.info support is not really helping in my case.
On which software/operating system did you generate your private key? It is much more likely there was a weakness in how your key was generated, rather than a true random collision.
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
March 25, 2014, 06:03:08 PM Last edit: March 25, 2014, 06:14:24 PM by BurtW |
|
https://blockchain.info/address/17G7VMdNvAMc6fyvB1C2PxtVVvWgsJ9Mp736 transactions Current value 0 BTC First transacation: 2014-01-28 18:41:00 Most recent transaction: 2014-03-21 22:13:48 Was it you or the "other guy(s)" that played Satoshi dice with this address? Which transactions are yours? How many out of the 36 transactions are yours? Do you (or anyone) recognize this address: https://blockchain.info/address/1Gy2DTd7sXQNLSTrsJE8BYTuoLZdgsVV6DA pretty good chunk of related BTC dust was collected to this address.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3486
Merit: 4816
|
|
March 25, 2014, 06:06:03 PM |
|
If he is a blockchain.info wallet service user and they create for him same public address as for me, this is going to be huge!
blockchain.info does not create the public addresses and assign them from their servers. The private key is randomly generated locally in your own wallet. Then your wallet calculates the public address from that private key. Finally your wallet encrypts the private key with your password and sends the encrypted private key to blockchain.info for them to store on their servers. What device were you using when you created that address and how long ago did you create it? There was a known problem in the Android operating system a few months ago. Android was not properly generating random numbers. Perhaps you used an android device long enough ago to generate the address and therefore ended up with a non-random private key? If so, and if other users used a similar device long enough ago, then it is possible that due to a faulty operating system multiple people generated the same address. You didn't import that address from a brainwallet or any other address generating program (such as vanitygen), right?
|
|
|
|
roslinpl
Legendary
Offline
Activity: 2212
Merit: 1199
|
|
March 25, 2014, 06:34:48 PM Last edit: March 25, 2014, 07:01:55 PM by roslinpl |
|
If he is a blockchain.info wallet service user and they create for him same public address as for me, this is going to be huge!
blockchain.info does not create the public addresses and assign them from their servers. The private key is randomly generated locally in your own wallet. Then your wallet calculates the public address from that private key. Finally your wallet encrypts the private key with your password and sends the encrypted private key to blockchain.info for them to store on their servers. What device were you using when you created that address and how long ago did you create it? There was a known problem in the Android operating system a few months ago. Android was not properly generating random numbers. Perhaps you used an android device long enough ago to generate the address and therefore ended up with a non-random private key? If so, and if other users used a similar device long enough ago, then it is possible that due to a faulty operating system multiple people generated the same address. You didn't import that address from a brainwallet or any other address generating program (such as vanitygen), right? OK! I am so sorry Blockchain.info and all users! Look at this! +100 to blokchain.infoI totally forgot about that I DID import private key into my blockchain! I forgot about it because there was 0 btc on it and it was some kind of joke I was thinking! I totally forgot! Because I do not use my blockchain.info wallet to revieve or send money, and I import that key over there because I though as for experiment I can do it there, as I do not keep any money there! look: https://bitcointalk.org/index.php?topic=516987.0I am so sorry .... but at least we prove that Blockchain.info is SECURE!
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3486
Merit: 4816
|
|
March 25, 2014, 06:55:39 PM |
|
I totally forgot about that I DID import private key into my blockchain! I forgot about it because there was 0 btc on it and it was some kind of joke I was thinking! I totally forgot! Because I do not use my blockchain.info wallet to revieve or send money, and I import that key over there because I though as for experiment I can do it there, as I do not keep any money there! look: https://bitcointalk.org/index.php?topic=516987.0So, you imported someone else's private key, and then became concerned that someone else had the same private key as you? Can you please go through all of your recent posts and delete all this alarmist trash before you scare some newbie that thinks this might be a real problem?
|
|
|
|
roslinpl
Legendary
Offline
Activity: 2212
Merit: 1199
|
|
March 25, 2014, 07:03:29 PM |
|
I totally forgot about that I DID import private key into my blockchain! I forgot about it because there was 0 btc on it and it was some kind of joke I was thinking! I totally forgot! Because I do not use my blockchain.info wallet to revieve or send money, and I import that key over there because I though as for experiment I can do it there, as I do not keep any money there! look: https://bitcointalk.org/index.php?topic=516987.0So, you imported someone else's private key, and then became concerned that someone else had the same private key as you? Can you please go through all of your recent posts and delete all this alarmist trash before you scare some newbie that thinks this might be a real problem? Sure I can I just edited my thread about this and in this thread I did deleted those posts. I am so sorry for that rumor Eh... but tell me how stupid is to put your private key in public... and tell me how stupid is to import it and forgot about? So sorry!
|
|
|
|
amspir
Member
Offline
Activity: 112
Merit: 10
|
|
March 25, 2014, 07:27:54 PM |
|
I forgot about it because there was 0 btc on it and it was some kind of joke I was thinking! I totally forgot! Because I do not use my blockchain.info wallet to revieve or send money, and I import that key over there because I though as for experiment I can do it there, as I do not keep any money there!
