Lauda
Legendary
 Offline
Activity: 2674
Merit: 2965
Terminated.
|
 |
July 24, 2014, 12:17:11 AM |
|
 I'm unsure who made this image but I always like it to help illustrate the security of a 256 bit private key.  Aaaaand Topic closed!  Thanks for sharing that info! As soon as I've read the title and topic, I've waited for someone to link this image. What more do you people need? Whoever made this was certainly a small fellow. In other words, no matter what advancement is made in technology in the next 100 years, there is no way for anyone to brute force 256bit keys. |
"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks" 😼 Bitcoin Core ( onion) |
|
|
Soros Shorts
Donator
Legendary
Offline
Activity: 1617
Merit: 1012
|
|
July 24, 2014, 12:20:00 AM |
|
I heard somewhere that brainwallets were actually easier to crack than long strings of letters, numbers, and symbols because the computer just tests every word in the dictionary against each other in sentences. Obviously cracking either would take a long time, but this makes logical sense.
That's assuming that the hashing function used to convert the passphrase to the private key is well known. You could always iimplement your own function, or if using some public brainwallet site you could pre-hash your passphrase using some simple but obscure hashing function. |
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
July 24, 2014, 12:20:51 AM |
|
If I understand it correctly it would literally take years to get even one private key. Even so it is wise to move your coins from time to time. A moving target is much harder to hit.
If the threat is brute forcing a private key this is not correct. A "moving target" is exactly as easy to hit as a stationary one. You likely increase your exposure to other threats such as malware by moving the coins around. Keeping them untouched in cold storage is safer. |
|
|
|
|
nutildah (OP)
Legendary
Offline
Activity: 3164
Merit: 8560
Happy 10th Birthday to Dogeparty!
|
|
July 24, 2014, 12:29:09 AM |
|
As soon as I've read the title and topic, I've waited for someone to link this image.
What more do you people need? Whoever made this was certainly a small fellow.
In other words, no matter what advancement is made in technology in the next 100 years, there is no way for anyone to brute force 256bit keys.
There also was no way to harness electricity, until there was. |
|
|
|
nutildah (OP)
Legendary
Offline
Activity: 3164
Merit: 8560
Happy 10th Birthday to Dogeparty!
|
|
July 24, 2014, 12:32:33 AM |
|
If I understand it correctly it would literally take years to get even one private key. Even so it is wise to move your coins from time to time. A moving target is much harder to hit.
If the threat is brute forcing a private key this is not correct. A "moving target" is exactly as easy to hit as a stationary one. Wouldn't they go after well-funded bitcoin addresses first? I would be hammering away at Satoshi's original address first, and then go after the XCP Burn address second. If you move the bitcoin around then the list changes and the botmaster might be working off of outdated lists. |
|
|
|
|
bluemountain
|
|
July 24, 2014, 12:34:03 AM |
|
28.23 trillion trillion trillion centuries (Assuming one hundred trillion guesses per second)We are fine  LOL I don't think it is really possible to reasonably calculate a private key based on the public key. |
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
July 24, 2014, 12:38:36 AM
Last edit: July 24, 2014, 07:27:12 AM by smooth |
|
If I understand it correctly it would literally take years to get even one private key. Even so it is wise to move your coins from time to time. A moving target is much harder to hit.
If the threat is brute forcing a private key this is not correct. A "moving target" is exactly as easy to hit as a stationary one. Wouldn't they go after well-funded bitcoin addresses first? I would be hammering away at Satoshi's original address first, and then go after the XCP Burn address second. If you move the bitcoin around then the list changes and the botmaster might be working off of outdated lists. If you assume the ability to actually exhaust the key space (as in cosmological time scales), then sure, you (very) slightly improve your situation by creating a new key. But if you are talking about someone taking shots in the dark at your key and hoping to get lucky (which is all that can be done in practice if the keys are drawn from the entire key space), moving it doesn't help you. It is just a likely that you move right into the path of the bullet than move out of the path. |
|
|
|
|
|
fbueller
|
|
July 24, 2014, 12:41:58 AM |
|
The biggest number factored
so far was "143", so elliptic curve cryptography
used in Bitcoin is secure. Factoring is RSA, not elliptic curves. |
Bitwasp Developer.
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
July 24, 2014, 12:58:10 AM |
|
The biggest number factored
so far was "143", so elliptic curve cryptography
used in Bitcoin is secure. Factoring is RSA, not elliptic curves. Yes, didn't mean to imply that. Point is still valid: there's no quantum speed up for public key cryptography, right? |
|
|
|
jonald_fyookball
Legendary
Offline
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
|
|
July 24, 2014, 01:00:03 AM |
|
I heard somewhere that brainwallets were actually easier to crack than long strings of letters, numbers, and symbols because the computer just tests every word in the dictionary against each other in sentences. Obviously cracking either would take a long time, but this makes logical sense.
