Questions on Private Key Generation

[AgentofCoin]

Hey everyone,

I have been generating many paper wallets lately through different sources and have noticed that all the private keys I generate start either with "5K" or "5J". I'm talking about many dozen individual generations.

I have generated paper wallets on blockchain.info, bitaddress.org, and bitcoinpaperwallet.com and all have started for me with either "5K" or "5J"

If i compare all private addresses I control (all hot/cold addresses I have ever used), these are the common starting digits, 5K, 5J, L5, L1,  and these are the least common L2, L4, Ky, Kw. I have a total of 40 used addresses and the most common starting digits are 90% of the private keys, with 5K and 5J being 75% of the 90%. This seems unusual, but I am still an noob and don't pretend to understand everything.

Questions:

(1) Why isn't my private key generation more random (as to the first two digits)?

(2) Are those digits generated from the browser I'm using (currently used firefox for all the above generations)?

(3) Is this something to be concerned about or just a normal outcome from private key generations?


Thanks.

[1715639340]

1715639340

[1715639340]

1715639340

[1715639340]

1715639340

[1715639340]

1715639340

[coinpr0n]

From https://en.bitcoin.it/wiki/Private_key#Base58_Wallet_Import_format:

"Wallet import format is the most common way to represent private keys in Bitcoin. For private keys associated with uncompressed public keys, they are 51 characters and always start with the number 5 on mainnet (9 on testnet). Private keys associated with compressed public keys are 52 characters and start with a capital L or K on mainnet (c on testnet)."

[gmaxwell]

The beginning encodes some metadata, like a version id; so you shouldn't expect the first two characters to be very random. But if the software you're using generates keys beginning with 5 instead of L or K it is outdated and producing keys which will result in significantly more data-size in your transactions.

I would recommend avoiding any browser based key generators. Many of them have dangerous implementations which provide little to no cryptographic security at all, most of them have never been reviewed by a third party.

[AgentofCoin]

From https://en.bitcoin.it/wiki/Private_key#Base58_Wallet_Import_format:

"Wallet import format is the most common way to represent private keys in Bitcoin. For private keys associated with uncompressed public keys, they are 51 characters and always start with the number 5 on mainnet (9 on testnet). Private keys associated with compressed public keys are 52 characters and start with a capital L or K on mainnet (c on testnet)."

The beginning encodes some metadata, like a version id; so you shouldn't expect the first two characters to be very random. But if the software you're using generates keys beginning with 5 instead of L or K it is outdated and producing keys which will result in significantly more data-size in your transactions.

I would recommend avoiding any browser based key generators. Many of them have dangerous implementations which provide little to no cryptographic security at all, most of them have never been reviewed by a third party.

Thank you both for your answers. I understand now, I'm just a noob. lol.

Two other question though.

(1) If you do not recommend browser based key generation (most people if not all here and on other sites tell people to go to bitaddress.org and use them in an offline manner for cold storage addresses generations), what do you consider to be reviewed or vetted and approved as being most safe for privatekey generation?

(2) Also, if there are privatekeys that are compressed and uncompressed, compression being used to cause less strain on the "Bitcoin Network", how come there isn't a dev mandated update or movement toward all future addresses being generated as compressed? (with old non-compressed addresses generated in the past still being accepted and usable by the network, of course)

Thanks again.

[wunkbone]

In response to (1) if you have some kind of random number generator then you should use it to generate a random number and convert it to hex format (?). If not then you should use some kind of wallet software that you are sure you can trust in order to create a new private key

[SureLockLoans]

I've used bitaddress.org to generate mine and  bit concerned now

[funkenstein]

The beginning encodes some metadata, like a version id; so you shouldn't expect the first two characters to be very random. But if the software you're using generates keys beginning with 5 instead of L or K it is outdated and producing keys which will result in significantly more data-size in your transactions.

I would recommend avoiding any browser based key generators. Many of them have dangerous implementations which provide little to no cryptographic security at all, most of them have never been reviewed by a third party.

Wow, this is a bombshell.  Do you include the bitaddress.org project in this (run on an offline computer of course)?

[twister]

The beginning encodes some metadata, like a version id; so you shouldn't expect the first two characters to be very random. But if the software you're using generates keys beginning with 5 instead of L or K it is outdated and producing keys which will result in significantly more data-size in your transactions.

I would recommend avoiding any browser based key generators. Many of them have dangerous implementations which provide little to no cryptographic security at all, most of them have never been reviewed by a third party.

So using bitaddress.org is not safe anymore? what do you recommend then to make paper wallets off-line?

[dserrano5]

what do you recommend then to make paper wallets off-line?

[twister]

what do you recommend then to make paper wallets off-line?

What is that?

[medUSA]

I would recommend avoiding any browser based key generators. Many of them have dangerous implementations which provide little to no cryptographic security at all, most of them have never been reviewed by a third party.

So using bitaddress.org is not safe anymore? what do you recommend then to make paper wallets off-line?

It's not that it is not safe anymore, it never was safe to generate an address using a browser based generator downloaded from some site. A couple of sites have stood the test of time and are more trusted than others, so they might be ok to use in OFFLINE mode ONLY, and remember to clear all browser cache afterwards.

I cannot fully grasp what "dangerous implementations" and "no cryptographic security" means, but "have never been reviewed by a third party" is easy enough to understand.

[dserrano5]

What is that?

Second try:



Those aren't mine, though .

[twister]

I would recommend avoiding any browser based key generators. Many of them have dangerous implementations which provide little to no cryptographic security at all, most of them have never been reviewed by a third party.

So using bitaddress.org is not safe anymore? what do you recommend then to make paper wallets off-line?

It's not that it is not safe anymore, it never was safe to generate an address using a browser based generator downloaded from some site. A couple of sites have stood the test of time and are more trusted than others, so they might be ok to use in OFFLINE mode ONLY, and remember to clear all browser cache afterwards.

