Bitcoin Forum
November 17, 2024, 11:41:33 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: Simple Vanity Address Generator [v0.4]  (Read 18035 times)
Scott J
Legendary
*
Offline Offline

Activity: 1792
Merit: 1000


View Profile
August 17, 2012, 04:13:42 PM
 #41

It is funny how thing work out, but I don't think you have cause to apologise Smiley

If you need some odd BTC, please PM me it would be my pleasure.

And I've added your service to my signature. I'll keep it there for a few weeks.

Nyhm (OP)
Full Member
***
Offline Offline

Activity: 216
Merit: 100



View Profile WWW
September 30, 2012, 05:15:57 PM
 #42

Scott J, thanks so much for linking my generator in your sig for so long.

I've just updated the vanity page (and my Bitcoin portfolio page). What do you think?

[Bitcoin Game List] ~ [BitcoinGalaxy.net Live Bitcoin Visualization] ~ [PotentialGames.com]
Scott J
Legendary
*
Offline Offline

Activity: 1792
Merit: 1000


View Profile
September 30, 2012, 05:30:21 PM
 #43

Scott J, thanks so much for linking my generator in your sig for so long.

I've just updated the vanity page (and my Bitcoin portfolio page). What do you think?
No probs, it's my pleasure Smiley

The vanity generator looks really good, I'm playing with it now.

Though it would be good to still be able to do it within the browser rather than download the file and run.

I'm also interested in this secret project  Lips sealed Grin
Nyhm (OP)
Full Member
***
Offline Offline

Activity: 216
Merit: 100



View Profile WWW
September 30, 2012, 05:44:54 PM
 #44

Applets have lots of pitfalls. They can be made to work properly, but I decided to focus my efforts on providing a solid application.

Running software in-browser also tends to scare away Bitcoin users, so downloading an application is desirable. (You can even run it on an offline computer if you're really paranoid.)

The secret project is almost ready. I'm very excited about it myself!

[Bitcoin Game List] ~ [BitcoinGalaxy.net Live Bitcoin Visualization] ~ [PotentialGames.com]
Scott J
Legendary
*
Offline Offline

Activity: 1792
Merit: 1000


View Profile
September 30, 2012, 06:13:10 PM
 #45

Applets have lots of pitfalls. They can be made to work properly, but I decided to focus my efforts on providing a solid application.

Running software in-browser also tends to scare away Bitcoin users, so downloading an application is desirable. (You can even run it on an offline computer if you're really paranoid.)
That's a good point, I can see how a downloaded app is preferable.

Let me know when this secret project come to fruition  Cool

Luke-Jr
Legendary
*
Offline Offline

Activity: 2576
Merit: 1186



View Profile
December 24, 2012, 09:07:23 PM
 #46

Probably a good idea to take all funds out of keys generated with this program until this risk is resolved...

pointbiz
Sr. Member
****
Offline Offline

Activity: 437
Merit: 415

1ninja


View Profile
December 24, 2012, 11:21:48 PM
 #47

Probably a good idea to take all funds out of keys generated with this program until this risk is resolved...

Can you elaborate? Is the risk lack of entropy in the RNG? the other thread doesn't mention this tool explicitly...

Coder of: https://www.bitaddress.org      Thread
Open Source JavaScript Client-Side Bitcoin Wallet Generator
Donations: 1NiNja1bUmhSoTXozBRBEtR8LeF9TGbZBN   PGP
Luke-Jr
Legendary
*
Offline Offline

Activity: 2576
Merit: 1186



View Profile
December 24, 2012, 11:35:32 PM
 #48

Probably a good idea to take all funds out of keys generated with this program until this risk is resolved...

Can you elaborate? Is the risk lack of entropy in the RNG? the other thread doesn't mention this tool explicitly...
I don't think anyone knows for sure what's up yet. I spoke to TheButterZone on IRC and he said it was this tool.

