Bitcoin Forum
November 11, 2024, 08:06:40 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 »  All
  Print  
Author Topic: Why are private keys safe?  (Read 5001 times)
cp1
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Stop using branwallets


View Profile
March 25, 2014, 03:52:36 PM
 #41

It sounds more like you stole his private key than the other way around.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
amspir
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 25, 2014, 05:48:58 PM
 #42

I do not believe any more in private key safety. As two days ago I realize someone is in posses of my private key...
And what is funny - I believe they stole it from Blockchain.info due to those attacks from 1/28/2014.

And Blockchain.info support is not really helping in my case.

On which software/operating system did you generate your private key?

It is much more likely there was a weakness in how your key was generated, rather than a true random collision.
BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
March 25, 2014, 06:03:08 PM
Last edit: March 25, 2014, 06:14:24 PM by BurtW
 #43

https://blockchain.info/address/17G7VMdNvAMc6fyvB1C2PxtVVvWgsJ9Mp7

36 transactions
Current value 0 BTC

First transacation:  2014-01-28 18:41:00
Most recent transaction:  2014-03-21 22:13:48

Was it you or the "other guy(s)" that played Satoshi dice with this address?

Which transactions are yours?  How many out of the 36 transactions are yours?

Do you (or anyone) recognize this address:  https://blockchain.info/address/1Gy2DTd7sXQNLSTrsJE8BYTuoLZdgsVV6D

A pretty good chunk of related BTC dust was collected to this address.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
March 25, 2014, 06:06:03 PM
 #44

If he is a blockchain.info wallet service user and they create for him same public address as for me, this is going to be huge!

blockchain.info does not create the public addresses and assign them from their servers.

The private key is randomly generated locally in your own wallet.  Then your wallet calculates the public address from that private key.  Finally your wallet encrypts the private key with your password and sends the encrypted private key to blockchain.info for them to store on their servers.

What device were you using when you created that address and how long ago did you create it?

There was a known problem in the Android operating system a few months ago.  Android was not properly generating random numbers.  Perhaps you used an android device long enough ago to generate the address and therefore ended up with a non-random private key?  If so, and if other users used a similar device long enough ago, then it is possible that due to a faulty operating system multiple people generated the same address.

You didn't import that address from a brainwallet or any other address generating program (such as vanitygen), right?
roslinpl
Legendary
*
Offline Offline

Activity: 2212
Merit: 1199


View Profile WWW
March 25, 2014, 06:34:48 PM
Last edit: March 25, 2014, 07:01:55 PM by roslinpl
 #45

If he is a blockchain.info wallet service user and they create for him same public address as for me, this is going to be huge!

blockchain.info does not create the public addresses and assign them from their servers.

The private key is randomly generated locally in your own wallet.  Then your wallet calculates the public address from that private key.  Finally your wallet encrypts the private key with your password and sends the encrypted private key to blockchain.info for them to store on their servers.

What device were you using when you created that address and how long ago did you create it?

There was a known problem in the Android operating system a few months ago.  Android was not properly generating random numbers.  Perhaps you used an android device long enough ago to generate the address and therefore ended up with a non-random private key?  If so, and if other users used a similar device long enough ago, then it is possible that due to a faulty operating system multiple people generated the same address.

You didn't import that address from a brainwallet or any other address generating program (such as vanitygen), right?


OK! I am so sorry Blockchain.info and all users!
Look at this!

+100 to blokchain.info

I totally forgot about that I DID import private key into my blockchain!

I forgot about it because there was 0 btc on it and it was some kind of joke I was thinking!
I totally forgot! Because I do not use my blockchain.info wallet to revieve or send money, and I import that key over there because I though as for experiment I can do it there, as I do not keep any money there!

look:
https://bitcointalk.org/index.php?topic=516987.0

I am so sorry .... but at least we prove that Blockchain.info is SECURE! Smiley


DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
March 25, 2014, 06:55:39 PM
 #46

I totally forgot about that I DID import private key into my blockchain!

I forgot about it because there was 0 btc on it and it was some kind of joke I was thinking!
I totally forgot! Because I do not use my blockchain.info wallet to revieve or send money, and I import that key over there because I though as for experiment I can do it there, as I do not keep any money there!

look:
https://bitcointalk.org/index.php?topic=516987.0

So, you imported someone else's private key, and then became concerned that someone else had the same private key as you?

Can you please go through all of your recent posts and delete all this alarmist trash before you scare some newbie that thinks this might be a real problem?
roslinpl
Legendary
*
Offline Offline

Activity: 2212
Merit: 1199


View Profile WWW
March 25, 2014, 07:03:29 PM
 #47

I totally forgot about that I DID import private key into my blockchain!

I forgot about it because there was 0 btc on it and it was some kind of joke I was thinking!
I totally forgot! Because I do not use my blockchain.info wallet to revieve or send money, and I import that key over there because I though as for experiment I can do it there, as I do not keep any money there!

look:
https://bitcointalk.org/index.php?topic=516987.0

So, you imported someone else's private key, and then became concerned that someone else had the same private key as you?

Can you please go through all of your recent posts and delete all this alarmist trash before you scare some newbie that thinks this might be a real problem?

Sure I can I just edited my thread about this and in this thread I did deleted those posts.

I am so sorry for that rumor Smiley

Eh... but tell me how stupid is to put your private key in public...

and tell me how stupid is to import it  and forgot about? Smiley
So sorry! Smiley

amspir
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 25, 2014, 07:27:54 PM
 #48


I forgot about it because there was 0 btc on it and it was some kind of joke I was thinking!
I totally forgot! Because I do not use my blockchain.info wallet to revieve or send money, and I import that key over there because I though as for experiment I can do it there, as I do not keep any money there!