I cannot fully grasp what "dangerous implementations" and "no cryptographic security" means, but "have never been reviewed by a third party" is easy enough to understand.

Well up until now I was under the impression it was safe and today I learn this, I just don't get it anymore. I guess nothing is safe.

[coinpr0n]

I suppose you can generate a public-private key pair with something like Vanitygen. Or run bitcoin-qt on an offline computer and use the console to export the keys. Having those you can make the QR codes and print the paper separately.

[xDan]

Does anyone know of an app or script or something that will generate private key / paper wallet from a series of dice throws?

[funkenstein]

Does anyone know of an app or script or something that will generate private key / paper wallet from a series of dice throws?

Sorry to be that nitpicker, but:    a private key needs no work to generate, as it is simply a random number.  You don't need an app or script.  However, you will need to use some software to find the corresponding public key and address. 

[funkenstein]

It's not that it is not safe anymore, it never was safe to generate an address using a browser based generator downloaded from some site. A couple of sites have stood the test of time and are more trusted than others, so they might be ok to use in OFFLINE mode ONLY, and remember to clear all browser cache afterwards.

I cannot fully grasp what "dangerous implementations" and "no cryptographic security" means, but "have never been reviewed by a third party" is easy enough to understand.

1)  There is no offline "mode".  Either you are isolated or not. 

2)  You will find most software needs to be downloaded from some site. 

[dserrano5]

Does anyone know of an app or script or something that will generate private key / paper wallet from a series of dice throws?

I use the following perl script:

Code:

#!/usr/bin/perl

use warnings;
use strict;

my $rolls = '123456123456';

my $len_diff = 99 - length $rolls;
if ($len_diff > 0) {
    warn "warning: need $len_diff more rolls\n";
    $rolls = sprintf '%s%s', $rolls, '1'x$len_diff;
} elsif ($len_diff < 0) {
    warn sprintf "warning: discarding %d extra rolls\n", -$len_diff;
    $rolls = substr $rolls, 0, 99;
}

$rolls = join '', map { $_ - 1 } split //, $rolls;
print "temp base6 number: $rolls\n";

my $hex = qx{echo 'obase=16; ibase=6; $rolls' |bc}; chomp $hex;
printf "%s%s\n", '0'x(64-length $hex), $hex;

Edit line 6 ("my $rolls = …") to enter the rolls, from 1 to 6. If you enter less than 99 digits, the program fills the missing ones with 1s (but that isn't entropy of course); if you enter too many, the extra ones are discarded. The output is an hexadecimal number ready to paste into bitaddress for recoding it into WIF.

[xDan]

Does anyone know of an app or script or something that will generate private key / paper wallet from a series of dice throws?

I use the following perl script:

Code:

#!/usr/bin/perl

use warnings;
use strict;

my $rolls = '123456123456';

my $len_diff = 99 - length $rolls;
if ($len_diff > 0) {
    warn "warning: need $len_diff more rolls\n";
    $rolls = sprintf '%s%s', $rolls, '1'x$len_diff;
} elsif ($len_diff < 0) {
    warn sprintf "warning: discarding %d extra rolls\n", -$len_diff;
    $rolls = substr $rolls, 0, 99;
}

$rolls = join '', map { $_ - 1 } split //, $rolls;
print "temp base6 number: $rolls\n";

my $hex = qx{echo 'obase=16; ibase=6; $rolls' |bc}; chomp $hex;
printf "%s%s\n", '0'x(64-length $hex), $hex;

Edit line 6 ("my $rolls = …") to enter the rolls, from 1 to 6. If you enter less than 99 digits, the program fills the missing ones with 1s (but that isn't entropy of course); if you enter too many, the extra ones are discarded. The output is an hexadecimal number ready to paste into bitaddress for recoding it into WIF.

Thanks!

From a google search, I discovered hexadecimal dice too. Unfortunately, I can't find any to order in the UK.

[dserrano5]

From a google search, I discovered hexadecimal dice too. Unfortunately, I can't find any to order in the UK.

But do they have the same probabilities for each side? I think only platonic solids have that property. An icosahedron would be fine, turning 16 to zero and discarding 17 to 20.

[funkenstein]

From a google search, I discovered hexadecimal dice too. Unfortunately, I can't find any to order in the UK.

But do they have the same probabilities for each side? I think only platonic solids have that property. An icosahedron would be fine, turning 16 to zero and discarding 17 to 20.

It is possible to make fair dice for any n number of sides (one solution is pencil shaped with n-polygon cross section), but platonic solids are definitely cooler    

[wunkbone]

What is that?

Second try:



Those aren't mine, though .

I think this would take a ridiculous amount of time to generate a private key, plus the fact that rolling dice this way is going to both increase the chances of making an error as well as you getting impatient and just using "random" number from your head part of the way through the process

[dserrano5]

I think this would take a ridiculous amount of time to generate a private key, plus the fact that rolling dice this way is going to both increase the chances of making an error as well as you getting impatient and just using "random" number from your head part of the way through the process

Obviously you didn't try it, did you? With 6 dice you only need 17 iterations of the loop "roll, write down", easily done in under 3 minutes (at 10 seconds per iteration, which is more than enough). No faulty/compromised RNGs, just pure entropy from the universe, no source code needed. You only have to take care of reading the dice always in the same order, eg. start at yellow and go clockwise.

[needbmw]

this is why we are experimenting with simple home-made Quantum True RNG here (the thread is in Russian).
this RNG is cheap, simple and surprisingly stable, but with SBM-20 geiger counter it is slow, just 0.1-0.5 bits per second.
using new alpha-sensitive counter excited with Am247 source I hope we will have at least 10kbps soon.