Why are private keys safe?

[franky1]

I do not believe any more in private key safety. As two days ago I realize someone is in posses of my private key...
And what is funny - I believe they stole it from Blockchain.info due to those attacks from 1/28/2014.

And Blockchain.info support is not really helping in my case.
 

a private key is only private until you tell someone it..

blockchain.info is a third party.

as someone else said

if you do not have sole possession of the private key's bitcoin......... you have no bitcoin

have a private key for your wealth that is not on any third party server based wallet. have it as either paper wallet or bitcoin QT.
only trust pocket money / daily amounts to be used on server based wallets.

hotwallet and cold wallet concepts are not just for businesses, bt for individuals

imagine it this way. paper wallet is your bank. server wallet is the banknotes that you only withdraw a daily limit of, then you wont get robbed of your life savings.

bitcoin economy is the inverse of government economy.
government bank notes are safer in third party services, compared to hanging out of your back pocket
bitcoins are safer in your control, compared to hanging around non insured webservers

[cp1]

It sounds more like blockchain.info fucked up your account more than you had some 1 / 10^160 chance collision

[franky1]

i always thought blockchain.info stored wallet data as a hash of your identifier/password.

and that password is not saved on any blockchain.info database

the only way to get into you wallet is using your identifier to locate which hashed wallet belongs to you.. and then using the password to unhash the wallet..

so if a hacker got in.. he "should" only see identifiers and hashed wallets. still requiring him to then use password cracking tools to crack wallets open.

also needing 2 factor authentication.

if i was blockchain info and they didnt have this. then i would hope to change their user database have 2 columns.
1. identifier
2. hashed wallet(of all imported privkeys)
and have 2 factor authentication enabled as default

then the only way a hacker would get to coins is through using key loggers in some of those dodgy altcoins (i know it may be a coincidence due to popularity, but most thefts, people admit to having a DOGEcoin client) roslinpl, did you have DOGEcoin client software?

[Kazimir]

Omg I was trying to tell it so many times @ bitcointalk and nobody listen!

I already found a user @bitcointalk who have this same public address as I have! And I can control this address and he can control it too!
But he didn't respond to me yet!

Can you just post both public keys here, instead of spreading rumours?

But let me guess...

Hint: here is the part where you makeup reasons as to why you can't do that.

[Klestin]

I do not believe any more in private key safety. As two days ago I realize someone is in posses of my private key...
And what is funny - I believe they stole it from Blockchain.info due to those attacks from 1/28/2014.

Since Blockchain.info does not have your private key, that makes it somewhat less likely that your private key was stolen from Blockchain.info. 

And Blockchain.info support is not really helping in my case.

It would be truly amazing if they could.

Key logger? Virus? Trojan? Another user on your PC? Zero day vulnerability? You have eliminated all of these, and must therefore lose confidence in the technology of private key encryption? 

[DannyHamilton]

Since Blockchain.info does not have your private key, that makes it somewhat less likely that your private key was stolen from Blockchain.info. 

Actually, they do, but it is encrypted.  If you happen to choose a very weak password, and someone gains access to the encrypted private key from blockchain.info, they could brute-force the decryption.

[hello_good_sir]

This problem is a generalization of the birthday problem.

What is the chance that you and I were born on the same day of the year??  1 in 365.  Seems small, yet if you have 23 people in a room there is a 50% chance that two of them will share a birthday.

If we extend this to larger numbers, there is a 50% chance of a collision occurring when the sqrt root (roughly) of the space is filled.  Since we care about addresses, rather than private keys, the space is 2^160.  So when 2^80 addresses have been used we can expect a collision, or when roughly 10^24 addresses have been made.

According to this thread: https://bitcointalk.org/index.php?topic=441336.0;all

The current rate of address increases is x10 every three years, and we're at about 10^7

which means that 63 years from now there is a 50% chance that a collision will have happened.  The rate of collision will continue to creep up after that.

Half a dozen collisions in the 21st century does not mean that bitcoin has suddenly become insecure.  It just means that - worst case scenario - half a dozen addresses are compromised.  Right now more than 90% of addresses in the blockchain are empty, and this percentage is almost certain to increase.  So if you create a colliding address you probably won't get any free money.

What about the person who had the address before?  You fund the address and now it shows up in his wallet... or does it?  I imagine that the wallet software of the future won't check the balance of addresses that have been emptied.  The old owner might never know that you are now using an address that he has a key to.

At some point the rate of collisions will climb to unacceptable levels.  That's more than a century away, probably several centuries.  People will have time to come up with solutions.

[cp1]

You mean 3*63 years.  If there were to be 1e24 addresses in use there would be a much bigger problem:  blockchain storage, transaction volume, and the aliens who have come and generated 1e16 address each.

[notbatman]

There's an elephant in the room and it's in a state of superposition.

[olloman]

I'm trying to understand why cryptocurrency private keys are safe. Maybe it's a n00b question, but here I go.

I understand that if you know someone's private key, this is means you can transfer the coins. I tried this with my CGA wallet, I used dumpprivkey to get my private key, deleted my wallet file, restarted the client, and all I needed to to to get my balance back was entering "importprivkey <privatekey>". You don't need anything else than the private key.

What if someone ran a powerful computer which runs a program that does nothing else than:

1) generate random key
2) importprivkey <randomlygeneratedkey>
3) return to 1

Wouldn't that mean that this program could randomly pick up users balances, like some lottery?

