Bitcoin address SHA-2(string+n)

[jennamarble]

Type 1 deterministic wallet
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such, it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

This type of wallet can be created by Casascius Bitcoin Address Utility.

I want the above functionality with a simple twist since GPU will generate addresses in millions compressed and uncompressed form similar to vanity address generators save only the addresses
that have the matching pattern along with the private key that generated that address and do that indefinitely GPU either Cuda or OpenCL I will appreciate if you make such program for free if not we can discuss this if you want you can contact me on telegram it's same as my username since I am not that active.

[jennamarble]

I'm a bit confused since you don't split what you write using dot or commas. But basically you need bitcoin address generator which use GPU (CUDA/OpenCL) with input defined by you? Anyway, if you don't plan to generate billion of address, it's more practical to use Bitcoin library which support generate address with custom private key you defined.

No, i want that specifically since i want a program similar to vanity generators that is used to make addresses with the matching pattern but use random seed i don't want to use random seed/data I want my addresses to be generated deterministically using my string+n where n is an ASCII-coded number that starts from 1 and increments

[BlackHatCoiner]

if you make such program for free if not we can discuss this if you want you can contact me on telegram its same as my username since i am not that active.

You should be a little bit more clear if you want someone's services. I've understood half of what you wrote.

To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

And string a random hexadecimally represented number? If you just want to generate brute forcefully addresses starting from a random number, just increase it by 1 for each loop.

I want the above functionality with a simple twist since gpu will generate addresses in millions compressed and uncompressed form similar to vanity address generators save only the addresses

Would you mind telling us what's your purpose? It seems like you want to... generate vanity addresses?

[jennamarble]

if you make such program for free if not we can discuss this if you want you can contact me on telegram its same as my username since i am not that active.

You should be a little bit more clear if you want someone's services. I've understood half of what you wrote.

I think you have trouble understanding a clear example Type 1 deterministic wallet
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

And string a random hexadecimally represented number? If you just want to generate brute forcefully addresses starting from a random number, just increase it by 1 for each loop.

Why would i want to use hexadecimal number as string since any number plus alphabet can be represented as string for example i will use my name

I want the above functionality with a simple twist since gpu will generate addresses in millions compressed and uncompressed form similar to vanity address generators save only the addresses

Would you mind telling us what's your purpose? It seems like you want to... generate vanity addresses?

Yes i want to generate vanity address using this Type 1 deterministic wallet
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

[NotATether]

Why would i want to use hexadecimal number as string since any number plus alphabet can be represented as string for example i will use my name

The way you're generating your addresses, using SHA256(string + n), better known to cryptographers as SHA256(string | n), is not secure. This is bad news if you're trying to generate these addresses but on the other hand it makes your task easier if your intention is to actually brute force them.

First of all, this is a simple brainwallet input where hackers simply have to guess the value of "string" and then append random junk for "n" (especially if it's your name!) to guess all the deriviations you'll ever do, thus getting all your private keys. There are several programs deployed right now by hackers that are cleaning out all brainwallets as we speak.

The second, less subtle vulnerability is that if you expose your "n" or whatever you use as the index, along with the algorithm used to turn the index into your random ascii "n", people don't have to know what your STRING is to caarry out a length-extension attack (search it on google) since you can look for proof of concepts for length-extension attack anywhere on Github and then adjust the PoC for your specific starting string.

[BlackHatCoiner]

If you quote a post, write beneath it, not inside the quote tags.

Code:

[quote author=BlackHatCoiner link=topic=5347515.msg57383096#msg57383096 date=1625401428]...[/quote]
Write here...

To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

I know how a simple deterministic wallet implemetation would be like and I understood your example. I'm just recommending you to be clearer in the future, especially when you want to buy services from an unknown person in the internet.

Why would i want to use hexadecimal number as string since any number plus alphabet can be represented as string for example i will use my name

Again, it depends on what you want to achieve. If these addresses will be used in the future for funding, then knowing your name can increase my odds to find their private keys. On the other hand, if you used a very large random number, I couldn't stand a chance.

Yes i want to generate vanity address using this Type 1 deterministic wallet
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

Great. Don't use the brain wallet way. Instead I'd suggest you to do the following; generate a random number between 1 and 2²⁵⁶ - 2³² - 977 (secp256k1 range). Instead of having an n variable, just increase that number by 1 each time. Simple as that.

[jennamarble]

If you quote a post, write beneath it, not inside the quote tags.

Code:

[quote author=BlackHatCoiner link=topic=5347515.msg57383096#msg57383096 date=1625401428]...[/quote]
Write here...