You do realize that this is a scam attempt. If someone imports a formerly private key into their wallet, and the wallet starts using it for a change address, the scammer simply sweeps the address and steals your money.
|
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
March 25, 2014, 07:30:06 PM |
|
Someone really needs to compile a list of all the ways you can get your coins stolen
|
|
|
|
cp1
|
|
March 25, 2014, 09:44:50 PM |
|
Here's my private key 5KMWWy2d3Mjc8LojNoj8Lcz9B1aWu8bRofUgGwQk959Dw5h2iyw
|
|
|
|
cp1
|
|
March 25, 2014, 10:06:23 PM |
|
I've never seen a private key that started with a 9, what type is that?
|
|
|
|
Kenshin
|
|
March 25, 2014, 10:09:12 PM |
|
I'm no cryptography expert myself, but I believe what you describe is known as 'rainbow 'tables'. In short, there's no use in trying to generate rainbow tables for SHA-256 (the hash algorithm Bitcoin uses) as it would take way too much computing power and storage space.
SHA256 Rainbow table does exist!! But lucky, it is only in 6 - 7 characters. http://www.cryptohaze.com/gpurainbowtables.php#sha256
|
|
|
|
Kenshin
|
|
March 25, 2014, 10:11:16 PM |
|
Someone really needs to compile a list of all the ways you can get your coins stolen
I am sure a lot of Unethical Hackers already have a list. Also Ethical Hacker like myself knows a lot of ways, but I am not going to list them out.
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3486
Merit: 4816
|
|
March 25, 2014, 10:16:26 PM |
|
I'm no cryptography expert myself, but I believe what you describe is known as 'rainbow 'tables'. In short, there's no use in trying to generate rainbow tables for SHA-256 (the hash algorithm Bitcoin uses) as it would take way too much computing power and storage space.
SHA256 Rainbow table does exist!! But lucky, it is only in 6 - 7 characters. http://www.cryptohaze.com/gpurainbowtables.php#sha256Also lucky, it is not enough to just use SHA256 to find address. You would need a rainbow table that is generated with ECDSA, followed by SHA256, and then RIPEMD-160.
|
|
|
|
BurtW
Legendary
Offline
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
|
|
March 25, 2014, 10:17:02 PM |
|
Well I am glad we got that all figured out.
|
Our family was terrorized by Homeland Security. Read all about it here: http://www.jmwagner.com/ and http://www.burtw.com/ Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
|
|
|
cp1
|
|
March 25, 2014, 10:17:37 PM |
|
Just want to say I told you so
|
|
|
|
itod
Legendary
Offline
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
|
|
March 25, 2014, 10:46:04 PM |
|
You do realize that this is a scam attempt. If someone imports a formerly private key into their wallet, and the wallet starts using it for a change address, the scammer simply sweeps the address and steals your money.
I must admit investing 0.22019748 BTC in a long term scam attempt is not a small amount. These scammers are getting serious. How long until scammer can seriously except that amount of change lands on that address? Even if he gets lucky and gets some change, he has to be the fastest to collect it. Wrapping my had around the fact that someone is really attempting this kind of scams.
|
|
|
|
amspir
Member
Offline
Activity: 112
Merit: 10
|
|
March 25, 2014, 10:59:42 PM |
|
You do realize that this is a scam attempt. If someone imports a formerly private key into their wallet, and the wallet starts using it for a change address, the scammer simply sweeps the address and steals your money.
I must admit investing 0.22019748 BTC in a long term scam attempt is not a small amount. These scammers are getting serious. How long until scammer can seriously except that amount of change lands on that address? Even if he gets lucky and gets some change, he has to be the fastest to collect it. Wrapping my had around the fact that someone is really attempting this kind of scams. The scammer would be using software to continually monitor transactions on the address, and sweep it as soon as the transaction appeared (send out the spend transaction). The gullible would import the "private" key into their wallets, thinking they might find some free money on the address eventually, and then forget about it.
|
|
|
|
itod
Legendary
Offline
Activity: 1974
Merit: 1077
^ Will code for Bitcoins
|
|
March 25, 2014, 11:03:32 PM |
|
You do realize that this is a scam attempt. If someone imports a formerly private key into their wallet, and the wallet starts using it for a change address, the scammer simply sweeps the address and steals your money.
I must admit investing 0.22019748 BTC in a long term scam attempt is not a small amount. These scammers are getting serious. How long until scammer can seriously except that amount of change lands on that address? Even if he gets lucky and gets some change, he has to be the fastest to collect it. Wrapping my had around the fact that someone is really attempting this kind of scams. The scammer would be using software to continually monitor transactions on the address, and sweep it as soon as the transaction appeared (send out the spend transaction). The gullible would import the "private" key into their wallets, thinking they might find some free money on the address eventually, and then forget about it. I know, amspir, how that works, but isn't it that by default in Bitcoin-QT wallet new address is used for a change? My question was how realistic is that change ends up on an imported address?
|
|
|
|
DannyHamilton
Legendary
Offline
Activity: 3486
Merit: 4816
|
|
March 25, 2014, 11:05:42 PM |
|
My question was how realistic is that change ends up on an imported address?
That depends on what wallet you import the address into. I'm pretty sure that, blockchain.info, and MultiBit use an existing address in the wallet for change. Furthermore, if the victim forgets that they imported the address, and is receiving bitcoins from someone, there is a chance that they will give out the imported address as a receiving address.
|
|
|
|
|