I don't know if I'm off topic, but I read somewhere (can't remember the article) that approximately the number of possible private keys is similar to the numer of atoms in the universe, and running a computer capable of cracking a private key would require the energy produced by a star...obviously there is always luck, but seems unlikely

[Marduk]

I don't know if I'm off topic, but I read somewhere (can't remember the article) that approximately the number of possible private keys is similar to the numer of atoms in the universe, and running a computer capable of cracking a private key would require the energy produced by a star...obviously there is always luck, but seems unlikely

I believe you're referring to the image posted at the beginning of this thread.

[olloman]

I don't know if I'm off topic, but I read somewhere (can't remember the article) that approximately the number of possible private keys is similar to the numer of atoms in the universe, and running a computer capable of cracking a private key would require the energy produced by a star...obviously there is always luck, but seems unlikely

I believe you're referring to the image posted at the beginning of this thread.

Yeah it might be it, was on mobile so couldn't visualize images when I wrote before, sorry for repeating

[OnkelPaul]

I don't know if I'm off topic, but I read somewhere (can't remember the article) that approximately the number of possible private keys is similar to the numer of atoms in the universe, and running a computer capable of cracking a private key would require the energy produced by a star...obviously there is always luck, but seems unlikely

As another poster has already noted, searching for the private key to a given address is different from encountering a collision between two random addresses which is much more likely due to the birthday paradox. However, the probability that such a collision happens, is being noticed, and leads to undesired transfer of bitcoins is extremely small.

Onkel Paul

[olloman]

I don't know if I'm off topic, but I read somewhere (can't remember the article) that approximately the number of possible private keys is similar to the numer of atoms in the universe, and running a computer capable of cracking a private key would require the energy produced by a star...obviously there is always luck, but seems unlikely

As another poster has already noted, searching for the private key to a given address is different from encountering a collision between two random addresses which is much more likely due to the birthday paradox. However, the probability that such a collision happens, is being noticed, and leads to undesired transfer of bitcoins is extremely small.

Onkel Paul

I see, but I was directly answering op's question, which was about private keys 

[OnkelPaul]

Address 17G7VMdNvAMc6fyvB1C2PxtVVvWgsJ9Mp7 was in the signature lines of user "jongameson" at one time, too.

Suspicious - looks like the address was somehow not generated in a truly random way.

Onkel Paul

[vnvizow]

Nay, if such computer or device exists for that reason (which do, check for websites that gives you addresses that have words of your choice to be in front of the address) they'll just be generating new wallets

[cr1776]

Address 17G7VMdNvAMc6fyvB1C2PxtVVvWgsJ9Mp7 was in the signature lines of user "jongameson" at one time, too.

Suspicious - looks like the address was somehow not generated in a truly random way.

Onkel Paul

Yes, if something like the Android RNG bug was used (e.g. if blockchain.info generated this and they have/had a RNG bug) then something similar could occur.  I am not sure if that portion of blockchain.info is on github yet.  Of course it could be something else, but if the private key wasn't compromised somehow, it could be a RNG bug.

[Kevin Lou]

Yes. But...
The probability that you hit an existing private key is so small that the time and energy invested into finding one key would cost more than the total market cap of bitcoin (in fact, as Gabi has pointed out, more than the available energy output of our sun over its entire lifetime).
This is pretty similar to a lottery where you buy all the tickets - of course you will win the lottery, but it's not really cost-effective, and in the case of bitcoin, you can't buy enough tickets to even get a chance of winning a little bit...

Onkel Paul

Actually, there's a small exception to this rule: If you look at deterministic keys generated from a passphrase instead of random keys, and the passphrase can be guessed, it's much easier of course.
Example: There's a private key generated from "correct horse battery staple" (corresponding public key is 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T) which is a passphrase that wasn't too hard to guess (actually, if xkcd had kept its mouth shut, it would be pretty hard to guess...). Everybody can spend contents of this address, which is why its balance is almost always zero...

Totally agree. Private key is important.

[hello_good_sir]

You mean 3*63 years.  If there were to be 1e24 addresses in use there would be a much bigger problem:  blockchain storage, transaction volume, and the aliens who have come and generated 1e16 address each.

Ahh yes, so that's about 189 years before we can expect a collision.  Of course I'm making a big assumption about the rate of address creation, so that number will probably be very different.  Good points about the other hurdles to such a huge number of addresses.

[DannyHamilton]

You mean 3*63 years.  If there were to be 1e24 addresses in use there would be a much bigger problem:  blockchain storage, transaction volume, and the aliens who have come and generated 1e16 address each.

Ahh yes, so that's about 189 years before we can expect a collision.  Of course I'm making a big assumption about the rate of address creation, so that number will probably be very different.  Good points about the other hurdles to such a huge number of addresses.

Current world population is approximately 7.152 X 10⁹

Average global population growth rate is 1.14%

If I've got the math correct, that means that in 189 years, there will be approximately 6.1 X 10¹⁰ people on earth.

If address use were to continue increasing X10 every 3 years, that means that 9.99 X 10²³ addresses would have to be generated in the final 3 years of this calculation.  That's 1.63 X 10¹³ addresses per person for every man, woman, and child on the face of the earth.

172,132 addresses per second per human being every second continuously for three years straight.

That's assuming I've got my math correct and assuming that your calculation that 10^24 addresses results in a 50% chance of address collision.


Of course, since there are only 2.1 X 10¹⁵ discrete units of currency, the odds of either of those 2 addresses actually having anything in them at all are also exceedingly small.