To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

I know how a simple deterministic wallet implemetation would be like and I understood your example. I'm just recommending you to be clearer in the future, especially when you want to buy services from an unknown person in the internet.

Why would i want to use hexadecimal number as string since any number plus alphabet can be represented as string for example i will use my name

Again, it depends on what you want to achieve. If these addresses will be used in the future for funding, then knowing your name can increase my odds to find their private keys. On the other hand, if you used a very large random number, I couldn't stand a chance.

Yes i want to generate vanity address using this Type 1 deterministic wallet
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

Great. Don't use the brain wallet way. Instead I'd suggest you to do the following; generate a random number between 1 and 2²⁵⁶ - 2³² - 977 (secp256k1 range). Instead of having an n variable, just increase that number by 1 each time. Simple as that.

this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness plus it would be deterministic for me if whenever I forget I can recover it however the big number is just hard to recover if lost so the point stands that I will use string, not my name as I gave that just as an example I will use a string with 132 bits of entropy as that is strong and used by electrum as well plus by using GPU I don't want to save all those billions of addresses so i will only save the addresses that match the pattern but with my method of string+n increments and for this increments are necessary if you use same string billions of times it will generate the same address but if you add the needed numbers/increments it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.

[BlackHatCoiner]

Breath!

this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness plus it would be deterministic for me if whenever I forget I can recover it however the big number is just hard to recover if lost so the point stands that I will use string, not my name as I gave that just as an example I will use a string with 132 bits of entropy as that is strong and used by electrum as well plus by using GPU I don't want to save all those billions of addresses so i will only save the addresses that match the pattern but with my method of string+n increments and for this increments are necessary if you use same string billions of times it will generate the same address but if you add the needed numbers/increments it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.

this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness

Wait, do you mean that you'll hash that entropy or that you'll use it directly for the addresses? There's no need to hash anything neither to take any extra security measures; if you randomly generate 256 bits, they're fine to perform ECDSA, SHA256, RIPEMD-160, SHA256 and then the final base58 encoding.

it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.

You may have misunderstood the procedure. Every address is an encoded RIPEMD-160 hash along with a version byte in the front and with a checksum in the back. [Useful link]

There are no 132 bits of entropy. You may have confused it with the BIP39 in which you use 128 bits of entropy along with 4 bits of hash for the seed generation. Then, after some PBKDF2 and HMAC-SHA256/512 rounds, you end up with the derived addresses. But, that's just a proposal for generating deterministic keys. If you want to go with the standard way, you'll need 256 bits.

[jennamarble]

Breath!

this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness plus it would be deterministic for me if whenever I forget I can recover it however the big number is just hard to recover if lost so the point stands that I will use string, not my name as I gave that just as an example I will use a string with 132 bits of entropy as that is strong and used by electrum as well plus by using GPU I don't want to save all those billions of addresses so i will only save the addresses that match the pattern but with my method of string+n increments and for this increments are necessary if you use same string billions of times it will generate the same address but if you add the needed numbers/increments it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.

this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness

Wait, do you mean that you'll hash that entropy or that you'll use it directly for the addresses? There's no need to hash anything neither to take any extra security measures; if you randomly generate 256 bits, they're fine to perform ECDSA, SHA256, RIPEMD-160, SHA256 and then the final base58 encoding.

it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.

You may have misunderstood the procedure. Every address is an encoded RIPEMD-160 hash along with a version byte in the front and with a checksum in the back. [Useful link]

There are no 132 bits of entropy. You may have confused it with the BIP39 in which you use 128 bits of entropy along with 4 bits of hash for the seed generation. Then, after some PBKDF2 and HMAC-SHA256/512 rounds, you end up with the derived addresses. But, that's just a proposal for generating deterministic keys. If you want to go with the standard way, you'll need 256 bits.

the string does not have to bip39 to be secure is just needs to be long enough I think you are misunderstanding or trying to twist my words or maybe trying to change the topic you think I don't know about those procedures you talk about you are not very clever regarding this

[BlackHatCoiner]

the string does not have to bip39 to be secure is just needs to be long enough

I never said that.

i think you are misunderstanding or trying to twist my words or maybe trying to change the topic

You caught me!

you think i dont know about those procedures you talk about

Buddy, we were just having a discussion and I was trying to help. Good luck on your way to find a programmer that will do you a work you can't even describe.

you are clearly not very claver regarding this

im not claver...  