You do realize that this is a scam attempt.  If someone imports a formerly private key into their wallet, and the wallet starts using it for a change address, the scammer simply sweeps the address and steals your money.
jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
March 25, 2014, 07:30:06 PM
 #49

Someone really needs to compile a list of all the ways you can get your coins stolen

cp1
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Stop using branwallets


View Profile
March 25, 2014, 09:44:50 PM
 #50

Here's my private key 5KMWWy2d3Mjc8LojNoj8Lcz9B1aWu8bRofUgGwQk959Dw5h2iyw

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
cp1
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Stop using branwallets


View Profile
March 25, 2014, 10:06:23 PM
 #51

I've never seen a private key that started with a 9, what type is that?

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
Kenshin
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


View Profile
March 25, 2014, 10:09:12 PM
 #52

I'm no cryptography expert myself, but I believe what you describe is known as 'rainbow 'tables'.
In short, there's no use in trying to generate rainbow tables for SHA-256 (the hash algorithm Bitcoin uses) as it would take way too much computing power and storage space.

SHA256 Rainbow table does exist!! But lucky, it is only in 6 - 7 characters.
http://www.cryptohaze.com/gpurainbowtables.php#sha256
Kenshin
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


View Profile
March 25, 2014, 10:11:16 PM
 #53

Someone really needs to compile a list of all the ways you can get your coins stolen

I am sure a lot of Unethical Hackers already have a list.  Grin

Also Ethical Hacker like myself knows a lot of ways, but I am not going to list them out.  Cool
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
March 25, 2014, 10:16:26 PM
 #54

I'm no cryptography expert myself, but I believe what you describe is known as 'rainbow 'tables'.
In short, there's no use in trying to generate rainbow tables for SHA-256 (the hash algorithm Bitcoin uses) as it would take way too much computing power and storage space.

SHA256 Rainbow table does exist!! But lucky, it is only in 6 - 7 characters.
http://www.cryptohaze.com/gpurainbowtables.php#sha256

Also lucky, it is not enough to just use SHA256 to find address.

You would need a rainbow table that is generated with ECDSA, followed by SHA256, and then RIPEMD-160.

BurtW
Legendary
*
Offline Offline

Activity: 2646
Merit: 1137

All paid signature campaigns should be banned.


View Profile WWW
March 25, 2014, 10:17:02 PM
 #55

Well I am glad we got that all figured out.

Our family was terrorized by Homeland Security.  Read all about it here:  http://www.jmwagner.com/ and http://www.burtw.com/  Any donations to help us recover from the $300,000 in legal fees and forced donations to the Federal Asset Forfeiture slush fund are greatly appreciated!
cp1
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


Stop using branwallets


View Profile
March 25, 2014, 10:17:37 PM
 #56

Just want to say I told you so Smiley

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
itod
Legendary
*
Offline Offline

Activity: 1974
Merit: 1077


^ Will code for Bitcoins


View Profile
March 25, 2014, 10:46:04 PM
 #57

You do realize that this is a scam attempt.  If someone imports a formerly private key into their wallet, and the wallet starts using it for a change address, the scammer simply sweeps the address and steals your money.

I must admit investing 0.22019748 BTC in a long term scam attempt is not a small amount. These scammers are getting serious.

How long until scammer can seriously except that amount of change lands on that address? Even if he gets lucky and gets some change, he has to be the fastest to collect it.

Wrapping my had around the fact that someone is really attempting this kind of scams.
amspir
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 25, 2014, 10:59:42 PM
 #58

You do realize that this is a scam attempt.  If someone imports a formerly private key into their wallet, and the wallet starts using it for a change address, the scammer simply sweeps the address and steals your money.

I must admit investing 0.22019748 BTC in a long term scam attempt is not a small amount. These scammers are getting serious.

How long until scammer can seriously except that amount of change lands on that address? Even if he gets lucky and gets some change, he has to be the fastest to collect it.

Wrapping my had around the fact that someone is really attempting this kind of scams.

The scammer would be using software to continually monitor transactions on the address, and sweep it as soon as the transaction appeared (send out the spend transaction).

The gullible would import the "private" key into their wallets, thinking they might find some free money on the address eventually, and then forget about it.

itod
Legendary
*
Offline Offline

Activity: 1974
Merit: 1077


^ Will code for Bitcoins


View Profile
March 25, 2014, 11:03:32 PM
 #59

You do realize that this is a scam attempt.  If someone imports a formerly private key into their wallet, and the wallet starts using it for a change address, the scammer simply sweeps the address and steals your money.

I must admit investing 0.22019748 BTC in a long term scam attempt is not a small amount. These scammers are getting serious.

How long until scammer can seriously except that amount of change lands on that address? Even if he gets lucky and gets some change, he has to be the fastest to collect it.

Wrapping my had around the fact that someone is really attempting this kind of scams.

The scammer would be using software to continually monitor transactions on the address, and sweep it as soon as the transaction appeared (send out the spend transaction).

The gullible would import the "private" key into their wallets, thinking they might find some free money on the address eventually, and then forget about it.

I know, amspir, how that works, but isn't it that by default in Bitcoin-QT wallet new address is used for a change? My question was how realistic is that change ends up on an imported address?
DannyHamilton
Legendary
*
Offline Offline

Activity: 3486
Merit: 4832



View Profile
March 25, 2014, 11:05:42 PM
 #60

My question was how realistic is that change ends up on an imported address?

That depends on what wallet you import the address into.

I'm pretty sure that, blockchain.info, and MultiBit use an existing address in the wallet for change.

Furthermore, if the victim forgets that they imported the address, and is receiving bitcoins from someone, there is a chance that they will give out the imported address as a receiving address.
Pages: « 1 2 [3] 4 5 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!