Nyhm (OP)
Full Member
***
Offline Offline

Activity: 216
Merit: 100



View Profile WWW
December 25, 2012, 08:14:07 PM
 #49

Probably a good idea to take all funds out of keys generated with this program until this risk is resolved...

Can you elaborate? Is the risk lack of entropy in the RNG? the other thread doesn't mention this tool explicitly...
I don't think anyone knows for sure what's up yet. I spoke to TheButterZone on IRC and he said it was this tool.

Although I recognize the theoretical possibility of a collision, I believe the concept that this vanity generator created a collision or has a weakness making collision even remotely possible (to any realistic degree) is baseless speculation. Nonetheless, here is my post on the thread in question. I will follow up in a couple days. Happy holidays.

[Bitcoin Game List] ~ [BitcoinGalaxy.net Live Bitcoin Visualization] ~ [PotentialGames.com]
shantee
Sr. Member
****
Offline Offline

Activity: 381
Merit: 274


An investment in knowledge pays the best interest.


View Profile WWW
March 29, 2013, 07:29:47 PM
 #50

it's nice, but really...too slow !
vanitygen is much faster

10 Great Bitcoin & Litecoin related domain name on sale ! | MY ltc adress : LdCEBkFWAoXNcXXgvJ2zGRk35ircZouUx8
Nyhm (OP)
Full Member
***
Offline Offline

Activity: 216
Merit: 100



View Profile WWW
March 29, 2013, 11:29:45 PM
 #51

it's nice, but really...too slow !
vanitygen is much faster

Yep - as advertised! Thanks for trying it out.

[Bitcoin Game List] ~ [BitcoinGalaxy.net Live Bitcoin Visualization] ~ [PotentialGames.com]
(A)social
Hero Member
*****
Offline Offline

Activity: 644
Merit: 504


View Profile WWW
April 19, 2013, 02:50:54 PM
 #52

Probably a good idea to take all funds out of keys generated with this program until this risk is resolved...

Can you elaborate? Is the risk lack of entropy in the RNG? the other thread doesn't mention this tool explicitly...
I don't think anyone knows for sure what's up yet. I spoke to TheButterZone on IRC and he said it was this tool.

Although I recognize the theoretical possibility of a collision, I believe the concept that this vanity generator created a collision or has a weakness making collision even remotely possible (to any realistic degree) is baseless speculation. Nonetheless, here is my post on the thread in question. I will follow up in a couple days. Happy holidays.

It happened to me. Three weeks ago I was interested in creating some "serial" vanity addresses. Looking around to find an offline generator, I found Simple Vanity, I knew it was slow (on my netbook it really crawled), but it didn't need compiling to work under Linux, it had a cute GUI, and I just wished to try out with some very short vanity word (mostly acronyms from 2 to 3, maybe 4 characters, excluding the 1).
Used it very occasionally for 3/4 days, then, after it found the nth address I was looking for, I saved it, restarted and after a minute or so it found another one, to my surprise the address was identical to another previous generated one! I stopped using it, and I am afraid it is better to never use that bunch of addresses.

BTC: 1ASociaLbBZzBUR8hSw8CryajncADsR1m6 - Bitmessage: BM-orfFdAgAmtnBokTivq3vj1RtSVtXbrftM
OpenBazaar Store: https://openbazaar.com/store/QmeCThm8d5zcat7BjGw4SQeovaC5diF9s4b2yTSHWdpzmb
Nyhm (OP)
Full Member
***
Offline Offline

Activity: 216
Merit: 100



View Profile WWW
April 20, 2013, 02:42:35 PM
 #53

Probably a good idea to take all funds out of keys generated with this program until this risk is resolved...

Can you elaborate? Is the risk lack of entropy in the RNG? the other thread doesn't mention this tool explicitly...
I don't think anyone knows for sure what's up yet. I spoke to TheButterZone on IRC and he said it was this tool.