[jennamarble]

the string does not have to bip39 to be secure is just needs to be long enough

I never said that.

i think you are misunderstanding or trying to twist my words or maybe trying to change the topic

You caught me!

you think i dont know about those procedures you talk about

Buddy, we were just having a discussion and I was trying to help. Good luck on your way to find a programmer that will do you a work you can't even describe..

you are clearly not very claver regarding this

im not claver...  

Type 1 deterministic wallet
A type 1 deterministic wallet is a simple method of generating addresses from a known starting string, as such it does not allow advanced features such as a Master Public Key. To generate a private key take SHA256(string + n), where n is an ASCII-coded number that starts from 1 and increments as additional keys are needed.

This type of wallet can be created by Casascius Bitcoin Address Utility.

I want the above functionality with a simple twist since gpu will generate addresses in millions compressed and uncompressed form similar to vanity address generators save only the addresses
that have the matching pattern along with the private key that generated that address and do that indefinately gpu either cuda or opencl i will appreciate if you make such program for free if not we can discuss this if you want you can contact me on telegram its same as my username since i am not that active.

can't even describe lol tell me what is so hard to understand? my first post on this topic gives the clear concept of what I want you don't know English now?

[odolvlobo]

can't even describe lol tell me what is so hard to understand? my first post on this topic gives the clear concept of what I want you don't know English now?

As a native English speaker, I find it difficult to understand what you have written because your grammar and punctuation (which are important components of the language) are poor.

If I understand you correctly, you would like someone to create a vanity address generator that returns a number, N, such that a private key derived from SHA256(M|N) has an address that matches a pattern, where M and the pattern are both chosen by the user.

That is certainly doable. Is there a limit on the value of the number?

Keep in mind that as others have mentioned, any brain wallet is insecure. That includes your derivation of a brain wallet. While "now is the time for all good men to come to the aid of their country 67854897" is more secure than "now is the time for all good men to come to the aid of their country", it may not be not secure enough to be used as a private key.

[NotATether]

~

this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness plus it would be deterministic for me if whenever I forget I can recover it however the big number is just hard to recover if lost so the point stands that I will use string, not my name as I gave that just as an example I will use a string with 132 bits of entropy as that is strong and used by electrum as well plus by using GPU I don't want to save all those billions of addresses so i will only save the addresses that match the pattern but with my method of string+n increments and for this increments are necessary if you use same string billions of times it will generate the same address but if you add the needed numbers/increments it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.

A random string with 132-bit entropy is much better than what I initially thought you were doing (just make sure you add the string at the end of n and not the other way around), but in my opinion, if you really want to generate private keys this way then I suggest ditching hashing functions altogether and use Scrypt for your algorithm instead, which can be tweaked to make brute-forcing infeasible.

[jennamarble]

can't even describe lol tell me what is so hard to understand? my first post on this topic gives the clear concept of what I want you don't know English now?

As a native English speaker, I find it difficult to understand what you have written because your grammar and punctuation (which are important components of the language) are poor.

If I understand you correctly, you would like someone to create a vanity address generator that returns a number, N, such that a private key derived from SHA256(M|N) has an address that matches a pattern, where M and the pattern are both chosen by the user.

That is certainly doable. Is there a limit on the value of the number?

Keep in mind that as others have mentioned, any brain wallet is insecure. That includes your derivation of a brain wallet. While "now is the time for all good men to come to the aid of their country 67854897" is more secure than "now is the time for all good men to come to the aid of their country", it may not be not secure enough to be used as a private key.

my first paragraph in my topic literally comes from https://en.bitcoin.it/wiki/Deterministic_wallet have grammatical errors? lol really for a native speaker I expected better even non native illiterate person would understand what I wrote in simple English second people don't have to know English to understand it third many programmers don't know English but can write programs using it for if for and while loops besides this is not grammar and education measuring contest

[jennamarble]

~

this is understandable I will use 132 bits of entropy as a string plus the increments for extra security and uniqueness plus it would be deterministic for me if whenever I forget I can recover it however the big number is just hard to recover if lost so the point stands that I will use string, not my name as I gave that just as an example I will use a string with 132 bits of entropy as that is strong and used by electrum as well plus by using GPU I don't want to save all those billions of addresses so i will only save the addresses that match the pattern but with my method of string+n increments and for this increments are necessary if you use same string billions of times it will generate the same address but if you add the needed numbers/increments it will fulfil the task of pattern and uniqueness since using 132 of entropy for single address is not very economical I would say.

A random string with 132-bit entropy is much better than what I initially thought you were doing (just make sure you add the string at the end of n and not the other way around), but in my opinion, if you really want to generate private keys this way then I suggest ditching hashing functions altogether and use Scrypt for your algorithm instead, which can be tweaked to make brute-forcing infeasible.