Doesn't exactly work that way. It depends on how many words vs. how many letters. If you choose 10 words from a 1000 word dictionary, thats 1000^10 combinations. If you choose 10 letters from a 62 character alphanumberic set, that's 62^10, which is a smaller number. |
|
|
|
doubleredrolex
Full Member
Offline
Activity: 211
Merit: 100
I Believe
|
|
July 24, 2014, 06:04:03 AM |
|
We will have to rethink a lot of online security after quantum computers come out. Everything is going to need to use 2FA at the very least
|
|
|
|
|
AGD
Legendary
Offline
Activity: 2070
Merit: 1164
Keeper of the Private Key
|
|
July 24, 2014, 06:10:44 AM |
|
Why not simply take a 200$ gun and force somebody to reveal their private key. Even if you do this with a random person you are more likely to hit the Jackpot than with any other possible brute force attack.
|
|
|
|
|
hhanh00
|
|
July 24, 2014, 07:34:44 AM |
|
I'm unsure who made this image but I always like it to help illustrate the security of a 256 bit private key. Thanks for sharing that info! As soon as I've read the title and topic, I've waited for someone to link this image. What more do you people need? Whoever made this was certainly a small fellow. In other words, no matter what advancement is made in technology in the next 100 years, there is no way for anyone to brute force 256bit keys. This drawing is misleading because it applies to brute forcing a key. If you have a safe with 6 digits, a thief would not try to try every combination. He will use your birthday, your wife's birth day, etc first. If that doesn't work, he would drill a hole and peek through the lock tumblers. Basically, no one questions the breadth of the key space - but there might be backdoors to ECC or bugs in its implementation. |
|
|
|
|
hhanh00
|
|
July 24, 2014, 07:49:16 AM |
|
The biggest number factored
so far was "143", so elliptic curve cryptography
used in Bitcoin is secure. Factoring is RSA, not elliptic curves. Shor's algorithm has two parts. The quantum part finds the period and would run much faster than on a regular computer. http://en.wikipedia.org/wiki/Shor%27s_algorithm#Discrete_logarithmsEdit: Adding reference to wikipedia. |
|
|
|
SomeBoy
Newbie
Offline
Activity: 17
Merit: 0
|
|
July 24, 2014, 09:05:52 AM |
|
OK, newbie here but please bear with me because I'm sure many people reading this thread would like to ask this same question but are afraid to look noob. You keep saying not to reuse addresses and keep balances on new addresses. Now as I understand it, in order to send coins to any address the network needs to be made aware of it by means of a transaction which will be forever recorded on the blockchain with the public keys of the addresses. So what's the point in tranferring the coins to a new address if its public key is going to be made public by the transaction anyway, even if the address owner only made that single transaction using that address?
|
|
|
|
|
|
hhanh00
|
|
July 24, 2014, 09:34:36 AM
Last edit: July 24, 2014, 01:10:32 PM by hhanh00 |
|
Actually the transaction only shows the public key of the address you are sending the coins from. That's why some coins are likely lost forever because they were sent to an address which is unlikely to be associated with a public/private key pair.
They are named something like "1DontSendBitCoinsHere"...
|
|
|
|
|
|
|
hhanh00
|
|
July 24, 2014, 01:33:10 PM |
|
We are so far away from a working quantum computer. The best that was done was with 4 qubits. You'll need thousands to break ECC 256. But the research is ongoing so maybe one day it will be feasible.
The computer from dwave is highly suspicious. It hasn't demonstrated anything that can't be done on a classical computer with the same speed. It doesn't show state superposition which is the fundamental part of any quantum algorithm.
It may solve some problems faster than classical computers but we don't know which ones.
Unfortunately, there is a lot of fubar associated with quantum computers because they sound very cool...
In any case, there are drop-in crypto methods that are quantum computer resistant. The worst case is that a hard fork will happen and bitcoin will continue with a new algo.
|
|
|
|
|
barbarousrelic
|
|
July 24, 2014, 02:15:29 PM |
|
Until the sun rises in the west and sets in the east. Until the rivers run dry, and the mountains blow in the wind like leaves. Then bots will profitably guess private keys.
|
Do not waste your time debating whether Bitcoin can work. It does work.
"Early adopters will profit" is not a sufficient condition to classify something as a pyramid or Ponzi scheme. If it was, Apple and Microsoft stock are Ponzi schemes.
There is no such thing as "market manipulation." There is only buying and selling.
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
July 24, 2014, 02:15:33 PM |
|
OK, newbie here but please bear with me because I'm sure many people reading this thread would like to ask this same question but are afraid to look noob. You keep saying not to reuse addresses and keep balances on new addresses. Now as I understand it, in order to send coins to any address the network needs to be made aware of it by means of a transaction which will be forever recorded on the blockchain with the public keys of the addresses. So what's the point in tranferring the coins to a new address if its public key is going to be made public by the transaction anyway, even if the address owner only made that single transaction using that address?
Addresses aren't public keys. Addresses are public key hashes (or script hashes). Hashing functions are one way. Knowing the hash doesn't allow anyone to know the key. When you spend the coins you reveal the key and other nodes verify it hashes to the pubkeyhash in the output you are spending. |
|
|
|
|
|