Although I recognize the theoretical possibility of a collision, I believe the concept that this vanity generator created a collision or has a weakness making collision even remotely possible (to any realistic degree) is baseless speculation. Nonetheless, here is my post on the thread in question. I will follow up in a couple days. Happy holidays.

It happened to me. Three weeks ago I was interested in creating some "serial" vanity addresses. Looking around to find an offline generator, I found Simple Vanity, I knew it was slow (on my netbook it really crawled), but it didn't need compiling to work under Linux, it had a cute GUI, and I just wished to try out with some very short vanity word (mostly acronyms from 2 to 3, maybe 4 characters, excluding the 1).
Used it very occasionally for 3/4 days, then, after it found the nth address I was looking for, I saved it, restarted and after a minute or so it found another one, to my surprise the address was identical to another previous generated one! I stopped using it, and I am afraid it is better to never use that bunch of addresses.

I'm glad you find the interface to be cute, and the app easy to use.

Randomly reproducing an address/key is remarkable - almost inconceivable - so thanks for reporting it. The current version (v0.4) is based on bitcoinj v0.5.2 (rather old). The way it makes keys is to call new ECKey() - that's it (plan to open source next version). Beneath bitcoinj-0.5.2 is bouncycastle (replaced by spongycastle in newer versions of bitcoinj). I haven't investigated the particular random generation, but it should be impossible to produce the results you've observed; therefore it's certainly worth looking into whether bitcoinj could have such a weakness.

I'll bring this up with the bitcoinj folks to see if anyone can offer any further insight.

[Bitcoin Game List] ~ [BitcoinGalaxy.net Live Bitcoin Visualization] ~ [PotentialGames.com]
(A)social
Hero Member
*****
Offline Offline

Activity: 644
Merit: 504


View Profile WWW
April 20, 2013, 03:20:31 PM
 #54

Probably a good idea to take all funds out of keys generated with this program until this risk is resolved...

Can you elaborate? Is the risk lack of entropy in the RNG? the other thread doesn't mention this tool explicitly...
I don't think anyone knows for sure what's up yet. I spoke to TheButterZone on IRC and he said it was this tool.

Although I recognize the theoretical possibility of a collision, I believe the concept that this vanity generator created a collision or has a weakness making collision even remotely possible (to any realistic degree) is baseless speculation. Nonetheless, here is my post on the thread in question. I will follow up in a couple days. Happy holidays.

It happened to me. Three weeks ago I was interested in creating some "serial" vanity addresses. Looking around to find an offline generator, I found Simple Vanity, I knew it was slow (on my netbook it really crawled), but it didn't need compiling to work under Linux, it had a cute GUI, and I just wished to try out with some very short vanity word (mostly acronyms from 2 to 3, maybe 4 characters, excluding the 1).
Used it very occasionally for 3/4 days, then, after it found the nth address I was looking for, I saved it, restarted and after a minute or so it found another one, to my surprise the address was identical to another previous generated one! I stopped using it, and I am afraid it is better to never use that bunch of addresses.

I'm glad you find the interface to be cute, and the app easy to use.

Randomly reproducing an address/key is remarkable - almost inconceivable - so thanks for reporting it. The current version (v0.4) is based on bitcoinj v0.5.2 (rather old). The way it makes keys is to call new ECKey() - that's it (plan to open source next version). Beneath bitcoinj-0.5.2 is bouncycastle (replaced by spongycastle in newer versions of bitcoinj). I haven't investigated the particular random generation, but it should be impossible to produce the results you've observed; therefore it's certainly worth looking into whether bitcoinj could have such a weakness.

I'll bring this up with the bitcoinj folks to see if anyone can offer any further insight.

Thanks.
If it can be helpful I can try to find those "double keys" or try to remember the "vanity words" (I'll PM you in the case). By the way, now I'm using vanitygen under wine and command line. It is way faster.