SHA256 is secure you are declaring that sha256 is insecure? besides that length-extension attack wouldn't work on anything which is considered secure such as 132 bits of entropy anything else other then that would be going far from the topic as per the rules of the forum we should stick to the main topic -Bitcoin address SHA-2(string+n)

[pooya87]

I think the problem is that what you want (a vanity bitcoin address) and the method you want to use (SHA256(string+n)) don't make sense together and that is what people are trying to tell you. Mainly it doesn't make any sense to start from a starting seed to generate the vanity address, if you want such an address then simply start from a random key.

You said something about forgetting and being able to recover it from that seed which again doesn't make sense if you are generating a vanity address because depending on how many fixed starting characters the address has the process can take a very long time and recovering it this way is not practical. Not to mention that using a starting string that you can remember suggests weakness in the randomness.

Here is a suggestion, why not generate a random entropy then start your vanity address search from there until you find the key that corresponds to your desired address. Then take the private key to that address (256-bit) and encode that using an algorithm like BIP39 to a set of words that you can easily store or remember (although it is not recommended to only rely on your memory for backup).

[jennamarble]

I think the problem is that what you want (a vanity bitcoin address) and the method you want to use (SHA256(string+n)) don't make sense together and that is what people are trying to tell you. Mainly it doesn't make any sense to start from a starting seed to generate the vanity address, if you want such an address then simply start from a random key.

I think you are talking nonsense how do you explain key generation? Do you think the random key is generated out of nowhere? Random key generation also needs input without input there is no output also to say that random key generation is the only secure way to generate is a real security risk since all random numbers cant be trusted havent you heard of the weak random seed generated by android clients?

You said something about forgetting and being able to recover it from that seed which again doesn't make sense if you are generating a vanity address because depending on how many fixed starting characters the address has the process can take a very long time and recovering it this way is not practical. Not to mention that using a starting string that you can remember suggests weakness in the randomness.

It makes perfect sense see the above reply.

Here is a suggestion, why not generate a random entropy then start your vanity address search from there until you find the key that corresponds to your desired address. Then take the private key to that address (256-bit) and encode that using an algorithm like BIP39 to a set of words that you can easily store or remember (although it is not recommended to only rely on your memory for backup).

I can remember it and it is very practical as well

[pooya87]

I think you are talking nonsense how do you explain key generation? Do you think the random key is generated out of nowhere? Random key generation also needs input without input there is no output also to say that random key generation is the only secure way to generate is a real security risk since all random numbers cant be trusted havent you heard of the weak random seed generated by android clients?

Just because some poorly written applications in the past by incompetent developers used a weak RNG doesn't mean random number generators are weak in general! You just have to know how to use them correctly. Giving them up altogether and relying on a weak method sounds like replacing one mistake with another.

[jennamarble]

I think you are talking nonsense how do you explain key generation? Do you think the random key is generated out of nowhere? Random key generation also needs input without input there is no output also to say that random key generation is the only secure way to generate is a real security risk since all random numbers cant be trusted havent you heard of the weak random seed generated by android clients?

Just because some poorly written applications in the past by incompetent developers used a weak RNG doesn't mean random number generators are weak in general! You just have to know how to use them correctly. Giving them up altogether and relying on a weak method sounds like replacing one mistake with another.

Since when using words with 132 bit of entropy become weak? Do you even know what are you talking about? it would take you ages or maybe a decade to crack addresses generated using words with 132 bit of entropy the application/tool is as weak as the person behind if you put weak words with low entropy then you will get weak addresses like the addresses generated using applications made by incompetent developers you talk about then its bound to be cracked or you know what you are doing and generate words with high entropy i would rather trust myself then to find out later if the developers were competent enough later when my money gets stolen

[NotATether]

SHA256 is secure you are declaring that sha256 is insecure? besides that length-extension attack wouldn't work on anything which is considered secure such as 132 bits of entropy...

If by secure you mean "cannot be reverse-engineered" then that is correct. However, it is suspectable to brute-force. On a 1080 Ti card a hacker can try SHA256 combos at around 4400 megahash/s. For comparison, the same card can only try scrypt at around 0.9 megahash/s and PBKDF2 with HMAC-SHA256 iterations at 1.6 megahash/s.

I guess the fact that you are using 132 bits of entropy in your string nullifies the cracking speed increase, but you must make sure your entropy source is not dirty or else you could actually be using less entropy unknowingly. A good example of this is using /dev/urandom.