BTC: 1ASociaLbBZzBUR8hSw8CryajncADsR1m6 - Bitmessage: BM-orfFdAgAmtnBokTivq3vj1RtSVtXbrftM
OpenBazaar Store: https://openbazaar.com/store/QmeCThm8d5zcat7BjGw4SQeovaC5diF9s4b2yTSHWdpzmb
Mike Hearn
Legendary
*
Offline Offline

Activity: 1526
Merit: 1134


View Profile
April 22, 2013, 09:44:36 AM
 #55

ECKey uses SecureRandom and always has. That's provided by Java, it's not a part of any library that's used. You can see the implementation used on Unix systems here:

http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/provider/NativePRNG.java?av=f

If you run the app twice and it generates the same vanity address, that rather implies that your kernel has completely run out of entropy and is feeding apps repeated data, so the PRNG on top is looping. I think it is maybe expected to happen if you try and generate vanity addresses - one reason to not do it, frankly. I'm not sure you can generate really huge quantities of cryptographically random numbers on a regular PC if left unattended, it has to get entropy from somewhere and without any user interaction the best it can manage is consuming its own interrupt timings. That's why GPG and friends tell you to mash the keyboard and wave the mouse around when making keys, which obviously you aren't doing in this case.

As far as I know companies or organisations that need enormous streams of crypto-strong random numbers use a hardware RNG that measures Johnson–Nyquist noise. Alternatively HAVAGE (http://www.irisa.fr/caps/projects/hipsor/) may work well if you need random numbers on servers, but I haven't tried it for myself.

I know there's some kind of gut appeal to having a vanity address, but seriously guys, I wouldn't go there. Not only do you open yourselves up to questions of whether your random numbers are good enough, but you leak private data left right and center. There's a good reason why Bitcoin-Qt generates new addresses for you all the time.
kiko
Sr. Member
****
Offline Offline

Activity: 453
Merit: 250


View Profile
April 22, 2013, 10:21:21 AM
 #56

While we're on the topic of RNGs. I've got a gen 2 i7 CPU which is supposed to have a true RNG baked into the die.  I haven't been able to find a straight answer on the web whether recent linux kernels are taking advantage of this yet. Is this piped into /dev/(u)random etc?

I know Jeff Garzik has been involved in this area as I saw some tools he wrote to enable the rng, but the process was fiddly and I assumed we'd see this in stock kernels pretty soon? I just can't seem to find out if I was right anywhere.

Anyone know? Thanks.
(A)social
Hero Member
*****
Offline Offline

Activity: 644
Merit: 504


View Profile WWW
April 22, 2013, 05:08:57 PM
 #57

ECKey uses SecureRandom and always has. That's provided by Java, it's not a part of any library that's used. You can see the implementation used on Unix systems here:

http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/provider/NativePRNG.java?av=f
If you run the app twice and it generates the same vanity address, that rather implies that your kernel has completely run out of entropy and is feeding apps repeated data, so the PRNG on top is looping. I think it is maybe expected to happen if you try and generate vanity addresses - one reason to not do it, frankly. I'm not sure you can generate really huge quantities of cryptographically random numbers on a regular PC if left unattended, it has to get entropy from somewhere and without any user interaction the best it can manage is consuming its own interrupt timings. That's why GPG and friends tell you to mash the keyboard and wave the mouse around when making keys, which obviously you aren't doing in this case.

I think it doesn't change anything, but I didn't run twice, the app paused itself when the  address was found, I copied it then hit the start button again.
The netbook wasn't unattended, I'm a bit ill, so I spend too very much time doing various things on it on the couch (often I fall asleep with the PC over my belly). Even the mouse usually doesn't stay still by itself, lol, I'm using a wacom tablet on a very unstable position.

BTC: 1ASociaLbBZzBUR8hSw8CryajncADsR1m6 - Bitmessage: BM-orfFdAgAmtnBokTivq3vj1RtSVtXbrftM
OpenBazaar Store: https://openbazaar.com/store/QmeCThm8d5zcat7BjGw4SQeovaC5diF9s4b2yTSHWdpzmb
Peter Todd
Legendary
*
Offline Offline

Activity: 1120
Merit: 1160


View Profile
April 23, 2013, 11:41:24 AM
 #58

If you run the app twice and it generates the same vanity address, that rather implies that your kernel has completely run out of entropy and is feeding apps repeated data, so the PRNG on top is looping. I think it is maybe expected to happen if you try and generate vanity addresses - one reason to not do it, frankly. I'm not sure you can generate really huge quantities of cryptographically random numbers on a regular PC if left unattended, it has to get entropy from somewhere and without any user interaction the best it can manage is consuming its own interrupt timings. That's why GPG and friends tell you to mash the keyboard and wave the mouse around when making keys, which obviously you aren't doing in this case.

As far as I know companies or organisations that need enormous streams of crypto-strong random numbers use a hardware RNG that measures Johnson–Nyquist noise. Alternatively HAVAGE (http://www.irisa.fr/caps/projects/hipsor/) may work well if you need random numbers on servers, but I haven't tried it for myself.

If the kernel can run out of entropy, there is something seriously wrong about how it is generating random numbers.

It's a common misconception to think that generating large amounts of cryptographic quality random data requires large amounts of hardware randomness. The crypto community that actually understands this stuff - as opposed to the uninformed and those trying to sell products - have realized for decades that the right approach to generating random numbers for crypto is to use a random pool in conjunction with a cryptographic quality pseudo-random number generator. (PRNG) Bruce Shneier and Niels Ferguson's Fortuna algorithm is a good example of a very well thought out version of this approach, but the basic idea is really simple: maintain a pool of random bits, use a cryptographically secure pseudo-random number generator to generate pseudo-random data from that pool in whatever amount is required, and as truly random data is generated in the system, mix it into that pool. The volume of truly random, and unknown to the attacker, bits required is small because the entropy of the pool never decreases. Even on a virtual machine generating 128bits of random data from network packet timings isn't too hard and can be done relatively quickly - hardware random number generators simply make that process faster and should be fed through a random pool + PRNG anyway to protect you if the hardware generator fails.

Smartcards are actually a very interesting example of this philosophy: to generate random numbers they sometimes have as little as a random seed built into the hardware at the factory and a counter guaranteed to always increment. To generate a random number the counter is incremented, verified to have incremented properly, and then something like SHA256(seed + counter) is computed to generate the number.  Less daring designs still collect environmental entropy and mix it into the pool with XOR, but in an application where compromise of the smart-card compromises the whole system anyway this seemingly insecure approach is still not the weak link in the system.

Get yourself a copy of Shneier's Cryptography Engineering and read it carefully. Frankly I'm kinda surprised, and a bit worried, to see you have such a basic misunderstanding of cryptography given you maintain bitcoinj.

tmbp
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250


View Profile
April 23, 2013, 01:22:36 PM
 #59

Couldn't it be significantly sped up? I think other generators are at about 300 @ second.
Sword Smith
Sr. Member
****
Offline Offline

Activity: 406
Merit: 286


Neptune, Scalable Privacy


View Profile WWW
April 23, 2013, 02:09:24 PM
 #60

How about giving time estimates rather than things like "Hard", "brutal..."?
.
You can calculate this yourself. The address is written in base58 which means that you would have to go through on average W=1/2*(58)^n addresses where n is the number of characters in your vanity string before finding your vanity address. For n=4 this means W=5.7m addresses. I can only calculate s=20-30 a second so this calculation would take me t=W/s=63 hours which is more than two days...

The algorithm can probably be speeded up and it should also be much much faster to calculate this on an ASIC since you are basically doing a lot of the same work as when calculating hashes for bitcoin mining.

Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!